[palant]

Yes, according to the Avast privacy policy the data is "anonymized or pseudonymized." As I already speculated in https://palant.de/2019/10/28/avast-online-security-and-avast..., they likely went for pseudonymization in this particular case - meaning that they simply left the data as it is. The unique user ID being sent there is technically a pseudonym, meaning that it isn't directly tied to your identity. That this "clickstream data" is easily deanonymized - so far there is no indication that Avast cared.

[aba_cz]

It's not tied to your identity, but if you go frequently to some social sites with the same user id in the url (LinkedIn and others) it's possible to match that an HW id to a real name. Also when you buy coupon or goods which are tied to you just by unique ID the data science team could see that in the clickstream and it they were evil enough they could just use that (holiday coupon for example) for themselves. Or private photos shared by unique ID in url. Basically they (employees) could see everything from navigation bar and try to find out who it belongs to.

Source: Jumpshot/Avast employees

Funny example: They (developers) could see a man from Alaska (IP based) looking for an info about yeti and then going to buy a rifle in the same session.

[palant]

Yes, there is research about finding out the name behind pseudonymized browsing history data - they had success rates in the area of 90%, despite having far less detailed data than what Avast is collecting.