A company designed to protect users from online harm is at the center of the latest data scandal, except this time it’s not hackers we have to worry about. Avast, a popular antivirus software used by people around the globe, has been selling users data through a subsidiary company.
A new investigation by Motherboard and PCMag has found that Avast has been taking user data from its antivirus software and selling it through a subsidiary company called Jumpshot. Avast used the subsidiary company to pass off the data collected from users of their antivirus software and then sell it for millions.
Some of the biggest companies out there, names you recognize and see everyday, are on the list of past and current customers. A few of the companies we know have worked with Jumpshot to purchase user data are Google, Home Depot, Microsoft, Pepsi, Expedia, Intuit, Keurig, Conde Nast, Sephora, and Loreal.
What is still unclear is which of these companies are current and which are past Jumpshot clients. Yelp, another big name on the list, has already admitted to using the company to purchase data, but insist that it was on a “one-time basis.”
While users of Avast’s antivirus software were required to opt-in to sharing their data, the investigation found that many users were unaware that their data was being sold. This is unsurprising.
We’ve all been there, you jump onto a new website and it asks if they can collect data, use cookies, sell your left kidney, or whatever they need to better serve you. You don’t really understand what they’re asking, but you click the little yes box because if you say no then you’re taken to a new screen with a pile of legal jargon in tiny text to sort through.
Companies know that you don’t want to deal this. You’re just trying to read an interesting article on your lunch break or do a little online shopping. Companies like Avast know exactly what they’re doing when they convince you to sell your data. And make no mistake, your user data is valuable.
One of Jumpshot’s products called “All Clicks Feed,” sells for just over $2 million. This product allows the buyer to see everything from Google searches, Google Maps locations, LinkedIn page activity, YouTube video views, visits to porn websites, and more.
In a statement to Vice, Avast said, “Because of our approach, we ensure that Jumpshot does not acquire personal identification information, including name, email address or contact details, from people using our popular free antivirus software.”
All the data Jumpshot sells is anonymous, meaning users personal information and possible identifiers are scrubbed, but experts are skeptical about the security of anonymized information.
The safety of your personal data and the frightening power that comes with holding millions of users data is already enough to keep a person up at night. Perhaps the most troubling part is that this type of behavior doesn’t necessarily call for legal action.
At most, we are looking at an ethics breach for not making it clearer to users precisely how their data is being used. Avast claims to comply with the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR) and until someone can find direct evidence of a legal misstep, they’re free to continue selling user data to the highest bidder.
Staff Writer, Natalie Gonzalez earned her B.A. in English and a Creative Writing Certificate from the University of Texas at Austin. She is a writer and social media nerd with a passion for building online communities.
Pingback: With the fast transition to remote work, we forgot about data security