PHAvast Antivirus Collected and Sold Users' Web Browsing Data, Company Responds
Avast is still continuing to harvest the users’ data via its antivirus apps but the company says it is prompting existing users to make an opt-in or opt-out choice.
Highlights:
The leaked documents accessed for the investigation were from a subsidiary of the antivirus giant Avast, called Jumpshot.
The Avast antivirus program was installed on a person's computer that collected the data, and Jumpshot repackaged it into various different products which were sold to big companies.
"Potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Conde Nast, Intuit, and many others," the report claimed.
Some clients even ρáíd millions of dollars for products that include a so-called "All Clicks Feed", which can track user behaviour, clicks, and movement across websites in detail.
In copies of contracts with Jumpshot clients, one marketing firm ρáíd over $2 million (roughly Rs. 14 crores) for data access last year.
In a statement shared with IANS, Ondrej Vlcek, Global CEO of Avast said that in December 2019, the company acted quickly to meet browser store standards and are now compliant with browser extension requirements for our online security extensions.
"At the same time, we completely discontinued the practice of using any data from the browser extensions for any other purpose than the core security engine, including sharing with our subsidiary Jumpshot," said Vlcek.
Vlcek said it has ensured that Jumpshot does not acquire personal identification information, including name, email address or contact details.
"Users have always had the ability to opt out of sharing data with Jumpshot. As of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV, and we are now also prompting our existing free users to make an opt-in or opt-out choice, a process which will be completed in February 2020," explained the Avast CEO.
Avast offers a selection of free and ρáíd-for antivirus and security tools, in both free and in ρáíd-for formats.
According to the investigation, Avast also recorded "**** site visits that are anonymised, offered the date and time the user visited the sites, as well as search terms and viewed videos in some instances".
Multiple Avast users told Motherboard they were not aware that Avast sold browsing data, raising questions about how informed that consent is.
The investigation also found that Avast is still harvesting the data, but via the antivirus software itself, rather than the browser plugins.
pcmag:
UPDATE 1/30: After the joint PCMag-Motherboard investigation made waves, including Sen. Mark Warner chastising the FTC for dropping the ball on oversight, Avast announced it would shut down operations at Jumpshot. "As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned," Ondrej Vlcek said in a statement.
Sources:
gadgets ndtv dot com
You do not have permission to view the full content of this post. Log in or register now. dot com/news/the-cost-of-avasts-free-antivirus-companies-can-spy-on-your-clicks
You do not have permission to view the full content of this post. Log in or register now. dot com/news/mozilla-removes-avast-and-avg-firefox-extensionsUpdated January 27, 2020
News @ Updated January 27, 2020
Avast is still continuing to harvest the users’ data via its antivirus apps but the company says it is prompting existing users to make an opt-in or opt-out choice.
Highlights:
- Avast antivirus is installed on nearly 435 million devices globally
- It reportedly harvested users' data via browser plugins
- Data was then sold it to third parties, including Microsoft and Google
The leaked documents accessed for the investigation were from a subsidiary of the antivirus giant Avast, called Jumpshot.
The Avast antivirus program was installed on a person's computer that collected the data, and Jumpshot repackaged it into various different products which were sold to big companies.
"Potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Conde Nast, Intuit, and many others," the report claimed.
Some clients even ρáíd millions of dollars for products that include a so-called "All Clicks Feed", which can track user behaviour, clicks, and movement across websites in detail.
In copies of contracts with Jumpshot clients, one marketing firm ρáíd over $2 million (roughly Rs. 14 crores) for data access last year.
In a statement shared with IANS, Ondrej Vlcek, Global CEO of Avast said that in December 2019, the company acted quickly to meet browser store standards and are now compliant with browser extension requirements for our online security extensions.
"At the same time, we completely discontinued the practice of using any data from the browser extensions for any other purpose than the core security engine, including sharing with our subsidiary Jumpshot," said Vlcek.
Vlcek said it has ensured that Jumpshot does not acquire personal identification information, including name, email address or contact details.
"Users have always had the ability to opt out of sharing data with Jumpshot. As of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV, and we are now also prompting our existing free users to make an opt-in or opt-out choice, a process which will be completed in February 2020," explained the Avast CEO.
Avast offers a selection of free and ρáíd-for antivirus and security tools, in both free and in ρáíd-for formats.
According to the investigation, Avast also recorded "**** site visits that are anonymised, offered the date and time the user visited the sites, as well as search terms and viewed videos in some instances".
Multiple Avast users told Motherboard they were not aware that Avast sold browsing data, raising questions about how informed that consent is.
The investigation also found that Avast is still harvesting the data, but via the antivirus software itself, rather than the browser plugins.
pcmag:
UPDATE 1/30: After the joint PCMag-Motherboard investigation made waves, including Sen. Mark Warner chastising the FTC for dropping the ball on oversight, Avast announced it would shut down operations at Jumpshot. "As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned," Ondrej Vlcek said in a statement.
Sources:
gadgets ndtv dot com
You do not have permission to view the full content of this post. Log in or register now. dot com/news/the-cost-of-avasts-free-antivirus-companies-can-spy-on-your-clicks
You do not have permission to view the full content of this post. Log in or register now. dot com/news/mozilla-removes-avast-and-avg-firefox-extensionsUpdated January 27, 2020
News @ Updated January 27, 2020
