Avast antivirus

A subsidiary of Avast antivirus is selling sensitive user browsing data to many companies, including Revlon, Microsoft, Google, Yelp, Condé Nast, and TripAdvisor.

According to a recent joint investigation by Vice’s Motherboard and PCMag, highly granular and sensitive user data from users of Avast antivirus is being repackaged and sold to companies via a subsidiary called Jumpshot which promises buyers of the data information on “Every search. Every click. Every buy. On every site.”

Avast’s “free” or “freemium” antivirus software has over 435 million active users, with 100 million devices feeding data into Jumpshot, including, Google searches, LinkedIn activity, Youtube activity, and activity on pornographic websites. According to the Motherboard article, “multiple Avast users… were not aware Avast sold browsing data, raising questions about how informed that consent is.”

The primary method of Avast’s data collection was initially via web browser plugins distributed through subsidiaries such as AVG. After privacy concerns were raised by security researchers, Google, Mozilla, and Firefox removed and banned these extensions from their respective web browsers. Since then, the company has begun harvesting user information through its anti-virus software. 

Representatives from Avast responded to the report by emphasizing that users can opt out of their data collection, and that any data collected is anonymized.

“We have a long track record of protecting users’ devices and data against malware, and we understand and take seriously the responsibility to balance user privacy with the necessary use of data,” the company announced in a statement. 

Critics of the company’s data collection policies responded to this statement with skepticism.

“It’s almost impossible to de-identify data,” said law professor Eric Goldman. “When they promise to de-identify the data, I don’t believe it.”

Read the article here.