Security specialist Avast has announced plans to terminate its provision of data to its subsidiary Jumpshot, and to commence a wind down of the unit, in a move that puts hundreds of jobs at risk.

Avast told Silicon UK that the move “reflects Avast’s commitment to user safety and privacy protection”, but it comes after the firm found itself embroiled in a data sharing scandal.

The issue began when Wladimir Palant, who is responsible for the AdBlock Plus extension for Firefox, first began alleging that the Avast and AVG browser extensions spied on the web surfing habits of users.

Privacy row

The Mozilla Foundation earlier this month took the decision to remove Avast and AVG extensions out of it Firefox store. Opera also did the same.

Then Google followed the Mozilla Foundation lead after it removed three add-ons from the Chrome Web Store that belonged to Avast and AVG.

Palant had alleged the extensions when installed in a browser, track the URL and title of every webpage the user visits.

The add-ons also reportedly document how the user got to that page, along with a per-user identifier and details about the operating system and browser version used, plus other metadata.

All that data was then allegedly transmitted back to Avast’s independent Jumpshot analytics business.

Avast had purchased its rival AVG back in 2016 for $1.3bn, and in 2015 it had created Jumpshot to analyse consumers’ online habits by measuring their search, click and buy patterns across thousands of categories from over 150 websites.

Jumpshot closure

But now Avast has opted to terminate its provision of data to its subsidiary Jumpshot and to commence a wind down of Jumpshot.

“Avast’s core mission is to keep its users safe online and to give users control over their privacy,” said Ondrej Vlcek, CEO of Avast. “The bottom line is that any practices that jeopardize user trust are unacceptable to Avast.”

“We are vigilant about our users’ privacy, and we took quick action to begin winding down Jumpshot’s operations after it became evident that some users questioned the alignment of data provision to Jumpshot with our mission and principles that define us as a Company,” said Vlcek.”

Avast said that Jumpshot intends to continue paying its vendors and suppliers in full as necessary and in the ordinary course for products and services provided to Jumpshot during its wind down process.

“Jumpshot will be promptly notifying its customers in due course about the termination of its data services,” it told Silicon UK.

“We regret the impact this will have on Jumpshot employees and we appreciate the contributions they have made,” said Vlcek. “We will endeavour to make this transition as smooth as possible for them.”

Open letter

Vlcek also posted an open letter about the issue, in which he insisted that Jumpshot and Avast had acted “fully within legal bounds”, and that both companies were committed to full compliance with GDPR.

“I’d like to take this opportunity and address the situation regarding Avast’s sale of user data through its subsidiary Jumpshot,” wrote Vlcek. “… I realize the recent news about Jumpshot has hurt the feelings of many of you, and rightfully raised a number of questions – including the fundamental question of trust.”

“As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned,” he said. “Protecting people is Avast’s top priority and must be embedded in everything we do in our business and in our products. Anything to the contrary is unacceptable. For these reasons, I – together with our board of directors – have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect.”

“Jumpshot has operated as an independent company from the very beginning, building their products and services via the data feed coming from the Avast antivirus products,” he wrote. “During all those years, both Avast and Jumpshot acted fully within legal bounds – and we very much welcomed the introduction of GDPR in the European Union in May 2018. Both Avast and Jumpshot committed themselves to 100% GDPR compliance.”

But Vlcek said that when he took the CEO position of Avast seven months ago, he came to the conclusion that the data collection business is not in line with the firm’s privacy priorities as a company in 2020 and beyond.

“While the decision we have made will regrettably impact hundreds of loyal Jumpshot employees and dozens of its customers, it is absolutely the right thing to do,” he said.

“I firmly believe it will help Avast focus on and unlock its full potential to deliver on its promise of security and privacy,” he concluded. “And I especially thank our users, whose recent feedback accelerated our decision to take quick action.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

NHS Covid-19 Tracing App For England, Wales, Nears Launch

Date for limited rollout of delayed NHS track and trace app for England and Wales…

2 days ago

Coronavirus: Facebook Staff To Work From Home Until July 2021

Facebook follows Google lead by extending right of staffers to work from home until July…

2 days ago

Canon Suffers Ransomware Attack, With 10TB Of Data Stolen – Report

Report suggests Canon has been crippled with a ransomware attack with allegedly 10TB of data,…

2 days ago

Uber Expands UK Reach With Autocab Buy

Amid consolidation in the taxi sector caused by Coronavirus lockdown, Uber purchases British rival Autocab…

3 days ago

TikTok Selects Ireland For First European Data Centre

Ireland to get another data centre after the Chinese-owned short video app TikTok announces first…

3 days ago