Author Topic: Official statement on the recent news about privacy  (Read 22475 times)

0 Members and 1 Guest are viewing this topic.

Offline MartinZ

  • Moderator
  • Advanced Poster
  • *
  • Posts: 1067
  • Product Manager
Official statement on the recent news about privacy
« on: January 28, 2020, 09:01:12 AM »
In December 2019, we acted quickly to meet browser store standards and are now compliant with browser extension requirements for our online security extensions. At the same time, we completely discontinued the practice of using any data from the browser extensions for any other purpose than the core security engine, including sharing with our subsidiary Jumpshot.
 
We ensure that Jumpshot does not acquire personal identification information, including name, email address or contact details. Users have always had the ability to opt-out of sharing data with Jumpshot. As of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV, and we are now also prompting our existing free users to make an opt-in or opt-out choice, a process which will be completed in February 2020.
Our Privacy Policy details the protections we put in place for all our users. Users can also choose to adjust their privacy levels using the broad range of settings available in our products, including control over any data sharing at any time. We voluntarily comply with the GDPR and California Consumer Privacy Act (CCPA) privacy requirements across our entire global user base.
We have a long track record of protecting users’ devices and data against malware, and we understand and take seriously the responsibility to balance user privacy with the necessary use of data for our core security products.

UPDATE Jan 30: https://press.avast.com/avast-to-commence-wind-down-of-subsidiary-jumpshot
« Last Edit: January 30, 2020, 03:34:38 PM by MartinZ »

Offline kralikx

  • Newbie
  • *
  • Posts: 1
Re: Official statement on the recent news about privacy
« Reply #1 on: January 28, 2020, 10:14:17 AM »
Hi Avast guys,

as a long-term PAYING customer and in light of the recent news of what you do with our data I'd like to ask two questions:
  • Is paid version of Avast Internet Security also sharing any of user's data (anonymized or not, aggregated, whatever) with any third party (most of the news mention only Free version)?
  • If so, is it possible to opt-out from any kind of such a sharing and what must you customers do to achieve that (suppose Avast IS is already installed as is the case of my PC)?
Please give simple and honest answer, no references to EULA, etc. - we all know that nobody reads them, that's why we (used to) trust some of the sw vendors. I believe that is the only way how your company can get out of this loss of trust with relatively little harm.

Thank you.

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1904
Re: Official statement on the recent news about privacy
« Reply #2 on: January 28, 2020, 10:57:05 AM »
It is not very clear answer regarding user privacy.
« Last Edit: January 28, 2020, 11:00:07 AM by Be Secure »
PC- Windows10 EDU 64Bit,avast! free 20.4.2410,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2158
Re: Official statement on the recent news about privacy
« Reply #3 on: January 28, 2020, 11:26:43 AM »
Hi Avast guys,

as a long-term PAYING customer and in light of the recent news of what you do with our data I'd like to ask two questions:
  • Is paid version of Avast Internet Security also sharing any of user's data (anonymized or not, aggregated, whatever) with any third party (most of the news mention only Free version)?
  • If so, is it possible to opt-out from any kind of such a sharing and what must you customers do to achieve that (suppose Avast IS is already installed as is the case of my PC)?
Please give simple and honest answer, no references to EULA, etc. - we all know that nobody reads them, that's why we (used to) trust some of the sw vendors. I believe that is the only way how your company can get out of this loss of trust with relatively little harm.

Thank you.
Hello,
ad 1. It depends on the settings.
ad 2. yes, see the settings (screenshot attached).

Milos

Offline BenMS86

  • Newbie
  • *
  • Posts: 4
Re: Official statement on the recent news about privacy
« Reply #4 on: January 28, 2020, 12:06:15 PM »
In December 2019, we acted quickly to meet browser store standards and are now compliant with browser extension requirements for our online security extensions. At the same time, we completely discontinued the practice of using any data from the browser extensions for any other purpose than the core security engine, including sharing with our subsidiary Jumpshot.
 
We ensure that Jumpshot does not acquire personal identification information, including name, email address or contact details. Users have always had the ability to opt-out of sharing data with Jumpshot. As of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV, and we are now also prompting our existing free users to make an opt-in or opt-out choice, a process which will be completed in February 2020.

Okay, gotta respond to this.

1) That 'ability to opt out' ever since the GDPR wasn't enough. It's 'consensual opt-in', not 'standard opt-in unless you change it'. You've been in breach of the GDPR for more then a YEAR.
2) That 'ability to opt out' was quite hidden and never well communicated
3) With the new engine update, you resetted it to standard opt-in for everyone, even if someone already had opted out. Plus, are you going to give the paying users the clear option too? Otherwise I see enough still unknowingly being opted-in to your data selling misuse.
4) I saw the examples of the data you sold. That's damnable identifiable.
5) Are you going to give people free GDPR-insight into the data you gathered with the plug-in as well as core protection service data gathering abusals?

Quote
Our Privacy Policy details the protections we put in place for all our users. Users can also choose to adjust their privacy levels using the broad range of settings available in our products, including control over any data sharing at any time. We voluntarily comply with the GDPR and California Consumer Privacy Act (CCPA) privacy requirements across our entire global user base.
We have a long track record of protecting users%u2019 devices and data against malware, and we understand and take seriously the responsibility to balance user privacy with the necessary use of data for our core security products.

'Voluntarily comply with GDPR'? Mister, you're based in the European Union, you also serve European users. GDPR compliancy is NOT voluntarily, it is MANDATORY. Yet you're in breach of the GDPR. Also, 'for your core security products'? What has selling data to Google etc to do with 'core security products'?

Edit: Also, I just took a look and your 'choice message' is possibly not even GDPR-compliant either because you're not really completely open about what you do with the gathered data. And your colouring of green for 'Yes' and red for 'No' possibly isn't allowed either.
« Last Edit: January 28, 2020, 12:30:27 PM by BenMS86 »

Offline bingvarstand

  • Jr. Member
  • **
  • Posts: 25
Re: Official statement on the recent news about privacy
« Reply #5 on: January 28, 2020, 02:10:29 PM »
A somewhat vague statement. Are our data secure Avast? Our banking information and so on? What exactly are you collecting?

Offline wadej

  • Newbie
  • *
  • Posts: 2
This is very disappointing.
« Reply #6 on: January 28, 2020, 02:11:34 PM »
I've been a paying customer for several years.  I chose you because I believed you were an trustworthy company.  But you succumbed to the greed that seems to affect many companies that grow to be giants.

I went and opted out of data sharing but I'm going to have to rethink my renewal.  I WILL be looking at alternatives.


Offline Frags

  • Newbie
  • *
  • Posts: 6
Re: Official statement on the recent news about privacy
« Reply #7 on: January 28, 2020, 02:36:32 PM »
Poor response.

It is interesting that the statement starts with a rather convoluted admission you were already taking advantage of user data via the browser extension. You only "quickly acted to meet browser store standards" because you were removed from the stores after the Wladimir Palant blog.

BenMS86 makes several good points in his response above, too. As they rightly point out, GDPR requires an unambiguous and clear affirmative action to 'opt-in'. That should have been active from May 2018 and not only for new users. You don't 'voluntarily comply' with GDPR, it's the 'actual' law. Speak to your data protection officer.

The Information Commissioner's Office also says pre-ticked boxes should not be used as a method of 'default consent'. It seems this is exactly what you did with the new engine, again as BenMS86 points out. It seems the default was opt-in even if you had previously opted out. Unless you can confirm otherwise?

Your claim that the data shared with Jumpshot is "de-identified" has also been queried by several security experts. Wladimir Palant wrote about it yesterday, here.

Again, it is extraordinary that a company like Avast - which says it offers "powerful security for your digital life" - would sell user data via Jumpshot, an outfit that openly advertises it collects "Every search. Every click. Every buy. On every site". Regardless of the legal ramifications of your actions, ethically it is mad.

The only acceptable resolution to this was an admission that you dropped the ball, an apology, and then an announcement that Jumpshot would no longer be involved in Avast products. What you gave us was a meek reproduction of a vague privacy / consent policy.
« Last Edit: January 28, 2020, 02:46:44 PM by Frags »

Offline Canard1066

  • Newbie
  • *
  • Posts: 3
Re: Official statement on the recent news about privacy
« Reply #8 on: January 28, 2020, 02:52:51 PM »
We voluntarily comply with the GDPR and California Consumer Privacy Act (CCPA) privacy requirements across our entire global user base.
We have a long track record of protecting users’ devices and data against malware, and we understand and take seriously the responsibility to balance user privacy with the necessary use of data for our core security products.

Avast is a company based in a EU country (the Czech Republic) and doing business in the EU as well as other countries. The GDPR is mandatory NOT voluntary. Failure to follow the GDPR leaves Avast open to larges fines.

Offline XdxD

  • Jr. Member
  • **
  • Posts: 23
Re: Official statement on the recent news about privacy
« Reply #9 on: January 28, 2020, 05:35:18 PM »
Do the 'check boxes' in Privacy even work (I have them unchecked since the beginning), or they are just for placebo effect?

Offline andrejl2

  • Newbie
  • *
  • Posts: 12
Re: Official statement on the recent news about privacy
« Reply #10 on: January 28, 2020, 06:16:31 PM »
Do the 'check boxes' in Privacy even work (I have them unchecked since the beginning), or they are just for placebo effect?

+


i would like to hear the answer myself.

Offline gvb73

  • Newbie
  • *
  • Posts: 12
Re: Official statement on the recent news about privacy
« Reply #11 on: January 28, 2020, 06:20:12 PM »
GDPR fines can go into thousands of euros. And this is per case.

If there will be a lot of cases opened by consumer protecting instances this could mean the end of avast
as fines will be for any individual in the specific case it will add up quickly.

The initial post suddenly comes after the net is full of articles about this.

If the article didn't appear they probably never posted about this either.

Too bad you bend over for ze money. Who knowes what else has been collected over the year.
The pop ups we get every day show that there is enough sniffing going on.

Offline TheOwner

  • Sr. Member
  • ****
  • Posts: 293
Re: Official statement on the recent news about privacy
« Reply #12 on: January 28, 2020, 06:30:12 PM »
Does Avast read our HTTPS communication and send it somewhere? That is very important to know!

Offline MartinZ

  • Moderator
  • Advanced Poster
  • *
  • Posts: 1067
  • Product Manager
Re: Official statement on the recent news about privacy
« Reply #13 on: January 28, 2020, 08:27:15 PM »
We voluntarily comply with the GDPR and California Consumer Privacy Act (CCPA) privacy requirements across our entire global user base.
We have a long track record of protecting users’ devices and data against malware, and we understand and take seriously the responsibility to balance user privacy with the necessary use of data for our core security products.

Avast is a company based in a EU country (the Czech Republic) and doing business in the EU as well as other countries. The GDPR is mandatory NOT voluntary. Failure to follow the GDPR leaves Avast open to larges fines.

We comply with the GDPR and California Consumer Privacy Act (CCPA) privacy requirements and apply them voluntarily across our entire global user base.
« Last Edit: January 29, 2020, 09:10:59 AM by MartinZ »

Offline MartinZ

  • Moderator
  • Advanced Poster
  • *
  • Posts: 1067
  • Product Manager
Re: Official statement on the recent news about privacy
« Reply #14 on: January 28, 2020, 08:29:38 PM »
Do the 'check boxes' in Privacy even work (I have them unchecked since the beginning), or they are just for placebo effect?

Yes, they work.