For years,Just a Stranger antivirus software from Kaspersky Lab may have given online marketers a way to track your web browsing habits.
Although the company's products are designed to protect PCs from cyber threats, Kaspersky Lab chose a questionable way to prevent malicious activity on the web pages you visit. The products inject a piece of Javascript code into your internet browser, which can tell you if a website is clean or not.
There's just one problem: The same Javascript code will also tag your machine with a unique identifier that any website you visit can read. For example, the code and the identifier can look like this: "https://gc.kis.v2.scr.kaspersky-labs.com/9344FDA7-AFDF-4BA0-A915-4D7EEB9A6615/main.js."
Ronald Eikenberg, a journalist at German computer magazine c't, noticed the code and realized its privacy ramifications. "Any website can read the user's Kaspersky ID and use it for tracking. If the same Universally Unique Identifier comes back, or appears on another website of the same operator, they can see that the same computer is being used," he wrote on Thursday.
The tech industry calls this "cross-site tracking," and many advertising networks as well as Facebook have used similar approaches involving internet cookies and plugins placed across mainstream web services to follow users from site to site. In Kaspersky's case, the company will generate a different identifier for each machine the antivirus software is installed on, and the identifier will persist, remaining permanent, according to Eikenberg. "Worse yet, the super tracking can even overcome the browser's Incognito mode," he added.
Since fall 2015, the company has been injecting Javascript code via its various products, including Kaspersky Lab Internet Security and Kaspersky Lab Free Anti-Virus. Eikenberg even created a website to test whether he could extract and read the Kaspersky Lab's unique identifier. It turns out he could, which made him wonder: "If I was able to create a website in a short period of time that reads and saves the IDs, why couldn't others have done it at some point in the last four years?"
Kaspersky Lab is downplaying the privacy risks. "After our internal research, we have concluded that such scenarios of [a user data] privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals," the company said in a statement.
Nevertheless, Kaspersky has changed its process for checking web pages for malicious activity by removing the unique identifier for each machine. According to Eikenberg, the identifiers will remain identical for all machines on which Kaspersky Lab's security software is installed. However, this approach can also be problematic; it can still tip off a website that you're using Kaspersky Lab's security software, which can be valuable information to a hacker.
"They may use that information to distribute malware tailored to the protection software, or to redirect the browser to a suitable scamming page," he added. "Imagine something along the lines of 'Your Kaspersky license has expired. Please enter your credit card number to renew your subscription.'"
If you're worried about the security risks, Kaspersky Lab offers a way for customers to turn off the Javascript injection. That said, online tracking and shady data collection have already become pervasive on the internet through free apps such as Facebook, Gmail, Instagram, and Google's Chrome browser, which can record all the sites you visit. To stay safe, you can consult our guide.
Topics Cybersecurity Privacy
Skywatching is lit in May, says NASA
Arnold Schwarzenegger says Trump was a 'little wet noodle' in Putin press conference
5 moments from Trump's UK presser that'll make you want to crawl under a rock
Indie game gets reviewed bombed on Steam for sexist anti
Today's Hurdle hints and answers for April 7, 2025
Instagram's enhanced tags make it easier to credit Black and underrepresented creators
Apple Event: 'Peek performance' was for 'ultra' people
Orlando to use Rekognition, Amazon's facial recognition tech, again
Earth sends Cassini a whole lot of love after the mission comes to a bittersweet end
Apple Event: Despite 'celebrating women,' Apple called out during peek performance event
How to Easily Make iPhone Ringtones Using Only iTunes
Substack launches iOS app
Kids asking questions about sex is the purest comedy you'll see today
5 moments from Trump's UK presser that'll make you want to crawl under a rock
Insane wildfire photo perfectly sums up America in 2017
More 'Wordle': There are 31 solutions in this unhinged viral game mashup
Can an app help reduce your mental load as a new parent?
General Motors pilots bidirectional charging between EVs and homes
Best Samsung deal: Save $60 on 64GB Samsung Galaxy Tab A9
Sacha Baron Cohen got a bunch of GOP congressmen to say arming toddlers is a good idea
Internet outage Thursday: Here's what happenedCyberpunk 2077 DLSS + Ray Tracing BenchmarkBest Kindle deal: Save $15 on Kindle Essentials BundleMassive June 2025 internet outage: What we know so farBest Google Play deal: Spend $50 and get a $5 credit back at AmazonWordle today: The answer and hints for June 12, 2025Microsoft Flight Simulator 2020 BenchmarkedNYT Connections hints and answers for June 12: Tips to solve 'Connections' #732.Webb telescope took a direct image of two exoplanets. See it now.Pacers vs. Thunder 2025 livestream: Watch Game 4 of NBA Finals for freeBest power station deal: Take 45% off the DJI Power 1000 portable power stationInstagram rolls out longBest Google Play deal: Spend $50 and get a $5 credit back at AmazonBose announces new QuietComfort Ultra earbuds and SoundLink speakers: Price and preorder detailsNYT Connections Sports Edition hints and answers for June 12: Tips to solve Connections #262Google to force Pixel 6a update that will reduce battery capacityAnatomy of a Storage Drive: Optical DrivesAnatomy of a MonitorHow to unblock Pornhub for free in IndianaEvery Switch 2 game you can buy (and play) at launch All the President’s Turkeys by Dan Piepenbring Staff Picks: Staircases, Sister Mountains, Self The Morning News Roundup for November 13, 2014 This Week on The Paris Review Daily On This Day, William Tell Shot an Apple Off His Son’s Head McCall’s Giant Golden Make The Morning News Roundup for November 10, 2014 Staff Picks: Tom Magliozzi and Dr. T by The Paris Review On Samuel Rutherford Crockett and the Word “Draffsack” Rilke and the Lions On William Gass’s “In the Heart of the Heart of the Country” A Penny Saved Is a Waste of Time Remembering the Absolute Sound Emily Dickinson’s Norway Douglas Coupland on Marshall McLuhan by James Atlas The Marquis de Sade at 200 Barry Gifford’s Novels Find a New Generation of Readers Squeaky Wheels The Morning News Roundup for November 11, 2014 Douglas Coupland’s Gumhead
2.4091s , 10136.171875 kb
Copyright © 2025 Powered by 【Just a Stranger】,Openness Information Network