Report: Avast and AVG collect and sell your personal info via their free antivirus programs
Avast says information collection is opt-in, and an opt-out option will be added soon.
By
Mark Hachman
Senior Editor, PCWorld | JAN 27, 2020 11:41 AM PST
Avast and its subsidiary AVG, caught selling customer data to corporate clients last year, are at it again—this time using its free antivirus programs if you opt in to data collection, a new report said Monday.
The joint report by
Vice’s Motherboard and
PCMag build upon reports by Adblock Plus creator Wladimir Palant, who reported in October, 2019 that the Avast Online Security Extension as well as the AVG Secure Browser
spy on users, harvesting their information.
Palant alleged that the information—which included a unique user ID, the page you visited, whether you’d visited that page before, and other information—could be provided to third parties, and suggested that Jumpshot could be a possible destination. (Avast acquired Jumpshot in 2013, and a
statement on the company’s website says that it “provides insights into consumers’ online journeys by measuring every search, click and buy across 1,600 categories from more than 150 sites, including Amazon, Google, Netflix, and Walmart.”) At the time, the news caused browser makers like Google to remove both from its web store, though the extensions have since returned.
IDG
In the report, Avast told Motherboard/PCMag that data collected by the Avast browser extensions is no longer provided to Jumpshot. But other sources alleged that it is instead collecting that same information from the Avast and AVG free antivirus programs. That data is then passed along to Jumpshot, those sources said, and from there to its corporate clients.
“Last week, months after it was spotted using its browser extensions to send data to Jumpshot, Avast began asking its existing free antivirus consumers to opt-in to data collection, according to an internal document,” Motherboard wrote.
In a statement, Avast said that it “acted quickly to meet browser store standards,” and in December completely discontinued the practice of using any data from the browser extensions for any other purpose than improving the core security engine. “We ensure that Jumpshot does not acquire personal identification information, including name, email address or contact details,” the statement said.
The statement went on to describe the opt-in and opt-out choices available. “Users have always had the ability to opt out of sharing data with Jumpshot,” it said. “As of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV, and we are now also prompting our existing free users to make an opt-in or opt-out choice, a process which will be completed in February 2020.”
[ Further reading: The best antivirus for Windows PCs ]
Avast
Avast supplies a long list of optional modules to install as part of its free security software.
Avast’s statement also sought to minimize concerns about its practices. “We have a long track record of protecting users’ devices and data against malware, and we understand and take seriously the responsibility to balance user privacy with the necessary use of data for our core security products,” Avast added. The company said that it complies with the European GDPR and the California Consumer Privacy Act, and referred users to its
privacy policy for more information.
The policy allows Avast to “enable use of your personal data to create a de-identified data set that is provided to Jumpshot to build trend analytics products and services.”
When installing the free Avast antivirus software, users are given the option to uncheck virtually all of the optional modules that the software installs: password storage, disk cleanup, and more. By default, the Avast security browser extension and SafePrice browser extension have a check mark next to them, showing that they will be installed. Those can be unchecked and not installed.
Out of curiosity, PCWorld unchecked every option. The Avast software reported that the installation process completed, and Windows Security reported that the Avast software was installed. However, we weren’t able to open the Avast software itself, including its dashboard. We've reached out to the company for more information and will update this story if we hear back.
There’s an old adage: When you’re not paying for the product,
you’re the product. For now, this seems to be the case with Avast’s antivirus software.
https://www.pcworld.com/article/351...l-info-via-their-free-antivirus-programs.html
