Sears infects customer computers with spyware
A Privacy International Harvard researcher has investigated a piece of "marketing software" from Sears and K-Mart and discovered that it contains incredibly invasive, brutal -- and illegal! -- spyware:
Link (Thanks, Virtual Tours!)
Sears offers members $10, and a chance to win one of several sweepstakes as an extra incentive to join the program.But in return, a small percentage of members must install extremely invasive software.
According to Googins, the product monitors not only all of the user's Web traffic, but also keeps track of secure sessions such as visits to bank sites, sniffs through email headers, and then sends that information to a ComScore.
(Image: Sears, Mónica, a Creative Commons Attribution-licensed photo from OmarOmar's Flickr stream)
the latest
latest episodes
Hey Sears, why don't you give Sony a call.
Might want to ask them how their whole rootkit thing worked out...
God, that picture makes me miss when department stores were supposed to be beautiful...
I used to feel sort of sorry for Sears and K-Mart, classic American retailers that have had their lunch eaten by the likes of Wal-Mart and Target, but not after reading this. Screw 'em.
I like the ars article on this:
http://arstechnica.com/news.ars/post/20080102-sears-come-see-the-softer-side-of-spyware.html
Especially this part:
Totally awesome, and highly indicitive of the gulf between 'service provider' and end user. It's not just MPAA/RIAA who are the bad guys, and I'm sure the Sears VP's mindset is "we just want to know why customers are shopping at Amazon (et al) instead of us."
Also, apparently no one on high at Sears Holding has ever had their computer pwnzord by spyware. That's the only reason I can think they would OK this and think customers would not A) eventually find out and B) scream for heads to roll when it hits the Washington Post.
AND:
C) REALLY scream for heads to roll when it hits the blog at boingboing.net
I just happened to be at Landmark Mall (near Washington DC) for lunch, so I stopped in the Sears store there. Not all of the computers on display had a live net connection, but some of the laptops did (unsecured WiFi near by) -- so I signed them up!
Lets see how long it takes, before Sears claim they didn't know exactly how invasive 'ScamSores software' (that'll what they'll say!) is.
that wasnt very k-smart of them
@Rob,Denmark (#7):
That's not going to fly from some comments I've seen on slashdot. One of the higher up at Sears apparently came from ComScore.
Here's another one just as nice...bought anything from Sears in, say, the last 30 years or so? Anyone you has access to your name, address and phone number (can anybody say phone book?) can access your purchase history the Sears site managemyhome.com
Link to CA.com blog post:
http://community.ca.com/blogs/securityadvisor/archive/2008/01/03/managemyhome-com-another-privacy-issue-for-sears.aspx
#10:
Looks like managemyhome.com has pulled the "feature." Or at least I can find it following the directions from that link.
What an outrage! This explains why it's been all over the news channels, right? Right?.. Anyone? What do you mean "the traditional media hasn't touched this story"?... Oh, crap.
I remember being very small, that when my mother took us to Sears, it was special, and we got all dressed up for it. I remember the childrens clothing had a central mannequin stand that never changed poses, and I remember feeling awed at a store that had a whole section just for clothes in my size. I certainly didn't feel special enough to deserve all that lol.
Shopping at Sears used to be a status symbol.