Avast, one of the most popular antivirus companies around with over 435 million users, got caught with its hand in the privacy cookie jar and is now apologizing for actions that may have "hurt the feelings" of its customers.
"Avast’s core mission is to keep people around the world safe and secure, and I realize the recent news about Jumpshot has hurt the feelings of many of you, and rightfully raised a number of questions—including the fundamental question of trust. As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned," Avast CEO Ondrej Vlcek stated in a blog post (opens in new tab).
The apology is in reference to a joint report by Motherboard and PCMag, which highlighted the "secretive sale" of internet browsing histories and extensive click tracking to a subsidiary called Jumpshot.
Online tracking is rather prevalent, of course, and underpins the whole concept of targeted advertising. In this case, the report took umbrage with the level of data collection that took place, how private the collected data really was, and to what extent Avast users were aware that they were being extensively tracked.
Citing industry experts, the report claimed it would be possible to de-anonymize the data. Doing so could reveal dates and times of visits to particular websites, browsing and buying habits, and what videos a person watches on, including pornographic content.
This occurred on an opt-in basis, though the report contends the agreement did not reveal the full extent of tracking. It also noted that Avast only started this kind of data collection through its free antivirus software after Google, Opera, and Mozilla yanked browser extensions from Avast and its AVG subsidiary that was found to be harvesting user data.
"Protecting people is Avast’s top priority and must be embedded in everything we do in our business and in our products. Anything to the contrary is unacceptable. For these reasons, I—together with our board of directors—have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect," Vlcek wrote.
This is absolutely the right decision, but whether users will find Avast to be sincere is another question. Vlcek explains that Avast started Jumpshot in 2015 with the idea of extending the company's data analytics capabilities beyond core security, and do it "more securely than the countless other companies that were collecting data." But then he goes on to claim that when he became CEO of Avast, he determined data collection was nothing something he wanted to pursue.
"When I took on the role as CEO of Avast seven months ago, I spent a lot of time re-evaluating every portion of our business. During this process, I came to the conclusion that the data collection business is not in line with our privacy priorities as a company in 2020 and beyond. It is key to me that Avast’s sole purpose is to make the world a safer place, and I knew that ultimately, everything in the company would have to become aligned with that North Star of ours," Vlcek said.
To be fair, the formation of Jumpshot preceded Vlcek's hiring by several years. But the browser extension shenanigans and continued data mining occurred under his watch, until the joint report shined an unflattering light on the situation.
It's not clear how many people work at Jumpshot and will therefore be affected by its shuttering, though it operated as an independent company with its own management and board of directors.