Avast expands opt-out after data-sharing investigation

Security company will ask all users of its free antivirus if they are willing to let their browsing data be shared with third parties

Avast has been caught up in yet another privacy scandal, with a joint investigation by PC Mag and Motherboard revealing the extent to which the security firm is collecting user browser histories and selling the data on to third parties. 

Last year, Avast browser extensions were spotted collecting browsing data to sell to advertising firms, sparking Chrome, Opera and Firefox to pull the add-ons from their marketplaces, though some have since returned.

Avast said at the time that it removed any identifying information from the browsing history. The PC Mag and Motherboard investigation suggested it's possible to re-identify that data once it's in the hands of marketers. 

The investigation revealed that Avast sells the collected data via its Jumpshot division to third parties such as marketing companies. The browsing history being collected includes every click, keyword search, and entered URLs, harvested not only from browser extensions but also from users of Avast's free antivirus software. 

The collected data is "de-identified" by stripping out personal details, and tagged with an identifying code. However, research casts doubt on whether any large sample of user data can be truly anonymised. Jumpshot's data does not directly identify any specific individual, but when it is combined with other data, it's simple to see who is clicking what, the investigation claims. 

Related Resource

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

For example, if a data harvesting company or marketer bought data from Avast and also from a website you're logged into (for example Amazon), the information provided would make it possible to link the Avast data to your Amazon account, therefore revealing your identity, and tying it to your entire browsing history. The data seen by the investigators includes searches, GPS coordinates on maps, visits to social media accounts, and even what video was watched on a porn site. 

The investigation showed Jumpshot was selling that data to companies that aggregate such information, with customers buying access to that "all clicks feed" for millions of dollars. 

Avast stopped sharing such data collected via extensions after the revelations last year, and in July 2019 started asking users for permission before sharing their browsing data with Jumpshot. It will now also ask all existing users of its free antivirus to opt-in to data sharing in February. 

An Avast spokesperson said the company stopped sharing browser extension data with Jumpshot in December, only using collected information for core security tasks.

"We ensure that Jumpshot does not acquire personal identification information, including name, email address or contact details," the spokesperson added.

Avast also noted that users have always had the ability to opt out of such data sharing: "As of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV, and we are now also prompting our existing free users to make an opt-in or opt-out choice, a process which will be completed in February 2020."

The spokesperson added: "We have a long track record of protecting users' devices and data against malware, and we understand and take seriously the responsibility to balance user privacy with the necessary use of data for our core security products."

This isn't the first data privacy scandal to hit Avast: in 2018, Avast pulled an update to its CCleaner tool over data collection concerns

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021