Researcher Charged Sears for Spreading Malware
A researcher from Harvard University has charged one of the US' best retailers for injecting privacy stealing ComScore's spyware in customers' machines.
Ben Edelman, Harvard Business School's Assistant Professor, posted an analysis on his website on January 1, 2008 in which he clarified that privacy notifications on the SHC website ( it is the parent company of Kmart and Sears Roebuck and Co) do not comply completely with the guidelines of Federal Trade Commission (FTC). The guidelines say that a separate notification should be given for installing ComScore software on the site.
The process starts soon after a customer provides his e-mail address to Sears.com. An e-mail comes in the customer's inbox which invites him to join a program called "My SHC Community".
However, Sears said that the participation in the program is based on customers' terms. The e-mail also reveals that it would ask the users to download certain software from its partner VoiceFive, wing of Internet measurement firm ComScore. The terms and conditions for downloading the software say that the company would track the browsing habits of users.
But the Sears' e-mail hides the fact that it would track not only the data of participants including browsing behavior but also which sites participants visit on the web. Disclosure about this term comes when users thoroughly check the privacy statement and user license.
Edelman said in an interview to PC World on January 2, 2008 that the software is not so important that one wants it on his computer or anyone else's computer. The software keeps a track on the user's every activity including every site he visits, every search he does, every product he purchases, and every products he looks at, but do not purchase any product.
CA Senior Engineer, Benjamin Googins, wrote a blog entry in late December in which he not only criticized the software but also brought the problem of SHC Community into limelight. The software was authored by VoiceFive.
Edelman asked Sears to give clarification if the users' browsing data is being given to ComScore's clients, as reported by SC Magazine.
» SPAMfighter News - 14-01-2008