Avast, the company built long ago by offering Windows users the privacy and security Microsoft didn't care for, was fined $16.5m for storing and selling customer information without consent. Cory Doctorow wrote about it here when they were first caught in 2019, and now you can stick a fork in it.
The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such information to third parties after promising that its products would protect consumers from online tracking.In its complaint, the FTC says that Avast Limited, based in the United Kingdom, through its Czech subsidiary, unfairly collected consumers' browsing information through the company's browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and without consumer consent. The FTC also charges that Avast deceived users by claiming that the software would protect consumers' privacy by blocking third party tracking, but failed to adequately inform consumers that it would sell their detailed, re-identifiable browsing data. The FTC alleged Avast sold that data to more than 100 third parties through its subsidiary, Jumpshot.
Avast has been selling users' browsing information since 2014, the FTC reports, through its antivirus suite and browser extensions. This was personal data, "revealing consumers' religious beliefs, health concerns, political leanings, location, financial status, visits to child-directed content and other sensitive information." It claimed to be using a "special algorithm" to remove identifying information, but it in fact "included a unique identifier for each web browser it collected information from and could include every website visited, precise timestamps, type of device and browser, and the city, state, and country" and lied about about, it according to the complaint.