Avast CEO Downplays Collection Of 400 Million Users' Browsing Data

from the you're-not-helping dept

In an ideal world, companies that profess to be dedicated to protecting users from malware and privacy threats probably shouldn't contribute to the problem. In the world we live in however, that's often not the case--as everybody saw when Facebook tried to sell its users on a "privacy protecting VPN" that actually hoovered up their browsing data, providing insight into user behavior when they aren't using Facebook. Facebook did ultimately shut the project down, but it took a year before they were willing to do so.

Enter antivirus and security firm Avast, which has been taking heat after it was discovered that the company's services are collecting user browsing data. Back in August, Wladimir Palant, the creator behind Adblock Plus, wrote a blog post detailing how Avast Online Security and Avast Secure Browser were covertly collecting the browsing data of the Czech company's 400 million users. In response earlier this month, both Opera and Mozilla pulled Avast extensions from their respective add on markets, though Google has lagged in any comparable response.

Hoping to calm the waters a bit, Avast CEO Ondrej Vlcek talked with Forbes, who informs its readers there's "no privacy scandal here":

"Recently-appointed chief executive Ondrej Vlcek tells Forbes there's no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts. Here's how it works, according to Vlcek: Avast users have their web activity harvested by the company's browser extensions. But before it lands on Avast servers, the data is stripped of anything that might expose an individual's identity, such as a name in the URL as when a Facebook user is logged in. All that data is analysed by Jumpshot, a company that's 65%-owned by Avast, before being sold on as "insights" to customers. Those customers might be investors or brand managers."

There's several problems here. One, it's not up to the CEO of a company collecting user data or Forbes to dictate what is or isn't a "privacy scandal." I mean sure, executives in the middle of the scandal would like to proclaim there is no scandal, but reality doesn't work that way. The people who determine what's a privacy scandal are the consumers who feel their private data has been abused without consent or transparency.

Two, study after study after study have showcased how anonymized data isn't actually anonymous.

Should that data get into the wild (pretty easy to do when it's being shared with an ocean of companies), it's fairly easy to compare it with existing data sets and obtain a real world identity with relatively little work. One study built a machine learning model that was able to correctly re-identify 99.98% of Americans in any anonymised dataset using just 15 characteristics including age, gender and marital status. Another study looking at vehicle data found that 15 minutes’ worth of data from just brake pedal use could lead them to choose the right driver, out of 15 options, 90% of the time.

In Avast's case, researchers found their apps collected way more data than was reasonably needed, including whether you'd visited a page in the past, your browser version, your country code, your browsing URLs, the websites you navigated from, etc. If Avast Antivirus was installed even more data was collected and shared, including the OS version of your devices.

No, collecting "clickstream" data isn't the end of the world. Nor is it new. After all, nearly every ISP has been doing something similar for the last twenty years (and routinely lying about it). Still, companies that profess to be protectors of your private data should be held to a slightly higher standard than telecom, which shouldn't be too hard since telecom isn't held to any real standard whatsoever.

Filed Under: data, data collection, free software, malware, ondrej vicek, online security, privacy, secure browser
Companies: avast


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Norahc (profile), 16 Dec 2019 @ 10:54am

    Couldn't help but reading CEO Ondrej Vlcek's comments in the voice of Captain Barbosa. " Avast ye mateys...all your data is our plunder, and we be aiming to sell it."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2019 @ 11:31am

    Just like software can analyze language patterns and unmask "anonymous" posters.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2019 @ 11:32am

    I remember using Avast for a while... then it started asking me who I would win a presidential election. Felt like that was a good indicator that perhaps this isn't a good anti virus software to trust.

    reply to this | link to this | view in chronology ]

  • identicon
    Jason, 16 Dec 2019 @ 11:36am

    Wasn't Avast the one that gave everyone the surprise upgrade that silently installed the secure browser (bogging everyone's machine way down in the process) and then acted shocked, SHOCKED, that people were complaining about it instead of grovelling before their wisdom and customer focused goodwill?

    It seems like that's more or less the time I pulled Avast from my system(s) and went with another solution.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Dec 2019 @ 4:05pm

      Re:

      Wasn't Avast the one ... (bogging everyone's machine way down in the process)

      It's certainly not the only one that did that. About 12 years ago we had a customer running Norton/Symantec and we found it was caching entire HTTP streams in memory, which is... not good, when you've got a custom HTTP-based protocol that streams gigabytes per hour without ever closing the request.

      Of course, outside the web context, it was around 1990 that antivirus software earned the reputation of bogging machines down. Standard advice for any PC gamer was to turn it off while playing.

      reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 16 Dec 2019 @ 11:37am

    Avast is a pain in the ass in general. Even if you only want the anti-virus portion, it comes as a whole slew of programs, all of which want internet access. It comes with an "emergency updater", which the name would suggest is only for emergencies, but it will run daily. The free version makes you register once a year and occasionally pops up ads trying to sell you other stuff. When you scan files, it used to show a progress window, now that's apparently conditional on how long the process takes and if there's no problem found, it often doesn't show you anything.

    Plus, my copy may have something wrong with it, as it thrashes my C drive about once every couple of hours. If there's a sudden burst of drive activity, 90% of the time, it's Avast (verified with Process Monitor).

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2019 @ 11:46am

    Don't forget the company is also responsible for CCleaner loaded with melware that got suspiciously inserted into the binary from inside the company, the also force install updated versions of it even if tell it no via their melware-like emergency update.

    reply to this | link to this | view in chronology ]

  • icon
    Moo (profile), 16 Dec 2019 @ 1:50pm

    "Avast users have their web activity harvested by the company's browser extensions"

    "no privacy scandal here."

    Actions speak louder than words.

    And with the prevalence of HTTPS these days, this goes far beyond what ISPs could spy on.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Dec 2019 @ 4:45pm

      Re:

      It sure exposes the real reason corporations were so eager to shitcan the public's privacy under the guise, "if you don't have anything to hide, you don't need privacy!"

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2019 @ 2:08pm

    Being a scumbag greedy dickhead hellbent on bringing in the most bang for investors who have been promised the moons and stars is news?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2019 @ 2:49pm

    There once was an outfit, Avast
    in possession of data so vast.
    the CEO gave in to greed
    private data to read,
    it left millions of users aghast!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2019 @ 4:07pm

    The NSA got it too.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Dec 2019 @ 1:31pm

    Avast is a shady AF long-dead now-malware company.

    Even installs DIRECT from their website try to install all manner of backdoor spyware. The website itself tries to add cookies and monitoring code and a bunch of other suspicious crap.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.