I almost forgot to pummel Sears Holdings Corporation (NASDAQ: SHLD), the owner of Kmart and Sears, about the reports of them installing spyware from comScore on the computers of their loyal customers. I ran across a post on Ars Technica that described customers visiting the KMart and Sears websites and the sites installing software to track users' online activity:
"... late last year, Sears.com and Kmart.com began asking users if they wanted to participate in a "community" online (presumably a community made up of Sears and Kmart aficionados). In late December, security researcher Benjamin Googins at Computer Associates noticed, however, that the "community" actually installed software from comScore, a market research firm, in order to track the web activities of the sites' visitors.
Googins stated on his company's blog that Sears had installed spyware which transmitted everything—"including banking logins, email, and all other forms of Internet usage"—to comScore for analysis. This was all allegedly done with no notice that anything was being installed, and it ran contrary to documentation about the community that said any data collected would stay within Sears' hands at all times."
Apparently Sears did notify these users of their intent to spy on them. Every participating user received an e-mail stating that the application "monitors all of the internet behavior that occurs on the computer on which you install the application, including...filling a shopping basket, completing an application form, or checking your...personal financial or health information."
Unfortunately this warning comes on page 10 of a 54-page privacy statement that is 2,971 words long. A number of security researchers concur that the Sears document fails to meet standards established by the Federal Trade Commission when it settled with Direct Revenue and Zango over the lack of disclosure about the extent of their snoopware.
So, in closing be cautious when you participate in something like this and remember that you cannot guarantee the sanctity of your personal information once it leaves your computer.
Comment Preview