Avast Antivirus users who value their privacy may want to switch to another solution, pronto. According to a joint investigation by Vice’s Motherboard and PCMag, the “free” program is being used by Avast Software (and its subsidiary, AVG) as a tool for harvesting information that can be sold to third parties.
This information comprises rather sensitive web browsing data, such as site history, click habits, and how a user moves between pages. Specifics include “Google searches, lookups of locations and GPS coordinates on Google Maps, people visiting companies’ LinkedIn pages, particular YouTube videos, and people visiting porn websites.”
Despite the lack of names and other personal identifiers, experts claim that the data is thorough enough to deanonymize users. Motherboard, for one, was able to determine the exact date and time that a site was visited, as well as search terms and videos watched on certain pages (e.g., YouPorn, PornHub).
Avast and AVG’s shady collection practices aren’t actually new, as the companies were caught harvesting data with its “Online Security” browser extensions and “Secure Browser” in October last year. This information was being sold by Jumpshot, a subsidiary offering traffic data from “100 million global online shoppers and 20 million global app users.”
Avast later apologized and claimed that it would be discontinuing this practice, but apparently, the company has merely replaced its extensions and browser with its antivirus programs as the collection tools of choice. While users have to opt-in to data collection, there’s no indication that their information could be sold.