[ad_1]
(Credit: Andrew Brookes via Getty)
Editors’ Note: In January 2020, we learned about a problem with sharing of user data between Avast and its subsidiary Jumpshot. Based on this privacy slip, we knocked this product’s rating down one-half star and removed its Editors’ Choice designation. Avast resolved the problem and terminated Jumpshot shortly thereafter. We’ve seen no sign of any inappropriate use of private user data since then, so we’ve taken Avast out of the penalty box, restoring its star rating and Editors’ Choice honor.
Avast will no longer sell users’ browser histories to third-party companies, the antivirus vendor said, following a PCMag-Motherboard investigation into the privacy risks around the data collection.
Late on Wednesday, Avast CEO Ondrej Vlcek announced(Opens in a new window) his company plans to shut down operations at Jumpshot, the subsidiary in charge of selling the browser history data. “As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned,” he said in a statement.
The popular antivirus vendor previously claimed it could “de-identify” people’s personal data from the browser history collection, thus preserving the user’s privacy. However, the investigation from PCMag and Motherboard(Opens in a new window) found the contrary: the data that Jumpshot was selling to big brands and market research companies could be analyzed to easily link the website clicks to a specific Avast user, exposing a person’s internet activities.
The news has shaken consumer trust in the antivirus vendor, which serves 435 million users across the globe. Vlcek said he concluded the data harvesting “was not in line” with the company’s privacy priorities.
“Protecting people is Avast’s top priority and must be embedded in everything we do in our business and in our products. Anything to the contrary is unacceptable,” he said. “For these reasons, I—together with our board of directors—have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect.”
In an investors’ call(Opens in a new window), Avast executives said the Jumpshot data collection will cease immediately. They also claimed the antivirus vendor had been considering shutting down the operation for months now.
Back in October, the security researcher Wladimir Palant initially raised(Opens in a new window) the privacy alarms about the data harvesting when he noticed Avast’s browser extensions for Chrome, Firefox and Opera were collecting the browser histories from people’s computers. The findings prompted the major browsers to temporarily remove the extensions until Avast implemented new privacy protections.
Despite the change, Avast was still collecting the browser histories through the company’s free antivirus software for desktop and mobile. As many as 100 million devices were pulled into the data collection, which was also harvesting people’s internet searches.
In an email on Thursday, Palant told PCMag the whole practice smacked of “gross negligence.” He obtained an apparent sample of the data Jumpshot was selling to clients. The sold data includes URLs Avast users were visiting, but in many cases Avast’s “de-identification” process failed to strip away people’s personal information from the links, such as email addresses.
“From the look of it, nobody ever bothered verifying that their approach is even remotely working —or somebody did but they simply didn’t care,” Palant said.
Avast has declined to answer questions on how the antivirus vendor “de-identifies” the collected browser histories. But the company maintains the data collection was legal, and compliant with Europe’s GDPR regulations.
[ad_2]Source link
No Comment