Avast antivirus caught spying on user data
Jan 28, 2020

Avast antivirus is one of the popular antiviruses for Windows 10, which has been offering its services for free for many Home users. Shockingly, they had been caught spying on user data. A joint investigation by PCMag and Motherboard reports some scary findings. It turns out they had not been offering their service for free, but trading by first collecting sensitive user data, and then selling it. All through subsidiaries, but it is happening. If you are using Avast Antivirus, we highly recommend you to switch to Windows Security for complete security.

Avast antivirus sells user data
The report from PCMag and Motherboard comes via leaked documents. These documents talk about how they use the user data is collected, and confidentially sold to some of the biggest tech giants in the industry. The leaked data came from Jumpshot, a subsidiary from Avast. It is responsible for making the data presentable and available to clients, including Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Condé Nast, Intuit, and many others. The data includes information about user movement across the internet, what they click, and more.

The data collected is so granular that clients can view the individual clicks users are making on their browsing sessions, including the time down to the millisecond. And while the collected data is never linked to a person's name, email or IP address, each user history is nevertheless assigned to an identifier called the device ID, which will persist unless the user uninstalls the Avast antivirus product.

How Avast collected the data via Jumpshot
It uses the sneaky method where it gets user's consent into an agreement. Post this, Jumpshot tracks user data in various ways.

  • It tracks keywords and the results that were clicked.
  • Track which videos users is watching on YouTube, Facebook, and Instagram.
  • All Clicks Feed which offers device IDs attached to each click
  • Data points like URL string referring URL, timestamps, suspected age, the gender of the user, etc.

That said, the whole thing looks like a big setup where the parent companies are hiding behind their subsidiaries. Jumpshot is a subsidiary of Avast, and Annalect is a subsidiary of Omnicom. Annalect offers technology solutions to help companies merge their customer information with third-party data. That makes sense because they have exact data that can help any tech company know where the consumers are going. Avast extensions for Chrome and Firefox were temporarily removed until Avast implemented new privacy protections.

Looking at these reports, one thing is clear; it is getting tough to trust anything free. I would highly recommend not to use an extension unless it is necessary. If you only use an extension once in a while, keep it disabled or install it only when you need it.