The Federal Trade Commission (FTC) has fined antivirus vendor Avast $16.5 million for allegedly selling users' browsing data to advertisers after claiming it blocks online tracking.
Additionally, the company was prohibited from selling or licensing web browsing data for advertising purposes. Users whose browsing data has been sold to third parties without their consent must also be notified.
In its complaint, the FTC alleges that Avast “unlawfully collected consumer browsing information through its browser extensions and antivirus software, stored it indefinitely, and sold it without proper notice or consumer consent.” ” he said.
The UK-based company also claims that the software blocks tracking by third parties and protects user privacy, while also giving users' “detailed and re-identifiable browsing data” to more than a dozen companies. They accused the company of deceiving users by not informing them of the sale. His 100 third parties through Jumpshot subsidiaries.
Additionally, data buyers can associate non-personally identifiable information with Avast users' browsing information, allowing other companies to track users and their browsing history and associate it with other information they already have. It will be.
Misleading data privacy practices were uncovered in January 2020 by a joint investigation by Motherboard and PCMag, with Google, Yelp, Microsoft, McKinsey, Pepsi, Home Depot, Condé Nast, and Intuit included in Jumpshot's Past, Present, and was named as part of the. potential customers. ”
A month earlier, web browsers Google Chrome, Mozilla Firefox, and Opera had removed Avast's browser add-ons from their respective stores, and a preliminary investigation by security researcher Vladimir Pallant in October 2019 found that extension was considered spyware.
Data such as users' Google searches, location searches, and Internet footprints were collected through the Avast antivirus program installed on users' computers without asking for their informed consent.
“Browsing data” [sold by Jumpshot] This includes information about your web searches and the web pages you visit, including your religious beliefs, health concerns, political leanings, location, financial status, and access to children's content. , and other sensitive information was disclosed,” the FTC alleged.
Jumpshot describes itself as “the only company that makes walled garden data public” and claimed to have data from 100 million devices as of August 2018. Browsing information is said to have been collected since at least 2014.
In response to the privacy backlash, Avast has decided to “end Jump Shot's data collection and wind down Jump Shot's operations immediately.”
Avast then merged with another cybersecurity company, NortonLifeLock, to form a new parent company called Gen Digital. This parent company also includes other products such as AVG, Avira, and CCleaner.
“While Avast promised users that its products would protect the privacy of their browsing data, the opposite was true,” said Samuel Levin, director of the FTC's Bureau of Consumer Protection. “Avast's undercover surveillance tactics violated consumer privacy and violated the law.”