Avast, the multibillion-dollar Czech security company, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.
That’s led to some labelling its tools “spyware,” the very thing Avast is supposed to be protecting users from. Both Mozilla and Opera were concerned enough to remove some Avast tools from their add-on stores earlier this month.
But recently appointed chief executive Ondrej Vlcek tells Forbes there’s no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts.
Here’s how it works, according to Vlcek: Avast users have their Web activity harvested by the company’s browser extensions. But before it lands on Avast servers, the data is stripped of anything that might expose an individual’s identity, such as a name in the URL, as when a Facebook user is logged in. All that data is analysed by Jumpshot, a company that’s 65%-owned by Avast, before being sold on as “insights” to customers. Those customers might be investors or brand managers.
What do those customers get? Vlcek says Jumpshot, which was initially acquired in 2013, provides “insights on how cohorts of users on the internet use the web.” For instance, it could show a percentage of visitors who went from one website to another. That could be useful to anyone monitoring an advertising campaign.
“Typical customers would be, for example, investors, who would be interested in how online companies are doing in terms of their new campaigns,” the new Avast chief explains. Say Amazon launches a new product—Jumpshot could determine how much interest it’s getting online.
Jumpshot's own website is a little more detailed, promising “incredibly detailed clickstream data from 100 million global online shoppers and 20 million global app users.” It’s possible to “track what users searched for, how they interacted with a particular brand or product, and what they bought. Look into any category, country, or domain.”
That might be unnerving to privacy-predisposed folk, but Vlcek compares this kind of data trading to the kind seen in healthcare. In that market, anonymized data is used to create case studies, where by looking at data trends it could be determined who is more likely to get a disease.
As a final assurance, Vlcek told Forbes he recognizes customers use Avast to protect their information and so it can’t do anything that might “circumvent the security of privacy of the data including targeting by advertisers.”
“So we absolutely do not allow any advertisers or any third party ... to get any access through Avast or any data that would allow the third party to target that specific individual,” he adds. As for how much money this actually makes for Avast, it’s around 5% of overall revenue, says Vlcek. Given the first half of 2019 revenue stood at just under $430 million, that’s still more than $20 million.
Avast’s user data sales have attracted concern as recently as last week, though. Adblock Plus founder Wladimir Palant has been tracking Avast’s Web browsing over 2019, and he reported the data slurping to Mozilla and Opera before they removed the add-ons from their stores just last week.
Palant now wants Google to do the same for Chrome. “Google Chrome is where the overwhelming majority of these users are,” he warned in a blog post earlier this month.