I’ll chime in…again.
You’re running Norton.
You’ve agreed with Norton policies.
A legally binding agreement is predicated on meeting of the minds, so much depends on when these particular privacy policies were put in place by Norton. For the sake of argument, If they did so after I purchased their service (I purchased a multi-year policy) and if they neglected to notify me of any changes in their policy subsequent to my purchase, then whether an agreement exists is debatable. I don’t think caveat emptor would prevail in court.
People have varying degrees of comfort concerning sharing personal information. This is evidenced by the wide variety of both state and international laws governing this matter. Generally speaking, younger generations tend to be less concerned compared to those of my generation, i.e. the old fogies. And there are those, regardless of age, who having been bombarded with the daily barrage of security breaches, have simply given up and assume all their personal information is “out there” for the taking so why worry.
I think it’s safe to say that on the issue of user privacy, you and I have a different comfort threshold. It’s just a difference of opinion.
Hello @Puzzler
Okay…as you know.
All software is offered AS IS.
Norton legalese is cobbled to protect Norton.
Maybe, you can get the FTC to investigate Norton…too.
Maybe, you’ll get $50 or $80 here too.
If I did not trust Norton. I’d stop running Norton.
I know my personal information is out there.
I know Norton has some of my personal information.
I just don’t believe Norton is uploading everyone’s personal files.
I just don’t think Norton has the resources nor the interest in my dogs birthday pics.
Changing corporate culture is our pro-business environment is over my pay grade.
G-d speed to you with your due diligence.
Note: my Norton account does not have personally identifiable information.
Note: I’ve received multiple notices that some place I’ve done business with has been breached … and offering me free monitoring.
My address and social security number may be on the dark web.
I’m not moving nor getting a new ss number.
My smart phone is probably listening in on my conversations.
My smart TV is probably watching me.
My smart refrigerator probably knows what I’m hungry for, before I do.
My car knows all about me here too.
What prevails in courts today is beyond my comprehension.
What’s going on in the world today is beyond my comprehension.
My personal data exposed “in the ether” is not on my top 10 list of things to worry about.
It’s a little past too late o’clock for my personal data.
warmest regards w sincerest respect
And? Yes or no? You posted basically the same info as before in my post. That confuses users don’t you think? Those links report exactly what data is retrieved and why. Per the product. Just trying to cut down on confusion with rehashing what is already posted.
Respect/Regards,
SA
@bjm I was frozen out of my account by Norton most of yesterday and today so wasn’t able to respond to your post till now. Tech support was unable to help but things appear to be working again for the time being.
I agree with you that our data is exposed by any number of “smart” devices we use as well as large scale data breaches. Attempts to plug holes may be an exercise in futility. Most of my life is behind me and I don’t intend to spend the little time I have left worrying about my personal information that’s on the dark web. With all the breaches I’ve been caught up in, I operate under the assumption that my information is floating around in the dark web for the picking. I take all the precautions to prevent, or at least make it more difficult, for bad actors to use that information and cause harm. I read some time ago that the going rate of a person’s social security number was $5, and it’s probably even cheaper now.
Where you and I likely disagree are our expectations when it comes to products that we purchase to provide security and safeguard our personal information. I never claimed that Norton is sifting through uploaded data to snoop. But as a paying user of their product, I have the right to know exactly what data they collect and how that data are safeguarded and stored.
On the face of it, Norton’s privacy policy seems clear. Maybe it’s just me but I’m left with a lot of questions. One example. Do “emails reported as potential threats” under “Data You Provide” include suspicious emails flagged by N360 as part of its routine email scans (if you opt to enable that feature)? While Norton states all file backups to Norton’s online service are encrypted, there’s no mention of emails that they store being encrypted.
In another section, Norton’s privacy policy states, “Emails if Norton Safe Email is enabled (not stored by default; with your consent, we can store suspicious email messages for in-depth analysis and to keep our detection models up to date for 30 days in raw form, then we remove personal identifiers.” So for at least 30 days your raw email data including personal identifiers are stored somewhere. Encrypted? And does Norton consider the user enabling Norton Safe Email as giving consent? Or is there another process that specifically asks for the user’s consent?
Their policy also raises other questions, e.g. why store your location information based on your ip address and all your device data for over 4 years? All the URLs/Websites you visited for 3 years?
Bottom line. My question is whether all this collection and storage is necessary for Norton to provide the service we purchased and, if so, how they protect the data in case they suffer another data breach.
Rest assured that I’m not at all offended by people whose opinions differ from mine. Comments I find offensive are those that lack civility or use crude language. I’ve been on this foum for a very short time but I haven’t come across those yet.
@SoulAsylum Not sure if your post was intended for me. If it was, the reason I rehashed the privacy policy information you posted was in response to a subsequent post by @bjm to another forum member discussing whether the data collected by Norton are anonymized metadata or entire intact file. Based on some of the language in Norton’s privacy policy, my impression is that the data include personally identifiable information.
While we’re on the subject of many threads discussing one topic, is there a way to search the posts on this forum using keywords? I looked but haven’t stumbled on a way to do that. I can query using Google search but that’s hit and miss. Many of the other forums I use are search enabled. That really helps users find the information they’re looking for and cuts down on the number of duplicate threads repeating the same information.
Just to add my own comments after the discussion about privacy in general:
I have read the Norton privacy policy and its keen, but not unique. However the issue I have is still that Norton v24 has removed files such as executable files, MS office docs with macros and other content from several of my PCs without my permission to scan them remotely. Community Watch is disabled on all these PCs and as such these files aren’t part of the stated privacy policy.
Some of these contain personal information and although I don’t expect Norton will snoop into all these files, no company can guarantee some staff will not do this for criminal or other gain and all systems are subject to hacking whether by social engineering or vulnerabilities as we see with various services on a regular basis.
I appreciate certain users may assume certain information is already leaked, but would they be so comfortable with information they haven’t provided to various third parties being in that list?
The fact remains the current version of Norton can take any files it deems risky and retain them for years despite the settings in the software. Some of these files also contain information from other people that I am working on projects for or assisting in my spare time. This is either a bug in their software given the ‘Community Watch’ and other privacy setting or a deliberate change that the UI/docs don’t reflect.
This has left me excluding so many options that Norton really isn’t doing the job I need. Sadly the software is happy to waste system resources scanning my machines for issues that I don’t have and trying to up sell me fixes at every turn. I also note the current version was running 13 processes on each PC including ones for features I’ve disabled with is poor design/programming/QA.
I work in the software industry and see both sides of this and the wider issue of revenue from such products is difficult given how little some end users are prepared to spend. Hence up selling (plus the previous crypto con) and cutting back on development/QA are probably here to stay for Norton and similar products.
The time I have spent on v24 resolving issues and the file uploading issue are such that removing Norton and just relying on OS security is now the solution for me. I do already have various levels of network security with isolation, hardened machine configs and traffic monitoring. Not ideal but the lesser of two evils for now.
3 Likes
Hello @kmp
I’ve read your message several times and respect your words.
fwiw ~ I see Community Watch as Norton 360 Security Data gatekeeper.
Community Watch enabled Norton collects Norton 360 Security Data as per Norton Security Products (desktop) here
You’re reporting that with Community Watch disabled. Norton collects Norton 360 Security Data.
Security Data: This data is used to deliver the product by alerting you to potentially malicious applications, malware, URLs and links and by informing you about site safety and blocking browsing to unsafe websites, improving the detection of malware and cyber-threats (e.g., through file sample analysis), and pursuing general cybersecurity research.
Security Data may include:
URLs/Websites visited and associated metadata (36 months)
Files identified as potential or known malware (36 months)
Application names and versions (36 months)
File metadata including file paths (36 months)
Security statistics such as number of detections etc. (6 months)
I’ve run Norton 360 with/without Community Watch & Share app-usage data…enabled.
I don’t know how I’d know what data/telemetry Norton was collecting…be it…Security Data, Device Data, Location Data, Service Data or Account Data, etc.
I don’t know why I wouldn’t want Norton to know what I’m doing. I don’t know Norton is uploading whole intact files. Just me.
I was asking bjm if they read the articles I had linked.
SA
@kmp As with you, I have privacy concerns. What got my attention was the sudden and significant increase in data uploaded to an Avast site. Since you’re handling information belonging to others, your heightened vigilance is both understandable and to be applauded.
This morning I reviewed Norton’s Global Privacy Statement with special attention to the questions I personally have, which includes the kind and scope of data Norton collects. Global Privacy Statement | NortonLifeLock Norton’s Global Privacy Statement lists a variety of user’s rights. These rights depend on where the user is based. The EU, for example, has more stringent laws protecting digital privacy than the U.S. but some states have enacted similar laws. I don’t know where you’re located but it may be possible to submit a request to access and review all the information Norton collected from your devices. The pertinent section is under paragraph 8: Your Privacy Rights and Choices. It states:
Access: Right to know and access the personal data we have collected about you, as well as other information about our data processing practices;
Here’s the request submission form. Norton Privacy Requests
Some users can also request that Norton delete all their personal data but my hunch is that it applies primarily to those based in the EU and a few states. If you live in the U.S. and are curious about digital privacy laws in your state, this is a good resource. It’s published by the International Association of Privacy Professionals US State Privacy Legislation Tracker
You mentioned you’re no longer using Norton but in case you’re interested in verifying, as part of your own risk assessment, the information Norton has already accessed, this might be an avenue to pursue.
Even though I’ve come to terms with the unpleasant likelihood that we’ve lost control over our personal data, I’m still active trying to plug holes where possible, including holding companies accountable and lobbying my own state to enact more stringent digital privacy laws. Sad to say, my state is lagging behind. I’ve given up on the federal government to do anything meaningful.
@SoulAsylum Got it. ~P
Excellent. I see no weasel clauses like on Norton’s Global Privacy Statement page so it appears Norton extends these rights to all their users irrespective of their place of residency.
@bjm Do you happen to know how the report is delivered? It indicates that the user will receive an email notifying them when the report is ready. Am I correct in assuming that the report is accessible through the user account portal?
I just requested my information and got this popup.
Not having done this before, I’ll have to wait for the email to see how I’ll access the information.
Hopefully the results will allay your (our) concerns. I’ll be requesting a report as well.
Hi everyone, I want to raise the issue that has not been mentioned here. Like kmp I am a dev. So is my wife. We both sign contracts at the start of new jobs saying we will not share what we are working on (standard agreement in our industry). Well, Norton uploading our files to an uncontrolled environment IS sharing. Community Watch is off but still Norton decides to upload files since the new version so it is actually making me break the law 
One thing I am trying is previously I had exclusions(Security → Advanced → Antivirus → Exclusion) but they disappeared with the new version so I am adding them and this might help…
Oh and yes, never use gmail. It scans everything. remember if you are not paying for something, you are the client
1 Like
Oh I actually found the setting for what keeps flagging the files and sending them to Norton. For me, every item has been flagged by “Download Intelligence” (yes, even files that are not downloaded.). You can set it to active/ inactive here:
Security → Advanced → Web → Download Intelligence.
The blurb it says is “Detects and analyzes suspicious files when you attempt to run them or download them from the internet” yet it detects and flags any .exe I write
@MRB71 As you’ve read in the posts, some of us have or are submitting a request for a report on the data Norton accessed. Hopefully we’ll have a better understanding of the breadth and scope of the accessed files.
I understand your concerns. I’m sure there are other professionals (e.g. healthcare workers subject to HIPAA rules and attorneys) who handle sensitive information and are using N360 but it’s important to first get the facts. So my suggestion to anyone concerned is submit a request to Norton.
1 Like
I have this issue as well which I referred to my last post as ‘information from other people that I am working on projects for’. However these days due to contracts I keep most commercially sensitive content in VMs that are locked down with no internet access but it’s not always possible and not for my own utility executables and docs with macros.