Avast offers a choice of free and paid antivirus and security tools in both free and paid formats. The tools are popular, with more than 435 million active users monthly using Macs, computers and mobile devices to keep their data safe from damage.
As part of its offerings, Avast's software provides the option of participating in a program that allows the business to collect some types of user data, which it then sells through its subsidiary Jumpshot. A survey of Vice and PC Mag using leaked user data, contracts and other documents has revealed both the extent of these sales and the extent of the data sold by the business.
Data obtained for the survey revealed that the information collected by Avast is extensive, including Google searches, location searches, and GPS coordinates from Google Maps, its LinkedIn pages and its video listings YouTube. Even more alarming is that it logs anonymous site visits and states the date and time the user visited the website, as well as search terms and video that have been shown in some cases.
Despite efforts to anonymize the data, some experts have argued that specifically browsing data could be used to verify identities.
The volume of data collected may not be known to Avast consumers, and the survey is recommended by many users who are unaware of the sale of such data. browsing.
The subsidiary claims to have data from 100 million devices, with the investigation claiming that Jumpshot repackages the data collected by Avast into different packages. Also included is the so-called “All Clicks Feed” option, where customers pay millions of dollars to be able to track user behavior and “move” the website.
The customer list includes many big companies like Google, Yelp, Microsoft and Pepsi.
Until recently, data was collected through the Avast browser, which provides user warnings about suspicious and malicious websites. A report by security researcher and AdBlock Plus creator Wladimir Palant in October revealed that the plugin was used for data harvesting in October, asking Mozilla, Opera and Google to remove access to Avast extensions.
Avast has said in a statement that it has stopped providing browser data collected from Jumpshot extensions.
The research found from some leaked documents that Avast is still harvesting data, but through the antivirus itself, instead of its plugins browser. Last week, an internal document revealed that Avast has begun asking its free antivirus users to re-select the data collection.
Data is a lucrative income for Avast. In copy copies with Jumpshot customers, a marketing firm paid more than $ 2 million in data access in 2019, providing an "Insight Feed" for 20 domains from 14 domains worldwide.
These data included users' gender based on browsing behavior, age, and other details. Device IDs are "hashed" to prevent clients from identifying people, but because device IDs do not change for one user, unless they fully reinstall Avast tools, this could allow a large amount of data to be collected by a user over time, resulting in possible line identification.
Avast informed the investigation that "because of our approach, we ensure that Jumpshot does not obtain personal information, such as a name, email or contact information, from people using the popular free antivirus". The company continued in a statement to reiterate that users were able to opt out of data sharing and that it had begun "implementing an explicit opt-in option for all new AV downloads" as of July 2019, requesting that all existing free users to choose by February 2020.