Richard Serra and Carlota Fay’s 1973 quote, “If you are not paying for it, you’re not the customer; you’re the product being sold.” has never proven to be truer than it has now. Avast, a popular antivirus provider is coming under fire as consumer reports highlight their immoral data collection and sharing policies. News that Avast sells their customer’s highly sensitive web browsing data under their subsidiary company, Jumpshot, has many customers rushing to find ways to uninstall and opt-out of Avast’s data sales seeking an Avast alternative.
Avast is known for providing free antivirus software, but one thing that they haven’t been known for until now is selling the browsing data of its users across 100 million devices via a subsidiary called Jumpshot. In a January 28th blog post, Avast shares with users:
When Jumpshot was first launched in 2015, the idea was to create an innovative way to provide marketers with trend analytics and statistics on customer purchasing habits
While Avast has since removed the Jumpshot website, a look at the Jumpshot website on January 31st showed that some of their biggest customers, those who paid for data collected from Avast users, include Google, TripAdvisor, Nestle, Revlon, Kimberly-Clark, Unilever, and more. They shared this with prospective customers wishing to benefit from their data collection efforts:
Jumpshot delivers digital intelligence from within the Internet’s most valuable walled gardens.
In today’s digital economy, more than 70% of online transactions are hidden behind walled gardens. Jumpshot provides insights into consumers’ online journeys by measuring every search, click and buy across 1,600 categories from more than 150 sites, including Amazon, Google, Netflix, and Walmart.
Linking Data Back to Individual Consumers
Avast states that they “de-identify” the harvested user data they sell to these big-name companies and anyone else willing to pay $199 for access, meaning that it isn’t possible to link the data back to an individual. The fact is, this couldn’t be farther from the truth.
The data that Avast provides via Jumpshot is so detailed that clients can view each individual click a consumer made and from what device, including the time down to the millisecond. While Avast doesn’t directly provide the names, email addresses, or IP addresses associated with the data, it takes very little effort for their customers to assign the data to an individual. For example, Amazon can easily reference who made a purchase at 11:04:33 and link the harvested user data to a specific customer. Information provided about Google searches can be linked to a logged-in user on Google based on the time of their search and so forth. Now, data that was intended to be anonymous is linked to a specific person. Every action Avast users take online, every search, every website visited, every purchase made, is visible to some of the world’s biggest companies.
How Can I Protect My Data?
So many of us are accustomed to checking off boxes indicating that we agree with the Terms of Service and Privacy Policies for services that we use, but it’s important to make sure that you fully understand what happens when you do this. How many companies have you mindlessly permitted to share your personal information with 3rd parties? What information have you authorized businesses to collect about you outside of what you consciously provide? Which companies aren’t transparent about what they do with your data? How many companies say that they handle your data securely, but don’t actually do it? Here are some ways that you can keep your data private:
- Always take the time to read the Terms of Service and Privacy Policies when creating an account or using any service, especially the free ones.
- Remember that nothing is ever truly free in the long run. If you aren’t paying for a service, outside of trial offers, this means that you are the product. No business can operate without income and if it isn’t you providing that income, they’re making it through other means.
- Use a browser protection tool like Guardio, who does not sell user data to 3rd parties, to identify when a website or extension you access contains malicious code, phishing attempts, scams, or if the product you’re considering has a bad reputation for handling data securely.
- Regularly assess your privacy and data collection settings on social media and for other accounts that you use to ensure that you aren’t sharing things that are best kept private.