Daxdi now accepts payments with Bitcoin

Avast to End Browser Data Harvesting, Terminates Jumpshot

(Credit: Andrew Brookes via Getty)

Editors' Note: In January 2020, we learned about a problem with sharing of user data between Avast and its subsidiary Jumpshot.

Based on this privacy slip, we knocked this product's rating down one-half star and removed its Editors’ Choice designation.

Avast resolved the problem and terminated Jumpshot shortly thereafter.

We’ve seen no sign of any inappropriate use of private user data since then, so we’ve taken Avast out of the penalty box, restoring its star rating and Editors’ Choice honor.

Avast will no longer sell users' browser histories to third-party companies, the antivirus vendor said, following a Daxdi-Motherboard investigation into the privacy risks around the data collection.

Late on Wednesday, Avast CEO Ondrej Vlcek announced his company plans to shut down operations at Jumpshot, the subsidiary in charge of selling the browser history data.

"As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned," he said in a statement.

The popular antivirus vendor previously claimed it could "de-identify" people's personal data from the browser history collection, thus preserving the user's privacy.

However, the investigation from Daxdi and Motherboard found the contrary: the data that Jumpshot was selling to big brands and market research companies could be analyzed to easily link the website clicks to a specific Avast user, exposing a person's internet activities.

The news has shaken consumer trust in the antivirus vendor, which serves 435 million users across the globe. Vlcek said he concluded the data harvesting "was not in line" with the company's privacy priorities.

"Protecting people is Avast's top priority and must be embedded in everything we do in our business and in our products.

Anything to the contrary is unacceptable," he said.

"For these reasons, I—together with our board of directors—have decided to terminate the Jumpshot data collection and wind down Jumpshot's operations, with immediate effect."

In an investors' call, Avast executives said the Jumpshot data collection will cease immediately.

They also claimed the antivirus vendor had been considering shutting down the operation for months now.

Back in October, the security researcher Wladimir Palant initially raised the privacy alarms about the data harvesting when he noticed Avast's browser extensions for Chrome, Firefox and Opera were collecting the browser histories from people's computers.

The findings prompted the major browsers to temporarily remove the extensions until Avast implemented new privacy protections.

Despite the change, Avast was still collecting the browser histories through the company's free antivirus software for desktop and mobile.

As many as 100 million devices were pulled into the data collection, which was also harvesting people's internet searches.

In an email on Thursday, Palant told Daxdi the whole practice smacked of "gross negligence." He obtained an apparent sample of the data Jumpshot was selling to clients.

The sold data includes URLs Avast users were visiting, but in many cases Avast's "de-identification" process failed to strip away people's personal information from the links, such as email addresses.

"From the look of it, nobody ever bothered verifying that their approach is even remotely working —or somebody did but they simply didn't care," Palant said.

Avast has declined to answer questions on how the antivirus vendor "de-identifies" the collected browser histories.

But the company maintains the data collection was legal, and compliant with Europe's GDPR regulations.

Recommended by Our Editors

Although Jumpshot's shutdown will affect more than 200 employees at the company subsidiary, Vlcek said the termination of the data harvesting is "absolutely the right thing to do."

"I firmly believe it will help Avast focus on and unlock its full potential to deliver on its promise of security and privacy," Vlcek added.

"And I especially thank our users, whose recent feedback accelerated our decision to take quick action."

The company last year sold a 35 percent stake in Jumpshot to a marketing company called Ascential.

However, Avast has bought back the stake, and plans on winding down the operations later this year once it resolves all the employment and partnership issues.

According to Jumpshot's marketing, the company's clients have included Google, Pepsi, Unilever, marketing firm Omnicom Media Group, and consulting firm McKinsey & Company, among others.

Avast executives added the company doesn't expect to face any legal action from the data harvesting.

In response to the news, US Senator Ron Wyden (D-Oregon) told Motherboard: "Avast's past practice of marrying antivirus software with the secret mining of consumers' data was a terrible move.

But the decision today to shutter its data broker subsidiary is a model for how companies should respond to criticism of privacy abuses.

To stop future abuses, Congress needs to pass my bill to hold companies and their CEOs accountable for abusing Americans' personal information."

Editor's Note: This story has been updated with more details from Avast's call with investors, and comment from Senator Wyden.

(Credit: Andrew Brookes via Getty)

Editors' Note: In January 2020, we learned about a problem with sharing of user data between Avast and its subsidiary Jumpshot.

Based on this privacy slip, we knocked this product's rating down one-half star and removed its Editors’ Choice designation.

Avast resolved the problem and terminated Jumpshot shortly thereafter.

We’ve seen no sign of any inappropriate use of private user data since then, so we’ve taken Avast out of the penalty box, restoring its star rating and Editors’ Choice honor.

Avast will no longer sell users' browser histories to third-party companies, the antivirus vendor said, following a Daxdi-Motherboard investigation into the privacy risks around the data collection.

Late on Wednesday, Avast CEO Ondrej Vlcek announced his company plans to shut down operations at Jumpshot, the subsidiary in charge of selling the browser history data.

"As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned," he said in a statement.

The popular antivirus vendor previously claimed it could "de-identify" people's personal data from the browser history collection, thus preserving the user's privacy.

However, the investigation from Daxdi and Motherboard found the contrary: the data that Jumpshot was selling to big brands and market research companies could be analyzed to easily link the website clicks to a specific Avast user, exposing a person's internet activities.

The news has shaken consumer trust in the antivirus vendor, which serves 435 million users across the globe. Vlcek said he concluded the data harvesting "was not in line" with the company's privacy priorities.

"Protecting people is Avast's top priority and must be embedded in everything we do in our business and in our products.

Anything to the contrary is unacceptable," he said.

"For these reasons, I—together with our board of directors—have decided to terminate the Jumpshot data collection and wind down Jumpshot's operations, with immediate effect."

In an investors' call, Avast executives said the Jumpshot data collection will cease immediately.

They also claimed the antivirus vendor had been considering shutting down the operation for months now.

Back in October, the security researcher Wladimir Palant initially raised the privacy alarms about the data harvesting when he noticed Avast's browser extensions for Chrome, Firefox and Opera were collecting the browser histories from people's computers.

The findings prompted the major browsers to temporarily remove the extensions until Avast implemented new privacy protections.

Despite the change, Avast was still collecting the browser histories through the company's free antivirus software for desktop and mobile.

As many as 100 million devices were pulled into the data collection, which was also harvesting people's internet searches.

In an email on Thursday, Palant told Daxdi the whole practice smacked of "gross negligence." He obtained an apparent sample of the data Jumpshot was selling to clients.

The sold data includes URLs Avast users were visiting, but in many cases Avast's "de-identification" process failed to strip away people's personal information from the links, such as email addresses.

"From the look of it, nobody ever bothered verifying that their approach is even remotely working —or somebody did but they simply didn't care," Palant said.

Avast has declined to answer questions on how the antivirus vendor "de-identifies" the collected browser histories.

But the company maintains the data collection was legal, and compliant with Europe's GDPR regulations.

Recommended by Our Editors

Although Jumpshot's shutdown will affect more than 200 employees at the company subsidiary, Vlcek said the termination of the data harvesting is "absolutely the right thing to do."

"I firmly believe it will help Avast focus on and unlock its full potential to deliver on its promise of security and privacy," Vlcek added.

"And I especially thank our users, whose recent feedback accelerated our decision to take quick action."

The company last year sold a 35 percent stake in Jumpshot to a marketing company called Ascential.

However, Avast has bought back the stake, and plans on winding down the operations later this year once it resolves all the employment and partnership issues.

According to Jumpshot's marketing, the company's clients have included Google, Pepsi, Unilever, marketing firm Omnicom Media Group, and consulting firm McKinsey & Company, among others.

Avast executives added the company doesn't expect to face any legal action from the data harvesting.

In response to the news, US Senator Ron Wyden (D-Oregon) told Motherboard: "Avast's past practice of marrying antivirus software with the secret mining of consumers' data was a terrible move.

But the decision today to shutter its data broker subsidiary is a model for how companies should respond to criticism of privacy abuses.

To stop future abuses, Congress needs to pass my bill to hold companies and their CEOs accountable for abusing Americans' personal information."

Editor's Note: This story has been updated with more details from Avast's call with investors, and comment from Senator Wyden.

Daxdi

pakapuka.com Cookies

At pakapuka.com we use cookies (technical and profile cookies, both our own and third-party) to provide you with a better online experience and to send you personalized online commercial messages according to your preferences. If you select continue or access any content on our website without customizing your choices, you agree to the use of cookies.

For more information about our cookie policy and how to reject cookies

access here.

Preferences

Continue