Do Avast Programs Spy on their Users?
Avast users began to receive notifications that the company’s programs are “spyware.” How serious is the threat, for real? Is Avast spyware, and what dangerous consequences can have such a data leak? Avast, an antivirus software developer from the Czech Republic, earns not only from protecting the data of its 400 million users. It also gains revenue from selling information about users’ habits online and has been doing so since at least 2013. It led to the company’s programs beginning to be noted as “spyware,” from which Avast must protect its customers. This month, developers of browsers such as Mozilla and Opera scored the alarm and even removed antivirus plugins from their app stores.
Recently appointed Avast CEO Ondrey Vlchek told Forbes there were no privacy violations. As he claims, all user data that the company sells to other organizations is impersonal and cannot be linked to specific users. By default, Avast collects your online activity and offers it to market representatives through Jumpshot, a subsidiar app. Companies that pay Avast can view full “click data” to see what Avast users are doing online.So, no wonder why people started to look for other antivirus solutions, read materials like McAfee review to choose another provider.
Is Avast Actually Spyware?
The work scheme is as follows: the developer of antivirus software collected user data, then transferred it to its subsidiary Jumpshot, which sometimes sold it to third parties for millions of dollars. Avast claims that users agreed that the antivirus should access their data – from search history on Google, location, web browsing history, social media activity to watching YouTube videos. However, the investigation showed that many did not even guess about it. Consequently, Avast anti spyware transformed in Avast spyware itself.
It is noted that the data are presumably anonymous and do not include personal information. But experts fear that if necessary, any user can be easily deanonymized. The database does not contain information about user names or other personal data. However, with the help of other data collected by the antivirus, it is quite possible to reveal the users’ sensitive information. Avast clients include such well-known companies as Expedia, Intuit, Keurig, Condé Nast, Sephora, Loreal, and many others. Microsoft has already stated that it has no relationship with Jumpshot; Google has not yet responded to requests from Motherboard and other resources that conducted the investigation.
The CEO of the company Ondrej Vlcek confirmed sales of data sets; however, he said that all information was depersonalized: according to him, before loading on servers of the company, this information lost a personal component of the URL address, names and other.
He explained that the activity of users was monitored through extensions in the browser. It was later transferred to Jumpshot for analysis before the sale. The CEO said that often investors who tried to understand the interests of potential buyers became buyers of such information. Vlchek explained that according to the same scheme, organizations sell impersonal data from patients in clinics.
Employees of the seller company claim to offer customers “detailed data.” According to them, they own a base of 100 million users, and information about their online behavior – what they are looking for, how they interact with products and what purchases they make.
How Serious Is the Threat?
We are talking about data of about 400 million people around the world, collected since 2013. Avast sells all this base to third-party companies that use user information for more accurate targeted advertising. Information is collected not through the main antivirus program, but through extensions for browsers. This allows the company to collect data on people’s movement on the network, their preferences, and habits. In the future, it is this information that is of particular value to advertising platforms.
At least, Avast CEO did not deny the sale of data but assured – the entire array of information is completely impersonal. Avast allegedly deletes any data with which to identify the user. Still, cybersecurity experts could connect them with particular individuals. For example, if you know that some Amazon users bought a particular product on a certain second on a certain date, you can identify an “anonymous” person and then view their viewing history.
Believing in this or not is an ambiguous question. The situation can hardly be called amazing. For free services on the Internet, data collection and sale is the main source of income. At the same time, Avast’s head assures that the company receives only 3% of the total profit. If you do not want your data to be used by third parties, you should think about switching to more reliable software, but there is no guarantee that they do not monitor users.
By the way, this is not the first time Avast has been accused of collecting user data. A couple of months ago, Mozilla blocked the extensions of Avast Online Security and SafePrice for the Firefox browser after it discovered that they were collecting more data than is required for their work. Avast said it collected and sold information only to those who agreed to it. However, a survey conducted by journalists showed that users were not aware of the trade-in their data. The material also clarifies that since last week, Avast antivirus began to request permission to collect personal data in a pop-up window from users.
Antivirus software often combines browser extensions that collect users’ sensitive information for marketing purposes. In October 2019, Adblock Plus creator Vladimir Palant cataloged a way to collect and transmit several Avast browser extensions about the users’ browser history. Google and Mozilla stopped this by removing browser extensions from Chrome’s online store and Mozilla’s add-on site until Avast made some changes. They are now available for download again. It’s not entirely clear how limited data collection is, but Avast is also more “transparent” in its privacy policy.
Although Google and Mozilla can crackdown on what antivirus companies do, no one is stopping a company like Avast from collecting data using its app from the desktop. This may be one reason why Avast is involved in wholesale data collection using its desktop app. It’s not recommended to install antivirus extensions, but you can’t avoid privacy issues by simply dropping browser extensions.
If you have Avast installed and did not change its default settings, your browsing history will be purchased by marketers, utilizing Jumpshot. They collect data not using the Avast browser extension but applying the main desktop antivirus application. When you install Avast, you’ll see a window asking if you agree to share the data. Most people, clicking “I agree”, didn’t read the agreement and all and didn’t understand what they agreed to. So, it seems that Avast is spyware, for real.
Bottom Line
Free antivirus software should somehow make a profit, so it’s not surprising that companies like Avast have turned to collecting and monetizing their customers’ data. In the past, Avast even included a “buy” feature that added ads to other web pages when viewed. Avast no longer does this, and data collection is not company-specific. As we noted in 2015, free antivirus software is no longer “free.” Today, many other antivirus apps probably track your views and probably sell that data.
The good news is that, first, now we know what is Avast spyware. And, the official site claims that Jumpshot ceases operation, and Avast claimed it would stop selling the customer’s habits. Of course, we cannot be sure that some companies don’t sell our data. Still, it is a little win in the big battle for our online security and spyware protection.
Comments
I read your blog. It’s very nice and useful for me. Thanks for sharing useful information with us.