Two leading spyware researchers have warned visitors to Sears Holdings' My SHC Community that they risk intrusive third-party tracking if they download marketing software from the site.
Ben Edelman, an assistant professor at the Harvard Business School, posted a critique on his website Tuesday declaring that the privacy notifications on the SHC site fall far short of Federal Trade Commission (FTC) guidelines requiring a separate notification (other than within license agreements) for deployment of the ComScore software that is installed on the site.
ComScore software tracks every site the user visits, every search the user makes, every product the user buys, and even records each product that is viewed but not purchased, according to Edelman. The use of the software on the SHC website, which services Sears and Kmart customers, was first disclosed late last month by CA senior engineer Benjamin Googins.
SHC Community Vice President Rob Harles responded to Googins' report with a post on Googins' blog noting that SHC users are asked to fill out a profile, which invites them to have their web browsing tracked.
Harles conceded that SHC is utilizing third-party software to collect data, but he added that this information “is stored on a database owned by Sears [and is] encrypted and managed very carefully within strict guidelines.”
The SHC vice president did not respond to a query from SCMagazineUS.com to clarify the type of service to which the data is being applied.
Edelman was skeptical about SHC's assurances.
“Users have no way to know exactly what [services] means,” he told SCMagazineUS.com. “In the marketing industry, phrases like 'trusted service providers' have been used to include anyone a company chooses to share data with.”
Edelman called on Sears to clarify whether its user browsing data is being sold to ComScore's clients. In his critique posted Tuesday, Edelman cited recent FTC settlements with Direct Revenue and Zango as establishing benchmarks for disclosure and consent required before installing tracking software on users' computers.
"The limited SHC disclosure provided by email lacks the required specificity as to the nature, purpose and effects of the ComScore software,” he said, adding that SHC is presenting the ComScore application as a means for users to participate in a community and to “help shape” future products and services. “But that doesn't mean users want to be tracked in the way that ComScore [tracks them]. And the fact that users agree to join a program described as offering one thing [feedback on products and services] does not mean [they] are willing to participate in something entirely different."