We’re sorry, this feature is currently unavailable. We’re working to restore it. Please try again later.
This was published 8 years ago
Add articles to your saved list and come back to them any time.
As the saying goes, there's no such thing as a free lunch.
Anti-virus software company AVG has revamped its privacy policy into an easy-to-read document, and in doing so has revealed just how extensively it is tracking users and selling their data in order to keep its products "free".
AVG is just one of many companies that profits off user data.Credit: Louise Kennerley
The news comes as Facebook begins rolling out targeted advertising based on data it gleans from user activity on other websites, which the company first unveiled last year.
AVG's updated policy, which comes into effect October 15, says it will sell "non-personal" data including web browsing history, search query history and metadata to third parties in order to "make money from our free offerings so we can keep them free".
AVG’s ‘free’ Antivirus software is profiting off your data.Credit: AVG
For anyone who's been following recent debates here in Australia over data retention and privacy, this should be ringing alarm bells.
The ability to transform apparently anonymous data into personal, identifying information when viewed in bulk has been well demonstrated by privacy advocates, from German politician Malte Spitz to Australia's David Leyonhjelm, and journalists Will Ockenden, Ben Grubb and Nick McKenzie.
AVG classifies "non-personal data" as:
Other data the company considers non-personal include "approximate location", zip code (or postcode), area code, time zone, and the URL (web address) users come from to reach its products
It's not clear what AVG classifies as metadata, though generally this can be assumed as location data and basic information about web activity.
Browsing history can reveal an awful lot, as the tracking down of "AOL Searcher No. 4417749" nearly a decade ago made all too clear. Worryingly, AVG says it will use so-called non-personal data to build "anonymous" data profiles, which it may then sell.
The company does in fact acknowledge that "sometimes browsing history or search history contains terms that might identify you", and says it "will treat that portion of your history as personal data, and will anonymise this information" if it becomes aware that a "part of your browsing history might identify you".
But just how it intends to systematically sift through and de-identify specific information collected from sweeping the search and browsing histories of "over 200 million active users" worldwide is unclear.
AVG also says it will pass on users' full IP addresses to its "search providers", without naming them. IP addresses can reveal approximate location information, and the policy's wording suggests this information will still be linked to the user's search activity when handed over, "in order to fulfill your search requests".
Users' personal data meanwhile, such as name and email address, is not sold or "rented" to third parties but AVG is more than happy to use it to flog users "offers relating to third-party products and services".
The type of data it considers "personal" include users' names, email addresses, postal addresses, phone numbers, SIM card numbers, Device ID numbers, location data, Internet Protocol (IP) addresses, and, for customers who have paid for products, credit card information.
AVG says it may share "some" of this identifying data with "selected resellers, distributors and other partners" for marketing purposes. Being a global company, that means sending the data to countries where privacy laws may not be as comprehensive as they are in Australia or the US.
Copyright © 2023

source