Avast shuts down Jumpshot after investigation revealed illegal data harvesting

No photo availableCIO Africa authorBySid Chudasama
3 min read

Merely days after Avast’s well known Antivirus software was caught to be harvesting browsing data and selling it to advertisers,…

images

Merely days after Avast’s well known Antivirus software was caught to be harvesting browsing data and selling it to advertisers, the company has reported that it is closing down the subsidiary that made it possible. It was recently revealed that the Czech-based cybersecurity specialist was also cultivating another, more controversial, revenue stream: harvesting and selling on user data, some of which it amassed by way of those security tools.

Ondrej Vlcek, CEO of Avast, said that Avast is terminating its Jumpshot subsidiary’s data collection and operations with immediate effect. Unquestionably, this deems the company’s hundreds of employees, likely out of a job.

“Protecting people is Avast’s top priority and must be embedded in everything we do in our business and in our products. Anything to the contrary is unacceptable,” Vlcek wrote. “For these reasons, I – together with our board of directors – have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect.”

This decision came in response to a motherboard and PCmag investigation. The investigation revealed how Avast was collecting user browsing data via its antivirus software. This data included Google searches, location lookups, visited URLs along with precise time stamps, and in some cases even specific searches made on pornography websites. Although Avast claimed that individual users could not be identified from this data, Motherboard spoke to experts who said that this could be possible in some cases.

Jumpshot claimed to have data from as many as 100 million devices, and it listed some of the world’s largest companies among its clients, including Google, Yelp, Microsoft, and Pepsi. Jumpshot would package this data up into different products, one of which was its “All Click Feed,” which would allow its clients to see all user clicks on individual domains (such as Amazon.com). These clients reportedly paid millions of dollars for Jumpshot’s products, which often included precise browsing data.

Although Avast has announced that it’s bringing Jumpshot to an end, Vlcek defended the way in which the company collected the data. As well as stressing that Jumpshot operated as an independent company, he said both Avast and Jumpshot acted “fully within legal bounds” and “committed themselves to 100 percent GDPR compliance.”

The significance of the incident extends beyond Avast and Jumpshot’s practices: it highlights the sometimes-obscure but very real connection between how some security technology runs the risk of stepping over the boundary into violations of privacy; and ultimately how big data is a hot commodity,

 

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co