tag sears

My SHC Community report released

Posted by Maxim Weinstein Tue, 08 Jan 2008 22:54:00 GMT

We have just released a report identifying as badware the My SHC Community tracking application that we mentioned here a few days ago. The finding of badware was due to inadequate disclosure of extensive tracking and data collection and to the application not identifying itself while running. Sears has informed us that they are not inviting new users to install the software until they make some changes, but if you currently have the app installed, you should read our report thoroughly to understand the privacy implications. It’s worth mentioning that most people who signed up for the My SHC Community website are not affected. This only affects those who received an e-mail or popup asking them to install the application and who chose to do so, which SHC claims is a small subset of the community’s users.

There were two things that made our reporting of this application feel different from our usual experience reporting badware:

The application is distributed only by invitation to users of a single corporate website, which means that distribution can be more tightly controlled, and changes implemented more quickly, than usual.
The vendor, Sears Holdings Corporation, was engaged and open to feedback and recommendations from the beginning and by all appearances is working quickly to incorporate them into the product and website.

Both of these are reflected in the update that was released concurrently with our report:

Sears Holding Corporation (SHC) has informed StopBadware that SHC is significantly improving the My SHC Community application disclosure and privacy policy language and adding a Start menu icon in an effort to comply with our guidelines and address privacy concerns. They expect these changes to be implemented within 48 hours. We have not evaluated these planned changes at this time. SHC has also informed us that they have suspended invitations to new users to install the application until these changes are implemented.

We are very glad to see a company that is responsive to user privacy concerns, and we commend Sears Holdings Corporation (and also comScore, developer of the application via their subsidiary, VoiceFive, Ltd.) for keeping the lines of communication open throughout the process.

Posted in all | Tags report, sears, stopbadware

My SHC Community

Posted by Maxim Weinstein Fri, 04 Jan 2008 23:09:00 GMT

Sears Holding Corporation (SHC), the parent company of Sears & ~~K-Mart~~ KMart [updated 01/07/08] stores, has recently come under fire regarding their My SHC Community application, developed by VoiceFive, a subsidiary of comScore. The concerns are focused around whether users are adequately informed about what the application does before they install it and whether information provided to users is consistent and clear. The application tracks, in quite a bit of depth, a user’s behavior online, including capturing details of purchases, headers of web-based e-mails, and other content. Both companies assert strong policies and technical controls to protect the data from prying eyes, both within and outside of their organizations. They also state that they use scrubbing techniques to delete passwords, social security numbers, credit card numbers, and other confidential data before these data are sent to their servers.

StopBadware has been looking into this situation and has had productive conversations with both SHC and comScore. The two companies are currently evaluating our recommendations, which include making significant improvements to disclosure text and placement, ensuring consistency in privacy policies, and providing an indicator to the computer user when the software is running. SHC tells us that they intend to make one change, which will move a paragraph explaining the tracking to the top of the end user license agreement (EULA), later today.

We appreciate the engagement by SHC and comScore. Dialog with both companies is ongoing, and we will provide updated information as it becomes available.

Posted in all | Tags comscore, disclosure, sears, stopbadware

My SHC Community report released

My SHC Community

Archives

Delicious/stopbadware/badware

Syndicate

My SHC Community report released Posted by Maxim Weinstein Tue, 08 Jan 2008 22:54:00 GMT We have just released a report identifying as badware the My SHC Community tracking application that we mentioned here a few days ago. The finding of badware was due to inadequate disclosure of extensive tracking and data collection and to the application not identifying itself while running. Sears has informed us that they are not inviting new users to install the software until they make some changes, but if you currently have the app installed, you should read our report thoroughly to understand the privacy implications. It’s worth mentioning that most people who signed up for the My SHC Community website are not affected. This only affects those who received an e-mail or popup asking them to install the application and who chose to do so, which SHC claims is a small subset of the community’s users. There were two things that made our reporting of this application feel different from our usual experience reporting badware: The application is distributed only by invitation to users of a single corporate website, which means that distribution can be more tightly controlled, and changes implemented more quickly, than usual. The vendor, Sears Holdings Corporation, was engaged and open to feedback and recommendations from the beginning and by all appearances is working quickly to incorporate them into the product and website. Both of these are reflected in the update that was released concurrently with our report: Sears Holding Corporation (SHC) has informed StopBadware that SHC is significantly improving the My SHC Community application disclosure and privacy policy language and adding a Start menu icon in an effort to comply with our guidelines and address privacy concerns. They expect these changes to be implemented within 48 hours. We have not evaluated these planned changes at this time. SHC has also informed us that they have suspended invitations to new users to install the application until these changes are implemented. We are very glad to see a company that is responsive to user privacy concerns, and we commend Sears Holdings Corporation (and also comScore, developer of the application via their subsidiary, VoiceFive, Ltd.) for keeping the lines of communication open throughout the process. Posted in all \| Tags report, sears, stopbadware My SHC Community Posted by Maxim Weinstein Fri, 04 Jan 2008 23:09:00 GMT Sears Holding Corporation (SHC), the parent company of Sears & ~~K-Mart~~ KMart [updated 01/07/08] stores, has recently come under fire regarding their My SHC Community application, developed by VoiceFive, a subsidiary of comScore. The concerns are focused around whether users are adequately informed about what the application does before they install it and whether information provided to users is consistent and clear. The application tracks, in quite a bit of depth, a user’s behavior online, including capturing details of purchases, headers of web-based e-mails, and other content. Both companies assert strong policies and technical controls to protect the data from prying eyes, both within and outside of their organizations. They also state that they use scrubbing techniques to delete passwords, social security numbers, credit card numbers, and other confidential data before these data are sent to their servers. StopBadware has been looking into this situation and has had productive conversations with both SHC and comScore. The two companies are currently evaluating our recommendations, which include making significant improvements to disclosure text and placement, ensuring consistency in privacy policies, and providing an indicator to the computer user when the software is running. SHC tells us that they intend to make one change, which will move a paragraph explaining the tracking to the top of the end user license agreement (EULA), later today. We appreciate the engagement by SHC and comScore. Dialog with both companies is ongoing, and we will provide updated information as it becomes available. Posted in all \| Tags comscore, disclosure, sears, stopbadware		Archives August 2008 (4) July 2008 (16) June 2008 (19) May 2008 (17) April 2008 (24) March 2008 (18) February 2008 (13) January 2008 (9) December 2007 (11) November 2007 (14) Delicious/stopbadware/badware The iPhone kill switch :: The Future of the Internet — And How to Stop It Online Crime Gang Stole Millions - Security Fix New Tool to Automate Cookie Stealing from Gmail, Others - Security Fix Facebook's (futile) malware exorcism - can social networks fight back? \| Feeds \| ZDNet.com Protect your PC, Protect our Network, Protect the Internet: JOIN Herdict :: The Future of the Internet — And How to Stop It Syndicate Articles
Contact Us \| Privacy Policy Consumer Reports WebWatch is not receiving any corporate support for its participation in this program. Copyright © 2006 - All content for this site is under a Creative Commons license


Regaining Control of Our Computers