Bitdefender Trafficlight Breaks Your Privacy
From WilderSecurity forum
http://www.wilderssecurity.com/showthread.php?t=325217
May 31st, 2012
I've been waiting for this to be solved by BitDefender, and so I gave it a month for them to address the issue, as I don't think it would require a lot of time to address it, only will.
That said, if you're using BitDefender TrafficLight, you should be aware that whenever you perform a search or access a website, it will check with BitDefender's cloud to see if the URL is malicious/fraudulent. So far so good. The real issue is that, it does it so over HTTP and not HTTPS.
I just thought I should alert you about it, in case you didn't know it already.
BitDefender actually agreed with me that sending the info over HTTP breaks our privacy, and that they were already considering implementing the communication over HTTPS, instead of HTTP. Right.
Not only is the info sent over HTTP, but the actual search query is also sent to BitDefender. This was also one of my concerns, and I asked them to strip the information, and only send the URL, but not the search query.
So, I suppose this is the same old question: Security at what cost? Breaking our (=users in general) privacy?
Why this is still not fixed? the information is being sent over http... what kind of security is offering bitdefender?
Comments
-
Hello
Welcome to the forums!
We are aware of this and we moved tl.bd.com to HTTPS. In about 2 weeks we will release a new version of TrafficLight and hopefully we will migrate then http://trafficlight.bitdefender.com to HTTPS.
Thank you very much for your report.
Have a wonderful weekend!0 -
Hello
There is a different discussion in this topic, it has nothing to do with that other topic.
Take care.0 -
There is any update on when the new version will be released?
0 -
The new version... Are we talking the "Installed" version or the browser extension or both?
0 -
Hello
Welcome to the forums!
We are aware of this and we moved tl.bd.com to HTTPS. In about 2 weeks we will release a new version of TrafficLight and hopefully we will migrate then http://trafficlight.bitdefender.com to HTTPS.
Thank you very much for your report.
Have a wonderful weekend!
4 weeks later and still working over http0 -
Hello
In the latest update for the browser extensions, the requests are made via HTTPS. The desktop version will be updated soon.
Thank you for your patience!0 -
I had an issue with Traffic Light, as the installation either was corrupt or something went wrong.
It never installed the pull down menu and any access to Google was blocked for some strange reason.
I could access any other sites, but not Google!
Hopefully the next release will resolve the bugs.0 -
Hello
Did you also have installed one of the desktop products on that machine?
Thank you!0