Avast should be avoided completely. They have truly lost their way and have become more of a privacy/security risk than anything.

Did you know that Avast has a “confidential collaborator” known as Psafe that has an antivirus/cleaner app on Google Play called DFNDR that has been tricking users into installing their bogus app through scareware popunder fake virus warnings for over 8 years straight.

The DFNDR app was funded by the Chinese Qihoo and early versions of the app used to harvest users social media data and send data to Chinese servers. DFNDR also was not forthcoming with AV-test about it’s antivirus detectction engine.

It uses Avast’s detection engine and when AV-test found out the DFNDR app was no longer included in its testing.

The app itself is filled with trackers and several advertising SDK’s which take over the users device.

I have communicated with Psafe in private emails to show them the source of the fake virus warnings so that they could be stopped. Psafe requested I not go public with my findings for 30 days which I granted.

The fake virus warnings never stopped, not even on the sites I gave Psafe as examples.

Avast for it’s part banned me for life from their forums without warning.

Look at the user reviews of the DFNDR app on the Play Store to see for yourself.

Avast is nothing bat data harvesting ad agency at this point.

I am the author of this (slightly older) article. If there are questions, feel free to ask here and I’ll do my best to answer.

Nice article - I enjoyed reading it. The examples are interesting in that they show how difficult it is to cover all the scenarios one can encounter when trying to anonymise data - e.g., double encoding. However, Avast should have analysed the data, spotted issues like these, and fixed them. Of course, the problem is they didn't have the incentive to do so.

This whole issue is another example of how hard it is for all of us to make good decisions about privacy. Most people wouldn't think about privacy being a problem when using Avast. Even if you do read the privacy policy you actually can't be entirely sure what's being done with your data (which you indicated in your original October 2019 article). However, it appears that you're safe because the data will be anonymised. There's nothing more for you to do at this point other than trust that Avast is handling anonymisation correctly.

I wonder if it's actually possible to anonymise data effectively yet still make it useful. Based on literature such as the academic article you referred to [1] and another I looked at a long time ago [2], it seems to me that with enough seemingly unrelated data you can identify most people.

[1] De-anonymizing Web Browsing Data with Social Networks [2] Robust De-anonymization of Large Sparse Datasets

The issue isn’t avast failing to anonymize the data sufficiently for this whole thing to be okay. It is that it is like a locksmith and home security company had access to your home and used that access to sneak in and take photos of your family while it sleeps, then dell them with little black bars over the eyes. Even if they anonymize fit slightly better, the avast leadership should go to jail

It definitely is a hard problem. Clearly, if anybody at Avast bothered to look at the data they would have spotted the issues. But even with real effort, it’s hard to anonymize data reliably while keeping it useful.