Slashdot Mirror

← Back to Stories (view on slashdot.org)

Market Research Company Secretly Installs Spyware

Posted by Zonk on from the you-wanted-to-participate-anyway dept.

An anonymous reader writes "Forbes reports that two security experts are raising new questions about comScore, claiming that company's tracking software is being installed without consent on an unknown number of computers. The widely-used online research company takes screenshots of every Web page viewed by its 1 million participants, even transactions completed in secure sessions, like shopping or online checking. ComScore then aggregates the information into market analysis for its clients, which include such large companies as Ford Motor, Microsoft and The New York Times Co." From the article: "'[The] software is sneaking onto users' computers without the user agreeing to receive it,' says Harvard University researcher Ben Edelman, who documented at least ten unauthorized comScore downloads. Eric Howes, director of malware research at antivirus company Sunbelt Software, and his researchers separately observed hundreds of unauthorized comScore downloads in a three-month period this fall."

4 of 206 comments (clear)

  1. Well? by flyneye · · Score: 4, Insightful

    Is anyone going to do something about this?
    Some justice,revenge,butt chewing,anything?
    Do we write our congressman,DOS them or what?
    all problems and no solutions.
    It must be illegal on some level.
    do we file a massive suit and each collect $5 or what?

    --
    *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  2. Re:Yawn... by Temsi · · Score: 4, Insightful

    That's about as stupid as teaching abstinence only as the only way to fight STD's.

    Interestingly, the advice given is almost the same too: don't plug in...

    People are doing it and kids will do it, so instead of closing your eyes and yelling "don't do it", you should at least show them how to use protection first.

    --
    -- This sig for rent.
  3. So what good is a unenforced law? by canuck57 · · Score: 4, Insightful

    So what good is the Computer Fraud and Abuse Title Act 18 Section 1030 if the FBI will not enforce it?

  4. Re:Intercepts https:// by Beryllium+Sphere(tm) · · Score: 4, Insightful

    Inviting the question, even if you trust them with your credit card numbers, and trust all their employees, do you want to bet that there won't be a security breach on one of their servers?

    This is a serious limitation of SSL on commodity operating systems, by the way. IE's list of trusted root certificates is simply entries in the registry. Even if you're part of the infinitesimal fraction of users who knows what a CA cert is and where to look for them, how can you do a security review on all 39 of the root certificates that come with Firefox, or spot a new unwanted one? (One of those root certs is from AOL, by the way). If you trust the Mozilla foundation to audit the security and practices of each and every one, do you have the same trust in a proprietary browser's developers? Even assuming the developers make the decision instead of the marketers?