Are You One Of Avast's 400 Million Users? This Is Why It Collects And Sells Your Web Habits.

Avast, the multibillion-dollar Czech security company, doesn't just make money from protecting its 400 million users' information. It also profits in part because of sales of users' Web browsing habits and has been doing so since at least 2013. From a report: That's led to some labelling its tools "spyware," the very thing Avast is supposed to be protecting users from. Both Mozilla and Opera were concerned enough to remove some Avast tools from their add-on stores earlier this month, though the anti-virus provider says it's working with Mozilla to get its products back online. But recently appointed chief executive Ondrej Vlcek tells Forbes there's no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts. Here's how it works, according to Vlcek: Avast users have their Web activity harvested by the company's browser extensions. But before it lands on Avast servers, the data is stripped of anything that might expose an individual's identity, such as a name in the URL, as when a Facebook user is logged in. All that data is analysed by Jumpshot, a company that's 65%-owned by Avast, before being sold on as "insights" to customers. Those customers might be investors or brand managers.

What do those customers get? Vlcek says Jumpshot, which was initially acquired in 2013, provides "insights on how cohorts of users on the internet use the web." For instance, it could show a percentage of visitors who went from one website to another. That could be useful to anyone monitoring an advertising campaign. "Typical customers would be, for example, investors, who would be interested in how online companies are doing in terms of their new campaigns," the new Avast chief explains. Say Amazon launches a new product -- Jumpshot could determine how much interest it's getting online.

" no privacy scandal here" --- yeah, right...

[QuietLagoon]

]]] --- Ondrej Vlcek tells Forbes there's no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts. --- {{{ . . . . . So far as AVAST is concerned, there may not be a privacy issue. But once the data are resold and de-anonymized, that is where the privacy issues begin.

Re:

[Arkham]

It's not a scandal because they aren't hiding it. It doesn't mean it's not an issue that end-users should care about.

Re:

[kubajz]

From what I understand, the data cannot be de-anonymized because it is data about "cohorts" of users. I understand how Slashdot goes into righteous outrage anytime "selling personal data" is mentioned but here in Europe, with GDPR legislation, Avast would be in a lot of trouble if they sold data that could be de-anonymized. Just my 2 cents...

This doesn't surprise me at all

[satanicat]

I admittedly used Avast for years, but I dropped it after having it installed on an Android device for a while.

It quickly became apparent that even if the app was doing something productive, it was more a delivery for click bait advertising. At some point I started getting notifications in the pull down menu, something to the effect of "Avast has scanned your device, here is what you need to know". Clicking on the notification brought up a screen that looked almost identical to the google play store, with referral typed links to different games and apps. The text that effectively stated my device was "clean" was barely noticeable text at the top, almost like fine print in an advertisement.

I chose that moment to rate the app on the google play store, giving it a low ranking with an explanation of the ads, and a comment that the app was doing exactly what it should be protecting other apps from doing to me. Avast quickly responded with a statement paraphrased as "We feel we should be able to advertise with an app that we provide for free". True enough I guess, but I think the act of hiding ads behind something that should be a notification you would care about, and on a product that should be preventing these from the get go causes a certain lack of credibility. If anything I would expect them to advertise their own paid-for products, or partners products which might be interesting or useful, and in line with why you have it installed in the first place. (Like advertising a VPN service). Sticking ads to games with referral links is sort of bottom feeding.

All that to say, I'm simply not surprised to see the headline.

Re:

[Darinbob]

Now if they said "If you have a paid subscription, we'll stop advertising our own products" then I could see this as a positive. But I seem to recall that they did this sort of thing even if you had a subscription. Luckily they don't advertise non-stop like some products do so it hasn't hit a high level of annoyance for me.

Re:

[satanicat]

Yeah I hear you. I wasn't aware that they also advertised to subscribed users.

I guess for me it was less an annoyance factor, and more a trust factor. Out of principal, an app that a user might install with root privileges on a rooted device, expressly to ensure it cannot be uninstalled by an unauthorized user, even if stolen, also should have the responsibility to at least appear to adhere to some sort of respectable principals.

I just see it as a dangerous and eye opening problem, these devices are reall

I just hope

[Anonymous Coward]

they don't reveal I frequent Slashdot. The horror.

Fuck 'em all

[WaffleMonster]

The difference between today and decades past worlds largest "legitimate" tech companies have now adopted very same business models as original purveyors of malware.

Anonymized or not, it's still spyware.

[Chelloveck]

Avast users have their Web activity harvested by the company's browser extensions.

That's pretty much the definition of spyware, right there. I don't care if they claim it's being anonymized, it should never have been collected in the first place.

Best of luck to them

[LatencyKills]

The last person who tried to watch my browsing habits blinded himself with a yogurt spoon and spent the rest of his life in therapy.

Re:

[110010001000]

Er, someone is watching your browsing habits right now. There are 8 trackers embedded on this very webpage.

Funny thing about Destiny...

[SirAstral]

and it often being found on the roads you take to avoid it. It funny how irony seeps and flows into every crack and crevice of humanity.

Here, let me protect you from this or that... so that you have no protection from me when I become them!

Free VPN does this too

[Hadlock]

A bunch of Free/Cheap VPN companies use your traffic data and then sell it in one form or another.

I can't say which (NDA) but at least one mobile phone VPN provider uses their VPN service to track app usage. Google/Apple keep very tight control of their platform/application usage, so these free VPN providers effectively main in the middle your internet connection to see what apps you're running (by seeing what mothership domains they connect to) and also how often you use them. It's super valuable d

Well...

[barakn]

What did you expect from a company whose name is something you only hear pirates yell?

Re:

[Hamfist]

What did you expect from a company whose name is something you only hear pirates yell?

You win the Internet today, sir. Thank you!

Alternatives?

[fluffernutter]

Is there any free AV out there for windows that doesn't spy on you? I'm already using a phone that spies on me; at one time I would have considered this 'bad' but it seems to be the way the world is now.

Re:

[guacamole]

Considering the load of BS that most of "free" antivirus software brings into your PC, I just stick with the Microsoft Security Essentials/Defender which is free with Windows anyways, and also run a Malwarebytes Antimalware scan once a month.

Re:

[AmiMoJo]

The built in Windows anti-virus is good enough, you don't need anything more than that.

Re:

[twocows]

Can't speak to the privacy point, but as far as the actual AV metrics go, I recall Avira being the best free option. I'd start there.

Tip of the iceberg.

[Sokaku]

You know the saying: "If you aren't paying for the product, you're the product being sold." Step 1: Offer service for free to build trust to weed out the viruses, Trojans, spyware, and ransomware. Step 2: Worm your services so deep as to manifest symptoms and problems. Act like a virus. Step 3: Embed other services and recommendations in the guise of something useful. Act like a Trojan. Step 4: Record browsing and general computer habits to on-sell to anyone willing to pay for it. Act like spyware. Step 5:

What about fingerprinting sites visited?

[SillyBrit]

They only anonymise at the user level most likely. They know full well that site visits can be fingerprinted. Which groups of sites a user visits, especially together can be used to fingerprint many users, especially if there's more niche or specialised sites they visit (hobbies, interests etc). Match up a user's traffic fingerprint (from ad tracking on sites the ad company covers) against the 'anonymised' data and you now have full details of the individual's web browsing. The only anonymised data I'd tri

free vs payed

[sad_]

we're at a point now that we can no longer trust any piece of software.
nobody is suprised anymore that free stuff puts your personal data up for sale.
but more and more payed apps are doing the same.