Avast winds down Jumpshot, cites user data sale privacy concerns


Malware: Hacking campaign linked to Iran
Researchers at Recorded Future have linked trojan malware intrusions and espionage to a state-backed hacking operation working out of Iran.

Avast is winding down its subsidiary Jumpshot following an explosive investigation into the sale of user data to third parties that may pose a risk to consumer privacy. 

On Thursday, the antivirus vendor said the unit will no longer have access to user information harvested from users of Avast products and services will eventually be fully terminated. 

Jumpshot was purchased in 2013 and began life under Avast as a PC cleanup tool. The subsidiary’s business shifted to data analytics in 2015 and its focus pivoted to marketing intelligence based on the analysis of online consumer spending patterns and purchases. 

Jumpshot reportedly has access to information from over 100 million devices; or rather, once did.  

See also: Ring app for Android full to the brim with third-party trackers: report

A joint investigation conducted by Motherboard and PCMag, published this week, revealed that information scraped by Avast from users and handed over to Jumpshot is linked to individuals through a unique ID in an effort to anonymize them — but it is possible to pick apart data strings to de-anonymize users and reveal their identity, tracing their online footprint, browsing habits, and purchases. 

Jumpshot sells packaged data to enterprise clients and marketers, and naturally, the idea that this “anonymized” information can unmask Avast users has prompted serious concerns for consumer privacy and trust. 

For a company that offers products promoted as a means to protect users online, such worries could undermine its entire business. As a result, Avast has moved quickly on the investigation — with Avast CEO Ondrej Vlcek and the firm’s board of directors deciding t ax Jumpshot entirely. 

Avast products will not change and Jumpshot will pay its vendors and suppliers until the wind-down is complete. Customers of the marketing tool have been asked to contact the subsidiary directly. 

Hundreds of staff members will have to find employment elsewhere. 

In a blog post, Avast’s CEO said that the recent news about Jumpshot “has hurt the feelings of many of you and rightfully raised a number of questions,” and as chief executive, he feels “personally responsible” for the turmoil. 

“Protecting people is Avast’s top priority and must be embedded in everything we do in our business and in our products. Anything to the contrary is unacceptable,” Vlcek added. “When I took on the role as CEO of Avast seven months ago, I spent a lot of time re-evaluating every portion of our business. During this process, I came to the conclusion that the data collection business is not in line with our privacy priorities as a company in 2020 and beyond.”

TechRepublic: Security admins checklist: 10 tasks to perform every year

The executive seems keen to emphasize that Jumpshot, despite its position as an Avast subsidiary, has “operated as an independent company from the very beginning” with its own management and board of directors. 

Products built by Jumpshot over the years have been based on Avast data feeds. Despite assurances that the EU’s General Data Protection Regulation (GDPR) was complied with, in other areas, data protection failures have now caused Jumpshot’s collapse.

“While the decision we have made will regrettably impact hundreds of loyal Jumpshot employees and dozens of its customers, it is absolutely the right thing to do,” Vlcek said. 

CNET: Europe allows Huawei for 5G through security guidelines

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *