Just days after Avast’s popular antivirus software was revealed to be harvesting browsing data and selling it to advertisers, the company has said that it’s shutting down the subsidiary that made it possible. Writing in a blog post, company CEO Ondrej Vlcek says Avast is terminating its Jumpshot subsidiary’s data collection and operations “with immediate effect,” and doesn’t mention any plans to transfer the company’s “hundreds” of affected employees, meaning they’re likely out of a job.
“Protecting people is Avast’s top priority and must be embedded in everything we do in our business and in our products. Anything to the contrary is unacceptable,” Vlcek wrote. “For these reasons, I – together with our board of directors – have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect.”
The reports, which were the result of a joint investigation between Motherboard and PCMag, detailed how Avast was collecting user browsing data via its antivirus software. This data included Google searches, location lookups, visited URLs along with precise time stamps, and in some cases even specific searches made on porn websites. Although Avast claimed that individual users could not be identified from this data, Motherboard spoke to experts who said that this could be possible in some cases.
Jumpshot claimed to have data from as many as 100 million devices, and it listed some of the world’s largest companies among its clients, including Google, Yelp, Microsoft, and Pepsi. Jumpshot would package this data up into different products, one of which was its “All Click Feed,” which would allow its clients to see all user clicks on individual domains (such as Amazon.com). These clients reportedly paid millions of dollars for Jumpshot’s products, which often included precise browsing data.
Although Avast has announced that it’s bringing Jumpshot to an end, Vlcek defended the way in which the company collected the data. As well as stressing that Jumpshot operated as an independent company, he said both Avast and Jumpshot acted “fully within legal bounds” and “committed themselves to 100 percent GDPR compliance.”