Avast killing Jumpshot subsidiary after being exposed for harvesting and selling user data

Back in October of last year, Wladimir Palant, the creator of AdBlock plus, discovered that the Avast and AVG Online Security extensions were collecting much more data from its users than he believed to be necessary. He subsequently published a blog post detailing his findings, which are worth reading. According to Palant, the extent of the data being collected and transmitted goes way beyond that of competing solutions like Google Safe Browsing.

Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier.

A day after Palant published his blog post, he was tipped off to the fact that Avast acquired Jumpshot back in 2013. At least according to Avast's press release at the time, Jumpshot developed a PC performance optimization software that Avast planned to integrate into its own software. However, Jumpshot's website now markets the company as a "consumer journey analytics" enterprise. Palant came to the conclusion that Jumpshot is likely the destination of the data collected and transmitted by Avast. Jumpshot's about page doesn't help assuage any fears:

Jumpshot delivers digital intelligence from within the Internet's most valuable walled gardens.

In today's digital economy, more than 70% of online transactions are hidden behind walled gardens. Jumpshot provides insights into consumers' online journeys by measuring every search, click and buy across 1,600 categories from more than 150 sites, including Amazon, Google, Netflix, and Walmart.

Unfortunately, the blog post did not receive the attention it deserved, so Palant eventually submitted a report to Mozilla developers, who promptly removed the offending extensions. The story picked up traction earlier this week when the PCMag and Motherboard posted the findings of their joint investigation into the matter. Leaked documents confirmed the link between Avast's data collection and Jumpshot's analytics.

Yesterday, Avast published a message from the company's CEO, Ondrej Vlcek, in which he admitted that Avast has been collecting and selling data through Jumpshot. He stressed Avast's commitment to providing security and announced the following:

I - together with our board of directors - have decided to terminate the Jumpshot data collection and wind down Jumpshot's operations, with immediate effect.

Avast published another press release today giving more details concerning the shuttering of Jumpshot, with a further statement from the CEO:

We regret the impact this will have on Jumpshot employees and we appreciate the contributions they have made. We will endeavor to make this transition as smooth as possible for them.

The post Avast killing Jumpshot subsidiary after being exposed for harvesting and selling user data appeared first on The Tech Report.