A joint investigation by PCMag and Motherboard published yesterday revealed that antivirus software Avast—which owns subsidiary AVG—has been and still is selling web browsing data of millions of its users to large companies such as Home Depot, Google, Microsoft, Pepsi, and others.
The report cites documents from Jumpshot, Avast’s subsidiary that repackages highly sensitive Internet browsing histories and sells them to many large companies around the world in the form of various products.
“The data [...] includes Google searches, lookups of locations and GPS coordinates on Google Maps, people visiting companies' LinkedIn pages, particular YouTube videos, and people visiting porn websites,” the report states, adding, “It is possible to determine from the collected data what date and time the anonymized user visited YouPorn and PornHub, and in some cases what search term they entered into the porn site and which specific video they watched.”
Jumpshot claims that Google uses its services to track web browsing activity. Image: Jumpshot.
The revelations sparked fury among Avast antivirus users, with reactions to the investigation including tweets like, “If you're using Avast antivirus, remove it IMMEDIATELY -- it is now MALWARE” and, “When your antivirus becomes the virus.”
But this kind of quiet intrusion into our online lives is nothing new. Four years ago, a whistleblower revealed that Cambridge Analytica’s business was to use massive amounts of data—collected from sites including Facebook—to influence elections. In fact, this problem is so bad that businesses have been set up to let you find out which sites have copies of your personal data and can request for them to delete it on your behalf. And lawmakers have had to impose draconian laws on third party companies that are collecting data in a hopeful attempt to try to curtail this issue.
This latest investigation shows that it is not just personal data shared on social networking sites that is valuable, but that even anonymized web browsing data is still priceless (firms were paying $2 million a pop for the data).
Luckily there’s a solution.
A new kind of web browser
It doesn’t have to be like this, with companies spying on every click you make. New technology, particularly decentralized and blockchain, has the potential to change the way we control our data online. Even Twitter CEO Jack Dorsey thinks this will shape the evolution of social media over the next decade.
One such example is the crypto-friendly browser Brave. Its main selling point is that not only does it not spy on you, but it tries to protect your data too.
As Decrypt reported previously, this novel browser is also trying to disrupt already archaic—and somewhat insidious—method of website advertising. The vast bulk of websites and ads include software that tries to identify you. As such, Brave ensures that ad trackers (also known as data harvesters) are blocked—as well as original advertisements that contain them.
Brave goes one step further. While most browsers offer a “private mode,” these tend to just hide your history from other people who use your browser. Instead, Brave lets you use Tor—one of the best ways to anonymize your browsing—within the browser. Tor not only hides your history but also masks your location from the sites you visit by routing your browsing through several servers before it reaches its destination.
Last October, Brave even proposed a VPN system that would use zero-knowledge proofs to allow people to search for various things without incriminating themselves. But this isn’t yet live.
Brave wouldn’t have necessarily solved the Avast issue. It’s likely that the user giving permission to Avast would have overridden Brave’s in-built security measures. (Decrypt has reached out to Brave but hasn’t received a reply at the time of publishing) But, Brave is a good starting point, one that will get the user thinking about keeping their own data secure.
Brave is also championing data privacy and security, against the major tech giants. Last September, the company behind Brave accused Google of secretly using a “workaround” to avoid adhering to strict European Union privacy regulations.
“In a very real way, privacy gives you the freedom to be yourself,” Brave’s official website states. That's unless you’re the kind of person who wants to snoop on others.