Microsoft

The cost of Avast’s Free Antivirus: companies can spy on your clicks

Your antivirus should protect you, but what if it’s handing over your browser history to a major marketing company? Relax. That’s what Avast told the public after its browser extensions were found harvesting users’ data to supply to marketers. Last month, the antivirus company tried to justify the practice by claiming the collected web histories…

Your antivirus should protect you, but what if it’s handing over your browser history to a major marketing company?

Relax. That’s what Avast told the public after its browser extensions were found harvesting users’ data to supply to marketers. Last month, the antivirus company tried to justify the practice by claiming the collected web histories were stripped of users’ personal details before being handed off.

“The data is fully de-identified and aggregated and cannot be used to personally identify or target you,” Avast told users, who opt in to the data sharing. In return, your privacy is preserved, Avast gets paid, and online marketers get a trove of “aggregate” consumer data to help them sell more products.

There’s just one problem: What should be a giant chunk of anonymized web history data can actually be picked apart and linked back to individual Avast users, according to a joint investigation by PCMag and VICE’s Motherboard.

How ‘De-Identification’ Can Fail

The Avast division charged with selling the data is Jumpshot, a company subsidiary that’s been offering access to user traffic from 100 million devices, including PCs and phones. In return, clients—from big brands to e-commerce providers—can learn what consumers are buying and where, whether it be from a Google or Amazon search, an ad from a news article, or a post on Instagram.

The data collected is so granular that clients can view the individual clicks users are making on their browsing sessions, including the time down to the millisecond. And while the collected data is never linked to a person’s name, email or IP address, each user history is nevertheless assigned to an identifier called the device ID, which will persist unless the user uninstalls the Avast antivirus product.

For instance, a single click can theoretically look like this:

abc123x 2019/12/01 12:03:05 Amazon.com Apple iPad Pro 10.5 – 2017 Model – 256GB, Rose Gold Add to Cart

At first glance, the click looks harmless. You can’t pin it to an exact user. That is, unless you’re Amazon.com, which could easily figure out which Amazon user bought an iPad Pro at 12:03:05 on Dec. 1, 2019. Suddenly, device ID: 123abcx is a known user. And whatever else Jumpshot has on 123abcx’s activity—from other e-commerce purchases to Google searches—is no longer anonymous.

PCMag and Motherboard learned about the details surrounding the data collection from a source familiar with Jumpshot’s products. And privacy experts we spoke to agreed the timestamp information, persistent device IDs, along with the collected URLs could be be analyzed to expose someone’s identity.

“Most of the threats posed by de-anonymization—where you are identifying people—comes from the ability to merge the information with other data,” said Gunes Acar, a privacy researcher who studies online tracking.

He points out that major companies such as Amazon, Google, and branded retailers and marketing firms can amass entire activity logs on their users. With Jumpshot’s data, the companies have another way to trace users’ digital footprints across the internet.

“Maybe the (Jumpshot) data itself is not identifying people,” Acar said. “Maybe it’s just a list of hashed user IDs and some URLs. But it can always be combined with other data from other marketers, other advertisers, who can basically arrive at the real identity.”

The ‘All Clicks Feed’

The cost of Avast's Free Antivirus: Companies can spy on your clicks

Image: PC Mag

According to internal documents, Jumpshot offers a variety of products that serve up collected browser data in different ways. For example, one product focuses on searches that people are making, including keywords used and results that were clicked.

We viewed a snapshot of the collected data, and saw logs featuring queries on mundane,

Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Microsoft

Nvidia and Microsoft drop cryptic coordinates pointing to an ARM powered PC revolution at GTC Taipei 2026

This morning I woke to social media teasers from both Nvidia and Microsoft, which seen many on social media speculating about it’s meaning. The identical posts feature a simple message – a new era of PC is coming. This isn’t jsut a new generation of an existing architecture…

This morning I woke to social media teasers from both Nvidia and Microsoft, which seen many on social media speculating about it’s meaning. The identical posts feature a simple message – a new era of PC is coming. This isn’t jsut a new generation of an existing architecture…
Read More

Continue Reading
Microsoft

Exclusive: Microsoft is building a super app that combines coding, chat, and other Copilot AI tools

Microsoft needs to solve a nagging problem: It has various Copilot AI assistants throughout its portfolio of products, irking customers who seek a single destination. The company is planning to solve that by creating a super app for its most popular AI tools.  Recommended Video The software giant is working on a one-stop shop that

Microsoft needs to solve a nagging problem: It has various Copilot AI assistants throughout its portfolio of products, irking customers who seek a single destination. The company is planning to solve that by creating a super app for its most popular AI tools. 

The software giant is working on a one-stop shop that would connect its GitHub Copilot coding assistant, Copilot chat function, Copilot Cowork tool, and a new agentic workflow capability internally named Autopilot into a single app, according to two sources familiar with the project, who spoke on the condition of anonymity to discuss a platform that hasn’t yet been released. The project is being spearheaded by Jacob Andreou, Microsoft’s recently appointed head of Copilot. One of Andreou’s primary tasks has been to unite the consumer and enterprise sides of Copilot into a cohesive product. 

Some elements of the app, which is being developed internally with the slogan “Delivering one Copilot,” could be referenced at Microsoft’s Build developer conference next week in San Francisco, though there are no plans to showcase the app itself. The company plans to launch the super app by the end of summer. The plans for the super app could evolve and are not yet final, the sources said, but the idea is to be able to combine a user’s Copilots into one central interface, including accounts from the productivity-focused Microsoft 365 Copilot.

There may also be a toggle function for a user to go back and forth between their personal and enterprise 365 Copilots. A user will still be able to access their Copilots outside of the super app. Microsoft declined to comment.

Microsoft isn’t alone in attempting to create a super app. Its partner-rival OpenAI has had plans to combine its ChatGPT app and its Codex coding tool with its web browser into a single destination. Elon Musk has long held an ambition to make the X social media app into a super app for communication, media, and commerce. Uber and Meta have also increasingly put services under a single app. 

Microsoft has found that customers dislike shifting between its Copilot tools, and the company also seeks for people to see more value from Copilot, the sources familiar with the plans said.

The stakes are high for Microsoft, which was one of the first tech companies to make a big bet on AI, through a $13 billion partnership with OpenAI, but then lost its early lead as various rivals joined the race. The Copilot brand has struggled as a result of several issues. It has had a historic reliance on OpenAI’s AI models, which have at times lagged behind rivals in benchmarks and made Microsoft late to create its own models. Microsoft also launched several versions of Copilot, confusing customers. Until recently, Microsoft employees were split into distinct consumer and commercial Copilot teams, which made it difficult to have a unified AI vision. 

The various Copilots have existed as both free consumer versions, as well as paid enterprise options. Less than 4.5% of the 450 million customers of its Microsoft 365 office suite currently pay for Copilot features. GitHub Copilot, which uses AI f

Read More

Continue Reading
Microsoft

Xbox Boss Asha Sharma Announces Leadership Reshuffle in Bid to ‘Move Faster,’ Bringing in Former Microsoft AI Colleagues

UPDATE: Xbox boss Asha Sharma has confirmed that Microsoft has stopped development of Copilot on console. In a tweet, Sharma said Microsoft will retire features “that don’t align with where we’re headed.” Gaming Copilot, which was in beta, was designed as “your personal gaming sidekick with Xbox.” The idea was that players could ask for

UPDATE: Xbox boss Asha Sharma has confirmed that Microsoft has stopped development of Copilot on console.

In a tweet, Sharma said Microsoft will retire features “that don’t align with where we’re headed.”

Gaming Copilot, which was in beta, was designed as “your personal gaming sidekick with Xbox.” The idea was that players could ask for help anytime or anywhere while they were playing a game. “With in-game assistance, get unstuck, pass roadblocks, and level-up your gameplay,” Microsoft said. “The guide you want, when you want it. Brainstorm strategies and get tips or insights with personalized coaching.”

It would also provide users with gaming recommendations. Gaming Copilot is currently available in the Xbox mobile app, and on Game Bar for Windows 11, and on the ROG Xbox Ally handhelds.

“Xbox needs to move faster, deepen our connection with the community, and address friction for both players and developers,” Sharma said. “Today, we promoted leaders who helped build Xbox, while also bringing in new voices to help push us forward. This balance is important as we get the business back on track. As part of this shift, you’ll see us begin to retire features that don’t align with where we’re headed. We will begin winding down Copilot on mobile and will stop development of Copilot on console.”

ORIGINAL STORY: Newly-installed Xbox boss Asha Sharma has announced a major reshuffle of the company’s platform technology teams, as Microsoft’s gaming division seeks to rebuild its position and release Project Helix, its next-generation console.

In an internal memo shared with Xbox staff today, seen by IGN, Sharma stated that leadership change was needed to “begin building the capacity we need” to evolve the Xbox brand and “how we work.”

As part of the changes, Sharma is bringing four former colleagues from Microsoft’s CoreAI division, where she previously served, over to Xbox. IGN understands that Xbox’s previous stance on AI remains unchanged.

The 100 Best Xbox Games of All Time

“Right now, it is too hard to ship impact quickly,” Sharma wrote, adding: “we spend too much time inward instead of with the community; and we lack the capability we need in some key areas.”

For Xbox fans, likely the most widely-known name among the list of today’s changes is that of Jason Ronald, the Microsoft veteran with more than 20 years of experience building Xbox. Ronald has now been elevated to a position where he is accountable for Project Helix and the Xbox platform.

Elsewhere on the company’s hardware team, Roanne Sones, a corporate vice president for Xbox devices and ecosystem, will take a long-planned leave of absence later this year and return as an Xbox advisor.

CoreAI vice president of product Jared Palmer, will join Xbox’s platform-level content push “investing in the systems that make it easy to build, submit and scale high-quality games,” with a focus on “developer tooling, taste and infrastructure.” Tim Allen, another key CoreAI staff member, will join Xbox to lead experience design, in a role that merges “product design, design engineering, research, and creative with a fan-first focus.”

Jonathan McKay will become Xbox’s head of growth. Evan Chaki will run a new engineering group focused on removing repetitive work and simplifying development. Both are also moving over from Microsoft’s CoreAI division.

Other changes will see David Schloss, a former colleague of Sharma’s at Instacart, lead the Xbox subscription and cloud business. Kevin Gammill, a 20-year Microsoft veteran who has worked on the Xbox user experience, will meanwhile leave the company.

Tier List

Xbox Games Series Tier List

Xbox Games Series Tier List

 
 
 
 
 

While the quartet of additions to Xbox from CoreAI will likely raise eyebrows — as Sharma’s own move did earlier this year — the changes are believed to be positioned internally as simply about bringing in the best talent, with experience working in Microsoft’s AI division seen as just another part of the company.

The changes follow another bruising quarter for Microsoft’s gaming division. In the three months ending March 31, 2026, Microsoft’s Gaming revenue decreased 7%, Xbox content and services revenue decreased 5%, and Xbox hardware revenue (money made from the sale of Xbox consoles) declined 33%.

“While we have made progress expanding the business and our margins, player and revenue growth has not yet met our ambition,” Sharma wrote last week via a post on social media. “We know we have work to do to earn every player today and into the future.”

Last month brought a new mission statement from Sharma an

Read More

Continue Reading
Microsoft

Microsoft Edge stores your passwords in plaintext RAM… on purpose

If you tend to save your passwords in your browser, you need to be more careful. A security researcher from Norway has uncovered a serious vulnerability in Microsoft Edge that shows passwords are stored in memory as plaintext, as shown in this social media post. Any malicious user with local access could easily intercept all

If you tend to save your passwords in your browser, you need to be more careful. A security researcher from Norway has uncovered a serious vulnerability in Microsoft Edge that shows passwords are stored in memory as plaintext, as shown in this social media post.

Any malicious user with local access could easily intercept all your stored passwords…
Read More

Continue Reading