Is free antivirus software spying on you?

I installed Avast free antivirus on my Mac. Today, I went to expressVPN website. I immediately got a notification from Avast, saying “You are not protected! Register for Avast VPN service.” I mean, do you need to be that obvious that besides “protecting” me, you’re also checking which websites I go to and protecting your turf?

Will the surveillance and abuse cease if I upgrade to Avast Professional edition, or does it just demonstrate that such antivirus companies are spying on me, no matter what?

Yes, they are ‘spying’ on you probably. I say ‘probably’, because I didn’t take the time to read carefully through their whole Privacy Policy, but it looks to me one that is full of loopholes to collect and share your personal data. Here is the link:

Avast US Privacy Policy

They have PP’s in multiple languages and there may be differences depending on the region of the world you are in.

1 Like

Yeah thanks for the link @aschrijver. Just read a bit of the privacy policy and wanted to puke already.

Which leads me to a question. Advertisers have access to our MAC address. How likely is it that we are so cross-referenced everywhere that having your MAC address is as good as having your full name and contact details?

That is a question about data accuracy. If you provided your contact details to site A along with your MAC address, and then you are on site B with the same MAC, then there is a high probability you are the same person.

So one data point matches. If besides that you have the same OS, browser version, and a bunch of other data points that match, then the certainty that it is you goes to near 100%. The more data points, the less likely you are anonymous.

The ‘fun’ thing is, many sites say in the PP’s that they only collect anonymous data. What that means is often defined by law, or described in the PP itself. But most of the time by correlating all the data points they have on you, it is easily possible to de-anonymize that data - and there are many companies that have that as their business.

In most cases the company you provided the data to, will not do that itself, and they may state that in their PP. But if the data goes to 3rd-parties, then there is nothing withholding them from de-anonymizing you. And you do not have control over that, as the data spreads to unknowable amount of 3rd-parties (or better: N’th parties) over time.

1 Like