advertisement
In a sensational revelation, an investigation on Monday claimed that the popular Avast antivirus -- installed on nearly 435 millions Windows, Mac and mobile devices globally -- harvested users' data via browser plugins and then sold it to third parties, including Microsoft and Google.
The joint investigation by Motherboard and PCMag that relied on leaked user data and other company documents found that "the sale of this data is both highly sensitive and is, in many cases, supposed to remain confidential between the company selling the data and the clients purchasing it".
The leaked documents accessed for the investigation were from a subsidiary of the antivirus giant Avast, called Jumpshot.
The Avast antivirus programme was installed on a person's computer which collected the data, and Jumpshot repackaged it into various different products which were sold to big companies.
"Potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Conde Nast, Intuit, and many others," the report claimed.
In a statement, Avast said it has stopped providing browsing data collected by the extensions to Jumpshot.
Some clients even paid millions of dollars for products that include a so-called "All Clicks Feed", which can track user behaviour, clicks, and movement across websites in detail.
In copies of contracts with Jumpshot clients, one marketing firm paid over $2 million for data access last year. Avast offers a selection of free and paid-for antivirus and security tools, in both free and in paid-for formats.
According to the investigation, Avast also recorded "porn site visits that are anonymized, offered the date and time the user visited the sites, as well as search terms and viewed videos in some instances".
Multiple Avast users told Motherboard they were not aware that Avast sold browsing data, raising questions about how informed that consent is. The investigation also found out that Avast is still harvesting the data, but via the anti-virus software itself, rather than the browser plugins.
Most industry experts have coined the phrase ‘data is the new oil’ and it seems everybody is keen to jump into this well to grab a piece of this wealth. But one would have thought at least antivirus companies will be an exception in this case, turns out. they aren’t.
With the GDPR laws being strictly followed, it is certain these revelations will put Avast under intense scrutiny of the agencies, and see the scale at which the data sale has taken place.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)