Done polishing the article on #Avast vulnerabilities (to be published next Monday), now I can finally look into how Avast addressed the privacy issues reported earlier.
Ok, so far it seems that the technical changes in Firefox are limited to a consent page. If you disagree the extension won't do anything and suggest that you uninstall. If you agree the same data is transmitted as before (minus page title).
Wait, there is more after all. The setting called "Allow usage data to be shared with 3rd parties for analytics" is now called "Allow usage data to be shared with Jumpshot for analytics." If I understood correctly, this considers the data sharing setting of the application now.
Comparing the code some more, it seems that the code syncing "data sharing" setting in the application and "communityIQ" setting in the extension was already there before. Clearly, it doesn't affect the data sent, question is what it actually does...
Interesting fact: the setting was only renamed in English, all other languages still use the old wording. These languages are better off than before however, original setting name was something like "Allow data sharing" there.
So when data sharing with Jumpshot isn't allowed, the requests will have an additional "dnl" flag set. Presumably, Avast will consider it on the server side and make sure that data isn't shared with Jumpshot. Some requests won't be sent, I'm not entirely sure which ones however.
Interestingly, the amount of data being sent in practice for me has been reduced considerably - it's actually quite acceptable now. That's regardless of whether data sharing with Jumpshot is allowed. But the code looks the same, I'll need to figure out what really changed here.
But internally that setting exists on Chrome as well, presumably it's synced to the application's "data sharing" setting. The default here is now sending a limited set of data. If application is installed and data sharing allowed there, it will send everything like before.
A Mastodon instance for info/cyber security-minded people.