Jump to content

Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sell

pondus

By pondus
in General Chat

 Share

Recommended Posts

exile360

exile360

Posted
Posted

From the article:

Avast, the multibillion-dollar Czech security company, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.

That’s led to some labelling its tools “spyware,” the very thing Avast is supposed to be protecting users from.

Link to post
Share on other sites
exile360

exile360

Posted
Posted (edited)

I have been saying this for a long time now; this kind of behavior, even from the largest, most reputable vendors (including the likes of Microsoft, Google, Facebook and many others, including some AV/AM vendors like Avast), is absolutely inexcusable and no amount of justification, rationalization, or modern marketing rhetoric will convince me otherwise.  It is wrong and is an absolute 1:1 match to the precise behaviors that threats classified as spyware, adware and even hijackers perform.  If profit or improving a company's products/offerings is sufficient justification for this kind of behavior, then why not simply go all the way and install a backdoor Trojan and keylogger onto every user's system and quit pretending it is anything other than what it actually is, because functionally there is no difference.  These vendors tracking clicks, button presses, keystrokes, search terms, page visits, web traffic, social media activity and anything else, especially without the user's expressed, informed consent, is just plain wrong, period and it needs to be stopped.  When CoolWebSearch did it everyone was up in arms and flagging it as a threat, blocking their toolbars as well as their website and search engine.  When Google and Microsoft do it within their operating systems, browsers and through their utilities and infiltrate and infest nearly every webpage on the web (even those that don't actually belong to them) to track and show 'targeted ads', somehow it is just the cost of admission for using the web and these applications and tools (though unfortunately there aren't many viable alternatives, especially with Windows 7 support ending soon and Edge going to Chromium as well as Mozilla following Google's lead on features and functionality).

Edited by exile360
Link to post
Share on other sites
sman

sman

Posted
Posted

Don't know about premium versions, but free version AV's are with product policy explicitly stating about tracking browsing data and selling it for revenue (and which user has to pay indirectly for the 'free' product usage.)..

But, one cannot start embedding keyloggers and all such stuff, to defeat the very purpose of the product..

"https://www.pcmag.com/article/338379/your-antivirus-knows-all-about-you"

"https://www.makeuseof.com/tag/antivirus-tracking-youd-surprised-sends/"

Link to post
Share on other sites
  • 1 month later...
pondus

pondus

Posted
  • Author
Posted (edited)

Jan 27 2020   https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation

Updated January 27, 2020   https://www.pcmag.com/news/the-cost-of-avasts-free-antivirus-companies-can-spy-on-your-clicks

 

AV vendors market share (click on vendor for details)   https://metadefender.opswat.com/reports/anti-malware-market-share#!/

avast have a huge market share (400 mill +) but almost all is from free version, so to get revenue up they use sneaky tricks

 

Edited by pondus
Link to post
Share on other sites
nukecad

nukecad

Posted
Posted (edited)

I still find it a bit of a laugh that millions of people are complaining about software gathering their online behaviour and doing it on places that are gathering their online behaviour.

They have usually gone through their browser (often without knowing it)  (probably Chrome) to get to their Facebook (twitter, whatever,..) account to have their shout -  even though realising that the two biggest harvesters of online behaviour are Google and Facebook.

There seems to be a disconnect in peoples minds between 'what I use' and 'what is being talked about'.

Yes it's wrong what they are harvesting, but there are big debates about how you could stop it without restricting the current freedom of using the web.

Whatever measure you can come up with to stop it has a counter argument of how it will restrict access.

I don't know the answer, I'm just pointing out how paronia about this stuff can get out of hand if you let it.
(Anyone want to buy a tinfoil hat?).

Edited by nukecad
Link to post
Share on other sites
exile360

exile360

Posted
Posted
8 hours ago, NeilN said:

Can we get a statement from Malwarebytes stating that it does not engage in these kinds of practices (both with the Home and Business products)? It would be helpful if I could point to something if my clients ask.

I would suggest referring to the official Malwarebytes Privacy Policy.  It spells things out pretty clearly and they even 'translate' each section into plain English to make the 'Legalese' more digestible.

Link to post
Share on other sites
sman

sman

Posted
Posted

Avast Data Drives New Analytics Engine

https://blog.avast.com/2015/05/29/avast-data-drives-new-analytics-engine/

https://forum.avast.com/index.php?topic=171725.0

Here’s how Jumpshot works:

Data is collected on computers and Android devices through the browser.  Each record contains a set of fields that help Jumpshot algorithms assign the clickstream data appropriately. These fields include: 
-   Installation identifiers (proprietary identifiers that do not contain any PII)
-   URL being visited
-   Referral URL (if this exists)
-   Window identifier
-   Tab identifier
-   Additional fields for processing purposes 

In reality, the information Avast passes on to Jumpshot looks like this:
-   Identifier: 00002437-705b-4bc6-b062-54b7ea511c93
-   URL being visited: http://www.cnn.com/US/?hpt=sitenav
-   Referral URL: http://edition.cnn.com/
-   Window identifier: 3
-   Tab identifier: 42

Prior to processing, all records are automatically scanned for PII, and all PII parameter values are removed from the raw data. To strip PII, Jumpshot uses a proprietary algorithm that calculates multiple statistical features for parameters on all known websites. Based on these statistical values, only parameters that are proven not to be PII are whitelisted and their values are kept. All parameter values that are not whitelisted are stripped in the process, which leaves those parameter values overwritten by the word “REMOVED”. The stripping of PII is done on the Avast premises in Prague, to ensure that the PII never leaves our hands. 

Link to post
Share on other sites
pondus

pondus

Posted
  • Author
Posted

The controversy around selling user data didn’t come up just now. Back in 2015 AVG (which was acquired by Avast later) changed their privacy policy in a way that allowed them to sell browser history data. At that time Graham Cluley predicted:

Quote

But let’s not kid ourselves. Advertisers aren’t interested in data which can’t help them target you. If they really didn’t feel it could help them identify potential customers then the data wouldn’t have any value, and they wouldn’t be interested in paying AVG to access it.

 

Avast's broken data anonymization approach

https://palant.de/2020/01/27/avasts-broken-data-anonymization-approach/

 

 

Link to post
Share on other sites
sman

sman

Posted
Posted (edited)

But this was their policy, which Avast came out with it's jumpshot subsidiary division.

https://press.avast.com/avast-software-acquires-jumpshot-to-work-magic-against-slow-pc-performance

and the latest https://www.cloudpro.co.uk/it-infrastructure/security/8398/avast-expands-opt-out-after-data-sharing-investigation

Edited by sman
Link to post
Share on other sites
pondus

pondus

Posted
  • Author
Posted

A message from Avast CEO Ondrej Vlcek   

https://blog.avast.com/a-message-from-ceo-ondrej-vlcek

 

Avast Shuts Down Jumpshot After Getting Caught Selling User's Data

https://www.bleepingcomputer.com/news/security/avast-shuts-down-jumpshot-after-getting-caught-selling-users-data/

 

 

 

Link to post
Share on other sites
  • 2 weeks later...
pondus

pondus

Posted
  • Author
Posted

Feb 12 2020  Data Protection Authority Investigates Avast for Selling Users’ Browsing History

https://www.vice.com/en_us/article/3a8vjk/czech-data-protection-authority-investigation-avast-jumpshot

 

Avast under investigation for the sale of personal data to third-parties

https://betanews.com/2020/02/12/avast-under-investigation/

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.