All of us want to be protected from hackers and data theft. And what’s better than free antivirus protection? But is it really free if your security is the price you pay? Avast, a worldwide antivirus provider, is held accountable for selling user data to third-party companies like Google, Amazon, etc. However, Avast CEO Ondrej Vlcek wrote an open letter about terminating “the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect”. This implies that Avast terminates contract with Jumpshot, but no timeframe has been confirmed.
Earlier, Avast had announced, “The data is fully de-identified and aggregated and cannot be used to personally identify or target you.” But the question is— Can’t anonymized data be de-anonymized?
Unfortunately, it can. Avast tracks the users through its antivirus engine, accumulating it, sending it to its subsidiary, JumpShot. The report doesn’t contain any personal information about the user but attaches a number conjoined with the user ID. The User ID provides information about the user in Avast Database which becomes irrelevant when he/ she uninstalls the program.
De-anonymizing— Not an impossible task
When Avast prompts a window at the beginning regarding user data, most of us don’t read and blindly click “Yes” or “Accept.” That’s where we go wrong. Once you accept the deal, it’s like selling your soul to the devil. Okay, that’s a tad bit exaggerated, but we’re trying to tell you how dangerous this can be! Because thereafter, the Avast Engine tracks each click— products you have searched, videos that you have watched… It even captures the search sensitive keywords.
For Example, Avast gathers information as follows:
Device ID: abc123x Date: 2019/12/01 Hour Minute Second: 12:03:05 Domain: Amazon.com Product: Apple iPad Pro 10.5 – 2017 Model – 256GB, Rose Gold Behavior: Add to Cart
Although Avast claims that such data is anonymous, big sites like Amazon can easily track you down. Thus, de-anonymizing a user is difficult but not impossible. Avast Antivirus might as well rename itself to Avast Spyware!
Jumpshot didn’t make any comment when asked about the situation. Even Avast’s announcement about the termination of their contract does not include any timeframe.
Although Avast’s current CEO apologized for the blunder, he subtly distanced himself from the company’s past actions. He added that he identified the problems during an audit of the company. We wonder why he chose to remain mum about the situation and not act towards changing it!
In conclusion, there’s more bad news. Even when Avast terminates contract with Jumpshot, there is no confirmation on when will their wrongdoings cease. Also, Avast is not the only company that is under scrutiny for making money by selling users’ personal data. Another company RING has leaked several personal information to third party vendors. Such companies should ensure their transparency and let their users know how the data can be used. Moreover, we, as users should act responsibly and read the EULA before accepting the terms and conditions.
Share your thoughts in the comment section below and stay tuned for further updates.