I hope no one that reads this belongs to Sears (or K-marts) SHC community. I really hope you don't. If you do you're in for a potentially big shock. Normally at this point I would laugh at people for not reading the fine print. Unfortunately it's looking like that wouldn't have helped in this case. To be honest I haven't yet had the time to check these allegations for myself, so take what I say with a grain of salt. When I have a chance to check these things out I'll update this post.
As it is looking right now, when you sign up for the SHC community offered by Sears not only do you get access to this online community but you also get a big helping of spyware. This ain't your mommas spyware either, this is the daddy of all spyware.
This spyware is a variant of MarketScore. Does that mean anything to anyone? Unless you keep up to date about these things probably not. What you should know is that the spyware installed on your computer is tracking everything, EVERYTHING, you do online. All web traffic including secure sites, the “pace and style with which you enter information online,” scans the headers of your personal email, and can combine data into any intercepted traffic going to your computer.
So lets get this straight here. It sounds like there is a keylogger, a man-in-the-middle type attack to track your web usage, and an attack to change the information displayed on your screen or sent to servers. Holy crap, this has got to be the holy grail of spyware, or at least what most spyware hope to be one day.
“Thats ok” your saying “Sears has promissed me that they wont give this information to anyone! I am safe from worry.”... Riiiiiight. Again, I haven't confirmed this yet, but supposedly (with good evidence) this information is being sent to oss-content.securestudies.com. Umm, thats not Sears. In fact, that name is registered to comScore. “Whats comScore?” you ask? ComScore is a market research company! Whats that about all the fine print you read? No mention of comScore? Ouch, thats gotta hurt, but don't feel too bad, Sears lied to your face:
“The personal information that you give myshccommunity.com when you register as well as any personal information that you give during the completion of a communication is stored in a confidential database owned by myshccommunity.com and is never delivered to a client. myshccommunity.com never sells your personal information to any company for any reason.”
Now this next part I will never be able to verify. It has to do with how Sears changed it's terms of service document. I'll never be able to verify this because I won't be able to get my hands on the original copy to make a comparison. However, for the conspiracy theorists in the group I'll show you the allegations anyway. Original wording to the new and improved wording:
‘Once you install our application, it monitors all of the Internet behavior that occurs on the computer’
‘software application also tracks the pace and style with which you enter information online’
‘Our application may collect certain basic hardware, software, computer configuration and application usage information about the computer’
‘myshccommunity.com gathers information about its members to provide superior service, communicate offers on merchandise and services’
‘We use this information to customize your experience on our website and to provide you with the most relevant products and services.
‘we make commercially viable efforts to automatically filter confidential personally identifiable information such as UserID, password, credit card numbers, and account numbers’
Wow, the lawyers were working overtime on that one. So what can you do? Hopefully anti-virus software will eventually decide to treat this software as the illegal software it is. Until then, get rid of it any way you can. Nuke and pave if you have to. I know it's a pain in the rear but honestly, do you want Sears to know what type of porn you like, the password to your porn site, or the “pace and style with which you enter information online” while viewing your favorite porn site?...
- Who wants all your information? Sears does!