Skip to main content

Avast shuts down marketing analytics subsidiary Jumpshot amid controversy over selling user data

Avast has made a huge business out of selling antivirus protection for computers and mobile devices, but more recently it was revealed that the Czech-based cybersecurity specialist was also cultivating another, more controversial, revenue stream: harvesting and selling on user data, some of which it amassed by way of those security tools.

But as of today, the latter of those businesses is no longer. Avast announced that it would be winding down Jumpshot, its $180 million marketing technology subsidiary that had been in the business of collecting data from across the web, including within walled gardens, analysing it, and then — unknown to users — selling it on to third-party customers that included tech giants like Microsoft and Google and big brands like Pepsi and Home Depot.

The significance of the incident extends beyond Avast and Jumpshot’s practices: it highlights the sometimes-obscure but very real connection between how some security technology runs the risk of stepping over the boundary into violations of privacy; and ultimately how big data is a hot commodity, a fact that potentially clouds that demarcation even more, as it did here:

“We started Jumpshot in 2015 with the idea of extending our data analytics capabilities beyond core security,” writes the CEO Ondrej Vlcek in a blog post in response to Jumpshot news. “This was during a period where it was becoming increasingly apparent that cybersecurity was going to be a big data game. We thought we could leverage our tools and resources to do this more securely than the countless other companies that were collecting data.”

Today’s news comes on the heels of a series of developments and investigations highlighting Jumpshot’s practices, stretching back to December, when Mozilla and Opera removed Avast extensions after reports that they were collecting user data and browsing histories. Avast — which has over 430 million active users — later came clean, only for a follow up investigation to get published earlier this week unveiling yet more details about the practice and the specific link to Jumpshot, which was founded in 2015 and uses data from 100 million devices.

In Avast’s announcement, it said that “plans to terminate provision of data” to Jumpshot but did not give a timeframe when when Jumpshot would completely cease to operate as part of the closure. There is still no announcement on Jumpshot’s own site.

“Jumpshot intends to continue paying its vendors and suppliers in full as necessary and in the ordinary course for products and services provided to Jumpshot during its wind down process,” the company said. “Jumpshot will be promptly notifying its customers in due course about the termination of its data services.”

Avast had a key partner in Jumpshot, the business media company that took a $60.8 million, 35% stake in the subsidiary last July, effectively valuing Jumpshot at around $177 million. An internal memo that we obtained from Ascential notes that the company has already sold its stake back to Avast for the same price, incurring no costs in the process.

Avast’s CEO Ondrej Vlcek, who joined the company 7 months ago, apologised in a separate blog post while also somewhat distancing himself from the history of the company and what it did. He noted that he identified the issues during an audit of the company when he joined (although didn’t act to change any of the practices). Perhaps more importantly, he maintained the legality of the situation:

“Jumpshot has operated as an independent company from the very beginning, with its own management and board of directors, building their products and services via the data feed coming from the Avast antivirus products,” he wrote. “During all those years, both Avast and Jumpshot acted fully within legal bounds – and we very much welcomed the introduction of GDPR in the European Union in May 2018, as it was a rigorous legal framework addressing how companies should treat customer data. Both Avast and Jumpshot committed themselves to 100% GDPR compliance.”

We have reached out to the Czech DPA to ask if it is going to be conducting any investigations around the company in relation to Jumpshot and its practices with data.

In the meantime, with the regulatory implications to one side, the incident has been a blow to Avast, which has in the last couple of days seen its shares tumble nearly 11 percent on the London Stock Exchange where it is traded. The company is currently valued around £4 billion (or $5.2 billion at today’s exchange rates).



from TechCrunch https://ift.tt/2Ufdvjj
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Play Doom – And More – On An NES

Doom was a breakthrough game for its time, and became so popular that now it’s essentially the “Banana For Scale” of hardware hacking. Doom has been ported to countless devices, most of which have enough processing ability to run the game natively. Recently, this lineup of Doom-compatible devices expanded to include the NES even though the system definitely doesn’t have enough capability to run it without special help. And if you want your own Doom NES cartridge, this video will show you how to build it . We featured the original build from [TheRasteri] a while back which goes into details about how it’s possible to run such a resource-intensive game on a comparatively weak system. You just have to enter the cheat code “RASPI”. After all the heavy lifting is done, it’s time to put it into a realistic-looking cartridge. To get everything to fit in the donor cartridge, first the ICs in the cartridge were removed (except the lockout IC) and replaced with custom ROM chips. Some modifica...
Post a Comment
Read more

The Flexible Permanence of Copper Tape Circuits

Somewhere between shoving components into a breadboard temporarily and committing them to a piece of protoboard or a PCB lies the copper tape method. This flexible Manhattan-style method of circuitry formed the basis for [Bunnie Huang]’s Chibitronics startup, and has since inspired many to stop etching boards and start fetching hoards of copper tape. [Hales] hit the ground running when he learned about this method , and has made many a copper tape circuit in the last year or so. He offers several nice tips on his site that speak from experience with this method, and he’ll even show you how to easily work an SMD breakout board into the mix. Generally speaking, [Hales] prefers plywood as the substrate to paper or cardboard for durability. He starts by drawing out the circuit and planning where all the tape traces will go and how wide they need to be. Then he lays out copper traces and pads, rubs the tape against the substrate to make it adhere strongly, and reinforces joints and laps w...
Post a Comment
Read more

The Newbie’s Guide To JTAG

Do you even snarf? If not, it might be because you haven’t mastered the basics of JTAG and learned how to dump, or snarf, the firmware of an embedded device. This JTAG primer will get you up to snuff on snarfing, and help you build your reverse engineering skills. Whatever your motivation for diving into reverse engineering devices with microcontrollers, JTAG skills are a must, and [Sergio Prado]’s guide will get you going. He starts with a description and brief history of the Joint Test Action Group interface, from its humble beginnings as a PCB testing standard to the de facto standard for testing, debugging, and flashing firmware onto devices. He covers how to locate the JTAG pads – even when they’ve been purposely obfuscated – including the use of brute-force tools like the JTAGulator . Once you’ve got a connection, his tutorial helps you find the firmware in flash memory and snarf it up to a file for inspection, modification, or whatever else you have planned. We always apprec...
Post a Comment
Read more