Avast’s Free Antivirus Harvests All Your Clicks, Sells Them to Third-Parties

Avast’s Free Antivirus Harvests All Your Clicks, Sells Them to Third-Parties

As we’ve learned time and time again, “free” things on the internet are almost never truly free. If you’re not paying with money, you’re probably paying with your data. That’s the case with the free antivirus products from Avast, which harvest browsing history for sale to major corporations. Despite claims that its data is fully anonymized, an investigation by our sister site PCMag and Motherboard shows how easy it is to unmask individual users.

Avast, which offers antivirus products under its own brand as well as AVG, has traditionally gotten high marks for its malware blocking prowess. When setting up the company’s free AV suite, users are asked to opt into data collection. Many do so after being assured all the data is anonymized and aggregated to protect their identities. However, Avast is collecting much more granular data than anyone expected, and that puts your privacy at risk.

Avast markets user data through its Jumpshot subsidiary, which has relationships with firms like Google, Pepsi, Microsoft, and Home Depot. PCMag and Motherboard managed to gain access to internal documents and a sample of data from Jumpshot, and they found Avast is tracking user clicks down to the second. Here’s an example of Jumpshot’s data format.

Device ID: abc123x Date: 2019/12/01 Hour Minute Second: 12:03:05 Domain: Amazon.com Product: Apple iPad Pro 10.5 – 2017 Model – 256GB, Rose Gold Behavior: Add to Cart

That doesn’t tell you anything about the person behind the clicks — unless you’re Amazon. With access to Amazon data, you could simply look for users who executed the same click or series of clicks, and now you have a name associated with the device ID. Suddenly, Avast’s data contains a full record of that user’s internet usage. Other companies can do the same by matching anonymized clicks in Avast data with their own records.

Jumpshot offers various products to customers, some of which only include a fraction of the data it collects. For example, one product focuses on searches and what the user ultimately clicked, but Jumpshot also has an “All clicks feed” that includes all its data. Jumpshot usually sells the full feed without device IDs, but it agreed to provide the data with IDs to marketing company Omnicom Media Group in late 2018. Regardless of how much data Jumpshot offers in each package, calling it anonymized is extremely misleading. Once that data is in the wild, you can’t know for sure where it will end up.

Avast recently removed the user tracking features from its Chrome extensions, but the standalone desktop programs continue to collect every click. For this reason, PCMag no longer recommends Avast Antivirus.

Continue reading

Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera
Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera

According to a recent iFixit report, Apple's hostility to the right of repair has hit new heights with the iPhone 12 and iPhone 12 Pro.

MIT Creates Battery-Free Underwater GPS
MIT Creates Battery-Free Underwater GPS

GPS radio signals dissipate quickly when they hit water, causing a headache for scientific research at sea. The only alternative is to use acoustic systems that chew through batteries. A team from MIT has devised a battery-free tracking technology that could end this annoyance.

Musk: Tesla Was a Month From Bankruptcy During Model 3 Ramp-Up
Musk: Tesla Was a Month From Bankruptcy During Model 3 Ramp-Up

The Model 3 almost spelled doom for Tesla, but the same vehicle also probably saved it.

Space Mining Gets 400 Percent Boost From Bacteria, ISS Experiments Show
Space Mining Gets 400 Percent Boost From Bacteria, ISS Experiments Show

We'll need lots of raw materials to sustain human endeavors on other planets, and a new project on the International Space Station demonstrates how we can make space mining over 400 percent more efficient.