The news late last year about a community Web site from Sears hasn't been good, and should be a sobering lesson for any would-be eCommerce merchant. Security researchers uncovered issues with the site, MySHCcommunity.com (Sears Holdings Company is what the buried acronym stands for). Users can "optionally" install some very pernicious spyware on their computers that will track their browsing history and purchases.Harvard B-school professor Ben Edelman's blog describes the installation process in copious detail here.
Sears' documentation for what exact information is being tracked by the software is buried inside a license agreement that few will read, and even fewer will understand if they do. It is also, according to Edelman and others, misleading and potentially illegal. Ever wondered why companies that produce this spyware use different names? It is so consumers can't easily figure out what is being delivered to their PC. The MySHC software goes under different names, such as VoiceFive and TMRG, Inc. yet seems to be similar to ComScore's RelevantKnowledge affiliate marketing software.So what can we all learn from this debacle?
Security researcher Benjamin Googins from CA talks about how users will see one of two different privacy policies, depending on whether or not the spyware is installed on their PC by MySHC.
Finally, call a spade a spade. If you are going to conduct research on consumer buying trends, then do so in a way that doesn't monitor their computers: Sony found this out the hard way a few years ago. Since the blogosphere pounced on MySHC, Sears execs have defended the practice, claiming that few users actually go through the process of installing the software. That is a lame excuse, and time for some straight talk and to retool the site and remove the software.It shouldn't take a Harvard professor and an engineer with a packet analyzer to make Sears come clean about its privacy policies.
- ► 2010 (39)
- ► 2009 (55)
- ▼ 2008 (40)
- David Strom
- David Strom has looked at hundreds of computer products over a more than 20 year career in IT and computer journalism. He was the founding editor-in-chief of Network Computing magazine, and now writes for Baseline, Information Security, Tom's Hardware, and the New York Times.