News:

What happens if you get scared half to death twice? -Steven Wright

Main Menu

Sears/KMart spyware

Started by M‡¢ĦÆŁ Ҝ, January 04, 2008, 10:25:34 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

M‡¢ĦÆŁ Ҝ

Sears: Come see the softer side of spyware
By Jacqui Cheng | Published: January 02, 2008 - 05:15PM CT

Sears and Kmart are places you might go when you need a new air conditioner filter or a lawnmower; they're not generally thought of as havens for spyware. But that's what the two stores have become, at least online, where their web sites were found to be installing software to track users' every online move—all without their knowledge. Security researchers are now hammering Sears (the owner of both Sears.com and Kmart.com) for the move, despite Sears' claims that users were notified adequately beforehand.

The story goes like this: late last year, Sears.com and Kmart.com began asking users if they wanted to participate in a "community" online (presumably a community made up of Sears and Kmart aficionados). In late December, security researcher Benjamin Googins at Computer Associates noticed, however, that the "community" actually installed software from comScore, a market research firm, in order to track the web activities of the sites' visitors.

Googins stated on his company's blog that Sears had installed spyware which transmitted everything—"including banking logins, email, and all other forms of Internet usage"—to comScore for analysis. This was all allegedly done with no notice that anything was being installed, and it ran contrary to documentation about the community that said any data collected would stay within Sears' hands at all times.

But wait, there's more! In an update to his original post, Googins noted that Sears actually offers a slightly different privacy policy—via the same URL—to compromised computers versus those that have yet to install the software. "If you access that URL with a machine compromised by the Sears proxy software, you will get the policy with direct language (like 'monitors all Internet behavior'). If you access the policy using an uncompromised system, you will get the toned-down version (like 'provide superior service')," he wrote.

Surprisingly, Sears VP Rob Harles responded to Googins' original post, stating that the company "goes to great lengths to describe the tracking aspect." He claims that "clear notice" is provided to users multiple times throughout the sign-up process. The "community" continued on.

Now, spyware researcher Ben Edelman has taken a look at the situation, and he agrees with Googins' assessment. Edelman heavily scrutinized all documentation that came with signing up for the community and found a few mentions of tracking software buried deep within the tangled legalese (for example, one mention was on page 10 of a 54-page license document). This, he says, goes against regulations by the Federal Trade Commission that require clear, unavoidable disclosure and "express consent" from the user before installing such software.

The two vague disclosures that Edelman found both fail to meet the FTC's standards, he says, and he argues that Harles couldn't possibly be more incorrect in his assertions that Sears goes to great lengths—or any lengths at all—to inform users of what's going on.

The whole incident is reminiscent of another recent privacy blunder by Facebook, where its Beacon application tracked user activity elsewhere on the web and reported it back to the site for the world to see. The difference is that Facebook reacted relatively quickly to the community outrage (that is, the real, actual Facebook community, and not a nebulous term to describe being tracked by a retailer) and made significant changes to how Beacon interacted with the users it was tracking. The situation is still not perfect—the tool still tracks users' activity even if they choose not to have it displayed—but it puts Facebook light-years ahead of where Sears is right now. As of today, Sears' online community—complete with very detailed comScore tracking software—is still available online.

Source
Move along, nothing to see here.

Sis

#1
I haven't bought anything electronic at Kmart for years. Everytime I did, it was faulty or parts like cords were missing. I haven't purchased anything from Sears for years. The last time I bought something was when I was back home and it was just an AV cord.

I hate the loss of privacy in this day and age. Love the technology but don't like the lack of privacy. I don't put anything online that I wouldn't want to share. I've never purchased anything online where I didn't get an address and send a check. Stevebert has purchased through Amazon but I don't want my banking info out there.

Edited in: That's a lot like selling a phone that's tapped so they can track all your phone calls and what you say. Not nice!v :nono:


The Purple Fuzzy


Chseeads


The Purple Fuzzy

:girltongue:

It was posted before I joined GP.

Chseeads


The Purple Fuzzy

My point is, I didn't know what I was doing and marked everything as read on accident, so I find stuff at random times. ;)

Chseeads


iridiscente

Quote from: Sis on January 04, 2008, 10:42:19 PM
I haven't bought anything electronic at Kmart for years. Everytime I did, it was faulty or parts like cords were missing. I haven't purchased anything from Sears for years. The last time I bought something was when I was back home and it was just an AV cord.

I hate the loss of privacy in this day and age. Love the technology but don't like the lack of privacy. I don't put anything online that I wouldn't want to share. I've never purchased anything online where I didn't get an address and send a check. Stevebert has purchased through Amazon but I don't want my banking info out there.

Edited in: That's a lot like selling a phone that's tapped so they can track all your phone calls and what you say. Not nice!v :nono:
I hate the loss of privacy too. And Seth rolling his eyes at my mom.

Sis



yosemite

hmmmm! it might be a conspiracy!! hahahaha if corporations are doing this, what do ya think the government is doing? i think the government is way ahead of this ball game and now use other direct means to manipulate, harass, and track you all.
My conscience is captive to the Word of God.Thus I cannot and will not recant, for going against my conscience is neither safe nor salutary. I can do no other, here i stand, God help me. Amen      -Martin Luther

Sis

Ever see big brother's cameras on top of traffic light poles?


Chseeads


The Purple Fuzzy

* practicalme rolls her eyes at Seth  :roll:

Now, we're even.  Dina, you feel better? ;)
  :biglaugh:

yosemite

Quote from: Sis on September 04, 2008, 01:31:10 AM
Ever see big brother's cameras on top of traffic light poles?
ever see the un-maned radar guns beside the highway with cameras?
My conscience is captive to the Word of God.Thus I cannot and will not recant, for going against my conscience is neither safe nor salutary. I can do no other, here i stand, God help me. Amen      -Martin Luther

iridiscente


Chseeads


Brother Dad

Spies are everywhere.  But I trust in God and He will protect me.  The government is getting more and more involved in our lives everyday and telling us it is for our own good.
Acts 4:12 Neither is there salvation in any other: for there is none other name under heaven given among men, whereby we must be saved.

Brother Dad

As far as Sears goes I am not a big shopper of theirs.
Acts 4:12 Neither is there salvation in any other: for there is none other name under heaven given among men, whereby we must be saved.

World Traveler

I purchased some shoes in August from a Payless store. Among the information they wanted was my phone number. I asked the checker if she was going to miss the shoes. She looked confused so I continued, "Well, you asked for my phone number. I thought maybe you were going to call them."

I cannot credit myself for the line. I read it somewhere, but love using it just the same.
There is no statute of limitations on murder or bad first impressions.

I am enjoying my second childhood.
It is a lot of fun.
I have money this time!!

Marry, divorce, marry someone new, divorce, marry again, divorce, marry again... Polygamy on the installment plan.

Brother Dad

Quote from: World Traveler on September 04, 2008, 04:09:03 PM
I purchased some shoes in August from a Payless store. Among the information they wanted was my phone number. I asked the checker if she was going to miss the shoes. She looked confused so I continued, "Well, you asked for my phone number. I thought maybe you were going to call them."

I cannot credit myself for the line. I read it somewhere, but love using it just the same.
Have to remember that one
Acts 4:12 Neither is there salvation in any other: for there is none other name under heaven given among men, whereby we must be saved.

Sis

I don't even tell them my zipcode. I tell them if they need one, to write in the zip where the store is.


The Purple Fuzzy

I read an article where someone was killed and stuffed in a suitcase and thrown in the ocean.  They were able to use the UPC code from the suitcase to tell where it was bought and traced who bought it because they used their debit card.  It helped catch a killer, but it sure makes you think.

Sis

Yeah, it's all for our own good. If they "protect" us to the extent they want, we'll be under a dictatorship with Big Brother watching our every move.... for our own good, of course.

You can "protect" people into a prison without bars. Would you even do that to your kid? Or would you let them make their own mistakes after a few years?

Arab women must be covered head to toe "for their protection".  They can't make any noise, "for their own protection".  If they do the family dishonor, they can be killed, "for the protection of the other women".    :tantrum:


mesipie

its mesi: mee see...not messy

messaypah to only a certain few...lol...