digg

Facebook Connect Join Digg About
See the original image at arstechnica.com

Sears: Come see the softer side of spyware

arstechnica.com When you join an online "community," are you joining so that you can interact with like-minded users, or so that companies can track your every move on the Internet? Sears is banking on the latter, despite heavy criticism from security researchers.

Who dugg this? Made popular Jan 3, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

119 Comments

show profanity settings
expand all
  • jaygray, on 01/03/2008, -0/+107Who the hell agrees to join a Kmart online community in the first place?
  • inactive, on 01/03/2008, -5/+72"Sears is banking on the latter..." That has to be one of the most terrible risks any corporation could make in the digital age. Couple that with the rise of fascism in the 21st century and you have a strong reason for a backlash by consumers against the Sears corp. Privacy matters, people matter.. when are they going to learn?
  • roberto_deneero, on 01/03/2008, -1/+55I wonder if their Craftsman brand spyware is guaranteed for life too.
  • DestroyFascism, on 01/03/2008, -0/+43I love it how companies can behave in ways the average criminal would spend a lifetime in jail for...This is a clear breach of International law...
  • ferrell, on 01/03/2008, -0/+41Dugg for "Kmart aficionados"
  • canUdiggit, on 01/03/2008, -0/+35They need an Extreme Makeover:Website Edition
  • Braingoo, on 01/03/2008, -1/+34Grandma, unfortuantly
  • brianu16, on 01/03/2008, -3/+35that is why I only shop at Walmart..
    *hides in corner
  • mithrasinvictus, on 01/03/2008, -10/+34i use this technique where i only install software i want to have, works great.
  • smacksaw, on 01/03/2008, -0/+23Think about the RIAA, and how they can sue anyone with only negligible evidence. Now imagine you using the RIAA's tactics to sue Sears if your computer were hacked.

    That would teach people to install spyware. If it's really sending banking information like the article claims, if your bank account got compromised, the first place I'd go after is Sears.
  • tendonut, on 01/03/2008, -0/+20The person could be like my brother. A message could say "Do you want to download this program that will royally ***** up your entire computer and report your downloaded music to the RIAA which will provide them the evidence to sue you into oblivion?" and he would click Yes because there was too many words to read. And he's 20.
  • edwartica, on 01/03/2008, -0/+19The truth of the matter is that many people +50 grew up trusting Sears and Kmart. So...those people.
  • opticsnake, on 01/03/2008, -0/+18This is why there should be regulations about where in a EULA notification of tracking software or other malicious backdoor applications should be placed. The fact that one of the notices of tracking in the agreement for this "community"was found on page 10 of a 54 page document clearly indicates that Sears wanted to hide what they were doing. The FTC should be all over this and force Sears to publicly apologize and immediately take down the "community" as well as offer remunerations to those who installed this software.
  • bblande, on 01/03/2008, -1/+19Wait....Sears and Kmart are still around?
  • Neph, on 01/03/2008, -0/+15Monitors, logs and sends back to the mothership "banking logins, email, and all other forms of Internet usage"? *Banking logins*? Bloody hell, even making the rather flattering assumption that their intentions are purely friendly, how can they not have considered the risk of that sort of information leaking? How can they not have learned from the dozens or hundreds of highly-publicized breakins that resulted in sensitive personal info falling into the hands of blackhats over the past few years?
    Spectacular, awe-inspiring incompetence, and I'd wager, more than a bit of malice thrown in for good measure. They deserve to be strung up by the FTC and bled dry; this is at least as bad as the Sony rootkit fiasco.
  • Qeveren, on 01/03/2008, -0/+15Corporate Personhood: All the Rights, none of the Responsibilities!
  • TheGreger, on 01/03/2008, -0/+14I think it meant that they didn't know that the software would track the users' activities not that they didn't know it was being installed.
  • Digg4Copper, on 01/03/2008, -3/+17Articles like this should offer a link or instructions on how to detect & remove the spy-ware. I don't think I've used either site, but it would be nice to be sure...
  • Maddoktor2, on 01/03/2008, -0/+12Of course it is - if it ever breaks, they'll replace it for free!
  • cougar3429, on 01/03/2008, -1/+12Why do you think Sears and K-Mart are on the verge of bankruptcy? Both companies are primitive, money-grubbing shadows of what they used to be. Nobody under the age of 50 goes there. Who is in control of these corporations? Wake up.
  • geoboy, on 01/03/2008, -1/+12Tay-Zonday
  • williamdyer, on 01/03/2008, -0/+10The Sears and comscore ***** need an extreme makover face-meets-tire-iron edition.
  • funkyjunk3, on 01/03/2008, -1/+10Give these guys a call and let them know you don't want spyware trackers with your community registration:
    Sears National Customer Relations 1-800-549-4505
    Continential US and Hawaii 1-800-732-7747
  • Neiby, on 01/03/2008, -0/+9Your comment makes no sense. Are you referring to the original article or did you mean to reply to someone else's comment? You're an idiot if you're referring to the article.
  • MISDIREK7ED, on 01/03/2008, -6/+14RTFA. "..where their web sites were found to be installing software to track users' every online move—all without their knowledge."
  • evanpugface, on 01/03/2008, -0/+8the article already explains how it is NOT legal because they do not state you are installing spyware in a CLEAR and UNAVOIDABLE manner, they bury it in legalese, ***** that no one but lawyers read.
  • williamdyer, on 01/03/2008, -1/+9No, the people who make that crap should be in prison or dead, like that Russian spammer who got a bullet in the head.
  • Zonks, on 01/03/2008, -0/+8Ah *****, I work there...wonder what they're taking from me...
  • yojiffyskippy, on 01/03/2008, -4/+11Wow! Just six comments into this and somebody has already blamed GW. You are a spinmaster. That may be a record!
  • edwartica, on 01/03/2008, -0/+7Kmart has been around for a lot longer than amazon, so Kmart has a brand name that equals trust to some people.
  • sleepwalkers, on 01/03/2008, -0/+6Protip: You don't need to use "@whoever" when you hit the reply button.
  • ZombieKiss, on 01/03/2008, -4/+10You should use the one where you read the article before slinging your jackassery around.
  • HonoredMule, on 01/03/2008, -0/+6...and Billy-Bob's account number, credit card number, Logins and passwords for various sites...
  • mbookmeyer, on 01/03/2008, -0/+6Where is the FTC in all of this?

    In the words of the Federal Trade Commission Act, Section 5, the FTC is responsible to "promote free and fair competition in interstate commerce in the interest of the public through prevention of price-fixing agreements, boycotts, combinations in restraint of trade, unfair methods of competition, and unfair and deceptive acts and practices."

    Seems to me that this falls within 'deceptive acts and practices' portion. Guess no one at the FTC noticed...
  • GuruCesc, on 01/03/2008, -0/+6I really REALLY can't believe that anyone (at all) would agree to this... oh... hold on, those that don't even read the Policy at all...
    I would like to do an experiment now, offering some kind of crappy software for free and CLEARLY state in the privacy policy that the software may be looking specifically for financial records, user names and passwords and that it will send it unencrypted through the net... I mean, just to see if anyone downloads the software at all... (even if it is not true that the software will do that!! which will be hidden in the small print!!)
  • ChaosMotor, on 01/03/2008, -0/+5That's why you never trust full security to a single program. I typically use Spybot, Ad-Aware, and AVG and have good results.
  • inactive, on 01/03/2008, -0/+5... or if replying to someone else's comment.
  • gsadamb, on 01/03/2008, -0/+5I see the strategy here...

    1.) Violate your customers' trust by giving them spyware.
    2.) Get sued into bankruptcy for said illegal activities.
    3.) Government bail-out time!
  • oldhick, on 01/03/2008, -5/+10Dumbest comment of the morning goes to secrity!
  • fotbr, on 01/03/2008, -0/+4Sears still carries some of the best hand tools around (Craftsman). Their power tools tend to suck though.
  • gzuckier, on 01/03/2008, -0/+4I think it would be great to sign up every computer in every public library, Internet cafe, school computer center, etc. for this and let them try to figure out what their members are doing.
  • Khast, on 01/03/2008, -1/+5Heh, for those who don't know what this site is. Spybot S&D It works, and it's free. It works better than the ones you actually have to pay for. I've been using this for about 4 years now.
  • Dralex75, on 01/03/2008, -0/+4Let them know you are unhappy about this:
    http://www.myshccommunity.com/supportform.aspx
  • darny, on 01/03/2008, -1/+5bastages. they should be sued into the stone age.
  • andrewh925, on 01/03/2008, -0/+3Perhaps they changed their website after this article was written, but they have it clearly stated in the Privacy Policy. They also say they will share the information with Sears affiliates and partners, they just won't sell it to 3rd party marketers.

    "Internet usage information: Once you install our application, it monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions, such as filling a shopping basket, completing an application form or checking your online accounts, which may include personal financial or health information. We may use the information that we monitor, such as name and address, for the purpose of better understanding your household demographics; however we make commercially viable efforts to automatically filter confidential personally identifiable information such as UserID, password, credit card numbers, and account numbers. Inadvertently, we may collect such information about our panelists; and when this happens, we make commercially viable efforts to purge our database of such information."

    more: http://www.myshccommunity.com/Privacy.aspx
  • cmdrNacho, on 01/03/2008, -0/+3Im assuming this only applies to IE and windows users. Anybody knows ?
  • iantester, on 01/03/2008, -1/+4What a bunch of K-nts.
  • tendonut, on 01/03/2008, -0/+3I know exactly what you mean. Why would you want to buy something on a department store website anyways? You're stuck paying the same in-store price, plus tax and shipping. Order from Amazon, or any major online retailer for that matter, and you will most likely pay a LOT less, get free shipping and most likely, tax free (Shhh, don't tell the IRS!)
  • Scira, on 01/03/2008, -0/+3Well its a 50/50 chance on when they will learn. They will either never learn or will learn when its too late.
  • andrewh925, on 01/03/2008, -0/+3Agreed. I forgot to mention how if anybody took 10 seconds to scan the privacy policy for "Information we collect" (or similar) and read that, they wouldn't participate. Maybe for a free copy of Vista (not me, though), but not for a KMART and SEARS message board or whatever the hell it is.
  • Fetching more discussions...
    Show 51 - 100 of 116 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.