Avast shuts down Jumpshot
Avast CEO Ondrej Vlcek announced today on the official Avast blog that the company will shut down Jumpshot, a subsidiary which sold data provided by Avast products to third-party companies.
Avast, best known for its antivirus solutions for various operating systems, expanded significantly in recent years. The company acquired its competitor AVG in 2016 and Piriform, maker of CCleaner in 2017. It also owns HideMyAss, a popular VPN and browser proxy provider.
Wladimir Palant, creator of the popular content blocking solution AdBlock Plus, published an analysis of Avast's extensions for browsers in late 2019 on his personal blog. He concluded that Avast was collecting more data than it could possibly need to provide security to its users. Mozilla and Google pulled Avast extensions from their stores temporarily at that time but reinstated them soon therafter after Avast made changes to them.
A joint investigation by Vice and PC Magazine revealed additional details about Jumpshot's business practices. The report confirmed that Jumpshot sold data collected by Avast products to third-party companies after processing it.
Avast CEO Ondrej Vlcek apologized today stating that "Jumpshot has hurt the feelings of many" and that the whole incident "raised a number of questions" including the "fundamental question of trust".
He goes on to say that Avast's top priority is to protect people and that "anything to the contrary is unacceptable".
Avast started Jumpshot in 2015 to extend its "data analytics capabilities beyond core security". It believed that it could do this "more securely" than other companies that collected data. Jumpshot operated as an independent company according to Vlcek but always within legal bounds.
Avast's new CEO, who took over seven months ago according to the blog post, started to evaluate every bit of the company's business when he took over. He concluded (when is not clear) that the data collecting business was not in line with Avast's "privacy priorities".
The decision was made to shut down Jumpshot.
I firmly believe it will help Avast focus on and unlock its full potential to deliver on its promise of security and privacy. And I especially thank our users, whose recent feedback accelerated our decision to take quick action.
Avast will have a hard time regaining the trust of its users and ex-users. Time will tell if the company manages to make the u-turn to focus on its core business, security. It will also be interesting to see how the shutting down will affect Avast's financially.
Now You: what is your take on Avast's decision?
Ditched Avast just yesterday because of the data mining activities. Probably won’t be back for a while since I’ve just installed another AV provider in its place.
While you’re at it, make sure that other provider is not collecting and selling your data as well, which it probably is. I mean, back in the 90’s and 00’s antiviruses used to protect you from software mining your data as wel… now that’s a “feature”. Best antivirus is just common sense: don’t click on links randomly on the internet and don’t download anything from sources you don’t trust. That alone is already half the battle
Also, please don’t return to Avast. Not even after a while. What they are doing right now is the same modus operandi this and many other companies have done all history: wash their hands and come up with a new pretty brand name for a product but is all the same shady business going on behind the courtains.
> Jumpshot operated as an independent company according to Vlcek but always within legal bounds.
“Everything we did was legal” is something only ever uttered by people caught doing bad things.
First Opera, then Avast… The internet is full crooks :(
@ShintoPlasm: good job you’re on a Mac.
Sadly, not anymore. Had to ditch my nice MacBook Pro after warranty ran out and I couldn’t afford the expensive repairs… :’-(
“â€¦hurt the feelings of many”?! WTF?!
I’ll simply say: “F’em!”. This is the point of no return. Avast digged its own hole. Congrats!
@KNTRO “…..hurt the feelings of the many…”
I had to read that back to myself a few times to make sure I read it right. Unbelievable…
Avast’s quote in response to Wladimir Palant, ABP; published analysis of Avast’s extensions for browsers, is blatant s a r c a s m by Avast.
One cannot mess with the Divine Lady Karma…the end result?
She always gets her way.
Oh, we’ll just sweep this under the carpet and all is good again.
How much money did they make from this before they were caught?
And what is the impact to users who had data taken and sold?
I would never touch their products again.
What’s really disturbing is how little traction this story has. Type in ‘Android antivirus’ into Google and it’s not mentioned at all by any review sites, some considered respectable too. Only typing in ‘jumpshot’ or ‘AVG Data Harvesting’ do you get results that confront the issue, this site included. This strikes me as disingenuous on the part of Google.
I used AVG on mobile almost as an afterthought. Should I reconsider? What antivirus isn’t doing this? Do we know? Kaspersky on desktop exfiltrates data to servers in Russia a little too much, but with Win10 the whole operating system seems to act like spyware. This is Web 2.0, wide open and riddled with surveillance by all sides. I hope Avast go bust, but equally I’d like investigations to be routine into every bit. Not that you can trust security researchers.
ESET seem to be pretty decent chaps, on all platform.
Yes! AVG is a subsidiary of Avast. For more thorough reporting, I recommend reading the following:
Second the eset vote.
What about Avast Antivirus – Mobile Security & Virus Cleaner? I have not heard anything about this Android app which I have been using close to 2 years now. I have the premium subscription which I pay for. Should I uninstall it on my Android just to be safe? I am hoping the selling of data is limited to the plans offered for computer operating systems.
I think that you have to make a judgement call on this. Personally, I wouldn’t trust any Avast product. The odds that they were doing this in just a single product seem very low to me. And that they only thought it was a problem when they got caught doing it speaks volumes about what they think about their customers.
Yes, my thoughts exactly. Thanks.
I like the Avast Mobile though, it doesn’t drain the battery like Malwarebytes did when I had the free mobile plan. But I may very well go back to them with a premium paid subscription. I have them on my laptop; very good for blocking the bad guys. So far anyway.
Probably the same data collection purposes, it’s listed as one of them on Avast’s corp site. Mobile is the only product they have that’s not being discontinued that’s doing poorly, down year over year.
You decide. I dumped Avast around 2015 when it became very slow, let tss rootkit in and all the tracking, poor protection news started. Sluggish due to Jumpshot’s start? IDK, eset’s been great on desktop for me, they have an android version.
IIRC, Avast has only been at the top of AV ratings for a year or so, they were middling for quite a while before that. New CEO? Again, IDK.
“Jumpshot has hurt the feelings of many”
That’s of course the biggest offense. Might get you banned from Twitter, even send you to jail in a number of countries.
Wish the title was “Avast shuts down”
“Free” anti-virus. Is anyone actually shocked by this? Avast should have been up-front from the beginning and informed people that this collection is the cost of your free anti-virus. I mean they’re just doing what google does, it’s just that google’s up-front about it.
All giants collect them, not only Google. You are right, Google is up-front about it unlike others. Apple only collects them. Microsoft, Google and Amazon are selling them too.
Too little too late! You’re already lost the user’s trust.
Lost in the discussion is that no doubt whatsover the user agreed to the policy when the continue or OK button was clicked during the install. You know, in that little window with the fine text and tiny scroll bar slider.
But what would be egregious is if a licen$ed user were not given the opportunity to opt-out. I haven’t used either Avast or AVG in well over a decade, so I don’t know if that option is available.
As for CCleaner, the exe outbound has been blocked in the firewall for a long time. The app still connects out occasionally even when the “sendind annonymous usage data” and “updates automatically” are disabled and the “updates manually” enabled.
In a forum post on their site an avast person said that it depends on your settings, he didn’t specify which settings, whether they also spied on paying users. He also didn’t say if you were spied on by default or not.
For some software, maybe that doesn’t matter; for others maybe just blocking outgoing requests in your firewall is fine. For AV’s and VPN’s it’s never OK.
Direct connections attempts are fairly easy to detect. Data passed to the OS or browsers, then forwarded to Avast or whomever, much harder by ordinary means. Avast affiliates with Google (Chrome) and other ad companies. I’d definitely consider whether software by a company constantly getting busted for lying and stealing should be on my device.
@Haakon: “Lost in the discussion is that no doubt whatsover the user agreed to the policy when the continue or OK button was clicked during the install. You know, in that little window with the fine text and tiny scroll bar slider.”
That’s probably true, but I don’t think that sort of thing reasonably counts as “informed consent”.
He goes on to say that Avast’s top priority is to protect people and that “anything to the contrary is unacceptable”.
Yet he was fine making money by spying on users, he can’t pretend he didn’t know what was going on, and would have kept on doing it if he hadn’t been found out. It’s hard to find a trustworthy company these days.
Trustworthy company? A company that doesn’t make money from you as a product and at the same time gives you free products? Good luck. A company has always an agenda, to make money. They could offer you something for a while for making a userbase, but when they have it, they will make up for the loss.
Not sure what this means, Avast sold 35% of Jumpshot July 2019.
Two days ago the Avast Blog issues a blurb about how private Jumpshot is; yesterday, they’re shutting down Jumpshot. What, the 65% they still own?
Avast does have a non profit foundation, The Avast Foundation (surprised?), that seems to do a lot of good, including end of life care.
What about the corporation?
-We are the most profitable publicly traded software company
-Your Board is committed to ensuring an attractive return on investment
-We offer our customers protection performance and privacy
We generate revenues in three different ways (two of which are):
Customers pay us directly for a product
Partners pay us for distribution and access to our user base
(The third is SMB.)
Sure, Avast is a business out to make money, as all businesses are but user data brokering (Indirect) is 10-15 percent of revenue, they’re going to dump it? Nope, just find another way to do the same thing.
Financially, Avast is doing very well, they attract customers like moths to a flame. They’ve been telling markets they’ve been scraping user data, how they collect it and how they sell it, for years and it matters not a bit. Lose one user, gain ten, big deal!
Users would benefit from reading more of these to temper online software reviews and forum comments.
Think the new CEO, the ex-President of Consumer (Products) is going to ignore shareholders for users? Not unless he wants to polish his shoes and hit the streets.
Here are my thoughts on this not so pleasant revelation.
“He concluded (when is not clear) that the data collecting business was not in line with Avast’s “privacy priorities.”
Sure he did, after Avast was repeatedly caught STEALING user data through multiple software products. There are unfortunately many more companies that are just as guilty and continue their criminal activities.
Does anyone know if this scumbag behaviour also occurs for paying customers?
Yes it can but depends on your settings.
Pssst, class action suit.
I have to admit I appreciate companies apologizing using terminology audiences like to hear.
Unlike the annual doubling down “It was the bestest update everrr” by Microsoft. The “We would never do such a thing” by Mozilla. Or the “Privacy is our ultimate goal” by Google and Facebook.
Staying away from any controversy would be even better though. Especially if “Staying away from any controversy” is the main product you’re trying to sell.
Avast closed Jumpshot but will continue to harvest users data (probably selling as well).
I haven’t used an AV for a long long time…my default AV is Windows Defender and some common sense. Your AV is as good as your judgments when you browse the internet…I never go to unfamiliar web-pages and never download apps from one. I have never been infected with a Virus for as long as I have used a computer.
Too late. Already lost trust in a product I used for years. Switched to Bitdefender and pleasantly happy with how light and how well it works. As another user commented, Windows Defender is completely fine with some common sense. Having another layer of security doesn’t hurt as well, unless clearly it was Avast. As the saying goes, â€œTrust takes years to build, seconds to break, and forever to repair.â€
Freeware kind of works this way anymore. You have to find ways to pay people to develop and support it. I would rather use Defender on Windows if your cheap or spend $25 or so on a paid solution which may even provide a bit better security. I think Avast went overboard on its data collection and not being totally upfront when caught just added to their demise.
Too little and too late. Avast betrayed their customer base’s trust and there’s nothing they can do to get it bad. A few people will give them another chance, but the company will fade away. That is, unless they can change their name and not let it slip out that they did so.
Nobody was spying on anybody, come on, wake up! You wanted to share your data – you said Yes. Dot.
Next time you read things first and stop clicking Agree, Yes, Next just because you want to install a software, an app and use it. If you canâ€™t read – this is where you lost your time at school; nobody can help you.
Too little too late. There’s overwhelming evidence Avast was designed as malware. I’ve had their virus self install on my Windows 7 without warning and consent. It loaded itself with several pup malwares that required two sepcialized virust rem overs to effectively clean them out.