Save up to $300/year on phone bills
Spyware found in Sears online community installation
Online shoppers who signed up for the "Sears Holdings Community" ("My SHC Community" or "SHC") this holiday season got a gift that keeps on giving: spyware.
Sears defends its actions by saying it clearly notified customers before they accepted the software installation. However, several antispyware researchers found the Sears notification process fails to call out that users' online activities (including logging in to bank accounts) will be recorded and that it generally falls below industry standards.
The concern focuses on software installed by ComScore, an online data marketing firm. ComScore states on its Web site that it "maintains massive proprietary databases that provide a continuous, real-time measurement of the myriad ways in which the Internet is used and the wide variety of activities that are occurring online." The company has maintained over the years that its data collection methods do not qualify as spyware. However, several leading antispyware researchers disagree.
The controversy was first reported at the end of December by a senior researcher in the Anti-Spyware unit at Computer Associates, Benjamin Googins. In a blog, Googins related his own experience in joining the Sears Holdings Community, "a place where your voice is heard and your opinion matters." Although an initial sign up e-mail informed Googins of potential tracking opportunities, the online registration site itself does not. Nor does the Sears privacy policy clearly state what is and is not being tracked.
Rob Harles, a senior vice president of SHC, responded in a post to Googins blog . In his post, Harles said, "The vast majority of members of My SHC do not participate in any form of tracking, and those that have explicitly signed up do so after having been presented with simple, easy to understand language to which they have agreed." Googins says that a quick scan of older press releases shows that Harles was formerly a senior vice president at ComScore.
Veteran antispyware researcher Benjamin Edelman agrees with Googins. In a recent blog, Edelman stated "the limited SHC disclosure provided by email lacks the required specificity as to the nature, purpose, and effects of the ComScore software."
Specifically, Edelman cites that "the initial SHC email refers to the ComScore software as 'VoiceFive.' The license agreement refers to the ComScore software as 'our application' and 'this application.' The ActiveX prompt gives no product name, and it reports company name 'TMRG, Inc.' These conflicting names prevent users from figuring out what software they are asked to accept."
- Topics:
-
Spyware
- Tags:
-
security,
-
Sears,
-
comScore,
-
Benjamin Edelman,
-
CA
- Bookmark:
- Digg
- Del.icio.us
After several minutes of navigating, I finally found the privacy policy on a page below-the fold and about FOUR clicks away from the sign up screen.
1) User has to be curious enough to click on "For more information on My SHC Community, please click here."
2) Then Scroll to the bottom of that page.
3) After reading through that full page of text, be curious enough to "Click here to view our Privacy Policy & ULA" and
4) Read down and click to below the fold to view the text about how they collect Internet usage information: Once you install our application, it monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions...
How can we let Sears and comScore get away with this kind of tracking (comscore claims 2million+ participants worldwide.) I contend it is unlikely any critical mass understands what personal information is being tracked by a 3rd party.
Please help Benjamin to stop the pariah of comscore!!
http://www.zoominfo.com/search/PersonDetail.aspx?PersonID=16472401
Mr. Rob Harles This is Me
Senior Vice President
comScore Networks , Inc.
Contact this person
Please Note:
This profile was automatically generated using 14 references found on the Internet. This information has not been verified. Learn more...
Employment History
*
Senior Vice President2
comScore Networks , Inc. (NASDAQ: SCOR)
Headquarters Address:
11465 Sunset Hills Road # 200
Reston, VA 20190
USA
Website: www.comscore.com
Phone: (703) 438-2000
Fax: (703) 438-2051
comScore, Inc. provides a digital marketing intelligence platform, which comprises its databases and a computational infrastructure that measures, analyzes and reports on digital activity. The Company delivers its digital marketing intelligence through its comScore Media Metrix product. More
*
Founder4
Oxford University Guild
*
Principal3
The Cambridge Group Inc
Headquarters Address:
227 West Monroe Street Suite 3200
Chicago, IL 60606-5058
USA
Website: www.thecambridgegroup.com
Phone: (312) 425-3600
Fax: (312) 425-3601
The Cambridge Group was founded on the premise that in order to succeed in today's market, companies must reverse their approach. The market has fundamentally and permanently changed and shifted away from supply-side economics. As a result, companies must first determine what current and. More
*
President3
Incent Inc
Headquarters Address:
Website: www.Incentinc.com
Board Membership and Affiliations
*
Board Member for the Chicago Chapter3
The Posse Foundation
Headquarters Address:
14 Wall Street , 11Th Floor
New York, NY 10005
USA
Website: www.possefoundation.org
Phone: (212) 405-1691
Fax: (212) 405-1697
The Posse Foundation identifies, recruits and trains student leaders from public high schools to form multicultural teams called "Posses." These teams are then prepared, through an intensive Pre-Collegiate Training Program, for enrollment at top-tier universities nationwide to pursue. More
Education
M.A., Modern European History3
University of Oxford
B.A., Modern European History3
University of Oxford
View all 14 references Web References
1.
1. www.dmn.ca
www.dmn.ca/Click/articles/vol1 - [Cached]
Published on: 3/6/2007 Last Visited: 3/6/2007---
HUH
All transactions should start with personal information and an email address. Duh....
Its getting to the point where if you create anon email accounts to protect your neck, after 2 or 3 signups your at the dozens of spam per day level.
Because if one "company" gets it they sell it (regardless of what they say in the policy or EULA, self enforcement ahahahah) or it goes into a clusterphuck MS access file with our personal information sorted ever so carfully by criteria.
If you ever get boared and want a laugh go to a local Board of Elections and ask to see the MS Acess file with all of the registered voters with their personal info. Your going to here a lot of uhhh and ummm and profuse sweating. Because thier now suppose to let the cat out of the bag.
There are two generations of people who have died hating Sears/Sears-Roebuck for more decades than you have lived.
I have personally seen old geezers driving 1930's/1940's cars around town and parking in Sears' parking lots with huge signs on them - all with one specific purpose: to tell people that Sears/Sears-Roebuck/Allstate, et al are crooks. I have seen this kind of discontent from coast to coast and border to (now walled/fenced) border.
Just because it's new to some of you, is no reason for the rest of the world to conclude that it's new; that Sears has "changed" or "turned". The one thing which history should teach is that most never learn from history.
What bothers me the most is that the most blatent form(s) of this "spy"ing is from companies with an unmistakable United States Capitalism leadership. Look at Sony; one time an honorable Oriental firm; but they hire an American and place him in the top position and we get "Root-Kits" before you can bat an eye.
What people should be realizing is that Corporate America and it's "honorable Capitalistic" system of corruption, monoplies, and control is an unswerving enemy.
The Founding Fathers of the nation long-forgotten were not "capitalists". They were not "Comunists". They were not "Socialists". These are new terms employed to justify three types of criminal behavior as though it was historic or sacred.
While the propaganda mills run at an ever increasing pace, the "average Joe" is being fleaced, raped, mugged, controlled, and left desolate by the "salesmen" who produce nothing and believe that money is worth more than anything it can possibly buy.
... And, no, I'm not Anti-Semetic. I'm talking about a group of people who lie for a way of life and never bother to care if something is right or wrong, be they atheists, agnostics or any one of the thousands of cults walking our streets and sipping coffee/tea/ (oops, not in Utah, anyway),... next to us or halfway around the world (how much further can you go on a sphere???).
Corporate America is without soul or conscience. Learn it and guard yourself. You can't trust any of them.
End Of Line.
Sears is corporately tied to K-Mart.
K-Mart chose Martha Stewart as their icon.
With a fraudstress up front, would a reasonable person expect their personal and financial data to be kept private?
Well, DUH.....'What's in YOUR wallet!'
TechDirt has had sequential articles on this topic for a week or two.
for privacy breaches in their 'Community' effort
that violate their own Privacy Policy.
Entering a person's name, address, and phone number
on Sears' webform would bring up a detailed list of all the purchases that person had made.
$5 million is the amount reported.