Slashdot Mirror

← Back to Stories (view on slashdot.org)

Market Research Company Secretly Installs Spyware

Posted by Zonk on from the you-wanted-to-participate-anyway dept.

An anonymous reader writes "Forbes reports that two security experts are raising new questions about comScore, claiming that company's tracking software is being installed without consent on an unknown number of computers. The widely-used online research company takes screenshots of every Web page viewed by its 1 million participants, even transactions completed in secure sessions, like shopping or online checking. ComScore then aggregates the information into market analysis for its clients, which include such large companies as Ford Motor, Microsoft and The New York Times Co." From the article: "'[The] software is sneaking onto users' computers without the user agreeing to receive it,' says Harvard University researcher Ben Edelman, who documented at least ten unauthorized comScore downloads. Eric Howes, director of malware research at antivirus company Sunbelt Software, and his researchers separately observed hundreds of unauthorized comScore downloads in a three-month period this fall."

7 of 206 comments (clear)

  1. Win-win-win solution by straponego · · Score: 5, Funny
    I think everyone who isn't a total scumbag agrees that spammers and spyware makers are evil and a drain on society. Furthermore, in terms of lifetimes wasted, they time they cost us surely adds up to many times the lives we've lost due to terrorism. I have the answer, one which will heal the political rift in the US as a side effect.

    First, we have the NSA, DHS, et al target their illegal wiretapping programs at spammers and spyware makers. They've got the infrastructure to track these people down, and this is a justification for the programs everybody can get behind.

    Second, when a spammer is caught, we ship them down to Gitmo. It doesn't matter, in this case, whether torture is an effective means of getting information. We don't need information from them, we just want them out of circulation. We can hope that it would be a deterrent, but really they'll be getting it for the simple reason that they deserve it. Republican/Christians get to torture and sodomize to their shrivelled little hearts' content, and we don't have to worry about damaging our reputation in the world community. Everybody's happy!

    Gentlemen, there is no way that we can lose on this one!

  2. Intercepts https:// by interiot · · Score: 5, Interesting

    The thing that really gets me is that their monitoring software installs a root certificate in the user's browser so that they can do a "man in the middle" attack to https:/// connections at their proxy servers. In many cases, comScore gets permission from end users to do this, but I don't think many users really realize how much information they're exposing by doing this. Most obvious is bank passwords, etc, but comScore says they don't monitor those. comScore DOES however say that they verify their user's name, address, income, etc., which I'd imagine most users wouldn't actually agree to if they were fully informed.

  3. this is what they should do! by ILuvRamen · · Score: 5, Interesting

    why the hell don't the cops show up at the company's door, break it down, and arrest everyone responsible and make sure CNN news crews are there to record it and make a story out of it. Then maybe these stupid, evil marketing people will stop thinking they can get away with it! It's called illegal for a reason. If they can arrest a guy for putting a distributed processing screensaver on school computers, they can arrest marketing execs!

    --
    Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
  4. Re:Yawn... by Harmonious+Botch · · Score: 5, Funny

    But most Windows users are as interested in secure computers as teenagers are in condoms.

  5. They have to! Think of the poor marketers! by orkysoft · · Score: 5, Funny

    They have to install it on the computers of people who don't agree to it, because if they only monitored people who agreed to it, it would skew their results, because they'd be using self-selected samples! Think of the marketers!

    --

    I suffer from attention surplus disorder.
  6. Re:Screenshots? by interiot · · Score: 5, Informative

    From TFA:

    While ordinarily an HTTPS connection would simply pass through a proxy securely, in this case MarketScore also installs a new root certificate in your browser so that it can decrypt all intercepted SSL connections (a "man-in-the-middle" attack) without triggering a security warning from the browser. In normal operation, browsers would complain if a site certificate doesn't match the domain of the URL, but the new root certificate tells the browser to trust ComScore's site certificate for any URL.
  7. Client List by phantomcircuit · · Score: 5, Informative
    Corporations supporting comScore's actions
    • AOL
    • Best Buy
    • Borders
    • CareerBuilder.com
    • Clear Channel Communications
    • Columbia House
    • Digitas
    • Discover Financial Services
    • Eli Lilly and Company
    • Expedia
    • ESPN
    • Ford Motor Company
    • General Mills
    • Google
    • HP Home & Home Office Store
    • Hyatt Corporation
    • Interpublic Group
    • iVillage
    • Johnson and Johnson
    • Knight Ridder Digital
    • Mattel
    • Medscape (Web MD)
    • Mercado Libre
    • Microsoft
    • Monster Worldwide
    • NASDAQ
    • NAVTEQ
    • Nestlé USA
    • The Newspaper Association of America
    • New York Times Digital
    • Office Depot
    • OMD Digital
    • Orbitz
    • Pepsi
    • Procter and Gamble
    • Starcom IP
    • Terra Networks
    • Ticketmaster, LLC
    • T-Mobile
    • Tribune Interactive
    • Verizon
    • Viacom International
    • Washington Mutual
    • Yahoo!
    Retrieved from http://www.comscore.com/about/clients.asp