Spyware found in Sears online community installation

Online shoppers who signed up for the "Sears Holdings Community" ("My SHC Community" or "SHC") this holiday season got a gift that keeps on giving: spyware.

Sears defends its actions by saying it clearly notified customers before they accepted the software installation. However, several antispyware researchers found the Sears notification process fails to call out that users' online activities (including logging in to bank accounts) will be recorded and that it generally falls below industry standards.

The concern focuses on software installed by ComScore, an online data marketing firm. ComScore states on its Web site that it "maintains massive proprietary databases that provide a continuous, real-time measurement of the myriad ways in which the Internet is used and the wide variety of activities that are occurring online." The company has maintained over the years that its data collection methods do not qualify as spyware. However, several leading antispyware researchers disagree.

The controversy was first reported at the end of December by a senior researcher in the Anti-Spyware unit at Computer Associates, Benjamin Googins. In a blog, Googins related his own experience in joining the Sears Holdings Community, "a place where your voice is heard and your opinion matters." Although an initial sign up e-mail informed Googins of potential tracking opportunities, the online registration site itself does not. Nor does the Sears privacy policy clearly state what is and is not being tracked.

Rob Harles, a senior vice president of SHC, responded in a post to Googins blog . In his post, Harles said, "The vast majority of members of My SHC do not participate in any form of tracking, and those that have explicitly signed up do so after having been presented with simple, easy to understand language to which they have agreed." Googins says that a quick scan of older press releases shows that Harles was formerly a senior vice president at ComScore.

Veteran antispyware researcher Benjamin Edelman agrees with Googins. In a recent blog, Edelman stated "the limited SHC disclosure provided by email lacks the required specificity as to the nature, purpose, and effects of the ComScore software."

Specifically, Edelman cites that "the initial SHC email refers to the ComScore software as 'VoiceFive.' The license agreement refers to the ComScore software as 'our application' and 'this application.' The ActiveX prompt gives no product name, and it reports company name 'TMRG, Inc.' These conflicting names prevent users from figuring out what software they are asked to accept."

[thedreaming]

From Facebook to Sears

Seems like the Facebook Fiasco has opened up a can of worms where more and more social networking websites will try to collect your data and use it for their personal use.

[a_browser]

Yes, comscore = spyware. Cheers to Benjamin Googin.

This is dispicable... I challenge Sears and all of comscore to check whether "members" know that they are being spied on and were "presented with simple, easy to understand language."

After several minutes of navigating, I finally found the privacy policy on a page below-the fold and about FOUR clicks away from the sign up screen.

1) User has to be curious enough to click on "For more information on My SHC Community, please click here."
2) Then Scroll to the bottom of that page.
3) After reading through that full page of text, be curious enough to "Click here to view our Privacy Policy & ULA" and
4) Read down and click to below the fold to view the text about how they collect Internet usage information: Once you install our application, it monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions...

How can we let Sears and comScore get away with this kind of tracking (comscore claims 2million+ participants worldwide.) I contend it is unlikely any critical mass understands what personal information is being tracked by a 3rd party.

Please help Benjamin to stop the pariah of comscore!!

[themondo]

Mr. Rob Harles

Rob Harles, a senior vice president of SHC---huh

http://www.zoominfo.com/search/PersonDetail.aspx?PersonID=16472401


Mr. Rob Harles This is Me
Senior Vice President

comScore Networks , Inc.
Contact this person
Please Note:
This profile was automatically generated using 14 references found on the Internet. This information has not been verified. Learn more...
Employment History

*
Senior Vice President2
comScore Networks , Inc. (NASDAQ: SCOR)

Headquarters Address:
11465 Sunset Hills Road # 200
Reston, VA 20190
USA
Website: www.comscore.com
Phone: (703) 438-2000
Fax: (703) 438-2051

comScore, Inc. provides a digital marketing intelligence platform, which comprises its databases and a computational infrastructure that measures, analyzes and reports on digital activity. The Company delivers its digital marketing intelligence through its comScore Media Metrix product. More
*
Founder4
Oxford University Guild
*
Principal3
The Cambridge Group Inc

Headquarters Address:
227 West Monroe Street Suite 3200
Chicago, IL 60606-5058
USA
Website: www.thecambridgegroup.com
Phone: (312) 425-3600
Fax: (312) 425-3601

The Cambridge Group was founded on the premise that in order to succeed in today's market, companies must reverse their approach. The market has fundamentally and permanently changed and shifted away from supply-side economics. As a result, companies must first determine what current and. More
*
President3
Incent Inc

Headquarters Address:
Website: www.Incentinc.com


Board Membership and Affiliations

*
Board Member for the Chicago Chapter3
The Posse Foundation

Headquarters Address:
14 Wall Street , 11Th Floor
New York, NY 10005
USA
Website: www.possefoundation.org
Phone: (212) 405-1691
Fax: (212) 405-1697

The Posse Foundation identifies, recruits and trains student leaders from public high schools to form multicultural teams called "Posses." These teams are then prepared, through an intensive Pre-Collegiate Training Program, for enrollment at top-tier universities nationwide to pursue. More


Education
M.A., Modern European History3
University of Oxford

B.A., Modern European History3
University of Oxford


View all 14 references Web References

1.
1. www.dmn.ca
www.dmn.ca/Click/articles/vol1 - [Cached]

Published on: 3/6/2007 Last Visited: 3/6/2007---
HUH

[RUrban1]

Sears...punch line to a bad joke

Sears has fallen apart. I've dealt with them for 20 years and realize how badly things have turned. Customer Service is the worst inthe appliance industry. THEE worst! This new issue comes as little suprise to me. Avoid Sears.

[R.Jefferson]

This is the standard now

Well what do you expect? This is now the defacto standard on how to conduct business.

All transactions should start with personal information and an email address. Duh....

Its getting to the point where if you create anon email accounts to protect your neck, after 2 or 3 signups your at the dozens of spam per day level.

Because if one "company" gets it they sell it (regardless of what they say in the policy or EULA, self enforcement ahahahah) or it goes into a clusterphuck MS access file with our personal information sorted ever so carfully by criteria.

If you ever get boared and want a laugh go to a local Board of Elections and ask to see the MS Acess file with all of the registered voters with their personal info. Your going to here a lot of uhhh and ummm and profuse sweating. Because thier now suppose to let the cat out of the bag.

[Ted Bruner]

Why all the surprise, shock, and bewilderment?...

... Why the "I've done business with Sears for 20 years, but now"...???
There are two generations of people who have died hating Sears/Sears-Roebuck for more decades than you have lived.
I have personally seen old geezers driving 1930's/1940's cars around town and parking in Sears' parking lots with huge signs on them - all with one specific purpose: to tell people that Sears/Sears-Roebuck/Allstate, et al are crooks. I have seen this kind of discontent from coast to coast and border to (now walled/fenced) border.

Just because it's new to some of you, is no reason for the rest of the world to conclude that it's new; that Sears has "changed" or "turned". The one thing which history should teach is that most never learn from history.

What bothers me the most is that the most blatent form(s) of this "spy"ing is from companies with an unmistakable United States Capitalism leadership. Look at Sony; one time an honorable Oriental firm; but they hire an American and place him in the top position and we get "Root-Kits" before you can bat an eye.

What people should be realizing is that Corporate America and it's "honorable Capitalistic" system of corruption, monoplies, and control is an unswerving enemy.

The Founding Fathers of the nation long-forgotten were not "capitalists". They were not "Comunists". They were not "Socialists". These are new terms employed to justify three types of criminal behavior as though it was historic or sacred.

While the propaganda mills run at an ever increasing pace, the "average Joe" is being fleaced, raped, mugged, controlled, and left desolate by the "salesmen" who produce nothing and believe that money is worth more than anything it can possibly buy.

... And, no, I'm not Anti-Semetic. I'm talking about a group of people who lie for a way of life and never bother to care if something is right or wrong, be they atheists, agnostics or any one of the thousands of cults walking our streets and sipping coffee/tea/ (oops, not in Utah, anyway),... next to us or halfway around the world (how much further can you go on a sphere???).

Corporate America is without soul or conscience. Learn it and guard yourself. You can't trust any of them.

End Of Line.

[unzarjones]

get off your soapbox

Like all fanatics, you take your position too far. For all the ills of "Corporate America" and "United States Capitalism" (like it doesn't exist elsewhere) it undeniably feed BILLIONS

[pagardener]

UGH..How to eliminate

So how does one eliminate this spyware from one's computer????? I did join SHC awhile ago and did not remember any mention of this.

[mstacks]

how to eliminate?

Has this been answered yet? How DO you get rid of the thing?

[gggg sssss]

smells like a duck

looks like a duck, quacks like a duck, it must be a duck. Even Gator ( or whatever made up name they are now hiding behind ) said that POS they foisted on the world was not spyware. Would you believe them just because they say so? Sony said it was not a trojan horse. Would you believe them?

[jelcnet]

wrong animal dud ...

of course is not a troyan horse, the are now, troyan ducks.. just as you said

[eskayp]

Sears spyware

Remember:
Sears is corporately tied to K-Mart.
K-Mart chose Martha Stewart as their icon.
With a fraudstress up front, would a reasonable person expect their personal and financial data to be kept private?
Well, DUH.....'What's in YOUR wallet!'
TechDirt has had sequential articles on this topic for a week or two.

[jelcnet]

ugly ugly !!! ...not legal but NOTmoral either

to some this would read as a clear conflict of interests and valid question might be, who is whose employer ... the only safe way is signing up with temporary or fake email addresses and when buying on the web, well ... only from 100% reputable and trustworthy companies ..... got that Sears .. ?

[eskayp]

Sears being sued for privacy breach

A class action suit has been filed against Sears
for privacy breaches in their 'Community' effort
that violate their own Privacy Policy.

Entering a person's name, address, and phone number
on Sears' webform would bring up a detailed list of all the purchases that person had made.

$5 million is the amount reported.

[hpferg]

Expect huge changes at Sears

Don't be surprised if in the next several months you see major changes at Sears! As a former employee, the actions currently being taken within the business indicate something big is brewing. Not for the good of it's employees.