Serious Concerns About KART's Unauthorized HTTPS Certificate Replacement and Privacy Infringement

[Akarin]

I am writing to express my deep frustration and anger towards the Free Kaspersky Anti-Ransomware Tool (KART).

For about a month, I have been experiencing abnormal behavior in some of my software applications. Upon investigation, I discovered that KART has replaced my system's HTTPS certificates with its own root certificate without my knowledge or consent. The certificate was generated approximately six months ago, but I am unsure if the replacement happened then or more recently.

Replacing certificates equates to decrypting HTTPS encrypted traffic, effectively performing a man-in-the-middle (MITM) attack. This is a serious security concern because it allows KART to intercept and potentially manipulate all encrypted communications on my system. Such actions are intrusive and undermine the fundamental security guarantees that HTTPS is supposed to provide.

Regardless of whether this HTTPS certificate replacement was an existing feature or part of a recent update, Kaspersky failed to inform users explicitly. There is no mention of this functionality on the official website (https://www.kaspersky.com/anti-ransomware-tool), during the installation's quick tour, or within the software settings. Moreover, there is no option provided to disable this intrusive feature. In contrast, other antivirus software, including various versions of Kaspersky Anti-Virus, offer users the choice to disable HTTPS traffic decryption.

This unauthorized action poses significant security risks and invades user privacy. Even after uninstalling KART, the root certificate remains on the computer, continuing to present security vulnerabilities. This shows a blatant and disgraceful disregard for user autonomy and rights.

I am beyond furious with Kaspersky's lack of transparency and respect for user consent. Such practices are absolutely unacceptable and undermine the trust users place in your products, potentially violating user privacy and rights.

I am retaining all evidence of these actions and reserve the right to file formal complaints and reports against Kaspersky with relevant authorities and consumer protection agencies.

I demand immediate action to address these issues and ensure that no further unauthorized changes are made to users' systems.