FTC to ban Avast from selling browsing data for advertising purposes

Mods, please do not remove but provide your customers with ANSWERS !

NEW DATA 21-2-2024 !

https://www.bleepingcomputer.com/news/security/ftc-to-ban-avast-from-selling-browsing-data-for-advertising-purposes/

The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users’ web browsing data or licensing it for advertising purposes.

The complaint says Avast violated millions of consumers’ rights by collecting, storing, and selling their browsing data without their knowledge and consent while misleading them that the products used to harvest their data would block online tracking.

“While the FTC’s privacy lawsuits routinely take on firms that misrepresent their data practices, Avast’s decision to expressly market its products as safeguarding people’s browsing records and protecting data from tracking only to then sell those records is especially galling,” said FTC Chair Lina M. Khan.

"Moreover, the volume of data Avast released is staggering: the complaint alleges that by 2020 Jumpshot had amassed “more than eight petabytes of browsing information dating back to 2014.”

More specifically, the FTC says UK-based company Avast Limited harvested consumers’ web browsing information without their knowledge or consent using Avast browser extensions and antivirus software since at least 2014.

Avast data feeds included unique identifiers for each web browser and a combination of info on every website visited, timestamps, type of device and browser, as well as the users’ city, state, and country. When describing its data-sharing practices, the company also falsely claimed it would only transfer the users’ personal information in an aggregate and anonymous form.

The FTC also said Avast stored this information indefinitely and sold it to over 100 third parties between 2014 and 2020 through their Jumpshot subsidiary.

For instance, Jumpshot made an agreement with advertising company Omnicom, which allowed it to access 50% of Jumpshot’s customer data from six countries: the United States, the United Kingdom, Mexico, Australia, Canada, and Germany, as alleged in the complaint.

Avast also purportedly misled users by promising to protect their privacy by blocking third-party tracking. However, it failed to inform them that their detailed, re-identifiable browsing data would be sold.

The company’s data harvesting practices were exposed in December 2019 after Mozilla pulled four of the company’s browser extensions (i.e., Avast Online Security, Avast SafePrice, AVG Online Security, and AVG SafePrice) from its Firefox addon repository after receiving reports that they were tracking users’ web browsing.

A Motherboard / PCMag joint investigation found one month later that Avast’s Jumpshot subsidiary was selling the browsing data collected from customers to third parties, including the Omnicom data broker named in FTC’s complaint.

https://www.ftc.gov/system/files/ftc_gov/pdf/2024.02.21StatementofChairKhanRegardingAvast.pdf

https://forum.avast.com/index.php?topic=326209.0

It was difficult to find out about this issue, and now Avast?
1- Are you still collecting data?
2- What was done to no longer be collected?
3- How are we going to trust our data now?
4- Avast team inform all customers what was done to change since it was purchased by GEN DIGITAL.

One point about this subject that catches my attention and worries me the most if it continues to be done?
“Avast also allegedly misled users by promising to protect their privacy by blocking third-party tracking. However, it failed to inform them that their detailed, re-identifiable browsing data would be sold.”

Guys, we didn’t have topic responses answered! Can anyone suggest another good AV product that doesn’t have these collections?

I know GEN will not allow these kind of behavior. So i think AVAST will not be that stupid again.
I stopped using Avast and went for Norton. Same HQ but privacy wise Norton is much clearer + i know some people who work at Norton.

I’ll wait for AVAST to comment here on the forum about what happened, if anyone shows up.

Thats gonna be a long wait

I think the same thing is that it will be a long wait, because everyone stays silent without saying anything. :smiley:

Yeah but from a software/AV perspective, Norton sucks. Compared to other AVs it’s a huge process hog and is notoriously difficult to uninstall.

Friend, in your opinion, what would be a good option to use other than Avast?

Bitdefender or Kaspersky?

There are several countries in which the government ordered Kaspersky to be removed due to possible Russian espionage.

Hi, have you checked this post from 2015 from Ondrej with a somewhat detailed description of what was happeniong then?
https://forum.avast.com/?topic=171725.0&_ga=2.156939131.1591376605.1708891360-15754894.1708099487
https://blog.avast.com/2015/05/29/avast-data-drives-new-analytics-engine/

Also, this is an official announcement here, from year 2020, about the complete shutdown of the Jumpshot company and termination of all related activities: https://press.avast.com/avast-to-commence-wind-down-of-subsidiary-jumpshot

I hope these historical links help answer some of the questions.
Lukas.

Your information was important, but you didn’t answer the questions I asked. I would appreciate it if you could respond, I will be waiting.

It was difficult to find out about this issue, and now Avast?
1- Are you still collecting data?
2- What was done to no longer be collected?
3- How are we going to trust our data now?
4- Avast team inform all customers what was done to change since it was purchased by GEN DIGITAL.

Hi everyone,

Without trying to find any excuses, I just wanted to give you a bit of additional context and hopefully answer your questions.

  • Avast’s data collection business (which was the subject of the FTC investigation) ended in January 2020. This was heavily covered by business media back then, see e.g. https://techcrunch.com/2020/01/30/avast-shuts-down-marketing-analytics-subsidiary-jumpshot-amid-controversy-over-selling-user-data/ . The very idea of monetizing data (albeit anonymized and aggregated) was indeed a mistake, for which the company apologized and subsequently took a long list of actions, including 3rd party audits, to ensure all relevant privacy measures and highest standards are in place. Some info on this can be found here: https://www.avast.com/privacy
  • In 2022, Avast merged with NortonLifeLock (a US competitor) to form a new company called Gen (www.gendigital.com). This means a new shareholder structure, (mostly) new management team, and new commitment to safety and privacy of user data.
  • One of the commitments the company has made to the FTC as part of the settlement process is that it wouldn’t engage in any similar activities in the future. Avast happily accepted that provision as that’s what has already been the reality for the last 4 years , and the company had never intended to do anything else.

Thank you and have a great day!
Vlk

  1. They have shut down all controversial data collection operations back when the controversy happened. That was in 2020 iirc. They still collect certain data related to protection and app usage which can be controlled in the Privacy menu of the program.

  2. See point 1.

  3. If you have to ask this question, then you can’t. It’s as simple as that. All trust is entirely on the user side and if you don’t trust them, then there is not much that can be done to convince you otherwise. I’ve personally had all settings in Privacy menu turned off except CommunityIQ feature and I believe the incident didn’t affect me at all and I still trust them assuming those settings were in fact trusted and did what they were suppose to do. And since I’ve been with Avast on a more personal level, I know and believe things they say to be true.

  4. I don’t think they’ve sent out a global mail to all the customers about it back then, but it was on their webpage, their blog and all over the news sites. I don’t see a reason they need to do it to Gen Digital customers as whole as I don’t think it’s relevant. The whole controversy happened way before Gen Digital merger and they also ceased those operations back then.

BitDefender or just stick with Windows Defender.

https://www.av-comparatives.org/tests/performance-test-october-2023/

When it comes to performance, no one beats ESET. think of a lightweight, fast and efficient antivirus.
Avast could be lightweight.