New Year in Spyware

Here it is 2008 already, but one fact of life hasn't changed: corporations can get away with things that would land teenage hackers in jail. Two years ago it was Sony installing a rootkit on users' computers. This year Sears steps up to the plate with its “My SHC Community” on Sears.com. When you join the community, Sears installs spyware on your computer which tracks your internet usage, even parsing the headers of your email. The software transmits copies of every page you view to marketing research company comScore. Even secure sites get intercepted, which means your banking website or online shopping credit card transactions are exposed. Moreover, the software sits on your system invisibly, with no evidence that it's monitoring your browsing.

Ben Edelman has a good rundown of the installation sequence, and how it runs afoul of the FTC's rules requiring “express consent” from users before installing tracking software on their computers. Such consent is only valid if users have been presented with clear and prominent information about the nature and purpose of the program and its effects. Information buried in a EULA (those lengthy bits of legalese none of us read) is not enough.

We can hope that the FTC imposes legal consequences on Sears, and maybe that will deter the next big player from sneaking invasive software onto customers' computers. But there's a lesson here for you, too: don't blindly click 'agree.' Know what you're signing up for – and even well known brands can bite you when they don't expect to get caught. Google around, do your homework. And happy New Year!