Google, Microsoft Buying Your Sensitive Personal Data From Avast Antivirus!

Must Read

Elon Musk Added Over $100 Billion To His Net Worth In Just 1 Year, Leaves Jeff Bezos Behind

Jeff Bezos may the world's richest person in the world but it's Elon Musk who has been...

Elon Musk Overtakes Bill Gates And Becomes the 2nd Richest Person in the World

It's been a good week for Elon Musk and his electrical vehicle business Tesla. Earlier this week,...

Free Netflix In India From December: Netflix In A Pursuit Of New Subscribers

A month ago, we reported how Netflix might be brewing something interesting that could lead to a free...

Your antivirus software may or may not protect you as much as you’d expect, but they are slowly becoming a threat to your privacy for sure. A recent investigative report by Motherboard and PCMag has blown the cover on Avast’s unethical data harvesting practices.

The report reveals that a subsidiary of the company, Jumpshot, sells extensive data packages to various clients including Google, Microsoft, IBM, Pepsi, Home Depot, and more.

The data is collected from devices that have the Avast Antivirus program and related services installed in them, including the Avast Secure Browser. This data is highly specific, including one’s browser searches, website visits, map locations, the specific time stamp of visit, and even one’s activities on adult websites, sometimes including the specific keywords they searched for and the videos they watched.

Advertisements

The raw data is then sold to companies for high prices on contract basis in “packages”. Jumpshot seems to provide several packages consisting of different kinds and combinations of data to suit their client’s needs. One such package that caught the attention of the investigators is the All Clicks Feed.

The All Clicks Feed is a package that gives the client a list of all the clicks made by users on a given domain, e.g., Amazon.com. Along with a list of clicks on a website, the inferred age and gender of each individual are provided, along with all the URLs they visited on said domain.

Opting into the Jumpshot Panel

While the collection of such vast user data is a cause for concern in and of itself, Avast claims to have done things according to protocol. And on the surface, it might even seem true.

Avast claims that users have always been free to disable data sharing, or “opt-out” of it, so to speak. However, this claim must be taken with a grain of salt as it seems many users weren’t aware of their data being collected to such a degree in the first place.

When questioned, Avast also added that the permission to collect data has explicitly been obtained from all new users as of July 2019, where they are given a slightly more transparent picture of the matter, based on which they can then revoke or grant permission for their data to be collected. Avast also claims that all older users are also being notified about the permissions and has quoted February 2020 as the deadline for the completion of this process.

Advertisements

Despite these claims, when users of the antivirus were approached by PCMag regarding the same, many were unaware of such a thing happening and couldn’t recall being asked for permission for any sort of data collection.

The investigators, however, did get asked for permission for their data’s collection. However, on reading the privacy policy, it was found that the information regarding this particular permission was vague and lacked details about the duration of data storage and failed to outline a clear purpose.

De-identified data: a hoax?

When one grants Avast permission to track their activity, a unique device id is generated for that particular device. All data collected from that device is then stored under that device’s id in the database and Avast provides the data to Jumpshot after redacting Personal Identification Data (PII).

Here is another loophole in Avast’s adherence to protocol. While the data provided from Avast’s end is anonymous, this anonymity is only superficial, as the identity of the user can be found out through cross-referencing other databases. This is possible due to the high specificity of the data, as mentioned above.

Thus, de-identified data, in the end, doesn’t do much to protect the user’s privacy.

Avast was caught in a similar scandal not too long ago, due to its browser extension. A report in December 2019 criticized it for collecting more data than necessary from a user’s online activities. Many browsers took down the extension from their stores soon after the incident, including Chrome Web Browser.

Avast is a Czech cybersecurity firm with an estimated 435 million users worldwide. Out of these, it is believed that around 100 million were affected by Avast’s data harvesting scheme. To make matters worse, Avast seems to maintain a lukewarm stance on the issue, despite the large-scale breach of user trust.

Incidents of collecting and selling data by large cybersecurity and tech firms have become a burning issue in recent times and have come to be criticized by politicians, advocates for human rights, and citizens alike. Data privacy is considered to be a fundamental right by many jurisdictions, including the EU.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Facebook’s Past Comes Back To Bite As South Korea Fines Them For 2018 Scandal

The social media behemoth Facebook Inc. (NASDAQ:FB) has once against proved they are the true arch-nemesis of...

Amazon Future Group Dispute Deepens As Singapore Court Turns Down Future Group Plea

The dispute between Amazon and Future Retail is, apparently, far from over anything soon as the Singapore International Arbitration Centre (SIAC) has...

Google Pay Fee On Instant Transfer: An Indication Of Google’s Aggressive Monetisation Strategy?

Google has decided to levy fee on instant payment, starting from the US market. A few days back, Google...

Twitter Account Verification Is Back, But Has it Lost Its Mojo?

Twitterati queue up! As the Twitter account verification process which is responsible for awarding blue badges prepares to...

Paytm Lawsuit Impact: TRAI Slaps Fine On Jio, Airtel, BSNL And Other Telcom Operators

The emergence of e-wallets brought along with itself a big uprise in notorious phishing scammers who prey on unsuspecting consumers by pretending...

MobiKwik Takes A Dig At Paytm After The Recent App Ban

The ongoing China-India border tension is resulting in more apps getting banned, and every time that happens the Indian startup unicorn Paytm...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This