Avast WEBforum

Other => General Topics => Topic started by: Vlk on May 30, 2015, 05:50:28 AM

Title: Avast and Jumpshot
Post by: Vlk on May 30, 2015, 05:50:28 AM
Hi all,
We recently announced our investment in a marketing analytics platform called Jumpshot.

https://blog.avast.com/2015/05/29/avast-data-drives-new-analytics-engine/

It’s a very exciting investment for us for two reasons. First, because they create really interesting and unique market insights. Go to jumpshot.com (http://jumpshot.com) if you want to see some of it – there’s a free trial that anyone can sign up for.  And second, because they do it using a proprietary algorithm that strips all the PII out of the data they use. It’s the only data stripping tool we’ve seen that does that successfully.

Here’s how Jumpshot works:

Data is collected on computers and Android devices through the browser.  Each record contains a set of fields that help Jumpshot algorithms assign the clickstream data appropriately. These fields include:
-   Installation identifiers (proprietary identifiers that do not contain any PII)
-   URL being visited
-   Referral URL (if this exists)
-   Window identifier
-   Tab identifier
-   Additional fields for processing purposes

In reality, the information Avast passes on to Jumpshot looks like this:
-   Identifier: 00002437-705b-4bc6-b062-54b7ea511c93
-   URL being visited: http://www.cnn.com/US/?hpt=sitenav
-   Referral URL: http://edition.cnn.com/
-   Window identifier: 3
-   Tab identifier: 42

Prior to processing, all records are automatically scanned for PII, and all PII parameter values are removed from the raw data. To strip PII, Jumpshot uses a proprietary algorithm that calculates multiple statistical features for parameters on all known websites. Based on these statistical values, only parameters that are proven not to be PII are whitelisted and their values are kept. All parameter values that are not whitelisted are stripped in the process, which leaves those parameter values overwritten by the word “REMOVED”. The stripping of PII is done on the Avast premises in Prague, to ensure that the PII never leaves our hands.

Let’s have a look at an example. With a shopping site like Amazon, the URL before stripping contains some PII:

Code: [Select]
https://www.amazon.com/gp/buy/addressselect/handlers/edit-address.html?ie=UTF8&addressID=jirptvmsnlp&addressIdToBeDeleted=&enableDeliveryPreferences=1&from=&isBillingAddress=&numberOfDistinctItems=1&showBackBar=0&skipFooter=0&skipHeader=0&hasWorkingJavascript=1
The algorithm automatically replaces the PII with the word REMOVED in order to protect our users’ privacy, like this:

Code: [Select]
https://www.amazon.com/gp/buy/addressselect/handlers/edit-address.html?ie=UTF8&addressID=REMOVED&addressIdToBeDeleted=&enableDeliveryPreferences=1&from=&isBillingAddress=&numberOfDistinctItems=1&showBackBar=0&skipFooter=0&skipHeader=0&hasWorkingJavascript=1
The stripping processes doesn’t end here, though. Next is aggregation. Data processing is performed once a day in a cascade of data transforming and aggregating map-reduce jobs. Aggregations are typically applied on a per-domain (website) and per-URL (web page) basis.  To further protect our users‘ privacy, we only accept websites where we can observe at least 20 users. This ensures that no reverse engineering is possible on the aggregated data – there’s nothing that can lead back to a specific user. All aggregated data is then stored in an RDBMS (currently PostreSQL) database on a per-domain and keyword basis.

These aggregated results are the only thing that Avast makes available to Jumpshot customers and end users.

Now, the key is not only what information is actually collected and how it is processed, but also how transparent we are about the whole process. Avast is committed to protecting its customers on all fronts, which is why we inform our users, even beyond our EULA and Privacy policy, that their browsing information will be collected but stripped of personally identifiable information and will be used to help us better understand new and interesting trends. We actually tried to make this very, very explicit, and that’s why we have an extra step in the Avast installer which informs our users in a very straightforward way about what we’re doing.

Users can remove themselves from the system in two ways – by unchecking the “Statistics“ box in the Avast browser add-on settings (see attached picture), or by sending an email to customer support requesting to have their information deleted. If a user wants to be deleted, the system automatically blacklists their user ID from all data transforming activities.

By focusing on protecting our users, we ensure that the data Jumpshot customers get is accurate because the larger the data pool, the more statistically valid the data customers get to work with.  So Jumpshot has a vested interest in protecting our users' privacy.


If you have any questions, please don't hesitate to ask.


Thanks,
Vlk
Title: Re: Avast and Jumpshot
Post by: essexboy on May 30, 2015, 12:29:42 PM
Quote
Currently we do not make any money from this relationship but it is an experiment as to whether we can fund our security products indirectly instead of nagging our users to upgrade.
As most people are aware, most all products we use every day—Chrome, Facebook, Firefox, WhatsApp, Gmail, etc.—are indirectly funded by advertisements.
In most cases though, the products directly examine what users are doing and provide them targeted advertisements.
Although we suspect some security companies are doing this, we do not believe it is the proper approach.
Instead, we think that this anonymized, aggregated approach is much better to maintain the trust relationship that we think is so important between us and you, our loyal users.
So does this imply that if it works the ad popups will become history ?
Title: Re: Avast and Jumpshot
Post by: bob3160 on May 30, 2015, 03:16:42 PM
Quote
Currently we do not make any money from this relationship but it is an experiment as to whether we can fund our security products indirectly instead of nagging our users to upgrade.
As most people are aware, most all products we use every day—Chrome, Facebook, Firefox, WhatsApp, Gmail, etc.—are indirectly funded by advertisements.
In most cases though, the products directly examine what users are doing and provide them targeted advertisements.
Although we suspect some security companies are doing this, we do not believe it is the proper approach.
Instead, we think that this anonymized, aggregated approach is much better to maintain the trust relationship that we think is so important between us and you, our loyal users.
So does this imply that if it works the ad popups will become history ?
Thanks you, it was the exact question I was going to ask.
Now that everyone knows the information is being collected, will that impact the amount of data you receive ???
I'm sure more people will opt out now that they are aware that Avast is harvesting such information and will eventually use it as a money making endeavor.
Is Avast the only Security company doing this ???
Title: Re: Avast and Jumpshot
Post by: essexboy on May 30, 2015, 03:55:29 PM
Quote
Now that everyone knows the information is being collected, will that impact the amount of data you receive ???
I'm sure more people will opt out now that they are aware that Avast is harvesting such information and will eventually use it as a money making endeavor.
Is Avast the only Security company doing this ???
If I am reading this correctly then then it is just the same as counting the number of people going in and out of a train system, where you see a lot of people going to and from and you can see where they are going but you do not have the foggiest as to who they are.  Total invisibility as far as you are concerned.  If this then reduces or gets rid of the ad nags then everyone comes out on top   
Title: Re: Avast and Jumpshot
Post by: DavidR on May 30, 2015, 03:58:43 PM
Not sure how that would differ from the old Save Surf that was in the AOS browser add-on. Many people disliked that feature thinking that a security base product has no right to be offering this type of thing.

Personally I would probably opt-out of this as I actively block ads (targeted or otherwise) in my browser.

Even with the assurances in the information that personal data will be removed, I still see this as an area that the Privacy naysayers will jump on (excuse the cheap jump shot pun).
Title: Re: Avast and Jumpshot
Post by: bob3160 on May 30, 2015, 03:59:03 PM
Quote
Now that everyone knows the information is being collected, will that impact the amount of data you receive ???
I'm sure more people will opt out now that they are aware that Avast is harvesting such information and will eventually use it as a money making endeavor.
Is Avast the only Security company doing this ???
If I am reading this correctly then then it is just the same as counting the number of people going in and out of a train system, where you see a lot of people going to and from and you can see where they are going but you do not have the foggiest as to who they are.  Total invisibility as far as you are concerned.  If this then reduces or gets rid of the ad nags then everyone comes out on top
If that's the end result, then Avast can get back to growing and protecting since it will eliminate one of the biggest complaints on this forum.
Title: Re: Avast and Jumpshot
Post by: essexboy on May 30, 2015, 04:07:18 PM
Quote
Personally I would probably opt-out of this as I actively block ads (targeted or otherwise) in my browser.

Even with the assurances in the information that personal data will be removed, I still see this as an area that the Privacy naysayers will jump on (excuse the cheap jump shot pun).


My reading of this is that it is similar to google analytics and has no relationship to ads but just seeing who goes where from where
Title: Re: Avast and Jumpshot
Post by: bob3160 on May 30, 2015, 04:30:47 PM
@ David,
I've long since realized that it's become too small a world and that hiding in it has become impossible.
I've also realized quite a while ago that Privacy as we knew it many years ago no longer exists.
I don't block Avast or Google or Bing or Yahoo. I do block ads with uBlock.
I do realize that nothing in life is free and one way or another all things need to be paid for.
If this technology is a means of allowing Avast to earn the income they need to protect us and grow
their technology without the Popups we now complain about, then by all means, go for it.
Title: Re: Avast and Jumpshot
Post by: DavidR on May 30, 2015, 04:32:16 PM
Quote
Personally I would probably opt-out of this as I actively block ads (targeted or otherwise) in my browser.

Even with the assurances in the information that personal data will be removed, I still see this as an area that the Privacy naysayers will jump on (excuse the cheap jump shot pun).


My reading of this is that it is similar to google analytics and has no relationship to ads but just seeing who goes where from where

Yes, but I also block google-analytics or rather don't allow it in NoScript and RequestPolicy add-ons.
Title: Re: Avast and Jumpshot
Post by: CraigB on May 30, 2015, 05:38:28 PM
Be interesting to know if this will be the end of the advertising popups but I don't think it will TBH, analytics will provide Avast with browsing habit information ( data mining ) while the popup Ad's are for the other side of the marketing division which is to bring in $

Title: Re: Avast and Jumpshot
Post by: Secondmineboy on May 31, 2015, 03:22:12 PM
This may answer your question about the end of Popups:

Quote
We have always strived to have an honest relationship with our users, and we will continue to do so. Currently we do not make any money from this relationship but it is an experiment as to whether we can fund our security products indirectly instead of nagging our users to upgrade. As most people are aware, most all products we use every day—Chrome, Facebook, Firefox, WhatsApp, Gmail, etc.—are indirectly funded by advertisements. In most cases though, the products directly examine what users are doing and provide them targeted advertisements. Although we suspect some security companies are doing this, we do not believe it is the proper approach. Instead, we think that this anonymized, aggregated approach is much better to maintain the trust relationship that we think is so important between us and you, our loyal users.

Vincent Steckler
Title: Re: Avast and Jumpshot
Post by: Lisandro on June 04, 2015, 07:55:09 PM
@Vlk:

Vince said that around 100 million users have joined (kept) in the program. We're 230 million users out there.
I suppose (just my feeling) that the majority of the ones who dropped did because it requires a browser addon. Others should have opt out.
Is it technology possible to do the same job using Web Shield instead of the browser addon?
Title: Re: Avast and Jumpshot
Post by: lucD on June 07, 2015, 09:48:15 AM
Sorry to be contrarian but I think I'd prefer to receive the popups. They are a bit annoying but they're surely less intrusive that my entire browsing history being sucked up on an ongoing basis. I'm not entirely comfortable even with anonymised data transfers and I'm certainly not convinced that any algorithm is fool-proof ... and if that algorithm is proprietary then we'll never really know for sure. That said ... I do appreciate that opt-out is possible (I shall do so by continuing not to install AOS) and I hope that it stays that way.
Title: Re: Avast and Jumpshot
Post by: Lisandro on June 07, 2015, 09:21:39 PM
I'm not entirely comfortable even with anonymised data transfers and I'm certainly not convinced that any algorithm is fool-proof ... and if that algorithm is proprietary then we'll never really know for sure.
All the data is processed in Avast servers. So, we DO certainly know for sure because any data delivered could be analysed by Avast.
Title: Re: Avast and Jumpshot
Post by: lucD on June 09, 2015, 02:14:12 PM
I have a lot of trust in Avast, the anti-virus developer and its core program (I don't install the bloat), its has protected my pc for years and I pay Avast all respect and gratitude. But Avast has another side, it's the side of the company that introduced Safe Price (default on), a browser clean up product which changes users' default search provider to its own sponsor and a software updater that directs users to a site that installs adware with the updates. Avast has every right (and need!) to try to earn money but if it follows paths that undermine trust then people may be less inclined to feel confidence in its screening of browsing data when Avast proposes to suck it up in its entirety.
Title: Re: Avast and Jumpshot
Post by: Lisandro on June 09, 2015, 02:30:06 PM
A software updater that directs users to a site that installs adware with the updates.
Avast did not install the software first. It is only looking for the updates. The complain should be addressed to the software manufacturer imho.
Title: Re: Avast and Jumpshot
Post by: LackoDan on June 23, 2015, 04:44:19 PM
So if the browser plug-in is disabled, these statistics are not collected? And how does this differ from the data that's collected when "Participate in the Avast community" is checked in the main UI settings?
Title: Re: Avast and Jumpshot
Post by: RejZoR on June 28, 2015, 01:36:21 PM
I'm not usng AOS, so this doesn't affect me at all?
Title: Re: Avast and Jumpshot
Post by: ItNoWork on July 03, 2015, 01:13:00 PM
I'm not usng AOS, so this doesn't affect me at all?
So if the browser plug-in is disabled, these statistics are not collected? And how does this differ from the data that's collected when "Participate in the Avast community" is checked in the main UI settings?

I have just read the blog about this JumpShot stuff. Neither the blog or this forum topic was clear that this only affects those using Avast! Online Security. I assume it does only affect those using the plugin, but I would like these questions answered please, just to make it clear.

Thanks.
Title: Re: Avast and Jumpshot
Post by: MartinZ on July 10, 2015, 09:14:05 AM
Hi,

if you are not using AOS it's not affecting you. Changing the settings "Participate in the Avast community" in main UI isn't related to this. If you would like to use AOS and opt-out from the data collection then uncheck this setting (Statistics) in the AOS Settings.
Title: Re: Avast and Jumpshot
Post by: bob3160 on July 10, 2015, 02:55:03 PM
I'm not usng AOS, so this doesn't affect me at all?
So if the browser plug-in is disabled, these statistics are not collected? And how does this differ from the data that's collected when "Participate in the Avast community" is checked in the main UI settings?

I have just read the blog about this JumpShot stuff. Neither the blog or this forum topic was clear that this only affects those using Avast! Online Security. I assume it does only affect those using the plugin, but I would like these questions answered please, just to make it clear.

Thanks.
(http://www.screencast-o-matic.com/screenshots/u/Lh/1436532609418-16486.png)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1436532729844-64256.png)
Title: Re: Avast and Jumpshot
Post by: ItNoWork on July 10, 2015, 05:38:10 PM
Thank you MartinZ and bob3160 for clearing that up.
Title: Re: Avast and Jumpshot
Post by: bob3160 on July 10, 2015, 08:56:45 PM
Thank you MartinZ and bob3160 for clearing that up.
Glad to help. :)