Sears Installs Spyware

Gandalf_the_Beardy writes in with news that's been around a while but is getting more attention lately. Last month Benjamin Googins, a security researcher at CA, determined that Sears Holding Corp. installed ComScore spyware without adequate disclosure. Sears said, yes we tell people about tracking their browsing. On Jan. 1 spyware researcher Ben Edelman weighed in, noting that Sears' notice occurs on page 10 of a 54-page privacy statement, and twits Sears because its installation identifies the software as "VoiceFive" and later claims it's coming from a company called "TMRG, Inc." even though a packet sniffer confirms the software belongs to ComScore, adding "These confusing name-changes fit the trend among spyware vendors."

Sears is evil.

My dad worked for Sears as an appliance repair tech for 25+ years. The stories he's told me about their tracking their employees, their customer "service" practices, sales approaches, etc... is just plain wrong. He was constantly intimidated by "the boss" to perform better or he would be fired (even though he was the top performing tech in the area). It was nothing but stress for him and I wish he had never worked for them.

Now he works for a small appliance/TV repair shop, and he absolutely loves it. Just another reason to flip the bird to big corporations - they don't care about people, they care about money. The spyware installation on their own customers' computer systems is just one small example.

Re:Sears is evil.

I also worked a time for Sears. I can confirm the above. Their motivational technique was equal part bombast and intimidation. Not a fun company to work and play with.

Re:Sears is evil.

I worked for Sears for six days. I was in the electronics department, and didn't have a number so I couldn't ring up any sales myself.

Anyway, someone asked the manager for Sunday off, the manager said "sure, find someone to switch with you." The employee did one better and just switched his name on the board with someone else, without asking anyone.

So the person who has been switched realizes their now working six days in a row without being consulted, go to the manager, and the manager says "well so-and-so isn't working, so you need to find someone to cover." Somewhere I hear about this and mutter "isn't this the manager's job" and everyone just looks at me like I'm an idiot.

This snowballs. I show up, a trainee, during a heavily promoted sale, as the only "associate" (Can't I be a freakin' employee) working the electronics floor for four hours. I can't ring up sales. So I tell people the truth. I also tell them about other locations in the mall where they can find the product they're looking for. And you know what, about 30% came back to me later to buy the stuff when they knew I could ring up sales. One person even told the manager that I was the best employee he'd seen at that store and I bent over backwards to make him happy even if he didn't buy from me, and that if I wasn't there whenever he came in, he wouldn't buy from the store at all.

So now the manager was not happy with me because I made him and the other employees "look bad", to quote him.

I drove into work on that seventh day, and it was an absolute mad house. Big sale, horribly understocked (1 new computer, 3 floor models, about 25 people wanting them) and the manager starts telling me how he needs me on the floor.

So I look at the chaos that his scheduling and his lack of proper planning created, looked him in the eye, told him I quit, and walked out the door.

Shame I had to throw away that 3-cent commission on the big screen TV.

Re:Sears is evil.

So I look at the chaos that his scheduling and his lack of proper planning created, looked him in the eye, told him I quit, and walked out the door.

BIG mistake.

What you should have done is tell him you quit, and then stick around to observe the carnage until asked to leave.

Re:Sears is evil.

I once worked for Sears Canada in their Regina call center. Your dad was not exaggerating.

Re:Sears is evil.

I worked for Sears (retail) for about 4 years. I never experienced any of the issues related here, which just goes to show you that there are always both sides of the story.

In fact, the Sears I worked at (in Houston) went out of their way to accommodate us (most of us high school or college students at the time). The supervisors were, for the most part, reasonable to work with, and nobody put undue demands on us to perform. I wasn't commissioned sales, but I probably knew everybody in the store, and I don't recall anybody relating horror stories like those mentioned already.

I'm not saying the stories related here didn't happen...but let's be fair: Mod up four or five "negative" stories without counterbalance?

Oh, wait, this is /. What am I thinking...

Re:Sears is evil.

GP is not off-topic. The treatment a company gives its employees and the treatment a company gives its customers are often one and the same. After all, the employees are just an indirect revenue stream (by helping to separate the customer from his money). As far as the big mega-corp is concerned, money is king, and it will do whatever is necessary to milk their customers (and employees) for every cent of profit it can get. Things like good customer service only cut into that profit (in the mega-corp's mind), and the mega-corp would rather take the small chance that spyware would bring them more money than to have good customer service because the spyware costs less.

Of course, the obvious way to avoid problems like these is to not sign up for such things in the first place. How many people receive an actual benefit by signing up for this kind of service?? I'd bet the number is somewhere between zero and two.

Re:Sears is evil.

Quality products = better reputation = more customers = more profits. Even good customer service equates directly to more customers and more profits. It has nothing to do with caring about customers. I work for a large credit card company, that before it was bought out, had a horrible reputation and customers were leaving in droves. Then the first buyout occurred, and our call center advisors were told all about how they had to start being sympathetic to the customers and make good impressions. And lo! customers started coming back, once the customer service reputation improved.

While there are some /employees/ in the large corporations who actually care about the customers, the ones making the executive decisions literally care only insofar as it affects the bottom line. If it was more profitable to sell crappy products and give shit service, Sears would be first in line to start doing that.

What is Sears Looking For?

Granted, I fall into the crowd of Spy Ware is evil, but I really want to know what Sears's plan was for the data they were monitoring.

I would love to meet the decision maker that believes this is morally permissive act that can be "contracted" through an EULA.

Re:What is Sears Looking For?

Sears and Kmart are suffering heavily from their competitors like Wal-Mart, Target, Home Depot, and Lowes. They need to find new revenue streams, and this is probably some marketing tech-savvy manager's way of doing that.

They link up with a spyware company, get people to sign up for a community or whatever, then rake in the user data that is generated from their browsing. There may or may not be any specific danger to an individual user, and most of the gathered data is probably used in an aggregate sense, but the problem lies in the fact that no one knows what's there, how it's gathered, coded, or stored, and how secure it is.

I wonder if a SHC Community member has their identity stolen because of weak software programming on the spyware company if that company can be held liable, or if there's a clause in there that absolves them of any real responsibility regarding the security of the data being collected.

Re:What is Sears Looking For?

IDK about identity theft, but you should read the comment that "heather" left on the CA blog [ca.com] about "managemyhome.com," another Sears web site. Apparently all you need is a name, address, and phone number and you can log on as that person and view purchase history from Sears for, what I would surmise, is the big ticket items like refrigideezers and washers.

Now that's almost criminal.

Re:What is Sears Looking For?

I would love to meet the decision maker that believes this is morally permissive act that can be "contracted" through an EULA.

Surely, you're kidding right?

Large companies operate on what is legally permissible. If current case law says you can legally put any bullshit into an EULA and have it be valid, that's the bar.

They don't give a flying crap about morally OK -- it's irrelevant.

Companies are impersonal entities, managed by people with a profit motive to maximize their bonuses by doing what they can do to maximize shareholder value in the short term. Morality doesn't apply if the lawyers tell them it was legal.

Cheers

Re:What is Sears Looking For?

That's actually not universally true. I've sat in a lot of meetings with very senior, very well paid people (and their associated lawyers) and have heard them literally say "we wouldn't be breaking the law, but it wouldn't look good in the press". Many companies value their image and reputation extremely highly and doing something which leads to the company being embarassed, even if it's 100% legal, would be a firing offence.

This is Sear's Privacy Statement

Not only will we track where you browse on our website which has legitimate marketing value for us; we will also break into your computer without your knowledge and track every other website you visit. You are not safe within your own home.... muahahahah.... I mean we do this to PROTECT your privacy. We will not give out this information unless we get your consent or we get a good enough offer for the data. Anything over one cent per one thousand records consitutes a good offer. We do not disclose offers for data purchase so pretty much you have to assume we are giving your browsing habit data away. We also do this to PROTECT your privacy. Thank you for choosing Sears.

Re:This is Sear's Privacy Statement

That was too long for me to read so I just clicked past it.

What a deal!

This is the least expensive install Sears has ever done for me!

Part of a general trend: consumer as commodity

This is a fairly obvious example of what has happened to the concept of "the customer" in the retail space. The old principle of serving the customer still applies, but the identification of the customer has changed. The customers of K-Mart Sears are no longer the people buying products in stores and use the Sears website; the new customer is the stockholder. The people who buy products and use the website are just commodities to be traded like anything else.

Installing spyware on website users? Why not, if the website users are just inventory to be controlled and traded.

This is true not only in retail, but in IT. Do you think the people who actually buy, say, operating systems, are the customers of the software companies that make them? Think again. Their customers are their stockholders too. The purchaser is just a commodity. Maybe companies which commoditize consumers need a wake-up call to remind them that consumers are still the real customers. A PR mess like this sends a bit of a reminder, but the only message that really hits home is one that impacts the EPS.

Re:Part of a general trend: consumer as commodity

The customers of K-Mart Sears are no longer the people buying products in stores and use the Sears website; the new customer is the stockholder.

This is true of any publicly traded company. How or what that company does to produce max profits for its shareholders is a different matter...

Re:Part of a general trend: consumer as commodity

You're like...completely right (in my opinion).

To expand on the economic side a bit, the stock holders own shares of publicly traded companies because they believe those companies will earn profit and grow in the future. Investment is a beautiful but risky thing. A company that no longer maintains the ability to expand and sell more widgets/services will not realize the growth needed to bring a return on the investments. That means a company like Sears always needs to expand and sell more and more stuff in order to compensate for the "interest" that must be paid out to the investors. Basically, investors will pull out if a company can't realize a certain growth in share value, so the company must grow. Hence, it is reasonable for the company to try and push spyware on to products they sell, because it opens them up to a new customer base--advertising companies willing to pay to gain access to marketing information people's computers. Companies who's cash is 'borrowed' from investors will always face this problem. They can't afford not to grow.

Do I lay blame to these "evil" companies for trying to screw over the consumer? Some of it is their fault, but I tend to also (read: not entirely) lay blame the consumer for making spam, spyware, rootkits, etc. profitable. Just as companies have an ethical code we more or less hold them to, consumers also must take responsibility and understand that their choices also effect change in the marketplace.

I really like supporting companies like Google and Whole Foods whose management teams profess to see value in giving back to the community. I also respect individuals who understand that the only way large, evil companies can seem to rule the world is if the majority of a society tolerate them. And if the majority of the society is not willing to tolerate these companies, then they won't buy the crapware filled computers, and no laws are needed. If the majority of the society is willing to tolerate these companies, than "Democracy" has failed.

Basically, I find that a society that needs huge amounts of laws above and beyond basic things like anti-trust in order to keep corporations in check will end up having a bunch of citizens who can't make responsible decisions for themselves. That means that such a society cannot support a democracy. Scary thought to me.

I Didn't Know Anybody Still Shopped at Sears

Wow! I'm so FLAMING HOT MAD about this, that I would boycott Sears if not for the fact that I never shop there anyway. Are you with me people?! MAKE YOUR VOICES HEARD! Punish Sears by refusing to purchase from them the things you already don't purchase from them!

Tell StopBadware.org

StopBadware [stopbadware.org] should hear about this. It's exactly the sort of thing that gets a company a big red X on the StopBadware site. Plus some really bad publicity.

StopBadware is sponsored by Harvard Law School, Oxford University, and Consumers' Union. There's heavy legal firepower available if needed.

Nobody checked his resume?

There's a telling fact in the "2nd Response to Rob Harles, VP of Sears' SHC Community [ca.com]"

Finally, while we can't draw any conclusions from this, an old comScore press release [comscore.com] shows that before becoming VP in charge of Sears' tracking program, Rob [Harles] was the senior vice president for comScore - the creator of the Sears spyware and the registrants of the domains to which the Sears spyware data is sent.

CA's Benjamin Googins is being diplomatic, of course. If the guy in charge of the "community" was previously a senior VP at the spyware company, then he clearly has a vested interest in the continued success of comScore.

If this were happening in a government agency, there would rightly be cries of conflict of interest. So much for the "perfection" of the free market over the ebil gubbermint...

FWIW, I haven't stepped foot in a Sears in about 5 years, when I needed a spark plug socket, and I can't recall my last purchase before that. And I've rarely been in a K-Mart since they closed most of their Texas stores -- the ones in other states still suck just as hard as they did before the buyout, but it's hard to compare one strong vacuum against another.

Re:Screwed Up

In my opinion this is worse than the "communities" some e-com sites have you join that secretly charge your card $2 a month, at least that you see on your CC statement.

Those "communities", my friend, are called "porn websites"

Re:Plain English

the problem with that is that plain simple language is also immensely inprecise.

Re:Surprised that Sears is still in business?

If Sears goes out of business do my Craftsman tools still have a lifetime warranty? Who will honor that warranty?

I'll be goddamned if I'm going to buy TWO hammers during this lifetime.