I’m very concerned since when I got hacked a few months ago9yes, stupid) I then installed Avast to protect myself, but now that I’m actually searching around the web for info about them, I see they’re selling their user’s data to 3rd party’s? This was reported in 2020, but are they still doing it?
Yes. They have no reason to stop.
Avast were prosecuted and fined for selling their users’ browsing history to a third party. Shortly after the prosecution, Avast were purchased by Norton LifeLock.
Avast will, like all AV software, still collect browsing history as a function of its browser protection. However, if Avast were foolish enough to sell the data again, they and Norton are well aware of the damage, if discovered, it would do to them both. That realistically is why they’re unlikely to repeat it, the risk outweighs the benefit. But it is a matter of trust.
Defender, Bitdefender, Kaspersky, Sophos, Emsisoft etc., all collect your browsing history, it was the fact Avast sold that information, that got them prosecuted.
For each online account, use a unique e-mail, a strong and unique password, and if available, enable 2FA on each account. Use a password manager such as Bitwarden to generate strong passwords and securely store your account logins and, together, it will go a long way to prevent future hacks.
Free services, such as haveibeenpawned, will monitor e-mail addresses, notifying you if they are detected as part of a breach.
Why stick with Avast? If you are on Windows use Defender. They are on par with all the other commercial antivirus programs and since you already have to trust Microsoft, you don’t add another party you need to trust, with whats going on on your system.
I use ClamWin Antivirus which is both free and open source
My brother in Christ it’s a free, closed source antivirus service of course they are
Avast was not caught red-handed. Their EULA stated what was going to happen.
As for the data, it was anonymized web surfing data that was never publicly deanonymized. But many people will try to push a certain “Avast bad they steal your data” narrative for some reason.
From what I have read, the anonymized data could not be directly linked to a specific person and no one has publicly shown otherwise. However, it could be “possible” using data from other data sets (like all the Cambridge Analytica scandal going on around at that time) to link the browser fingerprints together which can eventually lead to a real person. Think “foreign key=browser fingerprint” if you speak SQL. Avast should not be held responsible for the data collection practices of other sources.
The popup is pretty clear to me 
https://images.sparktoro.com/blog/wp-content/uploads/2020/01/avast-jumpshot-request.gif
Most people complain endlessly about their operation of Jumpshot (their sister company) which was selling aggregated data obtained from avast! users. Some argued that it was without their consent even though avast! has stated for years that they have and they also offered option to disable data sharing under Privacy settings since avast! 5.x. Also among allegations was that aggregated data “could” be used to trace back users yet despite a lot of whining no one actually proved that it could or showed any actual examples.
They shut down Jumpshot after public outcry, I frankly believe this was just a stupid mistake.
Personally, I still consider avast! to be one of best AV’s. Just make sure to disable data sharing in Privacy settings (but leave CommunityIQ for best protection).
What data are they sharing? Like if its just browsing history, my ISP does that as well, no big deal, but if it’s stuff like passwords or email addresses, it’s really bad. Either way I’m switching over to other recommended AVs
Are they still selling my/other user’s information now? And if so, does it put users like me at risk of getting our online accounts compromised or hacked? (my ptsd of getting hacked and my info being leaked kicking in lmfao)
It is never a good idea though to put a potential password into services such as “haveibeenpawned”.
“Defender, Bitdefender, Kaspersky, Sophos, Emsisoft etc., all collect your browsing histor”
If the antivirus offers protection on the Internet, it is understandable that it collects data. After all, how would he indicate that a site is dangerous without doing so?
Avast sold user’s browsing history (websites they’d visited) allowing advertisers to more accurately target adverts to Avast’s users.
You being hacked, would far more likely have come from you using weak or duplicated online password(s), or account information being leaked in a breach of a website, rather than through Avast’s actions.
Get a password manager like Bitwarden, then go through your online accounts and slowly update all your account passwords to unique and much stronger, 18 - 20 character, passwords. Choose a memorable master pass phrase/password to lock Bitwarden. Make sure it’s safely written down, so you can’t forget it.
If you lost your Bitwarden master passphrase/password, you’d lose all stored account information! You must protect it.
As a further security layer, add 2FA to each account, if available. Store the secret keys in Bitwarden and use the Aegis mobile app to generate the TOTP codes when logging in.
Use an alias e-mail service, AnonAddy is a good one, and create separate alias e-mails for each online account. Alias e-mails are then delivered to the same single personal e-mail address you decide.
If a future website breach occurred, you’d only need to change the password and e-mail (new alias) for one account, as all other accounts will be using their own e-mail and unique password.
Protect your online details, and you are far less likely to be hacked.
There’s no security risk at all, they never actually see your complete password. If you’re interested, they wrote an article on how passwords are handled.
Numerous password managers, use them, including Bitwarden and KeePass, for example.
Also, without that information, you could be using a password that is already known in full, to hackers who stole it in a website breach.
No, I am saying that I use ClamWin, why would that be no AV?
Even if what the article states would turn out to be true I still can’t see it as good practice. I mean, the more third parties that get hold of a (locked in) password the bigger the risk it get compromised. That is true no matter how strong the password is.
It is better to use a randomly generated password, from a password manager. One password for each website.
Haveibeenpwned, never see the full password or store your password ever.
They check the first few characters, and if that has no matches, nothing else is checked as it would be pointless.
Bitwarden would not build haveibeenpwned into their software unless they were 100% confident of its trustworthiness. Dashlane and Enpass also both use it.
A password check is against ‘the’ password, not ‘your’ password, so a breach of a different account by someone else, could have exposed ‘your’ password, which just happened to be the same.
I completely understand where you’re coming from, but without a password check, you have no idea if a password you use, is already known to hackers.