Avast to close Jumpshot data-analytics firm following claims it sold anti-virus users' web-browsing data

Avast CEO Ondrej Vlcek claims he made the decision following a review instigated after he joined seven months ago

Avast is to close Jumpshot following claims that it surveilled users of Avast and AVG anti-virus and sold their web-browsing information via the data analytics company.

The announcement was made in a trading update this morning, backed up by a blog post from Avast CEO Ondrej Vlcek, dated Wednesday, in which he admitted that the company had sold Avast and AVG user data via its Jumpshot subsidiary.

Avast is listed on the London and Prague stock exchanges, and is a member of the FTSE-250. As part of the closure, it will also be buying back the 35 per cent stake in Jumpshot it sold for $173 million to Ascential [PDF] in July last year.

"I realise the recent news about Jumpshot has hurt the feelings of many of you, and rightfully raised a number of questions - including the fundamental question of trust," he wrote, adding that "protecting people is Avast's top priority."

I… have decided to terminate the Jumpshot data collection and wind down Jumpshot's operations

He continued: "For these reasons, I - together with our board of directors - have decided to terminate the Jumpshot data collection and wind down Jumpshot's operations, with immediate effect."

He added that Jumpshot had been started up by Avast in 2015 because security "with the idea of extending our data analytics capabilities beyond core security. This was during a period where it was becoming increasingly apparent that cybersecurity was going to be a big data game.

"We thought we could leverage our tools and resources to do this more securely than the countless other companies that were collecting data… Both Avast and Jumpshot acted fully within legal bounds," and complied 100 per cent with GDPR, he claimed.

However, wrote Vlcek, when he took over as Avast CEO in mid-2019, he conducted a review of every aspect of the business, concluding that Jumpshot's position within the organisation was inconsistent with the company's "privacy priorities" - although it's not clear why the organisation was not wound-up then, after the first claims about Jumpshot were aired in October by security specialist Wladimir Palant.

Furthermore, Vlcek was not an outside appointment but has worked at Avast for several years.

Indeed, Vlcek was previously president of Avast Consumer, the largest business within the company, and a key member of the management team that took Avast public in 2018. He was formerly chief technology officer of Avast.

And the sale of a 35 per cent stake in Jumpshot to Ascential in July last year [PDF] indicates that Vlcek's preferred exit from the business would have been a sale - with the data exfiltration from Avast's anti-virus software tools presumably continuing, at least for a limited period of time following full divestiture.

In December, Avast suffered the indignity of having its web browser extensions thrown-out of the web stores of Google Chrome, Opera and Firefox, but at the time the company merely acknowledged that it needed to "be more transparent about what data is necessary for our security products to work".

While the decision will mean redundancies for hundreds of Jumpshot staff, continued Vlcek, it was "absolutely the right thing to do".