AVG privacy policy update allows it to sell your browsing history

[ajcardiac]

Wow. Glad I ditched AVG Free years ago and moved to avast! Free !

[nazt]

Hopefully this isn't a trend that the other companies will adopt, though normally where one goes the others follow.

[devBunny]

"Anonymous" versus "Browsing and search history, including meta data"

You can aggregate search histories in two ways. One is by counting discrete searches, such that *this* number of people searched for X and *that* number of people searched for Y. This isn't that interesting to advertisers. The other way is determine that people who search for X have *this* and *that* likelihoods of also searching for (being interested in) Y and Z.

Because the science of making these kind of connections is still quite new and will almost certainly become more sophisticated in time, it makes a lot of sense to retain the raw search histories indefinitely for further mining.

People search for things in their physical locality including routes to and from their house, their friends' houses, their place of work, etc. People often need to learn about medical issues in their personal locality (self, family, friends). There will be a ton of things to do with their hobbies and interests. Etc, etc, etc.

That doesn't give X correlated with Y and Z, it gives practically the whole A-Z of an individual's life alphabet.

Such a search history in the hands of an investigator becomes a great deal less anonymous. If an investigator is given not just the search history but the entire browsing history then they have even more to identify someone by. Giving away an intact history is a huge risk.

Any company that proposes to collect histories needs to say exactly what the use and processing will be and to ensure the security of what is, in fact, *highly personalised* data. The "investigator" mentioned above could be a successful hacker or whatever criminal organisation they've sold their data to.

[rainman]

I used to be an AVG reseller ... not anymore.

[AGTDenton]

I cant understand why AVG has been singled out from the others on this.

People switching to Avast clearly haven't read the fact they share your data with Jumpshot (now owned by Avast). The only difference here is that they aren't as of yet making any money from this.
https://forum.avast.com/?topic=171725.0

Data is collected on computers and Android devices through the browser. Each record contains a set of fields that help Jumpshot algorithms assign the clickstream data appropriately. These fields include:
- Installation identifiers (proprietary identifiers that do not contain any PII)
- URL being visited
- Referral URL (if this exists)
- Window identifier
- Tab identifier
- Additional fields for processing purposes

Similarly Bitdefender has what is calls "Data Collection Technology". They don't mention if money is made from sharing the data.
http://www.bitdefender.co.uk/site/view/eula.html

From time to time, the Bitdefender Product may collect certain information from the device on which it is installed, which may include: IP, Information on potential security risks as well as URLs of websites visited that the Bitdefender Product deems potentially fraudulent. The URLs could contain personally identifiable information that a potentially fraudulent website is attempting to obtain without Your permission. This information is collected by Bitdefender for the purpose of evaluating and improving the ability of Bitdefender’s products to detect malicious behavior, potentially fraudulent websites and other Internet security risks. This information will not be correlated with any personally identifiable information.

- URLs of websites visited as well as search keywords and search results only if the browser toolbar feature is enabled. This information is collected by Bitdefender for the purpose of evaluating and advising You regarding potential threats and risks that may be associated with a particular Web site before You view it. This information will not be correlated with any personally identifiable information.

In order to promote awareness, detection and prevention of Internet security risks, Bitdefender may share certain information with research organizations and other security software vendors.

So again people are switching to simply share their data with someone else, and also these companies have had these policies in place for far longer than AVG. So I'm stumped as to why its been heavy handed to just AVG.

Numerous sites do also point out that even if you pay for the full version of Antivirus the data is still collected and potentially shared or sold.

[kalniel]

The old 'you don't get something for nothing'. I thought most people were aware that free services have to be paid for somehow?

Personally I like Avira - they're fairly open about what data they collect and how they use it. https://www.avira.com/en/general-privacy