Bitdefender Trafficlight Breaks Your Privacy

l0rdraiden
l0rdraiden
edited August 2012 in Bitdefender trafficlight

From WilderSecurity forum


http://www.wilderssecurity.com/showthread.php?t=325217


May 31st, 2012


I've been waiting for this to be solved by BitDefender, and so I gave it a month for them to address the issue, as I don't think it would require a lot of time to address it, only will.


That said, if you're using BitDefender TrafficLight, you should be aware that whenever you perform a search or access a website, it will check with BitDefender's cloud to see if the URL is malicious/fraudulent. So far so good. The real issue is that, it does it so over HTTP and not HTTPS.


I just thought I should alert you about it, in case you didn't know it already.


BitDefender actually agreed with me that sending the info over HTTP breaks our privacy, and that they were already considering implementing the communication over HTTPS, instead of HTTP. Right.


Not only is the info sent over HTTP, but the actual search query is also sent to BitDefender. This was also one of my concerns, and I asked them to strip the information, and only send the URL, but not the search query.


So, I suppose this is the same old question: Security at what cost? Breaking our (=users in general) privacy?


Why this is still not fixed? the information is being sent over http... what kind of security is offering bitdefender?

Comments

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Welcome to the forums!


    We are aware of this and we moved tl.bd.com to HTTPS. In about 2 weeks we will release a new version of TrafficLight and hopefully we will migrate then http://trafficlight.bitdefender.com to HTTPS.


    Thank you very much for your report.


    Have a wonderful weekend!

  • JAGUARS
    JAGUARS
    http://forum.bitdefender.com/index.php?showtopic=33703
  • rootkit
    rootkit ✭✭✭

    Hello :)


    There is a different discussion in this topic, it has nothing to do with that other topic.


    Take care.

  • l0rdraiden
    l0rdraiden

    There is any update on when the new version will be released?

  • Unknown
    Unknown

    The new version... Are we talking the "Installed" version or the browser extension or both?

  • l0rdraiden
    l0rdraiden
    Hello :)


    Welcome to the forums!


    We are aware of this and we moved tl.bd.com to HTTPS. In about 2 weeks we will release a new version of TrafficLight and hopefully we will migrate then http://trafficlight.bitdefender.com to HTTPS.


    Thank you very much for your report.


    Have a wonderful weekend!


    4 weeks later and still working over http

  • rootkit
    rootkit ✭✭✭

    Hello :)


    In the latest update for the browser extensions, the requests are made via HTTPS. The desktop version will be updated soon.


    Thank you for your patience!

  • Midnight
    Midnight

    I had an issue with Traffic Light, as the installation either was corrupt or something went wrong.


    It never installed the pull down menu and any access to Google was blocked for some strange reason.


    I could access any other sites, but not Google! :rolleyes:


    Hopefully the next release will resolve the bugs.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Did you also have installed one of the desktop products on that machine?


    Thank you!

All Time Leaders

Categories

Defenders of the month