Earlier this week, we reported on an investigation from Motherboard and PCMag that found Avast and AVG (owned by Avast) antivirus software was collecting data from users and passing it to third parties. This was being achieved through subsidiary company JumpShot. In response, Avast has said it will now shutter Jumpshot.
Avast was caught passing user data to JumpShot which was then passed to third party companies. Ondrek Vlcek, CEO of Avast, says the closure of the company will mean no more data collection will happen.
Vleck explained the situation in a letter sent out to customers, employees, stakeholders, and partners. He said:
“Avast's core mission is to keep people around the world safe and secure, and I realize the recent news about Jumpshot has hurt the feelings of many of you, and rightfully raised a number of questions – including the fundamental question of trust. As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned. Protecting people is Avast's top priority and must be embedded in everything we do in our business and in our products. Anything to the contrary is unacceptable.”
Avast and AVG
It is worth noting that Jumpshot would not have been able to collect data without its connection to Avast. The antivirus software collected data through an internet plugin and directly from the antivirus software. It would then be sold to major customers to help in targeted advertising.
As Ryan Maskell noted on WinBuzzer, users on Avast are asked if they would like to share some additional data with Avast, with the following message:
“If you allow it, we'll provide our subsidary Jumpshot Inc. with a stripped and de-identified data set derived from your browsing history for the purpose of enabling Jumpshot to analyze markets and business trends and gather other valuable insights,” it reads. “The data is fully de-identified and cannot be used to personally identify or target you. Jumpshot may share aggregated insights with its customers.”
However, customers said they did not know Avast and AVG were taking their information. The UI layout pointed users towards and “I Agree” button and omitted some important information. For example, the popup didn't warn users the data gathered is held for three years.