Third parties, in this case being Microsoft, Google, and more.
This secretive scheme was actually made official via a joint report by Motherboard and PCMag, where leaked documents provided to the publications reveal the activities of an Avast subsidiary that goes by the name of Jumpshot.
And it has previously done business with many a company, including the likes of Microsoft, Google, IBM, Unilever, and Yelp.
Apparently, the data set includes everything from Google searches to lookups of locations, GPS coordinates, LinkedIn pages, YouTube videos, porn site visits — down to specific time and search terms.
What’s worrying is that while it may be hard to discern the identity of a user through this data that is provided to third parties, it is not entirely impossible.
And that is because a user may be visiting specific websites and pages, or may have a unique collection of profiles or subscriptions.
Furthermore, Avast not only does not change the user ID unless they completely reinstall their products, it also provides a unique timeline for each action, tracking every click, search and buys on every site.
For its part, Microsoft has not commented on the purchase of this information from Jumpshot, though it did confirm that it currently has a relationship with Jumpshot.
The big question is, what they are doing with this heap of information?