This Blog
Syndication
Recent Posts
Tags
Calendar
Archives
CA Security Advisor Research Blog
Sears.com: Join the Community – Get Spyware
Update to this blog here.
While Christmas shopping online this season, be careful what you are signing up for.
Visiting Sears.com (and Kmart.com) a few weeks ago, I was offered a chance to join My SHC Community, for free, but what I received was, from a privacy perspective, very costly. Sears.com is distributing spyware that tracks all your Internet usage - including banking logins, email, and all other forms of Internet usage - all in the name of "community participation." Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer. In other words, if you have installed Sears software ("the proxy") on your system, all data transmitted to and from your system will be intercepted. This extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software. In fact, while registering to join the "community," very little mention is made of software or tracking. Furthermore, after the software is installed, there is no indication on the desktop that the proxy exists on the system, so users are tracked silently. An interesting note, the spyware Sears distributes is "genetically" related to software CA Anti-Spyware has detected for a few years by the name of MarketScore (and other aliases) and distributed by other websites.
A Significant Threat to Privacy
Here is a summary of what the software does and how it is used. The proxy:
- 1. Monitors and transmits a copy of all Internet traffic going from and coming to the compromised system.
- 2. Monitors secure sessions (websites beginning with ‘https'), which may include shopping or banking sites.
- 3. Records and transmits "the pace and style with which you enter information online..."
- 4. Parses the header section of personal emails.
- 5. May combine any data intercepted with additional information like "select credit bureau information" and other sources like "consumer preference reporting companies or credit reporting agencies".
In addition, My SHC Community requires a variety of personal information during registration - like name, email, address, city, state, and age. All of this information can be correlated with intercepted data to create a comprehensive profile.
A Look at Network Traffic
When I analyzed my network traffic, knowing my machine was compromised, I expected to see data being sent to a domain registered by Sears. Not the case. All of my data was actually transmitted to the domain oss-content.securestudies.com (IP address: 209.247.230.166). If you look at the figure below of data captured using Wireshark, you will see a simple web transaction I made via Google. After the Google page was requested and loaded, a duplicate copy was sent to oss-content.securestudies.com.
The current registrant of the domain securestudies.com, is not Sears, but comScore. comScore is a market research company, and my data is being sent to comScore without any mention of this in the Sears privacy policy. Both companies are yet to respond to an email I wrote asking how they use the data they receive from the Sears proxy. I had sent a previous email to Sears asking some general questions about the “Community” and they responded promptly, but I am still waiting for either to respond to my inquiry on how comScore uses my data. I am concerned.
A Blatant Lie or Misinformed?Sears makes the following statement: “The personal information that you give myshccommunity.com when you register as well as any personal information that you give during the completion of a communication is stored in a confidential database owned by myshccommunity.com and is never delivered to a client. myshccommunity.com never sells your personal information to any company for any reason.” When I registered I looked over my network traffic, and all form data (name, address, etc), is sent to 66.119.41.87. This IP address is registered to comScore. This is almost laughable (in a scary privacy violation sort of way). I enter data on a page branded Sears, saying my data is stored on a secure database owned by Sears, but when I submit the data it is sent to comScore, a third party market research company.
Lack of Prominent Notice and Informed ConsentThe problem with the installation process is that it does not prominently emphasize that by completing the registration process, the user’s computer will be intensely tracked. Here are the basic steps of the registration (installation): 1) I visited Sears.com (a repeat test of Kmart test produced a similar popup) and was presented with a sliding toast popup (see image, below). The popup covered the Sears.com homepage and required that I find the hidden (in this case, the micro X in the upper right) exit button. The popup asked me to join the Sears community and enter my email address. On this page, there is no mention of tracking software, only the “community”.
2) I received an email and clicked ‘join today’. In the 7 or 8 paragraphs describing the “community” on this page, Sears buries its mention of ‘tracking’ in the third sentence of the fourth paragraph.
3) I was taken to a Sears landing page. I clicked ‘join today’. There was absolutely no mention of “software” or “tracking” on this page, but plenty of bullet points telling me about the joys of being a member and how my ‘voice counts’.
4) A page opened asking me to fill in personal information. There is no prominent mention that I am agreeing to install tracking software on my computer. One sentence mentions that the information entered on the page will be used to “assist SHC in providing you the most relevant information, communication, and content customized to your needs.” Also, at the bottom of the page is a small scroll box with the privacy policy.
5) After filling out the forms, the software download started. After the proxy software installed, there was nothing to indicate that it was actually installed. Since installation, I have not received any follow-up emails from the “community” or any other form of communication reminding me of my “membership.” All data continues to be logged – luckily the research is being conducted on a test machine. Today I went to Sears.com and did not receive the sliding popup mentioned above, but clicked a link titled ‘join My SHC Community’. Following this link, I was never presented with the minimal notice listed in step 3 above. Furthermore, because the proxy tracks silently, anyone else who uses a compromised system will have their web usage tracked. There are no technological controls in place to control inadvertent tracking.
The Privacy Policy
When I originally did the research for this post a few weeks ago, Sears had put together a privacy policy that did a reasonable job of explaining clearly how the proxy operates. Suspiciously, when I looked at the privacy policy today, all of the direct, clear language has been removed and replaced with vague legal terms. To give you an idea of what I am talking about, the original privacy policy mentioned the word “software” 11 times – in the policy published today, it is not mentioned even once. In the old policy, “tracking” was mentioned 3 times – in today’s version it is not mentioned even once. The word “application” – from 32 mentions to none. Why did they pull out all the descriptive language and replace it with vague legal language? Some sections that have been totally removed from the Privacy Policy:- ‘Once you install our application, it monitors all of the Internet behavior that occurs on the computer’
- ‘software application also tracks the pace and style with which you enter information online’
- ‘Our application may collect certain basic hardware, software, computer configuration and application usage information about the computer’
- ‘myshccommunity.com gathers information about its members to provide superior service, communicate offers on merchandise and services’
- ‘We use this information to customize your experience on our website and to provide you with the most relevant products and services.
- ‘we make commercially viable efforts to automatically filter confidential personally identifiable information such as UserID, password, credit card numbers, and account numbers’
Unresolved Questions
- Why didn’t Sears disclose that my data, that related to registration and data sent by the proxy, is actually sent to comScore?
- Why won’t comScore answer my questions about how they use my data?
- Why has Sears removed all the clear language from the Privacy Policy and replaced it with vague legal language?
- Why isn’t the registration process clear that the user is actually signing up to install tracking software?
Sears.com is pushing software with extensive user tracking capabilities and doing a very poor job of obtaining informed consent – if at all. After the proxy software is installed on the user’s system there is nothing on the user’s desktop to indicate their every move on the Internet is being collected and sent to a third party market research company, comScore.
Comments
James F. said:
Benjamin,
Nice write up, thanks for doing this. Is CA going to add an antivirus/antispyware signature for this software to its products?
James F. said:
Benjamin,
Nice job, thanks for the detailed write-up. Is CA going to add this software's signature to their antispyware product(s) ?
CA Security Advisor Research Blog said:
In my blog post yesterday I reported that there was a significant change in how the privacy policy for
Benjamin Googins said:
Thanks James. Yes, this software is detected by CA Anti-Spyware by the pest name "Software.com proxy". Also, I just posted an update to this blog: community.ca.com/.../sears-update-privacy-policy-scorecard-and-genetic-heritage.aspx
and here is more info on the spyware detections: ca.com/.../pest.aspx
CA Security Advisor Research Blog said:
Earlier today comments were submitted by Rob Harles, VP SHC Community, to my original blog posting titled
Scott said:
Do what I did. Write customer service, the webmaster (webmaster@customerservice.sears.com), the CEO (alewis1@searshc.com) and give them a piece of your mind.
CA Security Advisor Research Blog said:
On December 29, Rob Harles, the SVP for Sears' SHC, submitted a comment to my post titled: "
George said:
Sears never learns. They have been sued (and lost) many times, yet they still keep on with their less than ethical ways. Hiding behind lawyer jargon won't help them on this one, I think there may be another "settlement" in their future.
David Johnson said:
Better still, don't join the community
anon said:
is it the same for Kmart in Australia (kmart is owned by wesfamers there)
31d1 said:
If myshccommunity.com never sells your personal information to any company for any reason, how can they share it with Sears?
Anonymus said:
What Sears does is outright illegal and ought to be prosecuted.
bluebox said:
Hmmm... another example of a Windows-only exploit. Glad I made the transition away from Microsoft's perpetually compromised "system" years ago. I don't make a living from supporting Microsoft products, but even so, I dislike what Sears is doing even more.
Heather said:
OMG! Check out a sears site managemyhome.com. Once you register you can look up purchase information for ANYONE by just putting in their name address and phone number. Sears has you enter a code and says that keeps you info safe, but that is pretty useless -- I think that just prevents a script from being created, but DOES NOT stop people from entering in any eles info to get the purchase info on big ticket items -- this could bring casing someone's house to a whole new level!!
I contacted the privace e-mail that the site provided, but no one ever responded. Anyone with any ideas about how to get this service off the web, I would be open to suggestions.
Heather said:
OMG! Check out a sears site managemyhome.com. Once you register you can look up purchase information for ANYONE by just putting in their name address and phone number. Sears has you enter a code and says that keeps you info safe, but that is pretty useless -- I think that just prevents a script from being created, but DOES NOT stop people from entering in any eles info to get the purchase info on big ticket items -- this could bring casing someone's house to a whole new level!!
I contacted the privace e-mail that the site provided, but no one ever responded. Anyone with any ideas about how to get this service off the web, I would be open to suggestions.
Brian said:
I've sent off links to this blog to some local consumer groups so that the word can be put out. Thank you for this valuable insight. You are right the average user would be clueless about what this software actually does.
Ryan said:
No wonder my mom is always getting viruses. She's definitely not getting it from porn - they have a dish for that. Sears will hopefully pay for this mistake. Unfortunately it probably means more ugly pattern sweaters next holiday season either way.
Kenneth Radcliffe said:
Surreptitiously installing surveillance software on someone's computer without their express consent in Texas is a felony crime.
TheSpatulaOfLove said:
I almost fell into this trap until I caught the mention of tracking in the earlier EULA. I decided to continue on to see if there were forums or whatever, only to find out it wanted to infect my Internet Exploder - Haha, I have a Mac and well...it wouldn't even let me in!
Stick it, Sears - You've lost a loyal customer.
Pigdog said:
Until recently, I worked in IT for this bunch of buffoons.
Every one with a job title of Director or better has no spine at all. Nobody in corporate leadership has any principles. The first entry on their Corporate Values list is "Make More Money". It does not surprise me that this is the sort of stuff that they pull.
You might also try sending an email to Karen Austin (CIO) about this <kaustin@searshc.com>. I'm sure she would be glad to hear from you. It was her job to shoot down this hare-brained scheme in the first place.
Timmy O'Toole said:
www.zoominfo.com/.../PersonDetail.aspx
Rob Harles is ComScore VP.
Rob Harles said:
Mr. Rob Harles
Senior Vice President
comScore Networks , Inc.
www.zoominfo.com/.../PersonDetail.aspx
heatherh said:
If anyone is interested in joining a class action regarding access to private information on sears website managemyhome.com e-mail me at cometogether73223@gmail.com. There are a few privacy orgs interested in taking this on. Also, please feel free to forward it on. I will forward them info about the sears community tracking and see if they have in interest in that as well.
AnotherFlyOnTheWall said:
first, Sears was bought out by Kmart, so it isn't the company it used to be. It is just another greedy company in sheep's clothing. Second, this is by no means unique. Other sites are just a little more slippery about getting caught. If you think you are anonymous on the internet you have seriously deluded yourself. Marketing companies, the government, retail companies all know far more about you than you imagine. The only difference is that tracking you has become more visible and bolder than before. We have GPS and Onstar in cars, cameras at intersections, chips added to drivers licenses in some states and sooooo much more.
summerlover said:
hey PigDog. Do you have Edwin's e-mail address too? So who was the brainchild in charge of the community? Was it Paul Miller or Maureen
Benjamin Googins said:
anon, I have not tested KMart Australia.
Benjamin Googins said:
31d1,
My SHC Community is a operated by Sears.
Matt Jonkman said:
This is the same as the old Marketscore ossproxy. We have snort signatures in the emergingthreats ruleset: 2001564 and 2001562
www.emergingthreats.net
John E. said:
It doesnt surprise me a bit, I used to work for the slimeballs.
BeerAdvocate.com said:
AnotherFlyOnTheWall: You are were right on track re: tracking online. BUT put away that roll of aluminium foil: no need to make a hat with it. And 'Enemy Of The State' was bad Will Smith movie, not a documentary.... Get a grip, and use some common sense, and maybe the black helicopters won't whisk you away to Area 51, eh?
Empedocles_of_Agrigentum said:
I found this gem on the TMRG Web site:
www.tmrginc.com/Priv.aspx
This pretty plainly spells out the info they are gathering. It doesn't spell out that they are part of Comscore Network, but I use the Netcraft Toolbar to tell me who is who:
http://www.netcraft.co.uk
McAfee's SiteAdvisor has them listed as a green site, no complaints.
Empedocles_of_Agrigentum said:
I found this gem on the TMRG Web site:
www.tmrginc.com/Priv.aspx
This pretty plainly spells out the info they are gathering. It doesn't spell out that they are part of Comscore Network, but I use the Netcraft Toolbar to tell me who is who:
http://www.netcraft.co.uk
McAfee's SiteAdvisor has them listed as a green site, no complaints.
Slidewinder said:
TMRG's Web site has this:
www.tmrginc.com/Priv.aspx
Their data collection policy is pretty plainly laid out. Their connection with Sears/K-Mart/ComScore isn't, but I use the Netcraft toolbar to tell me who is pretending to be someone else. McAfee's SiteAdvisor has them as a green site, no complaints.
SlideWinder said:
Looking at <www.tmrginc.com/Priv.aspx>, their data collection policy is pretty clear, but their affiliation with Sears, KMart, and ComScore is not. The NetCraft Toolbar show them to be hosted by Comscore. McAfee's SiteAdvisor shows them as a green bubble site, no complaints.
Benjamin Googins said:
Matt Jonkman,
the Sears software is very similar, though not identical to the Marketscore ossproxy (and RelevantKnowledge, Internet Acclerator, etc). As I mention in this blog post - 'the spyware Sears distributes is "genetically" related to software CA Anti-Spyware has detected for a few years by the name of MarketScore' - the Sears software is an evolved version of something spyware dating back to at least 2002 or 2003.
thanks.
-Benjamin
SlideWinder said:
Looking at TMRG's Web site
http(colon)(whack)(whack)www(dot)tmrginc(dot)com(whack)Priv(dot)aspx
Their data collection policy is pretty clear. Their affiliation with Sears, KMart, and Comscore isn't. Netcraft's Toolbar shows them as hosted by Comscore Network, Inc. McAfee's SiteAdvisor shows them as a green site, no complaints.
Charles said:
This will succeed. It's all about 'Community'. Evey one wants to be socially accepted.
--- CHAS
Aldous Huxley said:
Told yah big brother was coming !
Aldous Huxley said:
You didn't believe me ?
Alejandro said:
I got invited to My SHC and it was obvious to me that they were going to install SpyWare on my computer. I'm no lawyer nor am I paranoid, so I don't feel like they were trying to hide anything. If you sign their contract, then what happens afterwards is your own fault. If people are too illiterate or irresponsible to read contracts, they deserve what they get.
weighing_in said:
I hope they lose big.
blue said:
thanks for all your hard work.
sucker said:
Never mind complaining, tell us how to uninstall it.
Meme said:
Yes, how do you get if off once its installed?
Benjamin Googins said:
Alejandro, I disagree. The unfortunate reality is that the current install routine for the My SHC software lacks prominent notice and confirmed informed consent. First, the popup on Sears.com made absolutely zero mention of tracking software. That is a critical point in ones decision-making. Second, the inivitation email buries two sentences in the middle a 582 word email. Most reasonable people have a million other things to do, so they rely on headers, topic sentences and highlighted areas to help point them at important information. In addition, the two measly sentences lack useful information like where and when tracking will occur. Too little information for such extreme tracking!
Benjamin Googins said:
blue,
thanks.
-Benjamin
T-R-A said:
No freakin wonder sears is falling through it's a**
Benjamin Googins said:
sucker,
the Sears software uses a variety of registry and file objects to operate. One of the key components lies in the sytem32 directory by the filename srhc.exe. I ran this executable through a multi-scanner (scans with a variety of AV and AS engines) a few weeks ago and only a handful of vendors detected that file, today at 12:52 PM (eastern time) the following engines detect it:
AhnLab-V3 = not detected
AntiVir = ADSPY/MarketScore.k
Authentium = not detected
Avast = not detected
AVG = not detected
BitDefender = not detected
CA AntiSpyware = Sears.com proxy
CAT-QuickHeal = AdWare.RK.q (Not a Virus)
ClamAV = not detected
DrWeb = DLOADER.Trojan
eSafe = not detected
eTrust-Vet = not detected
Ewido 4.0 = Not-A-Virus.Adware.RK
FileAdvisor = not detected
Fortinet = Adware/OSS
F-Prot = W32/Adware.ZBI
F-Secure = not detected
Ikarus = not-a-virus:AdWare.Win32.RK.q
Kaspersky = not-a-virus:AdWare.Win32.RK.q
McAfee = potentially unwanted program Proxy-OSS
Microsoft = Win32/Comscore.gen
NOD32v2 = probably a variant of Win32/Genetik
Norman = RK.AG
Panda = not detected
Prevx1 V2 = Adware.RelevantKnowledge
Rising = not detected
Sophos = not detected
Sunbelt = Marketscore.RelevantKnowledge
Symantec = not detected
TheHacker = not detected
VBA32 = AdWare.Win32.RK.q
VirusBuster = Adware.MarketScore.A
Webwasher-Gateway = Ad-Spyware.MarketScore.k
I suggest using an anti-spyware product to remove unwanted software.
Benjamin Googins said:
blue,
thanks for the feedback. very much appreciated.
-Benjamin
*gasp* said:
Alejandro.... I have not visited their site recently nor installed any spyware from Sears on my computer.....
I HAVE made big ticket purchases through Sears, however...... I, for one, am extremely upset that MY purchase history can be viewed by others.....
this leaves a wide door open for warranty scams and makes my household more vulnerable to being "cased" by thieves who can find out what types of big ticket items are available for the picking......
if anything happens because of that information being provided to the public, it is not because I was "too illiterate or irresponsible to read contracts"..... it is because Sears was irresponsible with personal information that has no business being blasted across the web.....
Signed,
A Former Sears Customer
Tommy G said:
Ummm. what about HIPAA, if you do any online medical related items.. i.e your health care, order medication online etc. They are capturing that information.. How are they protecting your information? If you unknowningly are sending your medical information to these third parties, I believe they are breaking the law.... Remember all the HIPAA papers you had to sign when you visited the doctors? Just another law suite... There are cast studies regarding items such as this...
Tom G said:
Think about HIPAA - All those papers you signed when you visited your doctors. Anyone order their meds online, how about visit your HMO's web page or review your medical info. Did SEARS provide you with a HIPAA release form prior to capturing all your medical information and sending that to a marketing firm? Um... Legal team take action... Sounds like a company with deep pockets has done something stupid again...
T Gast said:
How many of use have gone to our Doctor's office and signed all the notices of HIPAA regulations and such. How many of you have used the interent to Order your meds from Walgreen's or such. Who has visited their HMO's website to review medical bills and out of those who's had to accept their HIPAA statements. Now Who has signed Sears HIPAA statement allowing them to share your medical information with these third parties? Isn't that against the Law?
CA Security Advisor Research Blog said:
This is an update to my blog post from yesterday evening. As of this afternoon, Sears has removed the
Blinky the Hitman said:
Those of you with the excellent "UserAgent Switcher" extension for Firefox might like to try logging a message with your UA string. Simply visit any of their sites while running a fake UA string like:
Description: YOUR-SPYWARE-SUCKS!!!
User Agent: YOUR-SPYWARE-SUCKS!!!
App Name: YOUR-SPYWARE-SUCKS!!!
App Version: YOUR-SPYWARE-SUCKS!!!
Platform: YOUR-SPYWARE-SUCKS!!!
Vendor: YOUR-SPYWARE-SUCKS!!!
Vendor Sub: YOUR-SPYWARE-SUCKS!!!
(heh.)
dr. dance said:
Sorry on he HIPAA front. Retailers are not covered entities under HIPAA, they can do anything they want.
Ballpeen said:
Thanks a lot Ben!
It's people like you who keep the heat on those who will take advantage of other human beings. Those who choose to ignore the Golden Rule stain their souls.
Excellent point made by Tommy G above. Medical info of a lot of people will have been shared.
-- supposing technically *somewhere* in their jargon they had mentioned the software, they still have crossed that line of "reasonableness" inherent in the U.S. law
Since this is against the law, I believe those responsible should be liable for jail time. People caught breaking & entering, stealing data, plus distributing it to others, should be prosecuted.
That said, has any of the people from **SONY** responsible for doing the same thing, ever been put on trial?
----> What would happen to me if I did the same???? <-----
D D Wressell said:
Big picture: this is indicative of a disturbing widespread lack of ethics in the IT workforce. Does this have its roots in the last 15 years of wink-nudge attitude towards hacking? Mid-level technologists who developed hacking skills as teens are now working in corporate IT groups. What leads us to believe that these leopards have shed their spots? The best predicter of future behavior is past behavior.
Jimmy said:
Damn, criminals have done again. First, they destory Mortgage, stealing info from intellus, stealing ss#, and hijacking corporation's assets.
Could Computer Assiocate track down spyware on job websites such as hotjobs, simplyhire, etc?
People got telemarketing calls from these job websites.
David Glenn said:
Thank all of you so much for using your knowledge and taking the time and making the effort, very much appreciated.
Now how do I get this out of my computer.
dev said:
Welcome to Capitalism
Gene said:
Got this email yesterday, probably as a result of emailing via contact forms asking for contact information for an executive-level privacy officer at Sears. My favorite part is that it's from "Kevin L", a "manager".
Dear Customer,
We appreciate your feedback concerning the various news stories that have been published over the last week mentioning Sears Holdings and possible violations of customers’ privacy..
First, it has been claimed that myshccommunity.com was using spyware to obtain your information without your knowledge. We wanted you to know that not only are these allegations false, Sears has taken a number of steps to protect your privacy and wants to assure you that all information you may have shared with us remains confidential and safe.
Members joining My SHC Community through the website link or general email are not tracked. You can only become a tracked member of the My SHC Community if, as you are signing up to join, you receive an invitation from us to install the software. These invitations are generated randomly and, by design, only a small percentage of the Community has been invited to participate. Users are free to decline to participate in the tracking functionality and still be a member of the Community.
Second, it was reported that it is possible for users to obtain information about other customers concerning the type of appliances customers purchased, the brand of the appliance and if the customer maintained a protection agreement on the product when registered on www.managemyhome.com.
We wanted you to know that we take our customers' privacy concerns very seriously. As a result, we have turned off the ability to view a customer’s purchase history on managemyhome.com until we can implement a validation process that will restrict access by unauthorized users.
The purchase history functionality was added to provide you with easy access to useful information about products you might have purchased from Sears. Customers told us that it was a helpful feature for working with the other tools and information available on the site.
We can’t stress strongly enough how committed Sears Holdings is to protecting our customers’ privacy.
Kevin L.
Manager
Sears Holdings Corporation
翻译公司 said:
:)
Great!
Gratis said:
Hi, I like that.. Gratis
K.S. Lyons said:
I'm a novice when it comes to computer. I completed the survey offer by SHC Community. How do I find if I have this on my computer? And how do I delete it?
Tracy Esau said:
i just hope that they lose big deal
D.A. Martin said:
In reguard to spyware I have always found it quite helpful to send a bill for spyware removal to the offending company as well as a reminder of the massive class action suit that will be coming in the
distant future. Lost productivity and bandwidth theft
are a multi billion dollar problem for everyone.
Marco said:
I read this post since january. Its very interesting!
God work.
Marco said:
I read your article since january, its very interesting. I like it. Good work!
Kostenlos said:
thanks for all your hard work.
Ben said:
I'm a novice when it comes to computer. I completed the survey offer by SHC Community. How do I find if I have this on my computer? And how do I delete it?
Shopping Online said:
excellent writeup. Thanks for narrow it down. makes me wonder who the hell is data mining on all that or are they having private rapidshare to store all that data. I guess we can not go against big guy, and privacy is more in danger then ever
nrw said:
I think this article could cause heavy problems to this community....
Thank you for this information!
Urlaub Bayern said:
fantastic and helpfully article, thanks
suchmaschinenoptimierung said:
good article
LARRY said:
I WILL NEVER SHOP AT SEARS AGAIN.
Oyun said:
very thanks good article
Oyun said:
very thx for this information!
Benjamin Googins said:
Thanks Oyun!
Anonymouse said:
If everyone read the ToS or license agreement contained within software then very few programs would ever get installed. The bottom line is, most popular programs and websites collect information from you for analytical purposes. There is no dark shadow of big brother waiting to use your personally identifying information against you.
People claim the comScore software is spyware, this is patently ridiculous.
Right on the site, in the panel software agreement and pretty much everywhere you look on the net, personally identifying information, names, social security numbers, credit information - all either destroyed on contact or separated from the data and never revealed to anyone.
There is no threat, no intention to threaten, only to measure. Third party market measurement is only reason that you are still not innundated with ridiculous levels of untargeted, unwanted advertising. It is the only reason the big portals and websites are kept honest about how popular they really are.
And the rule of all "security" is alway that it is relevant to the action taken. Want absolute internet security? Don't connect. Don't want to be measured while on the internet? Don't connect to sites, read every line of every agreement and don't ever install any software.