Avast is a name that inevitably comes up when discussing free antivirus software, and for good reason. However, a joint investigation by Motherboard and PCMag has seen Avast's reputation come under fire.
According to reports, leaked documents reveal that Internet browsing history and activity is being "secretly sold" to a subsidiary called Jumpshot. The information is packaged and sold, with Google, Yelp, Microsoft, Pepsi, and Home Depot among the past, present, and potential large clients. In some cases, according to the report, clients have paid millions of dollars for "all click feeds," which include detailed accounts of website tracking data, clicks, and site-to-site movement.
This only happens when users install free antivirus software and choose to have their data collected. In addition, the data is anonymized and does not include names, email addresses, or IP addresses (although a device ID is assigned to each history). So what is the problem?
The report rails against the level of data collection, how private it really is, and the extent to which users are aware (if they opt-in) that their browsing habits are being sold.
Motherboard says it viewed data including Google searches, GPS coordinates, people who visited LinkedIn pages, YouTube history, and visits to pornographic sites. It also stated that it is possible to know the date and time a particular website was visited and what particular videos were viewed on PornHub, for example. In addition, "experts" told Motherboard that in some cases it would be possible to de-anonymize the data.
According to Motherboard, several people were unaware that avast was selling their data.
"I didn't know about this," he said.
"It's a scary story. I usually say no to data tracking.Incidentally, several browser makers (Google, Opera, Mozilla) recently removed extensions from avast and its AVG subsidiary after reports surfaced that they were collecting user data using plugins. According to the report, it was apparently then that avast began asking users of its free antivirus program to opt-in to data collection.
"Our approach ensures that Jumpshot does not obtain personally identifying information such as names, email addresses, or contact information from people using our popular free antivirus software," avast said in a statement.
"Users have always had the ability to opt-out of data sharing with Jumpshot; as of July 2019, we have already begun implementing an explicit opt-in choice for all new downloads of our AV, and we are now also providing existing free users to make an explicit choice, and this process will be completed in February 2020," added avast.
The lesson for us is an old one: if you don't have to pay for commercial software, chances are good that the customer is someone other than you. Always read the bylaws before opting in. They may not be as detailed as these reports, but it pays to be cautious.
Comments