An antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world’s biggest companies, a joint investigation by Motherboard and PCMag has found. Our report relies on leaked user data, contracts, and other company documents that show the sale of this data is both highly sensitive and is in many cases supposed to remain confidential between the company selling the data and the clients purchasing it.
The documents, from a subsidiary of the antivirus giant Avast called Jumpshot, shine new light on the secretive sale and supply chain of peoples’ internet browsing histories. They show that the Avast antivirus program installed on a person’s computer collects data, and that Jumpshot repackages it into various different products that are then sold to many of the largest companies in the world. Some past, present, and potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Condé Nast, Intuit, and many others. Some clients paid millions of dollars for products that include a so-called “All Clicks Feed,” which can track user behavior, clicks, and movement across websites in highly precise detail.
Is anybody really surprised by this? Antivirus companies have been scammers for a long time now, spreading fear and anxiety amongst primarily less knowledgeable users, tricking and scamming them into paying exorbitant amounts of money for tools that are not needed, do not work, slow computers down, and in many cases, actively harm operating systems.
Of course, with these programs running with unparalleled access to many Windows machines, we all knew antivirus companies would resort to selling user data to make an extra buck, sinking even deeper. You don’t need anything more than what your operating system provides, whether you use Windows, Linux, macOS, Android, or iOS.
I recently mentioned in another thread how companies like these are financially motivated to mislead users. They’ll do nearly anything to keep users afraid and subscribing to their “service”/providing access to their computers. This report only shines even more light on that fact. I hope nobody here is surprised. Add this news to the already countless other reasons why you *should * not * trust * any * of * these * companies.
Paranoia is profitable, who’d have think it?
I find this behavior despicable as well, they deserve our scrutiny, criticism, and possibly punitive damages for not being upfront with users about data collection. However you take it too far by suggesting AV has no use. Every one of us here ought to know that viruses are a non-imaginary threat. Obviously you can improve your odds if you never download anything or open attachments, etc. But for a company/household with lots of employees/family members, then the chances of a successful attack spreading through the network is significantly increased and there have been numerous breaches that demonstrate why AV is not all snakeoil. I’ve seen it first hand even at companies where employees are professional programmers. Viruses are no joke. Sometimes the machines don’t need to be vulnerable to spread the viruses themselves, but without AV they really don’t know any better than to continue to spread the virus unchecked. For example, an email/file/web server without AV can easily spread malware even if it’s isn’t technically vulnerable by itself.
So, yes give avast very harsh criticism, they absolutely deserve it! But there’s no need to exaggerate your point to make them look bad. We need to be clear: they’re bad because they violated user trust and *NOT* because A/V is fundamentally bad or unnecessary.