Malwarebytes is a antivirus/antimalware application that uses tracking of user interactions.
Transparency of this tracking is mediocre. There is no explicit information during installation, but the user is able to opt-out in Malwarebytes’ Settings. The help describes the collected data insufficiently:
Contrary to this general information, many clicks within the software are transmitted, including installation and machine identification numbers.
“You may opt out of usage and threat statistics collection in certain Malwarebytes products within the settings. Threat statistics collection includes detection samples and their corresponding statistics. Usage statistics includes behavior usage tracking.”
This immunizer was for Malwarebytes for Windows. Malwarebytes for MacOS shares this information with third party Crashlytics.
Is it spyware?
We use the ASCs definition of Tracking Software and Spyware:
- Tracking software
- Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.”
- In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.”
Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.
- No consent requested during installation.
- No control during installation. Can be disabled in settings, but is tied to good threat analysis telemetry. Setting partially gets ignored in MacOS version.