A joint investigation by Motherboard and PCMag revealed some concerning business practices of an antivirus company named Avast, which offers free security software to customers, with the option of a paid premium version. Leaked documents from Jumpshot, one of Avast’s subsidiaries, revealed marketing documents and confidential business arrangements with multiple marketing firms who paid for large collections of historical user activity data. The data included web searches, unfiltered browsing history, map and navigation history, video viewing history, online purchase history, and social media usage history. The collection was then marketed and sold to multiple firms as a highly unique data set, with “Every search. Every click. Every buy. On every site.” included in the offering.
Avast claims to have more than 400 million users, most of which subscribe to their free antivirus product. The free product enticed millions of users away from other commercial alternatives, later upselling them premium versions of the software that provide additional features. But while users enjoyed a free antivirus product, as part of the installation process they are presented with an option to anonymously share data with the company. If the option is selected, a new profile is created for that user, and the software begins to collect information about user activity on that computer.
Digital marketing firms ingest log data and use it to enhance their advertising campaigns, enabling them to target users with a high level of precision, based on their interests, their browsing history, their purchase history, and their location. Privacy advocates have decried these practices as an invasion of user privacy, and companies have pointed to their data privacy policies and the anonymization of users to defend themselves. When contacted for comment, many Jumpshot client were quick to absolve themselves, either stating that the data was used only for constructive or investigative purposes.