UPDATE JAN 29 2020
From Sephora's PR agency:
I caught your recent story on BoingBoing regarding Avast. Wanting to see if it is possible for you to make a correction to the piece? Sephora is not a past, present or potential client. You can find a quote from Sephora below.
"Sephora is not a client and has not worked with Avast/Jumpshot."
The brand name has been redacted from this blog post, which in turn quoted a VICE NEWS article which named the brand as having been associated in some way with Avast.
— Xeni Jardin, Jan 29 2020
Documents show that the antivirus company Avast has been selling its users' internet browsing data, through a subsidiary named Jumpshot, to clients that include Pepsi, Google, and Microsoft, reports Motherboard. The report is the result of a joint investigation between the VICE News site and PC Mag.
"An Avast antivirus subsidiary sells 'Every search. Every click. Every buy. On every site,'" and clients of that data broker firm, Jumpstart, have included Home Depot, Google, Microsoft, Pepsi, and McKinsey," Joseph Cox at Vice/Motherboard.
"An antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world's biggest companies," the joint investigation with VICE Motherboard and PCMag found.
The documents, from a subsidiary of the antivirus giant Avast called Jumpshot, shine new light on the secretive sale and supply chain of peoples' internet browsing histories. They show that the Avast antivirus program installed on a person's computer collects data, and that Jumpshot repackages it into various different products that are then sold to many of the largest companies in the world. Some past, present, and potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, [XXXXX redacted at company's request, see note above], Home Depot, Condé Nast, Intuit, and many others. Some clients paid millions of dollars for products that include a so-called "All Clicks Feed," which can track user behavior, clicks, and movement across websites in highly precise detail.
Avast claims to have more than 435 million active users per month, and Jumpshot says it has data from 100 million devices. Avast collects data from users that opt-in and then provides that to Jumpshot, but multiple Avast users told Motherboard they were not aware Avast sold browsing data, raising questions about how informed that consent is.
The data obtained by Motherboard and PCMag includes Google searches, lookups of locations and GPS coordinates on Google Maps, people visiting companies' LinkedIn pages, particular YouTube videos, and people visiting porn websites. It is possible to determine from the collected data what date and time the anonymized user visited YouPorn and PornHub, and in some cases what search term they entered into the porn site and which specific video they watched.
Leaked Documents Expose the Secretive Market for Your Web Browsing Data [Joseph Cox / VICE, via techmeme]
New: leaked documents, data, contracts show how hugely popular antivirus Avast now harvests internet browsing data and sells it for millions of dollars. Clients included Home Depot, Google, Microsoft. Documents show a product called "All Clicks Feed"https://t.co/i5s2lX8FJL
— Joseph Cox (@josephfcox) January 27, 2020
Before selling the data Jumpshot/Avast removes personal info like names. But multiple experts believe you could identify people inside it. The data itself is also highly sensitive, being able to see specific porn videos and searches people looked at https://t.co/i5s2lX8FJL pic.twitter.com/DCLEP0qbXB
— Joseph Cox (@josephfcox) January 27, 2020
It was nice knowing you, Avast!
You can kiss your enterprise customerbase good bye! https://t.co/goI9bbkpc6
— Catalin Cimpanu (@campuscodi) January 27, 2020
SCOOP: Leaked documents show that the world's largest companies, including Google, Microsoft, McKinsey, Bain, Altria, etc. are spending millions tracking your every click around the internet: https://t.co/kXGegjaSPp
— Jason Koebler (@jason_koebler) January 27, 2020
Our privacy laws need a desperate update: such data collection should itself be illegal. https://t.co/H549nCisRy
— Vivek Wadhwa (@wadhwa) January 27, 2020
Companies LOVE to pretend that "anonymizing" your data somehow means users can't be identified or their data abused. These duo reports do a lovely job highlighting how that's nonsense:https://t.co/dEG5EwPVjx pic.twitter.com/605IElYGu3
— Karl Bode (@KarlBode) January 27, 2020
Been using free antivirus software? Your very, *very* detailed browsing history has been put on the market – and lots of companies have been eagerly buying it.
If you're not paying (and sometimes when you are), you're the product, not the customer. https://t.co/NVceWrAoNV
— James Ball (@jamesrbuk) January 27, 2020
This is another reason why quitting these services is futile. Their power is so far beyond our standard ways of dealing with companies. https://t.co/5Rv8BhYSeL
— SIVA VAIDHYANATHAN??? (@sivavaid) January 27, 2020
The antivirus business doesn't make much money anymore, so software like Avast is selling your browsing data instead. Don't use third-party antiviruses, people. ? https://t.co/X9YUUuch97
— Owen Williams ⚡ (@ow) January 27, 2020
An antivirus company sells the ultimate in user behavior data: 'Every search. Every click. Every buy. On every site.'
Its buyers? Google, Microsoft, McKinsey, Pepsi and a whole lot more.https://t.co/EAlrJ0zmgM
— ᴅᴇʀᴇᴋ ᴍᴇᴀᴅ (@derektmead) January 27, 2020