In the world of cybersecurity, antivirus (AV) companies are typically held to a high standard when it comes to user privacy and data protection. Their business model revolves around safeguarding users against cyber threats, rather than exploiting their data for profit. However, a recent incident has brought to light the unethical practices of one such company.
The Federal Trade Commission (FTC) has taken action against Avast, a well-known AV company, for selling users’ browsing data without their consent. This violation of user privacy resulted in a hefty fine of $16.5 million imposed on Avast by the FTC.
The FTC’s investigation revealed that Avast’s browser extensions and antivirus software were harvesting and selling user data to over 100 third-party entities, through its subsidiary, “Jumpshot.” This data collection included sensitive information such as religious beliefs, financial details, and more. Despite assuring users that their tracking activities were being blocked, Avast was secretly profiting from the sale of detailed browsing data.
From 2014 up until 2020, Avast had been collecting and selling user data without their knowledge or consent. The company failed to disclose this practice to users and falsely claimed to anonymize the data being shared. However, the FTC discovered that Avast’s anonymization methods were inadequate and left users’ identifiable information vulnerable to exploitation.
The detailed browsing data sold by Avast included unique identifiers, timestamps, device specifics, and even location information. This level of granularity in the data made it easy for buyers to re-identify users, despite contractual agreements prohibiting such actions. Some of the proprietary products offered by Jumpshot even allowed clients to track individual users and link their browsing histories with other personal information.
In addition to the financial penalty, Avast has been ordered by the FTC to cease misrepresenting its data practices. The proposed order also mandates several provisions, including a prohibition on selling browsing data without consent, obtaining affirmative express consent from users, deletion of data and models collected, notifying consumers of the breach, and implementing a robust privacy program to prevent future violations.
The FTC described Avast’s actions as a breach of Section 5 of the FTC Act, which prohibits the selling or sharing of user data without explicit permission. The commission emphasized the importance of heightened privacy standards, especially when dealing with sensitive data such as geolocation and health information.
This case involving Avast serves as a stark reminder of the need to protect sensitive information in the digital age. As cyber threats continue to evolve and become more sophisticated, it is crucial for companies to prioritize data privacy and security to maintain users’ trust.
To safeguard against malware and other cyber threats, users are encouraged to use reliable security solutions like Perimeter81 malware protection. These tools can help prevent malicious attacks such as Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits from compromising personal and sensitive data.
In conclusion, the FTC’s enforcement action against Avast underscores the importance of transparency, consent, and accountability in the handling of user data. As technology continues to advance, it is imperative for companies to uphold ethical standards and prioritize user privacy above all else. Follow us on LinkedIn and Twitter for the latest cybersecurity news, whitepapers, and infographics to stay informed and protected in the digital landscape.