A Harvard researcher has accused one of America’s biggest retailers of sneaking privacy-stealing spyware from ComScore onto customers’ machines.
Sears Holding Corporation, owner of Sears, Roebuck and Co. and Kmart, makes the pitch in an email sent to people shortly after they provide their address at Sears.com. Clicking the “Join” button invokes a dialog that requests the person’s name, address and household size before installing ComScore spyware that monitors every site visited on the computer.
Sears’ leap into the spyware business was first documented by Computer Associates researcher Benjamin Googins, who determined the notice to end users was inadequate. Yesterday, Harvard researcher Ben Edelman weighed in and came to largely the same conclusion.
It’s not that Sears fails to notify users it intends to spy on them. Indeed, the email sent to users states that the application “monitors all of the internet behavior that occurs on the computer on which you install the application, including…filling a shopping basket, completing an application form, or checking your…personal financial or health information.”
The rub is that this unusually frank warning comes on page 10 of a 54-page privacy statement that is 2,971 words long.