Consumer Rights Wiki

Malwarebytes: Difference between revisions

← Older edit
VisualWikitext
Emanuele (talk | contribs)
confirmed, Administrators
1,014 edits
m fixed references formatting
Rudxain (talk | contribs)
confirmed
533 edits
m wanted: cookies
 
(12 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{InfoboxProductLine
{{Incomplete|Issue 1=Product page should be changed to product page of the VPN or to the company page.  Content is inconsistent.|Issue 2=Article is written as original research and needs more references.|Issue 3=Take this as a tone warning for lack of neutrality.}}
| Title = Malwarebytes
{{ProductCargo
| Release Year =2007
|ArticleType=Product
| Product Type =Software
|Category=Anti-virus, Software
| In Production =Yes
|Company=Malwarebytes Corporation
| Official Website =http://malwarebytes.com/  
|Description=
| Logo =Malwarebytes logo stacked PMS2728.png
|InProduction=Yes
}}'''[[wikipedia:Malwarebytes_(software)|Malwarebytes]]''' is an anti-virus software for Microsoft Windows, macOS, ChromeOS, Android, and iOS, developed by '''[[wikipedia:Malwarebytes|Malwarebytes Corporation]]'''. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.
|Logo=Malwarebytes logo.png
|ProductLine=
|ReleaseYear=2007
|Website=https://malwarebytes.com/  
}}
 
'''{{Wplink|Malwarebytes_(software)|Malwarebytes}}''' is an anti-virus software for Microsoft Windows, macOS, ChromeOS, Android, and iOS, developed by '''{{Wplink|Malwarebytes|Malwarebytes Corporation}}'''. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a scanner.
 
==Consumer impact summary==
==Consumer impact summary==
'''Malwarebytes Privacy VPN''' is a rebranded version of [[wikipedia:Mullvad|Mullvad VPN]] with privacy concerns. The main concern is that Malwarebytes Privacy VPN may compromise user privacy through its ambiguous data handling practices and ability to log user information, despite its no-logs promotion. This is a warning sign for users looking for genuine privacy and anonymity.
{{Ph-C-CIS}}


==Controversies==
==Incidents==
This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].
This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].


===Privacy VPN===
===Privacy VPN (''2020'')===
In April of 2020, Malwarebytes Labs introduced their Privacy VPN, emphasizing the importance of using a VPN that respects user privacy:<ref>{{Cite web |date=23 Apr 2020 |title=Introducing Malwarebytes Privacy |url=https://www.malwarebytes.com/blog/malwarebytes-news/2020/04/introducing-malwarebytes-privacy |url-status=live |access-date=15 Mar 2025 |website=[[Malwarebytes Labs]]}}</ref><blockquote>One important note we consistently emphasize is that it’s important to choose a VPN that does what it promises and doesn’t abuse your data. To make that choice a little easier, we’ve developed our own VPN that Malwarebytes users can trust to protect your data and privacy every time you go online.</blockquote>
In April of 2020, Malwarebytes Labs introduced their Privacy VPN, emphasizing the importance of using a VPN that respects user privacy:<ref>{{Cite web |date=23 Apr 2020 |title=Introducing Malwarebytes Privacy |url=https://www.malwarebytes.com/blog/malwarebytes-news/2020/04/introducing-malwarebytes-privacy |url-status=live |access-date=15 Mar 2025 |website=[[Malwarebytes Labs]] |archive-url=http://web.archive.org/web/20251226070823/https://www.malwarebytes.com/blog/malwarebytes-news/2020/04/introducing-malwarebytes-privacy |archive-date=26 Dec 2025}}</ref><blockquote>One important note we consistently emphasize is that it’s important to choose a VPN that does what it promises and doesn’t abuse your data. To make that choice a little easier, we’ve developed our own VPN that Malwarebytes users can trust to protect your data and privacy every time you go online.</blockquote>
However, Malwarebytes VPN is based on Mullvad VPN and various open source tools,<ref name=":0">{{Cite web |last=Voisin |first=Julien |date=10 Oct 2021 |title=Malwarebytes' privacy VPN is Mullvad in a shady trenchcoat |url=https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html |url-status=live |access-date=15 Mar 2025 |website=[[dustri.org]]}}</ref> and nothing is properly disclosed on the official website. On Mullvad site, Malwarebytes is mentioned as partner<ref>{{Cite web |title=Partnerships and Resellers |url=https://mullvad.net/en/help/partnerships-and-resellers |url-status=live |access-date=15 Mar 2025 |website=[[Mullvad]]}}</ref>. The software is based on open source code, used without contributing back:
However, Malwarebytes VPN used to be based on Mullvad VPN until June 2025 and various open source tools,<ref name=":0">{{Cite web |last=Voisin |first=Julien |date=10 Oct 2021 |title=Malwarebytes' privacy VPN is Mullvad in a shady trenchcoat |url=https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html |url-status=live |access-date=15 Mar 2025 |website=[[dustri.org]] |archive-url=http://web.archive.org/web/20251208201116/https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html |archive-date=8 Dec 2025}}</ref> and nothing is properly disclosed on the official website. On Mullvad site, Malwarebytes is mentioned as partner<ref>{{Cite web |title=Partnerships and Resellers |url=https://mullvad.net/en/help/partnerships-and-resellers |url-status=live |access-date=15 Mar 2025 |website=[[Mullvad]] |archive-url=http://web.archive.org/web/20260127023400/https://mullvad.net/en/help/partnerships-and-resellers |archive-date=27 Jan 2026}}</ref>. The software is based on open source code, used without contributing back:


*<code>7z.ddl</code>,  licensed under [https://it.wikipedia.org/wiki/GNU_Lesser_General_Public_License LGPL] and [[wikipedia:BSD_licenses|BSD]].
*<code>7z.dll</code>,  licensed under [https://it.wikipedia.org/wiki/GNU_Lesser_General_Public_License LGPL] and {{Wplink|BSD licenses|BSD}}.
*<code>wintun.ddl</code>,  version 0.13, from the [https://www.wintun.net/ Wintun project].
*<code>wintun.dll</code>,  version 0.13, from the [https://www.wintun.net/ Wintun project].


These are the embedded dependencies:
These are the embedded dependencies:


*[https://openssl-library.org/ OpenSSL] 1.1.0h<ref>{{Cite web |title=OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities |url=https://www.tenable.com/plugins/nessus/96874 |url-status=live |access-date=15 Mar 2025 |website=[[Tenable]]}}</ref><ref>{{Cite web |[email protected] vulnerabilities |url=https://security.snyk.io/package/npm/openssl/1.1.0 |url-status=live |access-date=15 Mar 2025 |website=[[snyk]]}}</ref>
*[https://openssl-library.org/ OpenSSL] 1.1.0h<ref>{{Cite web |title=OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities |url=https://www.tenable.com/plugins/nessus/96874 |url-status=live |access-date=15 Mar 2025 |website=[[Tenable]] |archive-url=http://web.archive.org/web/20250908033304/https://www.tenable.com/plugins/nessus/96874 |archive-date=8 Sep 2025}}</ref><ref>{{Cite web |[email protected] vulnerabilities |url=https://security.snyk.io/package/npm/openssl/1.1.0 |url-status=live |access-date=15 Mar 2025 |website=[[snyk]] |archive-url=http://web.archive.org/web/20250708182546/https://security.snyk.io/package/npm/openssl/1.1.0 |archive-date=8 Jul 2025}}</ref>
*[https://www.pcre.org/ pcre2]<ref>{{Cite web |title=pcre vulnerabilities |url=https://security.snyk.io/package/linux/centos%3A7/pcre |url-status=live |access-date=15 Mar 2025 |website=[[snyk]]}}</ref>
*[https://www.pcre.org/ pcre2]<ref>{{Cite web |title=pcre vulnerabilities |url=https://security.snyk.io/package/linux/centos%3A7/pcre |url-status=live |access-date=15 Mar 2025 |website=[[snyk]] |archive-url=http://web.archive.org/web/20250708182534/https://security.snyk.io/package/linux/centos%3A7/pcre |archive-date=8 Jul 2025}}</ref>
*[https://www.7-zip.org/ 7z]
*[https://www.7-zip.org/ 7z]
*[https://github.com/pocoproject/poco/releases/tag/poco-1.9.0-release Poco 1.9.0]
*[https://github.com/pocoproject/poco/releases/tag/poco-1.9.0-release Poco 1.9.0]
Line 30: Line 37:
'''[https://www.malwarebytes.com/legal/privacy-policy Malwarebytes Privacy Policy]''' contains various privacy concerning points:<ref name=":0" />
'''[https://www.malwarebytes.com/legal/privacy-policy Malwarebytes Privacy Policy]''' contains various privacy concerning points:<ref name=":0" />


*Operates under the [[wikipedia:EU–US_Privacy_Shield|EU Privacy Shield]] (declared illegal by the [[wikipedia:European_Court_of_Justice|ECJ]] in July 2020)
*Operates under the {{Wplink|EU–US Privacy Shield|EU Privacy Shield}} (declared illegal by the {{Wplink|European Court of Justice|ECJ}} in July 2020)
*The '''Data Retention''' section states:<blockquote>We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.</blockquote>
*The '''Data Retention''' section states:<blockquote>We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.</blockquote>
*The '''International: EU – U.S. Data Privacy Framework, UK Extension to the EU – U.S. Data Framework, and Swiss – U.S. Data Privacy Framework''' section violates the [[GDPR]]:<blockquote>Your personal information may be transferred to, and maintained on, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to us, we may transfer your personal information to the United States and process it there.</blockquote>
*The '''International: EU – U.S. Data Privacy Framework, UK Extension to the EU – U.S. Data Framework, and Swiss – U.S. Data Privacy Framework''' section violates the [[GDPR]]:<blockquote>Your personal information may be transferred to, and maintained on, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to us, we may transfer your personal information to the United States and process it there.</blockquote>
Line 49: Line 56:
*Information about the use of the software or services ("Log Data")
*Information about the use of the software or services ("Log Data")


The '''Functional Data''' section of the privacy policy states:<blockquote>We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.</blockquote>Malwarebytes website also contains ads trackers and third party cookies.<ref>https://themarkup.org/blacklight?url=malwarebytes.com&device=mobile&location=us&force=false</ref> Also, on each webpage, a seemingly harmless GIF file (<code><nowiki>https://genesis.malwarebytes.com/api/v1/wai.gif</nowiki></code>) is being loaded. The GIF returns JSON data, which is probably being used for fingerprinting.<ref name=":0" /> [[wikipedia:Fingerprint_(computing)|Fingerprinting]] is a method to identify and track users uniquely based on the characteristics of their device and browser, which raises additional privacy issues regarding Malwarebytes' behavior.
The '''Functional Data''' section of the privacy policy states:<blockquote>We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.</blockquote>Malwarebytes website also contains ads, trackers and third-party [[Web cookie|cookies]].<ref>{{Cite web |title=malwarebytes.com — Blacklight Search Results |url=https://themarkup.org/blacklight?url=malwarebytes.com&device=mobile&location=us&force=false |website=The Markup |access-date=13 Jul 2025 |url-status=live |archive-url=http://web.archive.org/web/20250708182543/https://themarkup.org/blacklight?url=malwarebytes.com&device=mobile&location=us&force=false |archive-date=8 Jul 2025}}</ref> Also, on each webpage, a seemingly harmless GIF file (<code><nowiki>https://genesis.malwarebytes.com/api/v1/wai.gif</nowiki></code>) is being loaded. The GIF returns JSON data, which is possibly being used for [[Device fingerprint|fingerprinting]].<ref name=":0" />


==See also==
==See also==
{{Placeholder box|Link to relevant theme articles or products with similar incidents.}}
{{Ph-C-SA}}
 


==References==
==References==
{{reflist}}
{{Reflist}}


[[Category:{{PAGENAME}}]]
[[Category:{{PAGENAME}}]]
[[Category:Software]]
Retrieved from "https://mirror.consumerrights.wiki/w/Malwarebytes"