Avast antivirus harvested user data, then sold to Google, Microsoft

Avast antivirus harvested user data, then sold to Google, Microsoft
The Mac and Windows version of Avast antivirus has been used to harvest user data, an investigation claims
January 27, 2020
https://appleinsider.com/articles/2...ested-user-data-then-sold-to-google-microsoft

Motherboard / Vice: Leaked Documents Expose the Secretive Market for Your Web Browsing Data

 

Yep. I always suspected that an AV had the absolute highest potential for such shenanigans. And also why when HIPS first entered the PC scene way back when, all AV's were promptly dismissed from my systems and never have returned.

Third Party apps like OSArmour & EXERadarPro - ShadowDefender etc after HIPS dissolved rendered the need for AV's zilch and oddly enough since then not a single malware has bothered me since.

As an extra bonus it's also prevented just those type of harvestings as well.

 

I bailed from Windows not long after AVs became cloud-based. That is just too creepy.

But maybe classic AVs snooped too. Point is you don't need them on Linux.

 

Avast Official Statement: https://forum.avast.com/index.php?topic=231828.0

 

I use linux mostly now but used Windows for many more years in the past. But thankfully I never used Antivirus because in my gut I always thought they were far too intruding on my privacy. The way they grab hold of your whole OP made me feel like I was now under their control.

Be smart on the net and with programs and you will be okay,

 

I am not too clear on this were they selling both free and paid for users data.
If it was free then it is not suprising but paid for is bad news.

 

To be fair. We are only talking about one antivirus. Not the entire industry. Though I'm not saying others might not do the same.

 

The Cost of Avast's Free Antivirus: Companies Can Spy on Your Clicks
https://www.pcmag.com/news/the-cost-of-avasts-free-antivirus-companies-can-spy-on-your-clicks


Avast's broken data anonymization approach
https://palant.de/2020/01/27/avasts-broken-data-anonymization-approach/

 

We know of at least one that definitely does not do the same -- Emsisoft.

https://help.emsisoft.com/en/1974/emsisoft-browser-security/

 

But how do you really know?

Wireshark, I guess.

 

This shouldn't be a surprise to anyone, surely?!

 

There's also the way Fabian demonstrated
https://malwaretips.com/threads/mozilla-removes-all-avast-firefox-extensions.96780/post-847874

 

Avast blog: https://blog.avast.com/our-commitment-to-responsible-data-use

 

Well, this is peculiar. Using the release Edge browser, I get this notice the first time I click the above link of Azure Phoenix:

Spoiler: browser message avast blog

It quickly disappeared so in order to bring it back so I could capture it, I manually removed three Avast cookies and tried again. Has anyone seen a message in their browser like this? Further, I have AdGuard set to Stealth Mode with the "hide your IP address" and my actual IP address is listed in the snip anyway.

 

Not that peculiar, just a common DoS protection. What the AG's "hide your IP address" does is adding X-Forwarded-For & X-Real-IP to http header, nothing else. As a very basic of IP network, it's impossible to hide your IP w/out VPN or proxy. In short, it doesn't actually hide or disguise your real IP but tell servers "Hey, I'm using a proxy and my real IP is xxx, not what you see. Please trust me!"

 

And this is the problem:

So in the past, data sharing has been opt-out, so all users by default had sharing enabled.

And sure, they claim that collected data is anonymized. But we all know how iffy that can be.

 

Yeah, i saw it as well. I didn't give it much thought because on few occasions I have already encounter similar wording with sites protected by Cloudflare.

 

OK, yes, it makes a lot of sense, this message just showed up after I'd been accessing various Avast pages off and on without it. Great explanation, thanks a lot, 142395 Thanks also Azure Phoenix.

 

Avast defends its data gathering and sharing practices -- 'that's how antivirus works'
January 29, 2020
https://betanews.com/2020/01/29/avast-defends-data-gathering/

 

This Avast case reminds me of three common statements that
companies/users make and that always irk me:

1.
Company X: "The user data we collect and sell to advertisers is anonymized. So it's okay for us to collect it"

2.
Company Y/(or fanboys of company Y products): "Look, company G, company F and company M are doing it, so it's totally ok for us also to collect it, sell it and track you"

3.
Company Z: "We don't collect or sell any user data. We pinky swear it! It's in our privacy policy! (next week journalist exposes extensive collecting and selling of user data of company Z)

First. There is no truly anonymized data in Web. If there was then it would be next to useless to advertisers who, as we all know, want to know as much of us as possible so that they can show relevant ads down our throat and increase the chance of us actually buying the service/product.
Web advertising = Tracking = You are the product.

In a Internet marketing, anonymized data is just a buzzword.

Second. Just because some company or companies do some questionable practise does not make it okay for everyone to do so. Like the data collecting in big tech industry. That's failed, dishonest logic. By that logic doing also robberies/murders/etc would be totally okay because some **** are doing it.

Third. Most companies lie. Especially bigger companies. Their privacy policies are worthless. Start from assumption that every big Internet connected business is a lying ***** that just can't wait for an opportunity to turn your data into dollars.

 

Woah!

That seems pretty serious. I'm impressed

 

Although I've used Avast in the past, I wouldn't touch it with a 10 foot pole.
Along with AVG and Avira.
Couldn't trust them now.
Just my view on things.

 

https://sparktoro.com/blog/avasts-shutdown-of-jumpshot-will-harm-the-web-and-the-world/