Be wary of free antiviruses - Avast selling non-anonymous user data

[williamcll]

While Avast has been noted to sell user data before, it is found that a lot of said data are not anonymized as most companies (claimed) to practice, meaning that data buyers can trace the information back to the individual.

Quote

Relax. That's what Avast told the public after its browser extensions were found harvesting users' data to supply to marketers. Last month, the antivirus company tried to justify the practice by claiming the collected web histories were stripped of users' personal details before being handed off. "The data is fully de-identified and aggregated and cannot be used to personally identify or target you," Avast told users, who opt in to the data sharing. In return, your privacy is preserved, Avast gets paid, and online marketers get a trove of "aggregate" consumer data to help them sell more products. There's just one problem: What should be a giant chunk of anonymized web history data can actually be picked apart and linked back to individual Avast users, according to a joint investigation by PCMag and Motherboard.

 

The Avast division charged with selling the data is Jumpshot, a company subsidiary that's been offering access to user traffic from 100 million devices, including PCs and phones. In return, clients—from big brands to e-commerce providers—can learn what consumers are buying and where, whether it be from a Google or Amazon search, an ad from a news article, or a post on Instagram. The data collected is so granular that clients can view the individual clicks users are making on their browsing sessions, including the time down to the millisecond. And while the collected data is never linked to a person's name, email or IP address, each user history is nevertheless assigned to an identifier called the device ID, which will persist unless the user uninstalls the Avast antivirus product.

 

But in regards to one particular client, Jumpshot appears to have offered access to everything. In December 2018, Omnicom Media Group, a major marketing provider, signed a contract to receive what's called the "All Clicks Feed," or every click Jumpshot is collecting from Avast users. Normally, the All Clicks Feed is sold without device IDs "to protect against triangulation of PII (Personally Identifiable Information)," says Jumpshot's product handbook. But when it comes to Omnicom, Jumpshot is delivering the product with device IDs attached to each click, according to the contract. In addition, the contract calls for Jumpshot to supply the URL string to each site visited, the referring URL, the timestamps down to the millisecond, along with the suspected age and gender of the user, which can inferred based on what sites the person is visiting.

Source: https://www.pcmag.com/news/the-cost-of-avasts-free-antivirus-companies-can-spy-on-your-clicks

Thoughts: Might as well stick to windows defender where you can manage privacy settings all in one go. That or use UNIXs and hope Linux/Apple malware never gets popular.

[Arika]

as always; If you're not paying for a product, you are the product.

[SpikeSpiegel]

Great....and I use Avast Anti-Virus.  

[Canoe]

That's why I stopped using avast!

That was obviously where they were headed.

And were going to use my computer's time/power to do so.

[Flying Sausages]

Pic source: https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation

An infographic showing the supply chain of browsing data from Avast through to Jumpshot's clients

Avast destroyed AVG and Piriform. Ccleaner use to be one of favorite tools, but not until Avast acquired Piriform and start spying on its users.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[RejZoR]

1 hour ago, Arika S said:

as always; If you're not paying for a product, you are the product.

That's not always the case. Especially with antiviruses where cloud efficiency is directly linked to number of cloud connected clients. The more there are, the more accurate you protection model is. Meaning that even though free users don't pay, they contribute with protection data. And today big data is important for protection as malware isn't really analyzed by it's strict structure but how similar it looks to other malicious files. Usually they limit some of program's functionality t give users incentive to buy paid version.

 

Also, everyone is screaming "avast! is bad" these days, but no one tells specifics, like, is it only the web browser extension or also antivirus as such. Coz many users don't use any of their extensions and knowing if they are not affected changes pretty much everything.

[LAwLz]

5 hours ago, Arika S said:

as always; If you're not paying for a product, you are the product.

Nahh, it's 2020. Paid and free users are spied on equally.

[Arika]

4 minutes ago, LAwLz said:

Nahh, it's 2020. Paid and free users are spied on equally.

even if you're not even a user (facebook)

[TetraSky]

I'm honestly not surprised. Avast has always been shit to me, with so many annoyance designed to make you pay to not deal with them anymore. So the fact that they were selling user data as well... Yeah, *insert surprised pikachu face, here*

[Anghammarad]

As soon as you are on Windows 10, use the integrated Windows Defender Virus Protection. 

 

Add an Script/Adblocker (Adblock (not plus or anything else) and UBlock, if you like Disconnect as well) to your browser of choice.

 

Everything that then may infect your system is either due to you are braindead and klick on everything that doesn't delete itself within 3 seconds, or a 0 day exploit, which no Virus protection software is keeping you safe from.

 

Another point for the internal defender, it is a part of windows 10. 3rd Party Virus Protection isn't and needs to drill itself deep into your windows, which then lwaves a whole bunch of other issues... 

 

[TechyBen]

8 hours ago, Arika S said:

as always; If you're not paying for a product, you are the product.

Wait... how does Linux work then?

 

/JK, I know it's a pet project by geeks to actually look like they have some friends...

 

 

 

/JK, I know that's not true... It's so Linus (Torvalds) can pretend he owns his own kingdom...

[Mihle]

8 hours ago, Arika S said:

as always; If you're not paying for a product, you are the product.

In some rare cases, but that still exist, you are not. (all of those have a paid tier tho) But usually yes.

[Neftex]

3 hours ago, huilun02 said:

Just block the snot out of online ads and kill the entire reason for collecting your data in the first place...

 

Use Ublock Origin

Use NOT standard Chrome browser

Disable Async resolver, Quic protocol, Webassembly

Use script blockers

Use Adguard DNS

Use Pihole with MoaAB/Steven Black lists

Block all social media domains and server IP ranges.

Run your own PiVPN with Pihole for your friends and family, so that they easily get most of the ad blocking benefits.

 

If you rely on on others to protect your privacy, you will never get it. Take PERSONAL action.

you do realize you rely on others by using those things, right?

[SpikeSpiegel]

https://blog.avast.com/our-commitment-to-responsible-data-use?__cf_chl_jschl_tk__=f97a53f933c4e250c2715f7bb72c8a664b9f4510-1580319482-0-AcFeKUKgV0p3qccJn-V6Pl-2FuDKYms2KSh7ELflzS4Kjx9HDXpZCetyvWauwSofrLyGnPHvKpHj5ozBUAw6xn1oXAV0gElsNXTuC6DuuQx6DXdEMbqNCzvdCQdJ9JxyWktOu9LebY5R5RRZfnpioFXqaxVl770-ybsriwqyPZh_nddRwZavWJttj6pGtyXGxMhoyZKTo_8ikQcmE-9omCdet6Au3MjemfUjODEev9Ohape93QETwKqkSxC7KXHmHQNJ5dBSth1coEUz072s6bopOvPg6kWSYEFuOZolrTkNrT7IsJxuBcfnMLtK68IvbM0b-nET-urdz6-zKrp2lLO5of6w0i61qGvO04BYcbs0DowJbQUWwkdEnFxB2tky4g

[RejZoR]

People are freaking out en mass, but you were only affected if you were even using their browser extensions and didn't uncheck data sharing setting. If you only ran their antivirus, you were not even affected. Or even if you ran their browser extension and had data sharing disabled, you were also not affected. It's a shitty way of doing business the way they are doing it in recent times and this is going to hurt them badly for years. But it's very likely users weren't even affected under above conditions. For example I don't use their extensions and always uncheck data sharing in antivirus settings except for the protection cloud. In doing so, all this drama doesn't even concern me as I wasn't even affected by any of it. So, people need to stop freaking out and see if it even applies to them...

[Reytime]

And what keeps them from selling the information of paid customers?

[Fetzie]

On 1/28/2020 at 1:54 PM, Anghammarad said:

Another point for the internal defender, it is a part of windows 10. 3rd Party Virus Protection isn't and needs to drill itself deep into your windows, which then lwaves a whole bunch of other issues...

Mmh, when I installed ESET, when I restarted my PC it flagged the windows login process (winlogon.exe IIRC) as suspicious and refused to let it run...

 

Fun times when your AV doesn't let you log in to your PC.

 

I use the Windows built-in AV now.

[demonix00]

Old news

 

[yolosnail]

As always, the best anti-virus is not being an idiot!

 

Anyway, is there any reason to have an anti-virus installed on Windows 10, the built in one is good enough