• If you are having problems logging in please use the Contact Us in the lower right hand corner of the forum page for assistance.

Warning about shopping at Sears.com or Kmart.com

Goodpasture

Well-known member
e-cop is a computer security specialist from the west coast that posts on a forum I have. By and large he knows what he is talking about when it comes to security and malware on a computer

e-cop said:
Benjamin Googins said:
Sears.com: Join the Community – Get Spyware

Visiting Sears.com (and Kmart.com) a few weeks ago, I was offered a chance to join My SHC Community, for free, but what I received was, from a privacy perspective, very costly. Sears.com is distributing spyware that tracks all your Internet usage - including banking logins, email, and all other forms of Internet usage - all in the name of "community participation." Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer. In other words, if you have installed Sears software ("the proxy") on your system, all data transmitted to and from your system will be intercepted. This extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software. In fact, while registering to join the "community," very little mention is made of software or tracking. Furthermore, after the software is installed, there is no indication on the desktop that the proxy exists on the system, so users are tracked silently. An interesting note, the spyware Sears distributes is "genetically" related to software CA Anti-Spyware has detected for a few years by the name of MarketScore (and other aliases) and distributed by other websites.

A Significant Threat to Privacy
Here is a summary of what the software does and how it is used. The proxy:
  1. Monitors and transmits a copy of all Internet traffic going from and coming to the compromised system.
  2. Monitors secure sessions (websites beginning with ‘https'), which may include shopping or banking sites.
  3. Records and transmits "the pace and style with which you enter information online..."
  4. Parses the header section of personal emails.
  5. May combine any data intercepted with additional information like "select credit bureau information" and other sources like "consumer preference reporting companies or credit reporting agencies".

In addition, My SHC Community requires a variety of personal information during registration - like name, email, address, city, state, and age. All of this information can be correlated with intercepted data to create a comprehensive profile.
Continue on for the technical analysis of the network traffic intercepts. And the lies by Sears. And the omission of effectively informed consent. And the weasel words in the Privacy Policy that are supposed to justify this.

Conclusions
Sears.com is pushing software with extensive user tracking capabilities and doing a very poor job of obtaining informed consent – if at all. After the proxy software is installed on the user’s system there is nothing on the user’s desktop to indicate their every move on the Internet is being collected and sent to a third party market research company, comScore.
Sweet.

These guys are going to end up having to defend this in court and losing.

Meanwhile, if you do choose to shop at Sears, do it from a Linux box. Or install sandboxie and then purge after visiting Sears.
 

quickdraw

Well-known member
Northern Rancher said:
It's where the cat goes poopie lol.

I am refusing to put a sandboxie on my computor, I just got the cat simi trained to go outside and I don't want him pooping near my computor or chasing the mouse! :D

edited for spelling
 
Top