Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Businesses Google Microsoft Security

Leaked Documents Expose the Secretive Market for Your Web Browsing Data (vice.com) 78

An antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world's biggest companies, a joint investigation by Motherboard and PCMag has found. From the report: Our report relies on leaked user data, contracts, and other company documents that show the sale of this data is both highly sensitive and is in many cases supposed to remain confidential between the company selling the data and the clients purchasing it. The documents, from a subsidiary of the antivirus giant Avast called Jumpshot, shine new light on the secretive sale and supply chain of peoples' internet browsing histories. They show that the Avast antivirus program installed on a person's computer collects data, and that Jumpshot repackages it into various different products that are then sold to many of the largest companies in the world. Some past, present, and potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Conde Nast, Intuit, and many others. Some clients paid millions of dollars for products that include a so-called "All Clicks Feed," which can track user behavior, clicks, and movement across websites in highly precise detail.
This discussion has been archived. No new comments can be posted.

Leaked Documents Expose the Secretive Market for Your Web Browsing Data

Comments Filter:
  • by TigerPlish ( 174064 ) on Monday January 27, 2020 @11:10AM (#59660812)

    Burn it all, and go back to the pre-internet days. Life was freer then. Less cybershackles, less prying eyes.

    This isn't get off my lawn, this is me being fed up to the last hair with the shitshow the internet has become.

    Its main purpose in life has evolved (de-evolved?) into a gigantic user-mining machine. Nothing else matters, not the freedom of expression, not nothing -- all the altruistic doey-eyed brightness is gone from it, all that remains now is making money.

    • by XXongo ( 3986865 ) on Monday January 27, 2020 @11:18AM (#59660842) Homepage

      Basically, I think we now need to assume that nothing we do on the internet is hidden.

      It isn't that you're not free; it's that you are free, but are being watched. (and, mostly, they are watching you because they want to figure out how to sell you more stuff. And to contribute to their database of big data, to put together a blindingly comprehensive database that can be mined for any detail desired... in order to sell you more stuff.)

      • by geek ( 5680 ) on Monday January 27, 2020 @11:26AM (#59660898)

        Basically, I think we now need to assume that nothing we do on the internet is hidden.

        It never was. The fact is we have better ways of hiding things now but the internet, at no time has ever been about privacy or security. It's not an information super highway, it's an ocean with sharks, and most people don't even know how to swim.

        • It never was. The fact is we have better ways of hiding things now but the internet, at no time has ever been about privacy or security.

          This. So much this. This thing was never meant for the public at large. An ocean with sharks.. I like that.

          It's more than sharks, tho. Watch out for the "fishing trawlers" and all the subs lurking under the surface, siphoning every bit of data they can.

          • This is why I limit myself to a small number of rocky outcroppings. People worry about running aground, but look, submarines can't get close enough to torpedo me. And the fishing is actually quite good if you learn to RTFM.

      • Re: (Score:2, Flamebait)

        I couldn't disagree more. The US government (NSA specifically) helped MS create Windows XP. For those that don't remember, XP came out in 2001 - 19 years ago. But the NSA was helping them design it prior to 2000. AT&T had SNRCs in place in the 90s. Neither of these efforts indicate what you suppose. They're not selling stuff to you, they're selling you to stuff. Our monitory system is beginning to be based partially on the expected payouts of big data (the buzzword "Big Data" came out in the 90s

      • by Dan667 ( 564390 )
        you know who else watched all the time? The Stasi.
      • Basically, I think we now need to assume that nothing we do on the internet is hidden.

        If you'd been on slashdot you'd have known that since the 90s.

        Kids these days! Whippersnappers don't know anything at all.

      • by Solandri ( 704621 ) on Monday January 27, 2020 @02:26PM (#59661778)

        Basically, I think we now need to assume that nothing we do on the internet is hidden.

        I've been saying for years now, I don't think the solution is to fight it.

        There's an apocryphal story that at the end of the Cold War, a bunch of CIA and KGB spooks got together for drinks. The CIA guys lamented about how much harder their job had been, figuring out a way into a closed society where anyone could be stopped and their identification papers inspected at any time for any reason, and all information was tightly held behind closed doors. And how easy the KGB had had it being able to freely enter and travel within the country, with much of the government's information required to be freely accessible to the public by law. The KGB guys replied that on the contrary, their job had been harder. The U.S. generated so much information that they didn't know what to believe was real. If the National Enquirer ran a story about the USAF capturing a UFO, they had to devote resources into determining if the story was made up or if there was a nugget of truth behind it. Multiply that by millions of crackpots making all sorts of claims, and whereas obtaining information was easier, figuring out which of that info was legit became a major obstacle.

        In the same way, if you implement a way to block certain data collection, it's pretty obvious. The incoming data ceases. All they do is figure out a different way to collect the data - once the data starts flowing again, they know they've succeeded. OTOH if you drown these data collection services with fake data, then there's no obvious way to distinguish the real data from the fake data. They have to come up with some way to tell the two apart, which is going to be difficult without the person they're secretly collecting the data from confirming which is real. I suspect a browser extension which automatically "browses" the web in the background (spends some time on a web page, then "clicks" a random link on that page to travel to the next page) at human-like speeds would pollute the collected data enough to diminish its value. From that point, all you have to do is dilute the data enough. If it costs more to filter out the fake fake data than a marketer can make using the real data, then it's no longer worthwhile to collect data.

        • by thomn8r ( 635504 )

          I suspect a browser extension which automatically "browses" the web in the background (spends some time on a web page, then "clicks" a random link on that page to travel to the next page) at human-like speeds would pollute the collected data enough to diminish its value. From that point, all you have to do is dilute the data enough. If it costs more to filter out the fake fake data than a marketer can make using the real data, then it's no longer worthwhile to collect data.

          There are plugins for that: https://addons.mozilla.org/en-... [mozilla.org]

          • by K10W ( 1705114 )

            I suspect a browser extension which automatically "browses" the web in the background (spends some time on a web page, then "clicks" a random link on that page to travel to the next page) at human-like speeds would pollute the collected data enough to diminish its value. From that point, all you have to do is dilute the data enough. If it costs more to filter out the fake fake data than a marketer can make using the real data, then it's no longer worthwhile to collect data.

            There are plugins for that: https://addons.mozilla.org/en-... [mozilla.org]

            As mentioned to commenter you're replying to sadly things like that don't work effectively. I used to run similar prog way back and they worked poorly then but are pointless these days sadly. Folks like Bruce Schneier have wrote a lot on the specifics of why they are waste of time if you're actually interested.

        • by K10W ( 1705114 )

          then there's no obvious way to distinguish the real data from the fake data. They have to come up with some way to tell the two apart, which is going to be difficult without the person they're secretly collecting the data from confirming which is real.

          I imagine it is actually very very easy to filter out the user data from noise due to it being machine not man doing the analysis. I used to utilise such noise in the past but stopped 15 to 20 years ago once it became apparent it makes little dent, these days especially. Partly because data points outside expected predicted patterns can be sorted from the main meat of the data but mostly it is all about exactly how much is leaked from where and how ALL that data gets linked together, plus a lot of it about

        • Never, EVER, pass up the chance to feed the data-whores false / misleading information - - - even if it is as simple as a free newsletter application form - mis-type your name / address.
          Remember Lilly Tomlin's famous ma-bell skit - just briefly steam iron the punch card bill and it will cause the little holes to shrink a teeny, tiny bit - - - just enough to jam the card readers ! ! !
          SABOT-age

          Sorry - a bit bitter nowadays. Been dealing with the VA for over a year on veteran health care.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Basically, I think we now need to assume that nothing we do on the internet is hidden.

        It isn't that you're not free; it's that you are free, but are being watched.
        (and, mostly, they are watching you because they want to figure out how to sell you more stuff. And to contribute to their database of big data, to put together a blindingly comprehensive database that can be mined for any detail desired... in order to sell you more stuff.)

        That's I think, a fair assessment. I would point out that this is not really different from IRL, when you walk into a store. Even in the days before cameras hidden all over the store, they still had people watching you, and back in the day when people mostly lived in relatively small towns and villages, everyone knew everyone and pretty much everyone knew everyone else's business, and I don't think most people were creeped out by it or anything. It's just the way it was. The grocer would say, "Hello, Be

    • But I couldn't order a box of toilet paper to be delivered to my porch in 4 hours...
      • by Anonymous Coward on Monday January 27, 2020 @11:40AM (#59660970)

        But I couldn't order a box of toilet paper to be delivered to my porch in 4 hours...

        That’s either way faster than you really need, or not nearly fast enough.

      • I can pick up a box of toilet paper from my local store in a lot less time than that!

        • by spun ( 1352 )

          Can you walk all the way to your local store with a poopy butthole and pants around your ankles though?

          • Grampy, now that your health is changing, your belly isn't going to hold your pants up anymore. I know you've lived your whole life not needing this, but you're finally going to have to choose between a belt, or suspenders.

            I don't really care if you wear the depends or not though. No, I'm not giving you a ride to the pharmacy either way. Call a cab, or app your app. Or just sit on the toilet and hope the UPS driver walks all the way to your door and presses the doorbell while throwing your package.

    • It's very simple: don't participate. Don't do Google. Don't do Facebook. Don't do Amazon. The Net is still out there. The fact that most of it is absolute garbage doesn't mean that there's still not plenty of awesomeness out there. All it means is that the resources you'll use are less popular than other ones. So what?
      • It's very simple: don't participate. Don't do Google. Don't do Facebook. Don't do Amazon. The Net is still out there. The fact that most of it is absolute garbage doesn't mean that there's still not plenty of awesomeness out there. All it means is that the resources you'll use are less popular than other ones. So what?

        Any radical change in internet behavior will set off alarms and your activity will be scrutinized to a higher degree.

        Just pretend to use Google and Facebook and Amazon in a manner similar to how you have in the past.....

        • by DogDude ( 805747 ) on Monday January 27, 2020 @11:46AM (#59660994)
          Any radical change in internet behavior will set off alarms and your activity will be scrutinized to a higher degree.

          That's silly. Nobody is scrutinizing everybody's every move. Marketing companies are consolidating data in order to market to people directly and/or sell the consolidated data. Nobody cares about the outliers.
      • Re:Don't participate (Score:5, Informative)

        by Nidi62 ( 1525137 ) on Monday January 27, 2020 @11:52AM (#59661028)

        It's very simple: don't participate. Don't do Google. Don't do Facebook. Don't do Amazon. The Net is still out there.

        Except Google, Facebook, and Amazon are so intertwined with the 'Net that, while, you might not be doing them, they are most certainly doing you. They're still tracking you, they're still building a shadow profile on you, tracking you based on your browser/computer characteristics. If someone you know/are related to is doing Facebook, Facebook probably knows what you look like. Google probably knows where you live(especially if you own, not rent, since property taxes are public record).

        • Knowing where you live gets them as far as a phonebook.

          It is absolutely untrue that you can't limit the information you leak. You can't live in a perfect world, that was always true, but you can control the things that are under your control, like tracking images and third party javascript.

        • If someone you know/are related to is doing Facebook, Facebook probably knows what you look like.

          Sometimes the biggest leaks are cause by everyone else's actions. Not our own.

      • It's very simple: don't participate

        That helps us, as an individual, retain our sanity and a bit of our privacy.

        Doesn't help the massive brainwashing *and* datamining to see if the brainwashing's working.

        I already minimize my internet exposure, if I go any further it'll be total cut except for banking. And even there I've massively cut down on who "online" gets my CC number directly. I find myself using checks more to pay bills. Up until last year I paid *everything* online, but not anymore. As protest and protection against online fraud,

      • It's very simple: don't participate. Don't do Google. Don't do Facebook. Don't do Amazon.

        Don't have an antivirus program installed either? That's what was mining the data.

    • I don't mind people making money on the internet. I also don't mind a freemium model, where you can either pay or you have to suffer some ads and/or have your data mined. Those model has made possible a whole range of services that many people find useful, at no charge to them. But as a user I'd like some choice in the matter. And I want to be informed in detail what I'm getting into. A virus scanner that sells detailed click info, that's just not on...

      I am saddened a bit by the fact that data harve
      • The vast majority of the (consumer) public refuses to pay anything for any of these online services that they're so damn enamored with, or, if they will pay, the service only works for/can provide that "at scale" (Spotify, Netflix, other vertically integrated product platforms).

        Your sane markets for a new digital product feel, largely, like businesses at this point.

    • I guess you refer to the privacy part of it, but in addition to this the internet has devolved into a gigantic shit-storm machine where some small groups of "woke" people loudly shit on everything until nothing is left but bland garbage and everyone else better be quiet too or they shit on you as well. Pre-internet seems better for that as well.

      Connecting everyone and everything all the time seems like a great ideal, and in some ways it is. But then it also seems to escalate all the crap even more.

      • I guess you refer to the privacy part of it, but in addition to this the internet has devolved into a gigantic shit-storm machine where some small groups of "woke" people loudly shit on everything until nothing is left but bland garbage and everyone else better be quiet too or they shit on you as well. Pre-internet seems better for that as well.

        This too. But this phenomenon also existed in the pre-internet BBS world, and to some degree it ultimately will be self-correcting, when they find *no one* is friendly to *any* of their causes anymore other than their little echo chambers.

        And then there's IoT. That's a whole 'nother Pandora's Box, and that one's gonna end like Maximum Overdrive.

    • Comment removed based on user account deletion
      • Re: (Score:2, Flamebait)

        by iroll ( 717924 )

        "Cars that you can work on yourself" is as boomer as memes get. Modern cars are't bad to work on, last a bazillion miles, require FEWER tools than grampappy's jalopy (how many 10 mm ratchet wrenches have I worn out??), and can even helpfully tell you where they hurt. Seriously, if you have any interest in cars at all, start servicing your modern car. It'll open your eyes.

      • Go ahead. Donate or recycle your computers and cancel all your internet services, phone service, etc. Let us know how it works out. (Sadly, there isn't ... hmmm... actually, now that I think of it...)

        Hm. I remember using computers before the internet. For like 15 years before I got my first dialup. There were these things called "BBS" where I could say things, read things, and download and upload things. Besides, my two computers are already recycles from 10 years ago or more.

        remember to restart paper delivery of all your bills, subscribe to whatever newspapers as may still exist and be deliverable in your area,

        Most of my bills are on paper anyway, except for the overtly techy stuff. And newspapers? Why on god's green earth would I give money to the Sun-Sentinel? What, in exchange for hearing all about progressive socialist agenda?

    • Welcome to the modern first world, we offer you the illusion that you're free but really we're guiding your every move by way of advertising and goverment sponsored media fear campaigns, terrorists under every bed and paedophiles lurking outside every schoolyard. So lock up your kids and stay inside with Netflix 'cos you'll be safe there where we can feed you an endless diet of moronic garbage like "Goop Show" so you don't start thinking for yourself.

    • Burn it all, and go back to the pre-internet days.

      You must not be old enough to remember BBS porn.

      • You must not be old enough to remember BBS porn.

        ASCII, ANSI or interlaced GIF?

        I ran a fido board for a while. Then I was a point after the wind went out of the BBS sail. Then I just gave up entirely on it.

        Doesn't mean it couldn't be used again, store-and-forward "netmail" (what fido email was called) can take a day or 2 to get from here to Europe or Asia, but it gets there.

      • This is slashdot. We never stopped having ASCII pr0n.

        Are you sure you actually read this site?

        • If your idea of pr0n is hakenkreuz, then you have a problem...

          that's the only ascii "art" i see here, that stupid twisted cross. And our eds do jack shit to eject the miscreant, even tho now said miscreant has to be logged in to post, albeit as AC.

          Show me a good ASCII tit on /. and I'll cut the eds some slack.

          • Well, you should click on the -1 posts more often, then.

            She's the same lady that was popular on the BBSes, if I recall.

    • Burn it all, and go back to the pre-internet days. Life was freer then. Less cybershackles, less prying eyes.

      Hey, yo man, Linux user here.

      Remember when you Micro-Softies were saying you can't get work done with Linux? Look at you now, ready to go back to the stone age.

      Over here on this side of the fence, life has always been free, there were never shakles or prying eyes. Or even virus scanners.

      There's a cancer.... Time to cut it out.

      You can't do that unless you can figure out what it is, where it begins and ends. Otherwise you'd have to cut off your whole head. But no, just cut out whatever parts of your belief system causes you to allowed companies to

    • Burn it all, and go back to the pre-internet days. Life was freer then. Less cybershackles, less prying eyes.

      This isn't get off my lawn, this is me being fed up to the last hair with the shitshow the internet has become.

      Its main purpose in life has evolved (de-evolved?) into a gigantic user-mining machine. Nothing else matters, not the freedom of expression, not nothing -- all the altruistic doey-eyed brightness is gone from it, all that remains now is making money.

      Amazing to me how well off we actually are. Consider:

      - Present day cost of bandwidth and hardware
      - Capable, scalable operating systems, network, data, application, protocol standards and stacks open and freely available with source code.
      - Freely available privacy preserving overlay networks and cryptographic libraries.
      - Permissionless worldwide transmission of datagrams

      I understand end users are being fucked over on a grand scale yet at the same time it has never been cheaper or easier for people who care

  • With policies like these not for much longer!
  • I have it on all my machines, will uninstall it as soon as I find a better alternative.
    Ideas?

    • I switched to the free version of Bitdefender a year ago and am happy with it.

    • by bobby ( 109046 )

      One place I occasionally work has Avast and I absolutely HATE it. A few years ago, before I met them, they got hit with ransomware. So now they're paying for an IT service contract (huge rip-off). I don't have the authority to get rid of Avast. It's a fairly fast computer, or should be, but Avast puts its own files, and many others, at the far end of the disk drive, and thrashes the disk very badly. You can defrag, but it's a constant battle. And you get hit with ads and popups.

      On my Windows machines

    • If on Windows, just use the built in Defender. It is one of the highest rated AV's out there and runs circles around many of the other AV solutions.

    • Linux.

  • Isn't Avast basically free? If you are not paying, you are the product. (I don't imply that if you pay you are not the product). So just don't use free services as much as possible. And for those you pay, read the privacy policy and do some research if their privacy policies are respected and implemented.

    • Isn't Avast basically free?

      It might be, however it is taking personal information: your browsing history. It is personal since the 'Device ID' is unique. Thus Avast must give you a copy of everything that it has; this is mandated under EU law, the GDPR. It will be interesting to see how they try to wiggle out of this. I don't have it installed and so cannot make a request but I encourage others to do so.

    • Isn't Avast basically free? If you are not paying, you are the product.

      Yes, AVG is a subsidiary of Avast, and is probably the most popular "free" one.

      So just don't use free services as much as possible.

      This. Open source doesn't protect me just by having less security problems, it protects me by not expecting me to even be using services.

  • This is how Avast remains free. They've been selling this data for a long time. I wrote code to ingest Jumpshot data years ago when I worked in online advertising. If its free then you are probably the product. Its pretty insidious that you get free 'protection' while be sold out the entire time - it would be extortion but you volunteer for it.
  • Yes it's a crime. (Score:3, Insightful)

    by AndyKron ( 937105 ) on Monday January 27, 2020 @11:23AM (#59660874)
    So when I come to you house to clean your carpets you agree to let me rummage through your closets, drawers, everything while taking detailed pictures of everything and writing down important information that I find. You also agree to let me sell this data to whoever I want for whatever I want and you don't get anything. Did I get this right?
    • by Train0987 ( 1059246 ) on Monday January 27, 2020 @11:27AM (#59660906)

      If you offer your cleaning service for free and the customer agrees to allow you to do those things in lieu of payment then yes. That's what is happening here.

      • But where is the non free Internet where none of this stuff happens? Not a lot of options.

        • You don't need to pay, the point is that if you're consuming something for which normally you would need to pay, and it is offered "free," it isn't a good deal.

          My wife and I recently bought new phones, They tried to give us one of the phone "free." Like I told the guy, "I read about the deal and I don't want to deal with the deal, I just want to buy the phones."

          When it comes to software, this is only a problem if the software is proprietary. If the software respects your Freedom, if the software trusts you

          • The problem as far as it comes to products like malware and virus scanners isn't the proprietary part. It's the cost to keeping it constantly current, and that's what people don't want to pay. Being open source doesn't change that part of the equation. In fact open source is already starting to scream about being unable to fund their endeavors in the face of a philosophy that doesn't demand it.

            • Oh, BS. You read on the internet that doom and gloom was coming, meanwhile, there is glut of OSS and long lines of people asking, "How can I contribute, how can I contribute, how can I contribute," in addition to all the people writing redundant shit and uploading it to github.

      • by Nidi62 ( 1525137 )

        If you offer your cleaning service for free and the customer agrees to allow you to do those things in lieu of payment then yes. That's what is happening here.

        Free Home Cleaning!*

        *By allowing us through your door you agree to our TOS which can be found on display in a darkened cellar at the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying beware of the leopard. Oh, and the stairs are gone.

      • by jwdb ( 526327 )

        If you offer your cleaning service for free and the customer agrees to allow you to do those things in lieu of payment then yes. That's what is happening here.

        That analogy holds for services like gmail, but not for your ISP, cell provider, credit card company, etc... There's a number of important cases where we're paying companies for services and they still turn around and sell our data.

  • Avast's business model just got shot down, and this will begin a new wave of programs that have to go to the pay to use model in order to survive in the marketplace. The trend now seems to be shifting towards geeking up, because now consumers are more aware and informed than ever, and are getting tired of being ad blitzed and micro-targeted. The lessons learned here are clear and distinct. If you rely on trust to build a product, you best not stab your own customer in the back.
  • I continue to be baffled as to what my web activities are worth to someone else. I'll add that my wife spent some time combing through my web history and needed psychiatric care afterwards, and she supposedly loves me. You remember that old Monty Python skit about the killer joke? My web history is like that, only not funny.
    • Did you event consider that perhaps when your wife clicked to view your web history, she might have been instantly bombarded with ads for psychiatric services?

      That is how this works. That is what the story is about. Instead of seeking out referrals and quality recommendations, and getting the care she so obviously needs, she ended up with whichever quack bid the highest for new patients.

  • how much this sort of thing costs us - a typical person who browses the web and occasionally buys things ? Seeing the sums that advertisers pay the likes of Avast, Google, Facebook is one thing but: how much does that benefit the advertisers (eg more sales than their competition); how much are they able to increase prices, etc, because of what they know about us; what else ?

    This stuff is also available to spooks and, in some countries, could become individuals' existential threats. Any views on that ?

  • We all know AVAST is a very intrusive data business, as other "free" av likely are.
    There as been several slashdot [slashdot.org] headlines [slashdot.org] on this subject.

  • Is this really that different from browser makers sending all your visited links back so they can verify it isn't a dangerous link?

    Does Windows do this at the OS level regardless of browser?

  • It keeps a running track of which apps and cloud services would be most popular. As soon as a trend emerges, Google reaches into its own portfolio for the most closely matching product and kills it off.

  • If we had a system that gave a damn about non-billionaires, Avast and others like it would be fined into oblivion and shut down for this. But we don't, so nothing will happen. Kill the system, it functions as designed The problem isn't the internet. The problem is Capitalism.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...