Jump to content
pondus

Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sell

Recommended Posts

From the article:

Avast, the multibillion-dollar Czech security company, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.

That’s led to some labelling its tools “spyware,” the very thing Avast is supposed to be protecting users from.

Share this post


Link to post
Share on other sites

I have been saying this for a long time now; this kind of behavior, even from the largest, most reputable vendors (including the likes of Microsoft, Google, Facebook and many others, including some AV/AM vendors like Avast), is absolutely inexcusable and no amount of justification, rationalization, or modern marketing rhetoric will convince me otherwise.  It is wrong and is an absolute 1:1 match to the precise behaviors that threats classified as spyware, adware and even hijackers perform.  If profit or improving a company's products/offerings is sufficient justification for this kind of behavior, then why not simply go all the way and install a backdoor Trojan and keylogger onto every user's system and quit pretending it is anything other than what it actually is, because functionally there is no difference.  These vendors tracking clicks, button presses, keystrokes, search terms, page visits, web traffic, social media activity and anything else, especially without the user's expressed, informed consent, is just plain wrong, period and it needs to be stopped.  When CoolWebSearch did it everyone was up in arms and flagging it as a threat, blocking their toolbars as well as their website and search engine.  When Google and Microsoft do it within their operating systems, browsers and through their utilities and infiltrate and infest nearly every webpage on the web (even those that don't actually belong to them) to track and show 'targeted ads', somehow it is just the cost of admission for using the web and these applications and tools (though unfortunately there aren't many viable alternatives, especially with Windows 7 support ending soon and Edge going to Chromium as well as Mozilla following Google's lead on features and functionality).

Edited by exile360

Share this post


Link to post
Share on other sites

Don't know about premium versions, but free version AV's are with product policy explicitly stating about tracking browsing data and selling it for revenue (and which user has to pay indirectly for the 'free' product usage.)..

But, one cannot start embedding keyloggers and all such stuff, to defeat the very purpose of the product..

"https://www.pcmag.com/article/338379/your-antivirus-knows-all-about-you"

"https://www.makeuseof.com/tag/antivirus-tracking-youd-surprised-sends/"

Share this post


Link to post
Share on other sites

Jan 27 2020   https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation

Updated January 27, 2020   https://www.pcmag.com/news/the-cost-of-avasts-free-antivirus-companies-can-spy-on-your-clicks

 

AV vendors market share (click on vendor for details)   https://metadefender.opswat.com/reports/anti-malware-market-share#!/

avast have a huge market share (400 mill +) but almost all is from free version, so to get revenue up they use sneaky tricks

 

Edited by pondus

Share this post


Link to post
Share on other sites

Can we get a statement from Malwarebytes stating that it does not engage in these kinds of practices (both with the Home and Business products)? It would be helpful if I could point to something if my clients ask.

Share this post


Link to post
Share on other sites

I still find it a bit of a laugh that millions of people are complaining about software gathering their online behaviour and doing it on places that are gathering their online behaviour.

They have usually gone through their browser (often without knowing it)  (probably Chrome) to get to their Facebook (twitter, whatever,..) account to have their shout -  even though realising that the two biggest harvesters of online behaviour are Google and Facebook.

There seems to be a disconnect in peoples minds between 'what I use' and 'what is being talked about'.

Yes it's wrong what they are harvesting, but there are big debates about how you could stop it without restricting the current freedom of using the web.

Whatever measure you can come up with to stop it has a counter argument of how it will restrict access.

I don't know the answer, I'm just pointing out how paronia about this stuff can get out of hand if you let it.
(Anyone want to buy a tinfoil hat?).

Edited by nukecad

Share this post


Link to post
Share on other sites
8 hours ago, NeilN said:

Can we get a statement from Malwarebytes stating that it does not engage in these kinds of practices (both with the Home and Business products)? It would be helpful if I could point to something if my clients ask.

I would suggest referring to the official Malwarebytes Privacy Policy.  It spells things out pretty clearly and they even 'translate' each section into plain English to make the 'Legalese' more digestible.

Share this post


Link to post
Share on other sites

Avast Data Drives New Analytics Engine

https://blog.avast.com/2015/05/29/avast-data-drives-new-analytics-engine/

https://forum.avast.com/index.php?topic=171725.0

Here’s how Jumpshot works:

Data is collected on computers and Android devices through the browser.  Each record contains a set of fields that help Jumpshot algorithms assign the clickstream data appropriately. These fields include: 
-   Installation identifiers (proprietary identifiers that do not contain any PII)
-   URL being visited
-   Referral URL (if this exists)
-   Window identifier
-   Tab identifier
-   Additional fields for processing purposes 

In reality, the information Avast passes on to Jumpshot looks like this:
-   Identifier: 00002437-705b-4bc6-b062-54b7ea511c93
-   URL being visited: http://www.cnn.com/US/?hpt=sitenav
-   Referral URL: http://edition.cnn.com/
-   Window identifier: 3
-   Tab identifier: 42

Prior to processing, all records are automatically scanned for PII, and all PII parameter values are removed from the raw data. To strip PII, Jumpshot uses a proprietary algorithm that calculates multiple statistical features for parameters on all known websites. Based on these statistical values, only parameters that are proven not to be PII are whitelisted and their values are kept. All parameter values that are not whitelisted are stripped in the process, which leaves those parameter values overwritten by the word “REMOVED”. The stripping of PII is done on the Avast premises in Prague, to ensure that the PII never leaves our hands. 

Share this post


Link to post
Share on other sites

The controversy around selling user data didn’t come up just now. Back in 2015 AVG (which was acquired by Avast later) changed their privacy policy in a way that allowed them to sell browser history data. At that time Graham Cluley predicted:

Quote

But let’s not kid ourselves. Advertisers aren’t interested in data which can’t help them target you. If they really didn’t feel it could help them identify potential customers then the data wouldn’t have any value, and they wouldn’t be interested in paying AVG to access it.

 

Avast's broken data anonymization approach

https://palant.de/2020/01/27/avasts-broken-data-anonymization-approach/

 

 

Share this post


Link to post
Share on other sites

A message from Avast CEO Ondrej Vlcek   

https://blog.avast.com/a-message-from-ceo-ondrej-vlcek

 

Avast Shuts Down Jumpshot After Getting Caught Selling User's Data

https://www.bleepingcomputer.com/news/security/avast-shuts-down-jumpshot-after-getting-caught-selling-users-data/

 

 

 

Share this post


Link to post
Share on other sites

Feb 12 2020  Data Protection Authority Investigates Avast for Selling Users’ Browsing History

https://www.vice.com/en_us/article/3a8vjk/czech-data-protection-authority-investigation-avast-jumpshot

 

Avast under investigation for the sale of personal data to third-parties

https://betanews.com/2020/02/12/avast-under-investigation/

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.