Researchers say Sears site uses ComScore to track browsing
Two leading spyware researchers have warned visitors to Sears Holdings' My SHC Community that they risk intrusive third-party tracking if they download marketing software from the site.
Ben Edelman, an assistant professor at the Harvard Business School, posted a critique on his website Tuesday declaring that the privacy notifications on the SHC site fall far short of Federal Trade Commission (FTC) guidelines requiring a separate notification (other than within license agreements) for deployment of the ComScore software that is installed on the site.
ComScore software tracks every site the user visits, every search the user makes, every product the user buys, and even records each product that is viewed but not purchased, according to Edelman. The use of the software on the SHC website, which services Sears and Kmart customers, was first disclosed late last month by CA senior engineer Benjamin Googins.
SHC Community Vice President Rob Harles responded to Googins' report with a post on Googins' blog noting that SHC users are asked to fill out a profile, which invites them to have their web browsing tracked.
Harles conceded that SHC is utilizing third-party software to collect data, but he added that this information “is stored on a database owned by Sears [and is] encrypted and managed very carefully within strict guidelines.”
Harles cited SHC privacy policy as warning users that SHC “may share your customer information with trusted service providers that need your information to provide operation or other support services...A vendor may operate some of the technology behind the panel, but the vendor cannot, and does not, use that data for any purpose other than for providing services to Sears Holding,” Harles said in the blog posting.
The SHC vice president did not respond to a query from SCMagazineUS.com to clarify the type of service to which the data is being applied.
Edelman was skeptical about SHC's assurances.
“Users have no way to know exactly what [services] means,” he told SCMagazineUS.com. “In the marketing industry, phrases like 'trusted service providers' have been used to include anyone a company chooses to share data with.”
Edelman called on Sears to clarify whether its user browsing data is being sold to ComScore's clients. In his critique posted Tuesday, Edelman cited recent FTC settlements with Direct Revenue and Zango as establishing benchmarks for disclosure and consent required before installing tracking software on users' computers.
"The limited SHC disclosure provided by email lacks the required specificity as to the nature, purpose and effects of the ComScore software,” he said, adding that SHC is presenting the ComScore application as a means for users to participate in a community and to “help shape” future products and services.
