Oh dear! A damning new report has just surfaced, claiming that Avast and AVG free antivirus products have been collecting user browsing data and selling it to third parties.
Third parties, in this case being Microsoft, Google, and more.
This secretive scheme was actually made official via a joint report by Motherboard and PCMag, where leaked documents provided to the publications reveal the activities of an Avast subsidiary that goes by the name of Jumpshot.
And it has previously done business with many a company, including the likes of Microsoft, Google, IBM, Unilever, and Yelp.
The story goes that when installing Avast security products, users are asked to agree to its terms of service and privacy policy. They are also asked to share some additional data with the company, without fully explaining the situations their data will be used or the fact that it will be retained for three years.
Apparently, the data set includes everything from Google searches to lookups of locations, GPS coordinates, LinkedIn pages, YouTube videos, porn site visits — down to specific time and search terms.
What’s worrying is that while it may be hard to discern the identity of a user through this data that is provided to third parties, it is not entirely impossible.
And that is because a user may be visiting specific websites and pages, or may have a unique collection of profiles or subscriptions.
Furthermore, Avast not only does not change the user ID unless they completely reinstall their products, it also provides a unique timeline for each action, tracking every click, search and buys on every site.
For its part, Microsoft has not commented on the purchase of this information from Jumpshot, though it did confirm that it currently has a relationship with Jumpshot.
The big question is, what they are doing with this heap of information?