Sears has been caught installing spyware that silently tracks all Internet usage – including banking logins, e-mail, and all web sites visited – in the name of a nonexistent online “community,” with virtually no disclosure of the invasive nature of the software. In fact, most people would not be aware that any software had been installed. Be careful out there!
Sears.com and KMart.com have been offering a chance to sign up for “My SHC Community,” ostensibly for a chance to give feedback to the retailers in a “dynamic and highly interactive on-line community.” After harvesting your personal information – name, e-mail, address, city, state, and age – software is silently installed with no indication onscreen that it has been installed or is continuously running. The “community” then disappears with no followup – no e-mail, no online forums, no popups, nothing – apparently in the hope that most people will forget about it.
The software is actually intercepting all Internet traffic from that computer and filtering it through a proxy server. According to one researcher, the proxy:
- 1. Monitors and transmits a copy of all Internet traffic going from and coming to the compromised system.
- 2. Monitors secure sessions (websites beginning with �https’), which may include shopping or banking sites.
- 3. Records and transmits “the pace and style with which you enter information online…”
- 4. Parses the header section of personal emails.
- 5. May combine any data intercepted with additional information like “select credit bureau information” and other sources like “consumer preference reporting companies or credit reporting agencies”.
“The personal information that you give myshccommunity.com when you register as well as any personal information that you give during the completion of a communication is stored in a confidential database owned by myshccommunity.com and is never delivered to a client. myshccommunity.com never sells your personal information to any company for any reason.”
In fact, all information is sent to ComScore, a well-known sleazy third-party marketing research firm.
Bad stuff. Sears is currently still trying to defend itself, although there’s enough of a fuss that I think you’ll see it step back and change the program to “clarify” things, or perhaps just kill it and walk away before things get worse.
We all have to be alert when we’re online, although an incident like this doesn’t mean we should be suspicious of all retailers, just Sears in particular. Although, come to think of it, I haven’t trusted Sears for a long time.