Popular antivirus application Avast and its subsidiary AVG have been accused of selling highly sensitive browsing histories of millions of their users.
According to an investigation from Motherboard and PCMag, both Avast and AVG, which are among the most commonly used antivirus programs, were tracking data including Google searches, GPS co-ordinates, LinkedIn browsing history, people watching specific YouTube videos, and even porn website visits.
The investigation found that Avast used another subsidiary named Jumpshot to repackage the data and sell it to companies like Google, Yelp, Microsoft, McKinsey, Pepsi, Home Depot, Condé Nast, Intuit, and more.
- Avast and AVG extensions allowed back on Firefox store
- The best antivirus software for 2020
- Insecure VPN profile allowed hackers to breach Avast antivirus network
According to the report, the user data was collected with the help of free antivirus programs installed on the computer. While Avast claimed that it collects data based on a user giving their consent, multiple users were unaware of both the collection of data as well as it being sold to large companies without their consent.
This includes tracking the date and time of a user visiting a porn site, the search term used on the site and even the video watched by the user. While the tracked data did not have personal identifiers, the investigation found it was fairly easy to unmask individuals due to the amount of data available.
Jumpshot has reportedly made millions from these sales as this data helps companies to target their prospective customers precisely. The company's website states that it provides digital intelligence from “Internet’s most valuable walled gardens,” and offers insights which help in “path to purchases, revenue, website traffic sources, conversion rate data and more.”
While few Jumpshot products only contain a limited amount of data, its product called “All Click Feed” contains data of all the clicks on major e-commerce websites like Amazon.com, Walmart.com, Target.com, BestBuy.com, or eBay.
This isn’t a standalone incident where Avast has been found guilty of tracking user data. The company's browser extension was previously found to be tracking user data without consent and sending it over to Jumpshot. Once highlighted, the company quickly complied with browser policies and later discontinued collecting data from browser extensions.
- Keep your online browsing private with the best VPN of 2020