Data transmission in F-Secure and other AV vendors.


""Many Internet users are concerned about who has access to their personal information and what is 
done with it. After revelations by Edward Snowden regarding the extent of eavesdropping by the US-
American NSA, users have become increasingly aware of privacy issues. Computer security software has 
legitimate grounds for sending its makers some information about the system it’s running on; in 
particular, details of malware found on the machine have to be sent to the manufacturer in order to 
protect the user effectively. however, this does not mean that a program should have carte blanche to 
send any and all personal information found on a computer to the manufacturer (other than with the 
specific knowledge and agreement of the system’s owner). This report gives some insight into data-
sending by popular security programs."


Interesting that the only AVs that do not send Personal data are Ahnlab and Emisoft.


Under Personal information-"Are visited URLs (malicious and non-malicious URLs) transmitted?"-like most of the AV vendors listed F-Secure did transmit these URLs. Can I ask whether these URLs were transmitted as plain text or as hashes?




  • Ukko
    Ukko Posts: 3,640 Superuser



    Probably you waiting answer by F-Secure team. And it's indeed should be there...


    But maybe your question already "answered" in any descriptions, documentations, privacy policy and etc.


    Also.. if here more interesting F-Secure IS or AV.... probably here can be just next points (my opinion):


     - metadata (hash basically);

     - encrypted protocols and services (ORSP like example);

     - censored for any "confidencal" or "private" data;


    And all of that.. can be related with Real-time Protection Network;

    Here users able to "unchecked" any "relationships" with that... and already will be situation, when any URLs (like including for any other information about executable files with metadata/hash/results/something else) not transfered as default; But need ability for "protection" during browsing (here already..... a lot of words... probably have in descriptions for F-Secure products);


    It's mean... probably F-Secure create all steps for prevent any "risk" for users about "private points"; It's mean - if it's "plain text": so, will be without "connection" with user; But probably here, of course, not just "plain text";


    And sorry .. I not checking your current link... maybe it's certainly about other things.

  • NikK
    NikK Posts: 903 Forum Champion

    I found an answer but a bit weird. To me it seems to only explain how it works when you opt-out of the Real-time Protection Network?!


    Real-time Protection Network collects information on unknown applications and web sites and on malicious applications and exploits on web sites. Real-time Protection Network does not track your web activity or collect information on web sites that have been analyzed already, and it does not collect information on clean applications that are installed on your computer.


    If you do not want to contribute this data, Real-time Protection Network does not collect information of installed applications or visited web sites. However, the product needs to query F-Secure servers for the reputation of applications, web sites, messages and other objects. The query is done using a cryptographic checksum where the queried object itself is not sent to F-Secure. We do not track data per user; only the hit counter of the file or web site is increased.


    It is not possible to completely stop all network traffic to Real-time Protection Network, as it is integral part of the protection provided by the product.


    Source: Section "How Real-time Protection Network works"

  • Blackcat
    Blackcat Posts: 503 Influencer

    F-Secure released a paper today explaining their data collection:

    Thanks, F-Secure.



This discussion has been closed.
Pricing & Product Info