Sears And K-Mart Installing Spyware On Users' Computers

Posted by Pile (11676 views) Add this story to MyYahoo Add this article to Submit article to Reddit Add story to Furl Add story to StumbleUpon [E-Mail link]

Visiting (and a few weeks ago, a user was offered a chance to join My SHC Community, for free, but what they received was, from a privacy perspective, very costly. is distributing spyware that tracks all your Internet usage - including banking logins, email, and all other forms of Internet usage - all in the name of "community participation." Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer.

Sears' response? ..It also states in simple English that if you don't want to participate, you don't have to and you can opt out at any point... Uh huh...

If this wasn't bad enough, now there are ways you can see everything your neighbors have ever purchased at Sears!

In other words, if you have installed Sears software ("the proxy") on your system, all data transmitted to and from your system will be intercepted. This extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software. In fact, while registering to join the "community," very little mention is made of software or tracking. Furthermore, after the software is installed, there is no indication on the desktop that the proxy exists on the system, so users are tracked silently. An interesting note, the spyware Sears distributes is "genetically" related to software CA Anti-Spyware has detected for a few years by the name of MarketScore (and other aliases) and distributed by other websites.

A Significant Threat to Privacy

Here is a summary of what the software does and how it is used. The proxy:

* 1. Monitors and transmits a copy of all Internet traffic going from and coming to the compromised system.
* 2. Monitors secure sessions (websites beginning with ‘https'), which may include shopping or banking sites.
* 3. Records and transmits "the pace and style with which you enter information online..."
* 4. Parses the header section of personal emails.
* 5. May combine any data intercepted with additional information like "select credit bureau information" and other sources like "consumer preference reporting companies or credit reporting agencies".

In addition, My SHC Community requires a variety of personal information during registration - like name, email, address, city, state, and age. All of this information can be correlated with intercepted data to create a comprehensive profile.


OMG. It gets worse! check out a sears site Once you register, you can look up major purchases for ANY address. All you need to do is enter a name address and phone number and if the person attached to that info has made a major purchase at sears you get that info!! They have no real controls in place -- you have to enter an onscreen code and they say that keeps your info safe, but that does not stop someone from entering other people's contact info to see their product purchases. This brings casing someone's house to a whole new level.

One user contacted the compliance e-mail listed on the site, and never got a response, which confirms that Sears does not care about the customer or customer privacy. If anyone has any ideas about how to get in contact with someone over there that might care about customer privacy, I'd welcome the ideas. That service should really be off the site.

See your neighbors purchases online


1 Article displayed.

Pursuant to Section 230 of Title 47 of the United States Code (47 USC § 230), BSAlert is a user-contributed editorial web site and does not endorse any specific content, but merely acts as a "sounding board" for the online community. Any and all quoted material is referenced pursuant to "Fair Use" (17 U.S.C. § 107). Like any information resource, use your own judgement and seek out the facts and research and make informed choices.

Powered by Percleus (c) 2005-2047 - Content Management System

[Percleus 0.9.5] (c) 2005, PCS