Slashdot Mirror
Market Research Company Secretly Installs Spyware
An anonymous reader writes "Forbes reports that two security experts are raising new questions about comScore, claiming that company's tracking software is being installed without consent on an unknown number of computers. The widely-used online research company takes screenshots of every Web page viewed by its 1 million participants, even transactions completed in secure sessions, like shopping or online checking. ComScore then aggregates the information into market analysis for its clients, which include such large companies as Ford Motor, Microsoft and The New York Times Co." From the article: "'[The] software is sneaking onto users' computers without the user agreeing to receive it,' says Harvard University researcher Ben Edelman, who documented at least ten unauthorized comScore downloads. Eric Howes, director of malware research at antivirus company Sunbelt Software, and his researchers separately observed hundreds of unauthorized comScore downloads in a three-month period this fall."
Is anyone going to do something about this?
Some justice,revenge,butt chewing,anything?
Do we write our congressman,DOS them or what?
all problems and no solutions.
It must be illegal on some level.
do we file a massive suit and each collect $5 or what?
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
the previous story mentioned social justice in the headline... social justice here would be to have CD copies of their malicious software being rammed up their backsides "without their consent" so to speak...
Why is the DOJ worried more about aunt Eunice downloading MP3s than they are about people who are maliciously causing harm?
sigh, I'll write but I wonder if my representatives will actually notice...
Support NYCountryLawyer RIAA vs People
Yawn? Don't plug into the net? What arrogant uncaring tripe. What kind of jackass gives that sort of a response? Oh, right, an OS snob. People have the right to privacy and surf the net unmolested, no matter the OS they use. ComScore trampled on that right and deserve to burn, so don't turn this around and blame the user.
Bearded Dragon
That's about as stupid as teaching abstinence only as the only way to fight STD's.
Interestingly, the advice given is almost the same too: don't plug in...
People are doing it and kids will do it, so instead of closing your eyes and yelling "don't do it", you should at least show them how to use protection first.
-- This sig for rent.
So what good is the Computer Fraud and Abuse Title Act 18 Section 1030 if the FBI will not enforce it?
Download their software onto a 'tame' computer, and use it to browse 'interesting' sites.
Who would have thought that people who regularly view Ford's web site also like Goats ?
OK, now you're just being silly.
Sure, abstinence is the only 100% effective way of preventing STD's, but teaching that and nothing else, is an extraordinarly dumb thing to do, because it goes against our natural instincts. We are born with the need for sex, and when it awakens it tends to go a little nuts. Abstinence only education can lead directly to teen pregnancies and the transmission of std's, because kids are not given an alternative method of protection, and in fact statistics show that it simply doesn't work in any way shape or form. Ignorance is not protection.
Your gun lesson analogy is a bad one. Firing guns is not a natural urge written into our genes.
ALL teens have sexual urges, but only a handful of nutcases have the urge to shoot their classmates.
Thus, your argument is a red herring.
That being said, it wouldn't hurt to have an alternative method of protection against guns, such as trigger-locks, and not rely solely on the "don't do it because I said so" method (which incidentally is the same one used in abstinence only education).
A more proper analogy would be:
You have a swimming pool in your back yard. You can tell your kids not to go in it all you want, but one day, when you're not looking, they will, and when that time comes, wouldn't it be safer if they've been taught how to swim?
-- This sig for rent.
Inviting the question, even if you trust them with your credit card numbers, and trust all their employees, do you want to bet that there won't be a security breach on one of their servers?
This is a serious limitation of SSL on commodity operating systems, by the way. IE's list of trusted root certificates is simply entries in the registry. Even if you're part of the infinitesimal fraction of users who knows what a CA cert is and where to look for them, how can you do a security review on all 39 of the root certificates that come with Firefox, or spot a new unwanted one? (One of those root certs is from AOL, by the way). If you trust the Mozilla foundation to audit the security and practices of each and every one, do you have the same trust in a proprietary browser's developers? Even assuming the developers make the decision instead of the marketers?
They commission third parties to do it. That's plausible deniability.
Enticing a third party to commit a crime should carry heavier penalties than doing the crime yourself. Especially when as in this case multiple third parties are enticed.
And comShare is receiving stolen property - property stolen only because they offered to buy it. But do we need new law in this area to properly jail these fuckers?
"with their freedom lost all virtue lose" - Milton
Real friends don't expect you to do work for them. If that offends them, good riddance.
Yes, but it's not my responsibility, nor is it a way I want to spend my free time. There are much more fun ways to strengthen friendships that don't involve one person doing work for free.
As far as I'm concerned, my help stops after I tell them to run Debian.
Maybe not
May contain traces of nut.
Made from the freshest electrons.
"Real friends don't expect you to do work for them. If that offends them, good riddance."
Hear, hear old chap!
It's about time we all stopped subsidizing Microsoft's insecure shitware. If everyone who had Windows had to pay GeekSquad's rates every time a computer died, there would be much more pressure on Microsoft to release something secure. But they don't, because they don't have to.
And seriously, it takes a good whole 12 hours of watching the cleaning software chew through all the data on drives these days and when you're done, you're still not sure you got everything.
Yet some "friends" want us to do it for free or for prices that wind up being about minimum wage when the billable hours are worked out. Sometimes that's ok. Some charity cases are OK in my book, but when the charity case comes back 6 months later with the same old "my computer is slow", one feels like a chump.
So now my line is "I'll do it for free if you let me put Linux on it."
Last Friday, a colleague asked me if his computer was infected because it was slow. I told him it was probably a couple of hundred infections (true). He was wondering if he should give it to me or GeekSquad. I told him GeekSquad will just format and reinstall. I did tell him that while he could pay me to do the same thing at a cheaper rate than GS, I would put Linux on it for free. He's thinking.
--
BMO