Big thanks to David Eade for reporting security issues affecting Avast and AVG AntiTrack. Following David’s submission, we fixed the issues in versions 220.127.116.11 of Avast AntiTrack and version 18.104.22.168 of AVG AntiTrack.
David discovered security issues affecting AntiTrack users in regards to how HTTPS filtering occurred. With this feature enabled, certain browsers could successfully connect using TLS 1.0, even if TLS 1.0 had been explicitly disabled in the browser. Cipher suites were not honored entirely and forward secrecy did not work correctly for all supported browsers. David also found that AntiTrack did not effectively block self-signed certificates for unsecure sites.
Thanks to David reporting these issues to us, the issues have been fixed, through an update pushed to all AntiTrack users.