An eye representing digital surveillance.
Valery Brozhinsky/

Avast is collecting its users’ browsing histories and selling the data to third parties, according to a joint investigation by PCMag and Motherboard. This is just the latest example of free antivirus software harvesting data. After all, that free antivirus has to make money somehow.

Update: On January 30, 2020, Avast announced it will shut down to its Jumpshot subsidiary, which sold its users’ browser histories to marketers.

Avast Collects and Sells Your Browsing History

Do you use Avast’s antivirus? By default, Avast collects your web browsing activity and offers it to marketers through a subsidiary named Jumpshot. Companies who pay Avast can view full “clickstream data” to see what Avast users are doing online. Here’s how Michael Kan puts it over at PCMag:

The data collected is so granular that clients can view the individual clicks users are making on their browsing sessions, including the time down to the millisecond. And while the collected data is never linked to a person’s name, email or IP address, each user history is nevertheless assigned to an identifier called the device ID, which will persist unless the user uninstalls the Avast antivirus product.

Avast says this data is “anonymized,” but PCMag and Motherboard were able to link it to individuals. For example, if you know which Amazon user bought a specific product at a specific second on a specific date, you can identify the “anonymized” individual and then look back through their browsing history.

Avast Harvests the Data Through Its Desktop Antivirus

If you have Avast installed with the default settings, your browsing history is being sold to marketers through Jumpshot. This data isn’t collected through Avast’s browser extension. Instead, it’s collected through the main desktop Avast antivirus application.

When you install Avast, you’ll see a prompt asking whether you want to share data. Most people who clicked “I agree” probably didn’t realize everything they agreed too.

Jumpshot's data sharing request in Avast Free Antivirus.

If you have Avast installed, you can open the Avast application and head to menu > Settings > General > Personal Privacy to control what data is collected and shared. Disable the data-sharing options here.

We recommend just uninstalling Avast. But, if you want to leave it installed and disable the data collection, this is where you do it.

Personal privacy data sharing options in Avast.

Browser Extensions Are Only Part of the Problem

Antivirus software often bundles browser extensions that collect detailed data for marketing purposes. In October 2019, Adblock Plus creator Wladimir Palant cataloged the way several Avast browser extensions gather and transmit data about people’s browser histories. An AVG browser extension was doing the same thing, too—that’s not surprising, as Avast bought AVG a few years ago.

Google and Mozilla cracked down, removing the browser extensions from the Chrome Web Store and Mozilla Addons site until Avast made some changes. They’re now available for download once again. It’s not clear exactly how much the data collection was limited, but Avast is also more “transparent” in its privacy policy.

While Google and Mozilla can crack down on what an antivirus company’s browser extensions can do, no one’s stopping a company like Avast from collecting data using its desktop application. That may be one reason why Avast is engaging in such wholesale data collection through its desktop application.

We recommend against installing your antivirus’s browser extensions, but you can’t avoid privacy problems just by avoiding the browser extensions.

RELATED: Don't Use Your Antivirus’ Browser Extensions: They Can Actually Make You Less Safe

Free Antivirus Software Has to Be Paid For Somehow

Free antivirus software has to make a profit somehow, so it’s no surprise that companies like Avast have turned to gathering and monetizing their customers’ data.

In the past, Avast has even incorporated a “shopping” feature that added advertisements to other web pages as you browsed. Avast no longer does that, but the data collection doesn’t feel entirely out of character.

As we pointed out back in 2015, free antivirus software really isn’t “free” anymore. Many antivirus companies have turned to changing your default search engine, swapping your browser’s homepage, and integrating extra software “offers” into their installers. Today, many other antivirus applications are likely tracking your browsing and, presumably, selling that data.

RELATED: Beware: Free Antivirus Isn't Really Free Anymore

What Antivirus Software Doesn’t Track You?

The Windows Security virus & threat protection screen on Windows 10

Not every free antivirus necessarily tracks you. We haven’t examined every antivirus out there. Some might provide a free trial that doesn’t collect and sell data, instead attempting to sell you the company’s paid antivirus product.

For example, Wladimir Palant, who exposed the data collection in Avast and AVG’s browser extensions, said in response to a comment that he hasn’t found any indication Kaspersky’s free antivirus is spying on its users. However, back in 2019, Kaspersky was previously injecting a unique identifier into web browsing traffic that would have allowed its users to be identified online.

We recommend Microsoft’s Windows Defender, which is integrated into Windows 10. Microsoft’s antivirus doesn’t have an agenda beyond keeping malware off your computer. It doesn’t track your web browsing. It doesn’t try to upsell you any extra software, although Microsoft does offer more advanced security software contracts for businesses.

We also like and recommend Malwarebytes, which we’ve found does a good job of detecting and removing junk software. The free version of Malwarebytes can’t run in the background. It only offers manual scans. Malwarebytes makes its money from Premium subscriptions rather than tracking its users.

RELATED: What's the Best Antivirus for Windows 10 and 11? (Is Microsoft Defender Good Enough?)

Profile Photo for Chris Hoffman Chris Hoffman
Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read more than one billion times---and that's just here at How-To Geek.
Read Full Bio »