Avast fined for selling non-anonymised customer data

27 February 2024

At ClamXAV, we believe in transparency and building trust with our users. That’s why we want to talk about a recent event involving a major competitor, Avast, and their data privacy practices. While we typically avoid mentioning competitors by name, this situation highlights the importance of holding companies accountable for upholding user privacy.

Last week, the Federal Trade Commission published a press release announcing that Avast, a Czech cybersecurity company, will be required to pay $16.5 million for deceptive data practices, due to Avast’s collection and selling of their users’ browsing information to over 100 third parties.

This is a clear violation of trust and raises serious concerns about the potential risks users face when using “free” services. This incident is a stark reminder that “free” often comes at a cost.

While some services may not charge a subscription fee, they often collect valuable user data that they can then sell to generate revenue. In Avast’s case, users entrusted the company with safeguarding their privacy, only to have it exploited for financial gain.


Starting in at least 2014, Avast, who advertised their software as “blocking third party tracking”, indefinitely stored, and sold detailed, identifiable browsing data from their customers through a subsidary, according to the FTC.

While Avast was advertising their software that would supposedly “block annoying tracking cookies that collect data on your browsing activities”, the software was actually doing exactly what it was advertisted to stop; collecting user’s browsing data to be sold. According to Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, “Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law.

What happened

Buying and selling browsing data is unfortunately not against the law, however, it is illegal to sell non-anonymised browsing data.

Avast claimed to use a “special algorithm to remove identifying information before transferring the data to its clients”, however, it was found that whatever methods they did use were insufficient.

Furthermore, Avast allowed some of their clients to track specific users, by allowing them to match up non-personally identifiable information with Avast users’ browsing information.

How you can protect yourself

Here’s what you can do to protect yourself: (apart from just switching to ClamXAV of course!)

  • Read privacy policies carefully: Before signing up for any online service, understand what data is being collected and how it will be used.
  • Consider alternatives: Explore paid services with a strong track record of prioritizing user privacy.
  • Be proactive: Take control of your privacy settings and regularly review the data companies hold on you.

Our handling of your data

The fact that a cybersecurity company would sell user data is egregious, especially when they are advertising that their product protects against such actions. This often happens with “free” software products - although the customer doesn’t pay money for the product, it may be being monetised in some other way that’s not apparent, and not in the customer’s best interest.

We would like to assure all of our customers that we do not sell any of their data.

Here at ClamXAV, we take data privacy seriously. Unlike some companies, we do not:

  • Sell your data to third parties: We firmly believe that your data belongs to you, and we will never sell it for any purpose.
  • Collect unnecessary data: Our software only collects the data essential to provide our services and keep your devices safe.

Customers’ payments are processed through FastSpring, the merchant of record for ClamXAV. This means that they are liable for all financial, legal, and compliance aspects of our transactions, and therefore are compliant with all privacy laws and regulations regarding personal information, which we also follow.

While we do use cookie data from interactions with our website, social media and emails to target our own product advertisements, we do not harvest and sell any of this to a third party.

Transparency is key: Our Privacy Policy is clear and concise, outlining exactly what data we collect, how it is used, and your options for controlling it.

We understand that navigating the digital landscape can be complex. At ClamXAV, we are committed to providing robust security solutions while prioritizing your privacy and trust. Choose a company that aligns with your values and prioritizes your data protection.


Federal Trade Commission Press Release

Federal Trade Commisson Avast Complaint