Sears Installs Spyware

Gandalf_the_Beardy writes in with news that's been around a while but is getting more attention lately. Last month Benjamin Googins, a security researcher at CA, determined that Sears Holding Corp. installed ComScore spyware without adequate disclosure. Sears said, yes we tell people about tracking their browsing. On Jan. 1 spyware researcher Ben Edelman weighed in, noting that Sears' notice occurs on page 10 of a 54-page privacy statement, and twits Sears because its installation identifies the software as "VoiceFive" and later claims it's coming from a company called "TMRG, Inc." even though a packet sniffer confirms the software belongs to ComScore, adding "These confusing name-changes fit the trend among spyware vendors."

What is Sears Looking For?

[JohnAllison]

Granted, I fall into the crowd of Spy Ware is evil, but I really want to know what Sears's plan was for the data they were monitoring.

I would love to meet the decision maker that believes this is morally permissive act that can be "contracted" through an EULA.

Part of a general trend: consumer as commodity

[tbg58]

This is a fairly obvious example of what has happened to the concept of "the customer" in the retail space. The old principle of serving the customer still applies, but the identification of the customer has changed. The customers of K-Mart Sears are no longer the people buying products in stores and use the Sears website; the new customer is the stockholder. The people who buy products and use the website are just commodities to be traded like anything else.

Installing spyware on website users? Why not, if the website users are just inventory to be controlled and traded.

This is true not only in retail, but in IT. Do you think the people who actually buy, say, operating systems, are the customers of the software companies that make them? Think again. Their customers are their stockholders too. The purchaser is just a commodity. Maybe companies which commoditize consumers need a wake-up call to remind them that consumers are still the real customers. A PR mess like this sends a bit of a reminder, but the only message that really hits home is one that impacts the EPS.

Re:What is Sears Looking For?

[viking099]

Sears and Kmart are suffering heavily from their competitors like Wal-Mart, Target, Home Depot, and Lowes. They need to find new revenue streams, and this is probably some marketing tech-savvy manager's way of doing that.

They link up with a spyware company, get people to sign up for a community or whatever, then rake in the user data that is generated from their browsing. There may or may not be any specific danger to an individual user, and most of the gathered data is probably used in an aggregate sense, but the problem lies in the fact that no one knows what's there, how it's gathered, coded, or stored, and how secure it is.

I wonder if a SHC Community member has their identity stolen because of weak software programming on the spyware company if that company can be held liable, or if there's a clause in there that absolves them of any real responsibility regarding the security of the data being collected.

Re:Sears is evil.

[oahazmatt]

I worked for Sears for six days. I was in the electronics department, and didn't have a number so I couldn't ring up any sales myself.

Anyway, someone asked the manager for Sunday off, the manager said "sure, find someone to switch with you." The employee did one better and just switched his name on the board with someone else, without asking anyone.

So the person who has been switched realizes their now working six days in a row without being consulted, go to the manager, and the manager says "well so-and-so isn't working, so you need to find someone to cover." Somewhere I hear about this and mutter "isn't this the manager's job" and everyone just looks at me like I'm an idiot.

This snowballs. I show up, a trainee, during a heavily promoted sale, as the only "associate" (Can't I be a freakin' employee) working the electronics floor for four hours. I can't ring up sales. So I tell people the truth. I also tell them about other locations in the mall where they can find the product they're looking for. And you know what, about 30% came back to me later to buy the stuff when they knew I could ring up sales. One person even told the manager that I was the best employee he'd seen at that store and I bent over backwards to make him happy even if he didn't buy from me, and that if I wasn't there whenever he came in, he wouldn't buy from the store at all.

So now the manager was not happy with me because I made him and the other employees "look bad", to quote him.

I drove into work on that seventh day, and it was an absolute mad house. Big sale, horribly understocked (1 new computer, 3 floor models, about 25 people wanting them) and the manager starts telling me how he needs me on the floor.

So I look at the chaos that his scheduling and his lack of proper planning created, looked him in the eye, told him I quit, and walked out the door.

Shame I had to throw away that 3-cent commission on the big screen TV.

Nobody checked his resume?

[RobertB-DC]

There's a telling fact in the "2nd Response to Rob Harles, VP of Sears' SHC Community [ca.com]"

Finally, while we can't draw any conclusions from this, an old comScore press release [comscore.com] shows that before becoming VP in charge of Sears' tracking program, Rob [Harles] was the senior vice president for comScore - the creator of the Sears spyware and the registrants of the domains to which the Sears spyware data is sent.

CA's Benjamin Googins is being diplomatic, of course. If the guy in charge of the "community" was previously a senior VP at the spyware company, then he clearly has a vested interest in the continued success of comScore.

If this were happening in a government agency, there would rightly be cries of conflict of interest. So much for the "perfection" of the free market over the ebil gubbermint...

FWIW, I haven't stepped foot in a Sears in about 5 years, when I needed a spark plug socket, and I can't recall my last purchase before that. And I've rarely been in a K-Mart since they closed most of their Texas stores -- the ones in other states still suck just as hard as they did before the buyout, but it's hard to compare one strong vacuum against another.

Re:Sears is evil.

[lpangelrob]

I bought a vacuum from Sears. The thing is, they tend to be the exclusive seller of good to great products, as verified in Consumer Reports.

Will they push the extended warranty on you at the point of sale? Of course. So does just about everyone in a decently sized store.

If they didn't care about people as much as most Slashdotters think most corporations don't care about people, they wouldn't bother with the quality products. Of course, this doesn't absolve spying on their customers (time to turn of Javascript for them, eh? Thanks NoScript!).

Re:Sears is evil.

[thePowerOfGrayskull]

Quality products = better reputation = more customers = more profits. Even good customer service equates directly to more customers and more profits. It has nothing to do with caring about customers. I work for a large credit card company, that before it was bought out, had a horrible reputation and customers were leaving in droves. Then the first buyout occurred, and our call center advisors were told all about how they had to start being sympathetic to the customers and make good impressions. And lo! customers started coming back, once the customer service reputation improved.

While there are some /employees/ in the large corporations who actually care about the customers, the ones making the executive decisions literally care only insofar as it affects the bottom line. If it was more profitable to sell crappy products and give shit service, Sears would be first in line to start doing that.

Sears = good parking at the mall

[bonkeydcow]

When I go to the mall I park by Sears because there are no cars there. There is easy access to the mall proper from the Sears entrance. That's about the only use I have for sears anymore. I have used the craftsman lifetime warranty, but only because my tools broke... not sure if that's a positive or negative.

Re:What is Sears Looking For?

[Trails]

Actually, it's much more nepostistic and unsettling than that. The company who provides the tracking software, called comScore, is not new to spyware. http://www.benedelman.org/news/062907-1.html [benedelman.org]

The Sears VP responsible for this is a former VP of comScore. http://community.ca.com/blogs/securityadvisor/archive/2008/01/02/2nd-response-to-rob-harles-vp-of-sears-shc-community.aspx [ca.com] (last paragraph of the post).

Somethin' sure does smell funny round bouts here.

Re:Sears is evil.

[plover]

I've bought six Kenmore appliances from Sears over the past couple of years. No problems, and apart from one overly aggressive salesman, no hassles. And when the refrigerator they delivered didn't fit our space (the left door wouldn't open in the recessed spot in which we had placed it) they politely and quickly exchanged it for a single-door model, giving us full credit for the exchange. Their delivery and installation crews showed up when they said they would. And the appliances work as advertised.

On top of that, most of the appliances we replaced were 20 year old "entry level" (a.k.a. cheapest) Sears appliances that were still 95% functional. Only a few small things had broken, such as the clock/timer on the oven, and we rationalized that into an excuse to modernize our kitchen and laundry. We felt we received good value from our original investments in them, and we have had no problems with the new appliances.

I also have had very good luck with a large number of Craftsman hand tools. And their service on my gas powered string trimmer was prompt and completed without problems.

My wife also likes the convenience of being able to return online orders of Land's End products at the local Sears store.

From a satisfied customer perspective I have no complaints about Sears. And if they are treating their employees unfairly, they have hidden it from me very well.

Sears: The Scam Business

[bradgoodman]

Sears is often described as "A finance company with a retail arm". Though that concept doesn't really apply here, it draws a parallel.

Without going into gruesome detail, I believe Sears is in "The Scam Business". I know, I know - such a large, public (?) company wouldn't pull such shenenagans on such an ongoing basis, would they?

One day I found that may Sears card, which hadn't been used in years was getting charges on it for some "Sears Health Care" insurance plan I never signed up for. Upon calling "Sears" to debate the charge, they refused to remove it from my bill, and I was livid. They told me to "Call the vendor, and debate it with them".

"What?! This is not a regular "Credit-Card", it's my Sears card, you are the vendor." Much to my surprise, despite the recordings that identified themselves as "Sears" when I answered the phone - the people on the phone told me that they were "CitiBank", not "Sears". "Okay" - I thought - so CitiBank bought the credit cards from Sears? This is sort of okay - but I've never heard of a credit card refusing to remove a fraudulent charge. Not only did they do this, but they went as far as to tell me that if "the vendor" did not volintarily remove the charge, I had no recourse.

No...this is too unbelieveable - CitiBank, too? Surely I must be completely confused.

So I reluctantly took the number that CitiBank gave me for "The Vendor", which was something like "Sears Home Health Care" or something and called them. When they guy answered the phone, I immediately demanded to speak to a supervisor and gave no other information. After he reluctantly put me through to a super, the super immediatley came on and agreed to remove the charge and "cancel" the "Health Plan".

Wow - that's interesting - because I never even told him (or anyone) why I was calling, but he knew/assumed this was the case! Are all their calls like this??

I was so blown away by this, I did a little research on the web. It turns out, Sears, and "Sears Home Health" - or whatever, had already settled a class-action lawsuit with the state of California for this type of deal, and had one in the works with Florida. On looking at a few sites on Business scams, on the popup "short-list" of buisinesses they list, both "Sears" and "Sears [whaatever] Health" were always listed!

I refuse to shop at or buy anything from Sears, and enter only to use their bathroom. You probably don't believe my story, or the level of "conspiracy" involved, as I hardly do myself.

My point of this post, is in-fact in response to the original topic: Do you think that a large, public company like Sears risk penalties, suits and their reputation, and would deal in these little petty shenanigans to try to make an extra buck?

Yes, they damn well, would.