if you are so dumb as to doing things that will trigger law enforcement investigations all the while using a commercial VPN then you deserve it.
If you use it to commit major crimes, then they might be able to trace it back to you by connecting those dots.
Maybe it’s time to reconsider some life choices, if this your main concern ?
CCleaner was infected before the acquisition. Avast bought them with the malware already in.
Their privacy policy allows them to sell and share your data to third parties.
That being listed after all the data collected from the user, just the words “the amount of data transmitted” - without a clarifying “of all users” - means it could be the data transmitted by the user, which when combined with timestamps, could be used to show sites a user/account has visited.
And they specifically say they’re not storing the last octet, which is far different from “your IP address”.
“According to logs from Website, a user of Avast VPN transmitted 16 GB of data on Date. After subpoenaing logs from Avast VPN, we found Account transmitted 16 GB of data on Date, and a connection log for that Account showed usage from the Defendant’s ISP on Date.”
Well yeah, obviously. I’m just pointing out that it’s possible to trace it back to you with the data they collect. Just that the government won’t care to unless you’re doing something pretty bad.
Did you read what they actually keep? You’re clearly just a hyped up “privacy” guy who doesn’t actually know the meaning of the word. They can’t sell your private data if they don’t have it and from this image they don’t have it.
Read it again, the top block says “we do not collect or store your IP address, DNS requests, your application or online service use, or the websites you visit”
The second bullet that you are referring to says that they “anonymize the last octet [of your originating subnet]” which they specify is to troubleshoot issues with ISPs (they have to know who to contact and provide a rough group of users for them to identify.
So your example is in fact impossible, assuming that they are telling the truth. I have no reason to believe they are or aren’t being shady, though Avast isn’t high on my trust list.
I have to defend what /u/ibm2431 is saying but point out it’s only a threat in the case of a major criminal investigation.
There was a case involving PIA a few years ago in which they famously replied to a subpoena stating “we have no logs to provide”.
In that case LE was still able to make a case by putting together various pieces that, standing alone, had no connection to the individual being investigated. Taken as a whole however it was enough to convict. That included “suspect connected to VPN at xxx time, criminal activity from an IP belonging to the VPN provider was recorded at xxx time”.
If LE had the logs but the last octet of the IP is missing that means they can narrow the search down to one of 255 IPs. Perhaps fewer if the ISP wasn’t using all 255 at that time. How many of those 255 had a connection to Avast at that time per the ISP’s logs?
This, along with other circumstantial evidence, could be enough.
This assumes of course A) a major investigation and B) someone is already a suspect.
If you’re just torrenting the occasional movie none of the above is a concern.
amount of data […] transmitted by the user, which when combined with timestamps, could be used to show sites a user/account has visited.
Let’s look at a fictional example:
/u/ibm2431 transmitted 278923012 bits of data in the time between
1572041416 and 1572045016, while having an IP with the first three octets of 92.123.234.
How do I tell which websites /u/ibm2431 visited, based on that data?
The image isn’t their privacy policy. They undoubtedly keep and sell customer information as well.
By the time you’re getting logs from the VPN, you’ve already picked the website that was visited.
The image is the totality of what they keep, their privacy policy for other products where they have your data is very different.
The image is the totality of what they keep
It outlines their data retention policy for their VPN service only. Data retention does not preclude them selling that data.
They claim that nothing in their data retention policy can be used to identify you, and they’re right. Nothing in that policy can be used to identify you… by itself.
But when you combine it with all the rest of your information that Avast sells, your anonymity is gone.
As far as you calling people a “hyped up “privacy” guy,” you don’t really have a leg to stand on if you don’t take into account all the other sources of information, and the hypothetical collated version of that data.
If you actually knew anything about privacy and security like you’re pretending, you’d know that any information can be used, in conjunction with other sources, to identify just about anyone. Just so happens, Avast offers a 1-stop-shop for people who want to identify a VPN user.
And how does that refute the statement that Avast’s privacy policy allows them to sell your data? You just agreed with them while acting like they were stupid.