Lenny_Fox

Level 10
THE COMPLAINT OF PCMAG & MOTHERBOARD IS THAT DE-PERSONALIZED DATA CAN BE EASILY LINKED WITH CLIENT'S OWN DATA TO IDENTITY SOMEONE.

1580647205898.png


So it is NOT about foolish users who don't give a damn about their privacy and start yelling and shouting when they discover their data is used for commercial reasons. The promise AVAST makes in the PRIVACY POLICY of the EULA is that the data is de-personalized is HALF BAKED. And as we all known truth is a binary value, truth is not expressed in percentages. Something is true or not, even something not entirely true is not true!

TO AVAST DEFENSE
The example given by PCmag and Motherboard is arbitrary. When the user in above example would have purchased the Apple iPad, both the user (buyer's ID) and click behavior before and until the purchase on Amazon's website was already known to Amazon. The only benefit for Amazon is that it also receives information on surf and search behavior, before that user (buyer of the Apple iPad) landed on Amazon's website.

My take on this: the loss of privacy was only marginal, considering that search and surf behavior can also be received/bought from Google. What else is new? The board at AVAST probably jumped ship because it was associated with similar privacy issues before (remember the recent "Mozilla pulls Avast extension from Firefox because it spies on users").


Read my other post on how brilliantly Ondrej reacted to this threat to Avast brand reputation (link), again no pun intended, real admiration from a junior digital marketeer on how Avast protects its reputation and creates an external justification for new/future re-organizations/cost cutting programs.
 
Last edited:
More like 3rd party AV can never overcome protection that's built into the OS itself. And with Microsoft, money is not an issue... Microsoft is 1.29 trillion dollar company... Compare to Norton/Symantec for instance, its only 17 billion dollar company.
We are talking about protection, not monetary power.
 

ebocious

Level 4
Like this will blow over, like Web of Trust, and the stupid sheeple will forget and flock back eventually. By the way, if you do a search, you will find the WOT thing was discussed avidly on the Avast forums back in late 2016. lol!
You're not kidding. I can't tell you how many sites are unrated on WoT (or have a single user rating and no comments), even after years on the map. WoT seems like a ghost town these days: full of dust, cobwebs, and tumbleweeds.

I've since gotten rid of WoT, and saved URLVoid in my bookmarks bar. Moral of the story: do no harm. Never lower the bar of your values to meet your bottom line. The bottom line will move on after you've been milked dry.
 

Chuck57

Level 3
Verified
I take Avast's Ondrej Vlcek apology about like I take a crook who was caught apologizing to his victims in court. He isn't sorry he robbed them; he's sorry he got caught. I haven't used Avast in years, but it's guaranteed now I won't be using them in the future. I've read the long thread on the Avast forum and it seems a lot of people are looking elsewhere now. It's a shame. They provided a good product, and it did a good job. I stopped using them several years ago after buying one of their middle level products and kept being bombarded with ads to upgrade, or buy other stuff.
 

South Park

Level 4
Verified
Is there any confirmation that Microsoft data collection is even dangerous for the user?
I understand that "basic" telemetry, which Home users can now easily enable, just collects enough information for Microsoft to provide security updates and to be made aware of compatibility and update problems. "Full" telemetry, which is enabled by default and was previously difficult to disable, gave Windows 10 an early bad rap for privacy because it did collect detailed usage data, possibly including filenames viewed.*

As to Windows Defender, its privacy policy is pretty good for a cloud-based product. They say that that they'll ask the user before uploading any file likely to contain personal information and that they'll never use such information to identify or contact the user. All modern AV products connect with the cloud to analyze suspicious files and provide updated protection, so I accept the small theoretical privacy risk.

What Avast did was different: they tricked users into allowing intrusive and unnecessary data collection for marketing purposes by inaccurately implying the data could not be de-anonymized and would be used to vaguely improve the customer experience.

* HTG describes MS telemetry in detail here (2017): What Do Windows 10’s Basic and Full Telemetry Settings Actually Do?

GHacks (2018): Configure Telemetry settings on Windows 10 devices - gHacks Tech News
 

XLR8R

Level 3
For what it's worth, this is an old post from an Avast representative on Wilders:

vlk said:
At Avast, we take our users' privacy very seriously. We process large amounts of data -- some of which are quite sensitive -- and we make sure we not only comply with the all the laws, rules and legal regulations, but that we also act ethically and in the interest of the users.

With that, in all transparency, I'd like to bring to your attention the fact that Avast, as most other Internet companies, also makes use of (some of) the data. Namely, we supply data to Jumpshot, an analytics company that we launched some time ago. You can read more about it here: Avast Data Drives New Analytics Engine and/or check it out directly on their website www.jumpshot.com . What's important is that all the data supplied by Avast to Jumpshot is not only anonymized, but also fully aggregated, meaning that there is zero possibility to track back any of the data points to individual user level. The way it works is similar to e.g. studies done in large hospitals. While it's totally unacceptable that a hospital would pass a patient's medical record to a 3rd party, it is a common practice that hospitals do studies on anonymized, aggregated sets of patients (to produce insights such as "of 641 patients diagnosed with a type-3 glioblastoma brain tumor, 227 passed away in the first three months"). As you can imagine, the medical world is scrutinized on daily basis by various privacy regulators and in general, has a much stricter level of privacy enforcement, but yet, such studies are very common. This is what makes us comfortable with the whole concept, even though yes this is thin ice and anyone doing business in this area has to be extremely careful about not losing common sense.

Thanks
Vlk
And if I remember correctly, the user vlk on Wilders is none other than Ondrej Vlcek, the current CEO.

Here's the link: Avast acquires antivirus maker AVG for $1.3BN

It's a little weird if you imagine things were already going in this direction back in 2015.
 

Lenny_Fox

Level 10
@XLR8R nice find

Mhhh, he is talking about aggregated data with "zero possibility to track back any of the data points to individual user level". A data point is a discrete piece of information which is derived from other data. So he clearly did not know that the information was so detailed that it could be matched with data about events recorded on the websites of the companies buying the data.

Maybe that is also the reason the CEO pulled the plug out of Jumpshot, he seems to be misinformed by his own staff.
 

XLR8R

Level 3

Marshall says that with no likely buyer for “a high growth part of the business,” with a separate management, separate board, the business was shut down, following the media storm in which he says “not necessarily all the facts were presented in the right way”.

......


Marshall confirms that data was harvested from millions of users of its core products, of which only 17 million pay for usage, but was done with their approval. “It wasn’t surreptitiously collected, it was with approval.”

“When you downloaded the software there was a screen, a box that came up and asked you and told you specifically there was an option here to allow us to use your anonymised data for marketing services for our subsidiary,” he says.

......

Avast’s business, based on the ‘fremium’ model of massive scale with a free product which the company tries to upsell and cross-sell is dependent on vast amounts of data. “The more data you have, the better your AI is,” says Marshall.

.......

In the meantime, the investigation by the Czech Office for Personal Data Protection is ongoing, something that will hang over the firm as Marshall says he has no idea how long the probe will take. It may be a time for reflection for Marshall and other members of Avast’s senior management team. “I think you always have to look at the things that you could have done differently,” hesays.

“Accountability is very important, you have to look at yourself and think about what you could have done. If somebody has been upset by this, we are apologetic,” he adds.
 
Top