Avast Scandal: Why We Stopped Recommending Avast & AVG

Updated on: May 1, 2024
Ben Martens Ben Martens
Updated on: May 1, 2024

Avast and AVG no longer pose a threat to user privacy, meaning both products are 100% safe to use. Since closing down its data-aggregating subsidary, Jumpshot, Avast has undergone significant changes to ensure user privacy isn’t compromised. The company has earned certifications from data privacy advisors like TrustArc and works closely with other privacy experts, so you can rely on Avast and AVG to responsibly manage your data.

Our readers have been messaging us and asking why we’re still ranking Avast and AVG on our website, despite them being caught up in a serious scandal. Well, after a lot of consideration and back and forth between departments, we’ve decided to finally remove them from all of our lists.

Why? Because Avast — which also owns AVG — has been caught in a firestorm of controversy over the last several months regarding serious allegations of unethical business practices.

The Avast Online Security browser extension was deleted from Mozilla, Chrome, and Opera marketplaces in December 2019 after claims that it was gathering a suspicious amount of user data — not only every website visited, but also user location, search history, age, gender, social media identities, and even personal shipping information. Three months later, Avast shut down a subsidiary company, Jumpshot, in the wake of investigative reports documenting the sale of personal data from around 100 million users, all gained through improper user surveillance.

The SafetyDetectives team has carefully considered our decision to scrub Avast from our website over the next several weeks. At the end of the day, any company that faces such severe allegations has lost our faith and cannot receive our seal of approval.

Here’s How Avast Allegedly Spied on Its Users for the Last 7 Years

Wladimir Palant — the founder of Adblock Plus — was the first person to sound the alarm about Avast’s predatory practices. In October 2019, he posted the incriminating information to his blog with a detailed explanation of how he claims Avast was able to “transmit data that allows reconstructing your entire web browsing history and much of your browsing behavior.”

Essentially, Avast and AVG’s Online Security extensions were recording their users’ every click — documenting which websites were visited, when, and from where. While Avast claimed that data collection was a necessary part of the Online Security plugin, browser extensions from competing brands seemed to work fine without collecting and retaining such a large amount of personal information.

Then came the disclosure that this data was being sold to big corporate clients like Home Depot, Google, and Pepsi, through an Avast subsidiary called Jumpshot.

Avast Subsidiary Sold User Data For Millions of Dollars in Profit

In 2013, Avast acquired Jumpshot, a company that aggregated “anonymous” user data and sold that data to online businesses. Jumpshot’s public information was very vague, but they claimed to have obtained “clickstream data from 100 million online shoppers and 40 million app users”. The source of Jumpshot’s user data was the spyware embedded in Avast and AVG’s Online Security Browser extensions. Palant was a driving force behind this revelation, but the nail in Jumpshot’s coffin was this article by VICE Motherboard, published in early 2020. It lists out the corporations that purchased data from Jumpshot along with whistleblower testimony and leaked internal documents from Avast and Jumpshot. Jumpshot claimed that no “Personal Identifying Information” was included in the data they sold, but many experts were not convinced.

According to the investigation, Jumpshot’s data contained every click performed by Avast Online Security users along with time stamps (accurate to the millisecond), country, city, and zip code information from users’ IP addresses. The algorithm which was designed to censor specific data like email addresses and social media profiles was exposed by Palant to be seriously malfunctioning — whole shipment details from mail carriers, including names and home addresses, were included in data packets sold by Jumpshot.

US Senators and Investigative Journalists Held Avast Accountable

Oregon Senator Ron Wyden, a well-known proponent of cybersecurity, net neutrality, and digital privacy, called out Avast publicly in December 2019, stating on Twitter that, “Americans expect cybersecurity and privacy software to protect their data, not sell it to marketers. I’m looking into this troubling report about Avast and its failure to protect consumers’ data.”

Then, after being removed from the Chrome, Mozilla, and Opera web stores, Avast had the opportunity to abandon their privacy violating ways and start to act like a respectable cybersecurity company. They changed the privacy settings of the Online Security browser extension, which was returned to web stores at the end of December. However, as the VICE Motherboard exposé revealed, they simply moved their data collection to the main antivirus suite, embedding a data collection “opt-in” question during the installation process.

With the publication of the VICE Motherboard article, and in the face of unanimous public disapproval, Avast finally shut down Jumpshot completely in February 2020. But for SafetyDetectives, and many others in the cybersecurity world, it was too little, too late. 7 years of secretly profiting off of user data makes this one of the largest ethical violations in antivirus software history.

Why Ethical Violations by Antivirus Companies Are Especially Serious

Antivirus software is some of the most invasive software around. We give our antivirus software an unprecedented amount of access to our system — sensitive files, browsing history, financial information, and personal networks are all visible to our antivirus. We sign privacy policies and user agreements with the assumption that there isn’t deceptive language buried in all the legalese. But by violating their customer’s privacy in this way, Avast has corroded the relationship between users and antivirus products around the world. There are enough threats from hackers and invasive governments to worry about — antivirus providers should not be another threat to user security.

Jumpshot has been officially shut down, and Avast Online Security is back on Chrome and Mozilla web stores, with tighter privacy protections. But the fact remains that Avast was unethically profiting off of their users’ data for 7 years, and the only thing that stopped them was the citizen reportage of Wladimir Palant and the investigative journalists at VICE Motherboard. In our opinion, if independent professionals hadn’t rigorously documented these serious violations and notified the public, then Avast would still be running this scam. It’s even arguable that Avast only really considered changing their practices after a US Senator stepped up to confront them.

User Feedback Inspired Us to Remove Avast From SafetyDetectives

Here at SafetyDetectives, we’ve had other issues with Avast over the years — following a negative review, they actually pulled their advertising from our website. Still, we have always endeavored to bring you the best cybersecurity products on the internet, regardless of our business relationships with the companies that keep our site profitable. That’s why we continued to include Avast and AVG on our lists — we even kept them as our number 1 pick for the best antivirus for mobile devices:

Why Ethical Violations by Antivirus Companies Are Especially Serious

However, amid such glaring violations of user privacy which have been happening over the last 7 years, we can no longer continue to promote Avast or any of their subsidiaries (like AVG) on our site.

We’ve been considering a move like this for a long time. Even though a lot of top review sites continue promoting — and profiting from — Avast, we’ve been steadily moving them off of our lists for a while. The ultimate motivation for us was all of the feedback we received from our readers with messages like this: “After the data selling incident from AVAST, this software shouldn’t get any positive review or recommendation.”

Privacy infringements are a concern for anyone that believes in basic human rights. That’s why we think everyone benefits from a reliable antivirus software that guards against potential threats.

Standing up to large corporations when they infringe on our rights may not always be simple or popular, but it’s crucial. The establishment of SafetyDetectives was driven by the objective of equipping individuals worldwide with the resources to protect their data in the digital era — shielding it from hackers, unprincipled governments, and even exploitative cybersecurity firms who have demonstrated their lack of concern for their users.

Avast may have made its way back to several online stores, and while its vast clientele might disregard its ethical breaches, our SafetyDetectives team remains unwavering in our stance.

So, if you’re wondering why there’s no mention of Avast or AVG on our website, that’s why.

If you need an antivirus which won’t steal your data and sell it to Pepsi, I provided some recommendations below. You can also check out our list of the top antivirus software of 2024.

Best Avast Alternatives in 2024 — Final Score:

Our Rank
Our Score
Best Deal
save 58%
save 50%
save 60%
The listings featured on this site are from companies from which this site receives compensation and some are co-owned by our parent company. This influence: Rank and manner in which listings are presented. 
Learn more
About the Author
Ben Martens
Ben Martens
Senior Editor
Updated on: May 1, 2024

About the Author

Ben Martens is a former cybersecurity journalist for SafetyDetectives with a background in internet ethics, malware testing, and public policy. He resides in Oregon, and when he's not advocating for the rights of internet users, he's walking with his dog and inventing stories with his daughter.