Avast CEO Downplays Collection Of 400 Million Users' Browsing Data

from the you're-not-helping dept

In an ideal world, companies that profess to be dedicated to protecting users from malware and privacy threats probably shouldn’t contribute to the problem. In the world we live in however, that’s often not the case–as everybody saw when Facebook tried to sell its users on a “privacy protecting VPN” that actually hoovered up their browsing data, providing insight into user behavior when they aren’t using Facebook. Facebook did ultimately shut the project down, but it took a year before they were willing to do so.

Enter antivirus and security firm Avast, which has been taking heat after it was discovered that the company’s services are collecting user browsing data. Back in August, Wladimir Palant, the creator behind Adblock Plus, wrote a blog post detailing how Avast Online Security and Avast Secure Browser were covertly collecting the browsing data of the Czech company’s 400 million users. In response earlier this month, both Opera and Mozilla pulled Avast extensions from their respective add on markets, though Google has lagged in any comparable response.

Hoping to calm the waters a bit, Avast CEO Ondrej Vlcek talked with Forbes, who informs its readers there’s “no privacy scandal here”:

“Recently-appointed chief executive Ondrej Vlcek tells Forbes there’s no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts. Here’s how it works, according to Vlcek: Avast users have their web activity harvested by the company’s browser extensions. But before it lands on Avast servers, the data is stripped of anything that might expose an individual’s identity, such as a name in the URL as when a Facebook user is logged in. All that data is analysed by Jumpshot, a company that’s 65%-owned by Avast, before being sold on as “insights” to customers. Those customers might be investors or brand managers.”

There’s several problems here. One, it’s not up to the CEO of a company collecting user data or Forbes to dictate what is or isn’t a “privacy scandal.” I mean sure, executives in the middle of the scandal would like to proclaim there is no scandal, but reality doesn’t work that way. The people who determine what’s a privacy scandal are the consumers who feel their private data has been abused without consent or transparency.

Two, study after study after study have showcased how anonymized data isn’t actually anonymous.

Should that data get into the wild (pretty easy to do when it’s being shared with an ocean of companies), it’s fairly easy to compare it with existing data sets and obtain a real world identity with relatively little work. One study built a machine learning model that was able to correctly re-identify 99.98% of Americans in any anonymised dataset using just 15 characteristics including age, gender and marital status. Another study looking at vehicle data found that 15 minutes? worth of data from just brake pedal use could lead them to choose the right driver, out of 15 options, 90% of the time.

In Avast’s case, researchers found their apps collected way more data than was reasonably needed, including whether you’d visited a page in the past, your browser version, your country code, your browsing URLs, the websites you navigated from, etc. If Avast Antivirus was installed even more data was collected and shared, including the OS version of your devices.

No, collecting “clickstream” data isn’t the end of the world. Nor is it new. After all, nearly every ISP has been doing something similar for the last twenty years (and routinely lying about it). Still, companies that profess to be protectors of your private data should be held to a slightly higher standard than telecom, which shouldn’t be too hard since telecom isn’t held to any real standard whatsoever.

Filed Under: , , , , , , ,
Companies: avast

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Avast CEO Downplays Collection Of 400 Million Users' Browsing Data”

Subscribe: RSS Leave a comment
Jason says:

Wasn’t Avast the one that gave everyone the surprise upgrade that silently installed the secure browser (bogging everyone’s machine way down in the process) and then acted shocked, SHOCKED, that people were complaining about it instead of grovelling before their wisdom and customer focused goodwill?

It seems like that’s more or less the time I pulled Avast from my system(s) and went with another solution.

Anonymous Coward says:

Re: Re:

Wasn’t Avast the one … (bogging everyone’s machine way down in the process)

It’s certainly not the only one that did that. About 12 years ago we had a customer running Norton/Symantec and we found it was caching entire HTTP streams in memory, which is… not good, when you’ve got a custom HTTP-based protocol that streams gigabytes per hour without ever closing the request.

Of course, outside the web context, it was around 1990 that antivirus software earned the reputation of bogging machines down. Standard advice for any PC gamer was to turn it off while playing.

Rekrul says:

Avast is a pain in the ass in general. Even if you only want the anti-virus portion, it comes as a whole slew of programs, all of which want internet access. It comes with an "emergency updater", which the name would suggest is only for emergencies, but it will run daily. The free version makes you register once a year and occasionally pops up ads trying to sell you other stuff. When you scan files, it used to show a progress window, now that’s apparently conditional on how long the process takes and if there’s no problem found, it often doesn’t show you anything.

Plus, my copy may have something wrong with it, as it thrashes my C drive about once every couple of hours. If there’s a sudden burst of drive activity, 90% of the time, it’s Avast (verified with Process Monitor).

Bartonrwt (user link) says:

what to expect when marrying a filipina

Heidi Klum Stood Up At Karaoke gain anything Event

UNICEF, A global charity service provider, Held a karaoke event with superstars to raise money for a school in Africa. At the expensive vacation event, Heidi Klum, Model and TV disposition, Was set to sing Girl with Smokey velupe. He never showed up and case took a turn for the awesome.

The New York Post is reporting that Klum came out and told the viewers the news: was standing me up. He was designed to sing ‘My Girl’ with me. Will anybody else sing with me, While I sure many people would love the opportunity to sing a duet with Klum, there have been other plans in motion. <a href=https://www.bestbrides.net/key-factors-for-a-happy-relationship-with-a-hot-russian-mom/>hot russian mom</a> The host of case suggested everybody join together in a rendition of the Village People YMCA.

The girls joining Klum included Tom Hanks, wayne Brady, Rita Wilson, Jon Huertas since Seamus Dever. Klum tweeted pictures of the event showing herself and other super stars in Village People attire. I especially like the image with Officer Wayne Brady. Maybe part of the curriculum can be learning how to do the YMCA since the picture Klum posted of her and others doing the dance is way off. We can have children being raised not being aware of how to do the YMCA. the fact is, The Village People YouTube account has disabled embedding of their videos so go give it a try if you need a refresher. It a super way to waste a few minutes.

<Lead>image: Heidi Klum Twitpic]

Click to share with you on Facebook (Opens in new wind shield)Click to share on LinkedIn (Opens in new wind shield)Click to talk about on Reddit (Opens in new eye-port)Click to talk about on Twitter (Opens in new eyeport)Click to share with you on Tumblr (Opens in new window)Click to share with you on Pinterest (Opens in new windshield)Click to share on Pocket (Opens in new windowpane)Click to share with you on Telegram (Opens in new window case)Click to talk about on WhatsApp (Opens in new eye-port)Click to share on Skype (Opens in new truck’s window).

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...