Sears found to be using spyware to track visitors

Security researches are criticizing retailer Sears for not adequately describing its efforts to track the behaviors of those who provide the company with their contact information.

The process begins after the customer provides Sears.com with an e-mail address. An e-mail will appear in the customer's inbox inviting them to join a program called "My SHC Community."

Sears says participating in the program is on the customer's terms, and discloses in the e-mail that it will ask the user to download software from its partner VoiceFive. Terms in the software say that the company will confidentially track users' browsing habits.

However, what Sears' e-mail doesn't disclose is that it not only tracks browsing behavior on Sears.com, but all data on where participants go on the Web. Disclosure of this does not appear until a user scrolls through a large portion of the privacy statement and user license agreement.

There, what Sears says it will track may be troubling to some: The software "monitors all of the Internet behavior that occurs on the computer on which you install the application, including ... filling a shopping basket, completing an application form, or checking your ... personal financial or health information."

The VoiceFive software comes from TMRG, which is not mentioned in any of the literature provided by Sears. Packet sniffing led researchers to believe that the software uses comScore technology to track user habits.

With the convoluted method in which Sears discloses the behavior of its software, it may actually run afoul of FTC regulations regarding spyware disclosure. The agency requires any tracking software to be clearly explained, which the retailer does not do, researchers argue.

"The Sears SHC installation of ComScore falls far short of these rules. The limited SHC disclosure provided by email lacks the required specificity as to the nature, purpose, and effects of the ComScore software," spyware expert Benjamin Edelman wrote on his blog Tuesday.

"Nor is that disclosure 'unavoidable,' in that the key text appears midway through a paragraph, without a heading or even a topic sentence to alert users to the important (albeit vague) information that follows."

To its defense, Sears said it "goes to great lengths" to disclose the nature of its program, a claim that Edelman "emphatically" disagreed with.

23 Responses to Sears found to be using spyware to track visitors

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.