A recent investigation has shown that Avast, a well-known online protection brand, has violated user privacy by selling its data to many companies through its other service, Jumpshot. We have studied the event, what data was collected, and the reactions from both sides.
Avast is one of the most popular Internet security companies on the market. It offers its users an opportunity to use the innovative antivirus program for free. However, it also offers premium versions. Aside from antivirus, Avast offers other additions to its internet security package, including browser protection, VPN, and others.
After its launch, Avast has quickly found a grateful and interested audience. It has more than 435 million users internationally and often expands its reach. It employs more than 1.700 employees and boasts a revenue of $873 million in 2019. The free version, so commonly downloaded almost everywhere globally, offers its users essential antivirus protection, Internet scans, password manager, and the chance to customize some protective features. With such growing popularity, it is understandable that Avast is interested in growing its audience and using the number of users to its advantage. While this model is legal and adapted by many companies, it seems that Avast over-exploited its users’ loyalty this time.
A recent investigation proves that Avast uses the information it gained from its users to re-package and sell to its corporate customers. The research revealed a significant amount of data collected from users of Avast’s free version installed on their devices. Avast has offered its free users to share “some data” but did not inform where it will be used. It sells it, not used to improve the quality of its antivirus software. Previously, Avast attempted to do so through its browser plugin. Still, browsers often viewed it as a dangerous app, and many users expressed their dissatisfaction.
Now, Avast only uses its antivirus for such purposes. As the people accept the offer for data sharing, Avast collects information about their Internet operations and user behavior. It then offers all this data to its clients through its other service called Jumpshot.
Jumpshot is a market research company known among big market players because it promises to deliver rare and personalized information about different customer groups. This service’s main goal is to explain and describe the patterns of users’ online behavior for marketing. Avast acquires Jumpshot; the information it uses is taken from Avast users.
According to its official claim, Jumpshot offers to deliver exceptional value with its digital intelligence and help the customers find the information “from within the Internet’s most valuable walled gardens.” Even though this suggestion is quite far-reaching, it seems that Jumpshot has achieved to do so. For example, one of the most attractive features in Jumpshot is the “All Clicks Feed” that enables the clients to observe what, how, and when people do when visiting websites, and this information is precisely what it is promised: it is detailed to almost every click. Some examples even allow clients to know the exact second of a person’s visit to the site.
The company has already developed an impressive customer base. Some of the most known clients are Pepsi, Google, Home Depot, and Microsoft. In the current moment, however, Jumpshot’s website mentions that it “has ceased operations.” According to Business Insider, this shutdown is a result of the backlash from customers and media.
Leaked User Data
Leaked data is any information that has been revealed without a person’s consent or organization. This type of information can be taken by an individual or a group to sell or share with others during the investigation. User data is the type of information that a person generates when he or she uses the Internet and devices.
Avast has leaked very sensitive information to its clients through Jumpshot. Aside from allowing them to know about the general patterns of users’ behavior, Avast goes further. It tracks what websites users visit, what videos they watch on YouTube, or what posts on Instagram they like. All searches are also stored, and some of them are personal. Some of the data sets relate to specific health conditions and even porn searches, which can create serious legal and ethical implications.
Anonymizing data is the processing of information in a way that leaves qualitative and quantitative features but makes the source anonymous. De-anonymizing of data is finding the source and de-anonymizing it.
As Avast suggests, it is impossible to find out about whose behavior was tracked because it sells only anonymous data. The company states that it does not share emails, names, or IP addresses, which makes the information it has gathered coded. But is it really the case?
Unfortunately, it’s not. Jumpshot offers such details as the exact time of the visit to the website and what page was visited. Thus, if a website analyzes what users were present on the site at the time of a transaction, it can locate a person’s exact name. Many other ways of de-anonymizing the data are possible because Jumpshot can provide links to people’s posts on social media.
Confidentiality is related to the anonymity that many Internet users admire so much. It is the protection of information of an individual. Its importance in the digital age is undeniable because violating a person’s confidentiality makes him or her vulnerable to criminals online.
The most obvious problem for all people whose information was shared is that their behavior is exposed to sell it instead of focusing on improving the antivirus software they downloaded. Such evidence can tell a lot about a person, and if it becomes leaked to irresponsible companies or individuals, it can create severe economic and legal consequences. Although this possibility is relatively improbable, it can lead to stolen identity.
Even more, it is quite questionable if Avast had a right to collect all information, including searches about very specific topics that people may be afraid to share with anyone. For those engaged in important political or social activities that they don’t want to make public, it can be even more pressuring. Being a company that publicly promises to protect users, Avast has failed to do so. It becomes understandable why its freemium system is so profitable, after all. Yet, making the essential Internet protection a platform for sale among market giants is a very questionable ethical decision.
The public response from Avast is both unnerving and giving a particular level of hope. Avast first declined that its data collection is unethical. It stated that it is impossible to track a specific user because they have closed any possibilities to do so. Nevertheless, they did not explain what technologies are used for this confidentiality protection. Even more, Avast emphasizes that it stopped collecting information through its browser extension, using this claim to make itself look ethical. But this statement is controversial. The scandal has led Avast to close its operations in Jumpshot, which shows that a company has realized its liability.
Trying to justify its actions, Avast mentioned that it allowed its users to choose whether to allow this data collection. Nevertheless, this pop-up window on the free version did not always appear. Based on our review, the offer emphasized that nobody can use the information against a person or to identify him or her. It also announced that users can opt-out of this process any time they want. Avast has mentioned that it does not abuse the information it receives. It states that it understands “the responsibility to balance user privacy with the necessary use of data for our core security products.”
Users have mixed reactions, but the majority of clients expressed disillusionment with the company’s policy. In the forum section of Avast’s website, many users voiced anger with a vague reply. They asked more details about paid plans, and it turned out that the premium users can be victims as well. Many have pointed out that the ability to opt out was hidden. The fact that Avast has told about it only after media pressure shows a company from a wrong angle.
After the revelations in the investigation, many people stated that they did not know how their data was really used. Some have even mentioned that, as paid customers, they would search for better alternatives after their subscription ended. Only a few individuals have written that they were ready to share some data for the free use of antivirus, but such responses were rare.
It seems that Avast made some improvements, but we find it disturbing that it repeatedly violated its users’ privacy. With this coverage, it has become possible to shed some light on this problem. Avast customers have three main options now: using it regardless, opting out of data collection, or finding new software to use.