We review products independently, but we may earn commissions if you make a purchase using affiliate links on our website. Also note that we are not antivirus software; we only provide information about some products.

Avast and User Data: The Jumpshot Story & 2024 FTC Settlement

Last Updated: April 22, 2026. This article has been reviewed for accuracy against current product data and test cycles. Some recommendations may reference products or versions that have changed; see the current antivirus rankings for the most up-to-date picks.
Avast data story cover showing anonymized browsing data, privacy warnings, and FTC settlement document

Avast users began to receive notifications that the company’s programs are “spyware.” How serious is the threat, for real? Is Avast spyware, and what dangerous consequences can have such a data leak? Avast, an antivirus software developer from the Czech Republic, earns not only from protecting the data of its 400 million users. It also gains revenue from selling information about users’ habits online and has been doing so since at least 2013. It led to the company’s programs beginning to be noted as “spyware,” from which Avast must protect its customers. This month, developers of browsers such as Mozilla and Opera scored the alarm and even removed antivirus plugins from their app stores.

Recently appointed Avast CEO Ondrey Vlchek told Forbes there were no privacy violations. As he claims, all user data that the company sells to other organizations is impersonal and cannot be linked to specific users. By default, Avast collects your online activity and offers it to market representatives through Jumpshot, a subsidiar app. Companies that pay Avast can view full “click data” to see what Avast users are doing online.So, no wonder why people started to look for other antivirus solutions, read materials like McAfee review to choose another provider.

The Short Version

From roughly 2014 through January 2020, Avast’s subsidiary Jumpshot collected granular browsing data from more than 100 million free-antivirus users and sold it — deidentified in name but often reversible in practice — to Fortune 500 clients. The story broke on January 27, 2020 (Motherboard/Vice and PCMag, jointly reported). Avast shut Jumpshot down on January 30, 2020. Four years later, on February 22, 2024, the U.S. Federal Trade Commission announced a $16.5 million settlement and imposed a permanent ban on Avast selling any browsing data for advertising purposes.

In May 2026 the product you install from avast.com is a cleaner one than the 2019 version. But “cleaner now” and “trust restored” are not the same answer, and this page walks through the full timeline so you can decide for yourself.

The Timeline, in Order

2014 — Jumpshot Enters the Avast Family

Avast acquired Jumpshot, originally an anti-malware cleanup tool, in 2013 and repositioned it as a marketing-analytics business unit through 2014. Jumpshot’s inventory was web-browsing signal harvested from Avast’s installed base — what URLs people visited, in what order, how long they stayed, what they clicked.

2015–2019 — The Data Economy Quietly Expands

Over five years Jumpshot built a client book that reportedly included Google, Microsoft, Pepsi, Home Depot, Sephora, Expedia, Intuit, Yelp, McKinsey, IBM, and consulting firms that repackaged the data downstream. Consent was obtained via the Avast installer opt-in, which was defaulted to on and which the FTC later found did not meaningfully disclose what was happening.

January 27, 2020 — The Exposé

Motherboard/Vice and PCMag jointly published investigations describing the Jumpshot data product with sample documents, pricing, and named clients. The key finding was that the “deidentified” data was reversible to specific individuals with only moderate effort, because a per-user device identifier persisted across data points and the data itself contained queries like “best restaurants in [specific neighborhood]” plus unique purchase URLs.

January 30, 2020 — Jumpshot Shut Down

Three days after the reporting, Avast CEO Ondrej Vlcek announced that Jumpshot would be wound down immediately. Avast stated all Jumpshot employees would be paid and assisted, and that all data held by Jumpshot would be deleted.

2020–2023 — Regulatory Investigations

Czech, UK, and U.S. regulators opened investigations in parallel over 2020–2022. In August 2022 NortonLifeLock completed its merger with Avast, forming what is now Gen Digital. The pending regulatory liabilities followed the merged entity.

February 22, 2024 — The FTC Settlement

The U.S. Federal Trade Commission announced a $16.5 million settlement with Avast. Key provisions of the final order:

  • Permanent ban on Avast selling or licensing any browsing data for advertising purposes.
  • Requirement to delete all browsing data transferred to Jumpshot and any models, algorithms, or rulesets trained on that data.
  • Requirement to notify affected consumers.
  • Implementation of a comprehensive privacy program with independent third-party assessments.
  • The $16.5 million monetary portion to be used for consumer redress.

2024–2026 — The Post-Settlement Product

Since the settlement, Avast has published updated privacy disclosures, changed the data-collection opt-in during install to a more explicit screen, and committed (as of 2025) to keeping the default off for non-security telemetry sharing on new installs. The detection engine continues to score top-tier: AV-TEST February 2026 gave Avast One 18/18, and AV-Comparatives 2025 awarded it Gold for Overall Performance. The technical product works.

What Jumpshot Actually Collected

Published reporting and FTC filings describe the following data categories as part of the Jumpshot inventory:

  • URLs visited, including full query strings on many sites.
  • Search queries on Google, Bing, Yahoo, and other engines.
  • Click-paths on retail sites (which product pages, in what order, time on page).
  • Referrers and outbound click destinations.
  • Device-level persistent identifiers that allowed cross-session stitching.
  • YouTube watch history for users who were logged in while Avast was running.
  • LinkedIn profile views and some session behavior on social platforms.

The FTC complaint specifically called out that Avast represented the data as “anonymized” when in practice it was re-identifiable with the data dimensions included.

What Has Actually Changed

  • Jumpshot is gone. It was dissolved in January 2020 and cannot be restarted under the FTC order.
  • Browsing-data sale for advertising is permanently prohibited for Avast and all Gen Digital subsidiaries under the 2024 order.
  • The data that existed has been ordered deleted, including downstream model derivatives.
  • The install flow is different. The current Avast One installer (as of May 2026) presents a dedicated “Help improve Avast” screen with toggles defaulted off for non-essential telemetry.
  • Ownership is now Gen Digital, which also owns Norton, AVG, Avira, and LifeLock. This is either reassuring (bigger compliance apparatus) or concerning (concentration of consumer-security data) depending on your view.

What the Community Says Now

On r/privacy and r/antivirus, threads from 2025 and 2026 show a clear split. A majority of privacy-focused users say they will not return to Avast regardless of the settlement, on the principle that the violation was severe, lasted five-plus years, and was known internally well before it was known externally. A smaller group argues that the FTC order is exactly the kind of structural remedy that should restore baseline trust, and that the current product is functionally cleaner than rivals who simply haven’t been caught yet.

A commonly upvoted r/antivirus take from late 2025: “The settlement is fine; the five years before the settlement are the problem. If I can pick a product without that history for the same money, I will.” Bitdefender, ESET, and Malwarebytes are the most-mentioned replacements.

Can You Trust the Reformed Avast in 2026?

Our editorial answer is cautiously yes, with three caveats.

Yes, because: The FTC order is enforceable, audited, and specific. The behavior that harmed users is now illegal for this specific company and is monitored. The detection engine is legitimately top-tier.

Caveat 1: the trust math. If an equivalent product exists with no such history at a comparable price, the risk-free choice is the one without the history. Bitdefender Total Security at $19.99 first year is exactly that equivalent, and it scored the same 18/18 at AV-TEST February 2026. See our full alternatives list.

Caveat 2: corporate-family concentration. Gen Digital now owns Norton, Avast, AVG, Avira, and LifeLock. If your concern was specifically concentration of consumer-security data in one corporate structure, switching from Avast to Norton or Avira does not address that. Switching to Bitdefender, ESET, F-Secure, Trend Micro, Malwarebytes, or Sophos does.

Caveat 3: trust after a regulator-enforced remedy is not the same as trust that was never tested. Reasonable users can weight that differently. Neither view is unreasonable.

Frequently Asked Questions

Did Avast sell my data?

If you ran the free Avast antivirus on Windows between roughly 2014 and January 2020 with the default telemetry opt-in enabled, then data from your browsing sessions was likely included in the Jumpshot data product sold to third parties. The FTC order required notification to affected consumers and deletion of the data; you may have received email notice in 2024 if you were on file.

Is it true Avast paid a $16.5 million fine?

The February 22, 2024 FTC order included a $16.5 million monetary payment to be used for consumer redress, plus a permanent ban on selling browsing data for advertising, plus deletion of previously collected data and derived models.

Is Jumpshot still operating?

No. Jumpshot was shut down on January 30, 2020, three days after the Motherboard/PCMag reporting, and is prohibited from resuming operations under the 2024 FTC order.

Did Avast ever admit to the behavior?

In his January 30, 2020 statement, CEO Ondrej Vlcek acknowledged that the Jumpshot product had fallen short of Avast’s privacy standards and committed to ending it. In the 2024 FTC settlement, Avast did not formally admit liability on all counts but agreed to the order’s remedies.

Is current Avast safe to install?

Technically, yes — it scored 18/18 at AV-TEST February 2026 and took Gold for Performance at AV-Comparatives 2025. The trust question is separate from the technical question. We recommend reading the current install-time privacy screen carefully and saying no to any toggle that is not strictly required for antivirus functionality.

Who owns Avast now?

Gen Digital, a U.S.-headquartered publicly traded company (NASDAQ: GEN) formed by the August 2022 merger of NortonLifeLock and Avast plc. Gen Digital also operates Norton, AVG, Avira, LifeLock, CCleaner, and BullGuard as separate consumer brands.

What should I do if I want to leave Avast?

See our step-by-step guide in the Avast alternatives article. The short version: disable Avast Self-Defense, uninstall via Windows Settings, run Avast Clear in Safe Mode if the uninstaller hangs, reboot, and install the replacement. Bitdefender, ESET, and Microsoft Defender (free) are the top three picks in May 2026.