Google, Microsoft Buying Your Sensitive Personal Data From Avast Antivirus!

Must Read

Your antivirus software may or may not protect you as much as you’d expect, but they are slowly becoming a threat to your privacy for sure. A recent investigative report by Motherboard and PCMag has blown the cover on Avast’s unethical data harvesting practices.

The report reveals that a subsidiary of the company, Jumpshot, sells extensive data packages to various clients including Google, Microsoft, IBM, Pepsi, Home Depot, and more.

The data is collected from devices that have the Avast Antivirus program and related services installed in them, including the Avast Secure Browser. This data is highly specific, including one’s browser searches, website visits, map locations, the specific time stamp of visit, and even one’s activities on adult websites, sometimes including the specific keywords they searched for and the videos they watched.

Advertisements

The raw data is then sold to companies for high prices on contract basis in “packages”. Jumpshot seems to provide several packages consisting of different kinds and combinations of data to suit their client’s needs. One such package that caught the attention of the investigators is the All Clicks Feed.

The All Clicks Feed is a package that gives the client a list of all the clicks made by users on a given domain, e.g., Amazon.com. Along with a list of clicks on a website, the inferred age and gender of each individual are provided, along with all the URLs they visited on said domain.

Opting into the Jumpshot Panel

While the collection of such vast user data is a cause for concern in and of itself, Avast claims to have done things according to protocol. And on the surface, it might even seem true.

Avast claims that users have always been free to disable data sharing, or “opt-out” of it, so to speak. However, this claim must be taken with a grain of salt as it seems many users weren’t aware of their data being collected to such a degree in the first place.

When questioned, Avast also added that the permission to collect data has explicitly been obtained from all new users as of July 2019, where they are given a slightly more transparent picture of the matter, based on which they can then revoke or grant permission for their data to be collected. Avast also claims that all older users are also being notified about the permissions and has quoted February 2020 as the deadline for the completion of this process.

Advertisements

Despite these claims, when users of the antivirus were approached by PCMag regarding the same, many were unaware of such a thing happening and couldn’t recall being asked for permission for any sort of data collection.

The investigators, however, did get asked for permission for their data’s collection. However, on reading the privacy policy, it was found that the information regarding this particular permission was vague and lacked details about the duration of data storage and failed to outline a clear purpose.

De-identified data: a hoax?

When one grants Avast permission to track their activity, a unique device id is generated for that particular device. All data collected from that device is then stored under that device’s id in the database and Avast provides the data to Jumpshot after redacting Personal Identification Data (PII).

Here is another loophole in Avast’s adherence to protocol. While the data provided from Avast’s end is anonymous, this anonymity is only superficial, as the identity of the user can be found out through cross-referencing other databases. This is possible due to the high specificity of the data, as mentioned above.

Thus, de-identified data, in the end, doesn’t do much to protect the user’s privacy.

Avast was caught in a similar scandal not too long ago, due to its browser extension. A report in December 2019 criticized it for collecting more data than necessary from a user’s online activities. Many browsers took down the extension from their stores soon after the incident, including Chrome Web Browser.

Avast is a Czech cybersecurity firm with an estimated 435 million users worldwide. Out of these, it is believed that around 100 million were affected by Avast’s data harvesting scheme. To make matters worse, Avast seems to maintain a lukewarm stance on the issue, despite the large-scale breach of user trust.

Incidents of collecting and selling data by large cybersecurity and tech firms have become a burning issue in recent times and have come to be criticized by politicians, advocates for human rights, and citizens alike. Data privacy is considered to be a fundamental right by many jurisdictions, including the EU.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

TikTok Oracle Deal: China is Not Happy

Beijing is not at all happy with how the TikTok-Oracle deal panned out! In...

TikTok Oracle Deal: Confusion, Contradictions and Quest for Control

Another day Another verbal volley. TikTok Oracle deal saga continues. The tug-of-war with the back and forth statements surrounding...

5 Common IT Infrastructure Management Issues You Must Resolve Today!

Your IT infrastructure supports your entire operation, but there are many struggles departments have difficulty identifying and overcoming. One of the biggest...

TikTok Oracle Deal: No Technology Transfer, No Ownership, Rest All Is Fine

The brouhaha around TikTok and the US administration simply refuses to subside. In the ensuing see-saw of developments, ByteDance...

Tesla in Making Moves To Have Presence In India: Scope Of Electric Vehicles In The Country

The wait for seeing Tesla in India may get over soon. Indian citizens can now brace themselves for soon being able to...

Android Users Beware: Your 2FA Code Can Be Stolen By Hackers Now

If you are someone who makes use of two-factor authentication, aka 2FA, to add that extra layer of security on logins and...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This