Avast is in hot water again: subsidiary sells browsing data
The past couple of months have not been good for Avast. The company faced a wave of criticism ever since some of its business practices came to light. Wladimir Palant kicked it all off with a detailed analysis of Avast's browser extensions.
He discovered that the extensions transmitted browsing history information to Avast that that went beyond the data needed to provide the security the product promised. Among the data was the full URL of any page visited, the page title, referer (site the user came from), as well as every link on search result pages.
Palant concluded back then that the over-collecting of data was not an oversight but deliberate. Mozilla and Google removed Avast and AVG extensions from their respective web stores as a consequence. Avast updated its extensions and they are now available again.
A joint investigation by Vice and PC Magazine looked deeper into Avast's business practices surrounding collected user data. According to the info, Avast subsidiary Jumpshot gets data from Avast antivirus installations on user devices, processes it to sell the processed data to companies.
One product, called All Clicks Feed, would provide companies, customers including large corporations such as Google, Microsoft, Pepsi, Home Depot, or McKinsey, with information on user behavior, clicks, and activity across visited websites in great detail.
The data is anonymized according to Avast which means that personally identifiable information such as a user's IP address or email addresses are removed from the data before it is sold.
While that looks good on paper, methods exists to de-anonymize data. A data package may include a device ID which means that it is easy enough to look up the browsing history of a particular device. It includes date and time, and information about the visited site as well.
One option that companies that purchase the data have is to use other data sources to identify individual users. Imagine Google or Amazon using date, time and URL information to cross-check with user activity on their sites.
If the full URL is provided in a data package, it could also be easy to identify users depending on activity. Visits to a personal homepage, Twitter replies, uploads to YouTube, or any other activity that may be linked to accounts would provide third-parties with information on the actual user.
According to the reports by PC Magazine and Vice, Avast stopped using data for "any other purpose than the core security engine". PC Magazine notes that Avast's Jumpshot division can still obtain data through Avast's main antivirus applications (including those by AVG). Both antivirus solutions include a Web Shield component designed to check visited URLs to ensure that they are not a security risk (e.g. phishing sites).
Ah, now I know why Avast went from “crapware” to “top AV” in “independent” AV reviews. Someone got paid.
@Anon
Or they got blackmailed with the dirt Avast had collected about them.
When companies assert they are better than their users, it all goes pear shaped. As news spread, Avast will lose millions of users. After a while, they will apologize, and try and get clients back – but then too late…
What seems like a dumb move to you, may likely be the best move by Avast.
“Even if we lose, we will still win” is a popular goal among business folks.
Who knows, perhaps Avast made a quid pro quo deal with Microsoft, and this so-called news is just part of that game.
Funny how outsiders assume they know-it-all, when they don’t.
That said, I reckon companies who collect user data at least know they are more clever than most users, where they continue to effortlessly exploit the gullible masses in ways most folks will never know about.
For example, international data collection agencies are now recording data in the real world with cams. They take photos of you and your car and plate number, and link that to whatever they can. As such, your medical records may be confidential, but they can still potentially see that you visit your doctor and pharmacy every week.
But alas, the gullible masses don’t care enough to stop it. Some may try to stop it, by they get tricked and side-tracked, and so it goes.
I left using Avast in the past, CPU consumption was 100% for more half an hour sometimes.
You are completely right, I agree! ¡Tiene usted toda la razón, estoy de acuerdo!
In breaking news, Piriform, owner of Avast, CCleaner and broker of user data collected by their software has purchased the Opera browser.
Ain’t got nowhere near weird as it’s gonna, stick around.
The only thing weird is your disinformation.
I never used it. I always used common sense, uBlock, Defender and Malwarebytes.
El meollo de la cuestión es que todas las empresas fabricantes de AV ven como se les acaba poco a poco el negocio desde que Windows 10 viene con un AV muy efectivo y la gente está viendo que no es necesario desprenderse de unos cuantos dólares para una protección de pago que ya no se necesita por lo efectivo del AV incorporado.
English please…
@ShintoPlasm, all comments are moderated, so probably spanish language is allowed in certain way. However, Google Translate is available to anyone for free, so there is no problem to understand any single comment if you are firmly decided to know about its content. Furthermore, Chrome and others browsers are able to translate any single entire website to any language in just a couple of seconds. I am enjoying this trusted translating services nowadays to read chinese websites… about Wuhan coronavirus. In a globalized world, languages are not an issue at all! 😄
PS.: 580 million people speak spanish in 20 countries, it’s a big market for sure!
tbh, Whoever is surpsised about that should immediatey stop using the interweb.
Avast alwas been a bloated AV product and that alone tells alot about the mind of the makers. They became more and more shady over time by obviosly taking userdate as new income source.
if you need a non build in AV tool, there are others out there that do the job. the less bloated(and un-clouded) the better.
It’s a silly bet they made on a Saturday night. They were challenged to prove that they could be hated even more than they were, and they took the bait.
I stopped using Antivirus years ago.
Avast, you have become the very thing you vowed to destroy. The best outcome of this is that word of mouth causes them to lose most of the market.
I always knew to run like hell whenever an AV program wanted me to let them touch my web browser, because it just sent my spidey senses crazy. Some people would call me paranoid, but again, I was right. I usually am.
I had a bad feeling about Avast, but after they removed CCleaner Portable and forced installer on everyone, I knew they were definitely up to no good. And now this proves that Avast is basically a malware.
???
https://www.ccleaner.com/ccleaner/builds
Last time I checked it wasn’t there. now Speccy & Recuva definitely do not have portable versions anymore.
Does avast not inform users about what data collection will occur prior to install.?.last time i used avast it was at version 5 and certainly nothing shady or nefarious occurred then.If it is clearly stated what data is collected then the fault is with the user for not reading and comprehending what is stated.
Data laws have changed considerably since then and avast just like most if not all internet companies are bound by these laws.
What data are we talking about here.?.websites etc can still be monitored by your ISP and logged.
@Kubrick
One thing to be aware of, is when they say “this policy can change at any time”.
So, it doesn’t matter much what they say prior to install.
As for “websites etc can still be monitored by your ISP and logged”. Yes, in the USA at least, thanks to Trump and company via those new FCC allowances for ISPs.
Yet many USA ISPs have their own policies, where they say they don’t collect and/or sell such user data, but remember, “this policy can change at any time”.
https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/#what-data-is-being-sent
“The data is anonymized according to Avast which means that personally identifiable information such as a user’s IP address or email addresses are removed from the data before it is sold.
While that looks good on paper, methods exists to de-anonymize data.”
So Mozilla can sell browsing data to Cliqz “because it’s anonymized” (https://en.wikipedia.org/wiki/Cliqz#Integration_with_Firefox), most of big tech companies will claim every collection and processing moral right on our data as long as it’s anonymized, but when their not-friend Avast does it too suddenly they remember that it’s still bad to do that, and that in particular data can be de-anonymized ?
Let me add something that people tend to forget in these times of death of digital rights, that de-anonymization is not the only reason, not even the main reason why this kind of anonymized data collection is bad: the main reason is that our data belongs to us, not to some business whose code we’re running on our devices.
Shh.. Mozillians claim the IP address is not identifiable information, hence won’t be able to create a profile and associate it with you. They post these articles in their safe-heaven, also known as r/firefox, and attack you in herds afterwards.
I’ve seen it.
@Yuliya
Well, technically an IP address only identifies a connection, not a person or device but calling that anonymous is total BS especially in locales where ISP’s are also complicit in user data brokering.
Why install an AV solution at all? Install all Windows updates, use Windows Defender. Keep your browser up to date, and use uBlock Origin in the browser (enable all anti-malware filter lists!).
Most AV solutions are either junkware or a total subscription-based ripoff, they also slow the system down. You can totally do without them.
This is the correct answer. AV (third party anyway ) broadens your computer’s attack surface. Stick with Windows Defender and keep updated, then go find something else to worry about. If you don’t trust Windows Defender than how/why can/do you trust Windows OS in general? We’re talking the same company here folks. If you think MS doesn’t take security seriously, then do yourself a favor and move along to Linux or Apple where blissful nirvana will await you. LOL
The only correct answer is don’t use Windows unless you absolutely have to. Just use something safer and better like Linux.
“The only correct answer is don’t use Windows unless you absolutely have to. Just use something safer and better like Linux.”
For most of us, that’s like saying:
Don’t use cars unless it’s an emergency. Just walk as that’s better and safer.
“The only correct answer”
Your tribal extremism and misinformation is not welcome here.
Please save your narrow-minded tactics for Facebook and Twitter.
Tribal extremism, misinformation, narrow-minded tactics… wow! Just relax, you’re taking my reply, this place, your OS and especially yourself way too seriously.
There’s more to life…
You simply just dug a deeper hole for yourself.
Oh well, enjoy your muck of a life.
> If you don’t trust Windows Defender than how/why can/do you trust Windows OS in general?
Just because they have same Windows name does not mean they’re developed by same people. That said, many people don’t trust Windows but it’s the only usable Desktop OS so nothing can be done without it.
lol @Kent Brockman there is this something called “review”…if defender fail to meet one expectation in review why would one use it when there something better.
linux is usable but not on the same level of usability in windows yet…
@Iron Heart
I SO Totally Agree with your comment!
(I, too, this common sense approach to fighting malware)
i
btw here a popup test website, you will know what i mean by damned popup, you never know when there gonna be one until it pop up…https://webbrowsertools.com/popup-blocker/
wow…you do know that thing called “list” right…hence if not in list not blocked aight?junkware?rip off?seriously dude?
and funny thing windows defender actually more heavy than this antivirus solution we talking about…https://www.youtube.com/watch?v=LTE9s_34NxY (please do note this is on high end system and in a virtual machine)
and if you concerned about “slow the system down” turn off the automatic scan…just periodically scan manually.(also applies to database update?idk)
i use adblock too which is adguard(ublock origin really fail fighting with anti-adblock so far for me)…i also activate that list in adguard but kaspersky security cloud free do occasionally blocked some adware links which wasnt blocked by adblock…most of the report coming from gibberish number and alphabet domain which i think they actually ads, a malicious ads…problem nowadays isnt clicking ads, but the damned “popup” even when i set ff pref to dom.popup_allowed_events to blank some of them still managed to open in the same tab or new tab(new tab instead of new windows because of tab mix plus…)
well sorry for my english, and please dont be so negative…with ransomware and all nowadays it better be safe than sorry.
@point: Try Kaspersky Cloud Free
Cloud .. says it all. no thx ;)
So the US tells us not to use Huawei 5G because the Chinese will steal our data and yet it’s ok for Avast to give the same data away!.
@Joe 90
5G is to be the network backbone for most everything, where the web user has no choice to not use it.
With Avast, you have a choice not to use it.
That said, your misinformation on this matter is not welcome here.
This is not Facebook or Twitter.
It nothing like “giving the same data away”, a silly analogy.
Thanks Martin I guess? :)
I remember the good old days when JumpShot helped clean up and speed up your PC, I even bought a license then AVAST bought them… Sad to see where JumpShot has ended…
Jumpshot or ccleaner? Thats why i don’t use ccleaner anymore
Definitely JumpShot, here’s the old KickStarter campaign: https://www.kickstarter.com/projects/thejumpshot/jumpshot-a-new-weapon-to-battle-pc-frustration/description
Suggestions for free AV that is less evil than Avast but not a compromise in defence for those still rocking Win7?
Avira free (popupAds-galore)?
Bitdefender free (kiddysafe_no-settings)?
Eset’s been working well for me, doesn’t seem to slow down things even with phishing and malware filtering done by it vs. browser. It’s really cheap on ebay if you search a bit.
I used bitdefender for a few years but it has way to much fluff now, their bundled VPN is stupid.
Tried webroot for a while but couldn’t tell if it really does anything or not, a weird program with even weirder forum opinions and reviews, some glowing, some awful, most irrational. It started to slow down browsing and exaggerate windows’ existing sporadic mouse lagging so, adios. They were bought out by Carbonite, time will tell if that changes anything.
Defender is sloooooow, we disable telemetry then use Defender to send everything we do to MS anyway? Sure. MS’s firewall is fine, however.
I’ve migrated to just AV’s; suites have many redundant features, only need to filter junk once, not with a number of programs.
i use on win7 clamwin for on demand and an older avira thats not yet bloated and works with offline updates. so far so good.
else i use virustotal for single suspects
MS security essentials unless they’ve taken the link down.
There was a time when the old ” if it’s free you are the product” saying was true which people still repeat. However that is no longer the case as even if you have paid you still are the product to many. This is yet another example of why you should not tolerate telemetry aka spying in anything or at very least it should be opt-in No one is to be trusted these days.
Isn’t MBAM still free? Idk, I stopped using any a/v products years ago, as I noticed them not picking anything due to my general good practices, and wasting resources.
But I think MSE should still get definition updates, right?
You can find Avast”s reply to this article here, https://forum.avast.com/index.php?topic=231828.msg1533674#msg1533674
shit product
Stay tuned for more of The Avast Odyssey sitcom.
When dishonesty reaches such a point it becomes laughable except when you’re the target in which case moving out is the only way to make tears of sorrow becomes tears of laughs. Avast is a sinister company.
>Pepsi
Pff, Coca Cola is the superior beverage anyway! Also respects your privacy now, at least more than Pepsi does.
Yeah, this is Avast. What did you expect. Among the worst in the industry. Avoid.
Nice one, Avast. As soon as my subscription expires, I’m going back to Windows Defender.
@Random Guy:
Why wait?
Better use Karspersky Cloud, unlike Windows Defender, you CAN turn it off when you need to do so.
You can turn off real-time protection in Windows Defender. but why would you want that, if you can whitelist any file and keep using it without turning off the whole real-time protection?
It’s a resource hog, false positives, and it phones home to MS every time it scans a new file. Windows 10 is a security farce.
Windows Defender, like most antivirus, is a resource hog. That’s why i don’t use none.
Avast goes beyond the data needed to provide the security the product promised, and that the over-collecting of data was not an oversight but deliberate.
Still, you are going to continue to use it to get your MONEY’S WORTH? Wow!