Lately it has not been going well for Avast. The company is facing criticism for some of its business practices. It all started when Wladimir Palant gave in the light of publicity μια λεπτομερή analysis των επεκτάσεων περιήγησης της Avast.
It revealed that the extensions were passing the browsing history information to Avast and showed that the amount of data exceeded the data the company needed to deliver the security it promised product her. The data included the full URL of any page the user visited, the title of the page, the referrer (the website the user came from), and any links from search results pages.
Palant concluded that excessive data collection was intentional. Mozilla and Google immediately removed Avast and AVG extensions from their respective stores. Avast has updated its extensions and released them again.
A research but from Vice and PC Magazine took a closer look at Avast's business practices and user-generated data. According to the information, the subsidiary of Avast Jumpshot takes this data and processes it for sale to companies.
A product called Feed All Clicks provides businesses (including large companies such as Google, Microsoft, Pepsi, Home Depot or McKinsey) with detailed information on user behavior, clicks and general their every activity.
The data is anonymous according to Avast, which means that there is no personal information, such as the user's IP address or e-mail addresses. All of this is removed before the data collected is sold.
However, a data packet can also include the IDs of the connected devices which makes it very easy to search for it record browsing a specific device. They also include the date and time, as well as information with the location of the end user.
Companies now buying data can use other data sources to locate individual users. Imagine large companies like Google and Amazon having huge volumes of information, cross-referencing their data to track every user activity.
Also, if the IP address removal does not happen as Avast claims, (why should we believe it anyway) the data does not even need to be cross-referenced to verify a user's location, and behavior. Visits to a personal page, replies to Twitter, uploads to YouTube or any other activity can easily be linked to accounts and provide information to third parties about the actual ID card of the user.
