At a time when high-profile tech executives are calling on governments to impose more stringent privacy rules, there's nothing like another reminder that everyone is fighting to get a hold of your habits, preferences, and pretty much any other data that can be used by advertisers to target you more easily.
Such is the case of Avast, which is known for its popular free antivirus solution that an estimated 400 million users around the world depend on for their online security. According to a joint investigation by Vice and PCMag that involves leaked contracts and other company documents, Avast along with its AVG subsidiary have been keeping track of what users did online while using the free software they distribute.
The scheme involves Jumpshot, a company that "provides insights into consumers’ online journeys by measuring every search, click and buy across 1,600 categories from more than 150 sites, including Amazon, Google, Netflix, and Walmart." Installing Avast's free antivirus automatically adds in a browser extension that collects information on your internet activity and sends it to Jumpshot packed and tagged with a unique identifier.
Apparently, the most interesting things for Avast's data collection are searches on Google and Google Maps, YouTube videos, LinkedIn searches and profile visits, and even what users view on PornHub. This gets sent to Jumpshot's customers which include Google, Microsoft, Pepsi, Sephora, Home Depot, Yelp, Intuit, and many others.
Avast says it doesn't track any sensitive information like personal identification, phone numbers, or email. The company also insists that "as of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV, and we are now also prompting our existing free users to make an opt-in or opt-out choice, a process which will be completed in February 2020."
This would be a lot more palatable for users if Avast hadn't tried sneaking in its antivirus solution with every CCleaner installation. The company does contribute a lot to the online security industry, but its privacy practices seem to change whenever they are called into question.