For years, this famous antivirus has collected information about its users’ web browsers without their consent, in order to sell it for advertising purposes. He is today condemned by the authorities.
Between hacks and viruses, all devices connected to the Internet are exposed to multiple dangers. This is why it is strongly recommended to protect them with specialized antivirus tools, whether it is a computer or a smartphone. You may be tempted to opt for free software, especially since some have a significant reputation and have millions of users. But remember the adage: “If it’s free, you’re the product.” It’s not uncommon for antivirus programs to secretly collect and sell your data, which poses privacy concerns. This is the case of Avast, one of the most popular antiviruses, with no less than 435 million users worldwide. It is particularly popular in France, which is among its five largest markets.
A joint investigation by Motherboard and PCMag previously revealed that Avast’s browser extension had captured a significant amount of data on its users from 2014 to 2020. The same was true for antivirus on smartphones and computers. Revelations which pushed the Federal Trade Commission (FTC), the American government agency responsible for consumer defense and competition regulation, to in turn carry out a vast investigation, the conclusions of which it has just released. It appears that, in addition to secretly stealing its users’ data, Avast had sold it for advertising purposes. Not bad for a company responsible for protecting its customers!
To steal its users’ data, Avast went through its subsidiary Jumpshot, specializing in digital marketing – it has since been closed following these revelations. Its business: offering major brands, such as Google, Microsoft, Sephora and L’Oréal, detailed studies on the behavior of their potential customers on the Web. Thus, Avast collected consumers’ browsing information, stored it indefinitely, and sold it to more than one hundred third parties without consumers’ consent. This data included their locations, religious beliefs, health conditions, political opinions, but also places visited and their financial situation. The worst part is that the company hasn’t even taken the necessary steps to anonymize the data. These were sold with unique identifiers for each browser. By combining this information, it was even theoretically possible to trace the identity of an Internet user. This is all the more serious because the FTC believes that Avast lied to its users. The company had in fact undertaken to protect them against online advertising tracking even though it practiced it itself.
Also, the FTC prohibited Avast from selling its users’ data collected by its products for advertising purposes. In addition, she is ordered to erase all personal data still stored by Jumpshot. Finally, she received a fine of 16.5 million dollars, which will be used to “provide redress to consumers”. The company recalled that it voluntarily closed Jumpshot in January 2020 following the revelations of the investigation. “We are committed to our mission of protecting and empowering people’s digital lives”she indicated. “While we disagree with the FTC’s allegations and characterization of the facts, we are pleased to resolve this matter and look forward to continuing to serve our millions of customers around the world.”