Skip to Content

One of the most popular antivirus companies in the world sells people’s sensitive data in a way that can put their privacy at risk, according to new reports.

The culprit: Avast is a multibillion-dollar computer security company based in the Czech Republic. Its software is used by an estimated 400 million people around the world. Last year it emerged that the company was sucking up user behavior data and selling it—and now the extent of that effort has been laid out in new reports from Vice and PCMag.

Eavesdropping on browsing: A 2019 Forbes report first outlined how Avast and subsidiary AVG use browser extensions to watch everything their customers do. That data is then sold to corporate customers as “insights” through a subsidiary company called Jumpshot. Each deal is worth millions of dollars, and clients include Google, Microsoft, PepsiCo, and McKinsey.

The data is “anonymized,” but studies have repeatedly shown that de-anonymizing this kind of data is possible.

Wyden calling: Senator Ron Wyden, a Democrat from Oregon known widely as a hawk on privacy issues, has been in contact with Avast since December 2019 about the selling of user browser data.   

The increasingly bright spotlight on the company has already had some consequences. As of last week, Avast users must now affirmatively opt in to data collection and sale. 

It’s not clear what will happen to all the data that had already been sucked up , however. Wyden insists the company should delete the data collected before it asked for consent from its customers. Avast did not respond to a request for comment.

Deep Dive

Computing

Conceptual illustration of quantum computing circuity, in multiple colors
Conceptual illustration of quantum computing circuity, in multiple colors

Quantum computing has a hype problem

Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.

winning team for Pwn2own 2022
winning team for Pwn2own 2022

These hackers showed just how easy it is to target critical infrastructure

Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.

child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

Russia is risking the creation of a “splinternet”—and it could be irreversible

If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.