Sears Installs Spyware

Gandalf_the_Beardy writes in with news that's been around a while but is getting more attention lately. Last month Benjamin Googins, a security researcher at CA, determined that Sears Holding Corp. installed ComScore spyware without adequate disclosure. Sears said, yes we tell people about tracking their browsing. On Jan. 1 spyware researcher Ben Edelman weighed in, noting that Sears' notice occurs on page 10 of a 54-page privacy statement, and twits Sears because its installation identifies the software as "VoiceFive" and later claims it's coming from a company called "TMRG, Inc." even though a packet sniffer confirms the software belongs to ComScore, adding "These confusing name-changes fit the trend among spyware vendors."

Sears is evil.

[TheDarkener]

My dad worked for Sears as an appliance repair tech for 25+ years. The stories he's told me about their tracking their employees, their customer "service" practices, sales approaches, etc... is just plain wrong. He was constantly intimidated by "the boss" to perform better or he would be fired (even though he was the top performing tech in the area). It was nothing but stress for him and I wish he had never worked for them.

Now he works for a small appliance/TV repair shop, and he absolutely loves it. Just another reason to flip the bird to big corporations - they don't care about people, they care about money. The spyware installation on their own customers' computer systems is just one small example.

Re:Sears is evil.

[pilgrim23]

I also worked a time for Sears. I can confirm the above. Their motivational technique was equal part bombast and intimidation. Not a fun company to work and play with.

Re:Sears is evil.

[jcgf]

I once worked for Sears Canada in their Regina call center. Your dad was not exaggerating.

Re:Sears is evil.

[oahazmatt]

I worked for Sears for six days. I was in the electronics department, and didn't have a number so I couldn't ring up any sales myself.

Anyway, someone asked the manager for Sunday off, the manager said "sure, find someone to switch with you." The employee did one better and just switched his name on the board with someone else, without asking anyone.

So the person who has been switched realizes their now working six days in a row without being consulted, go to the manager, and the manager says "well so-and-so isn't working, so you need to find someone to cover." Somewhere I hear about this and mutter "isn't this the manager's job" and everyone just looks at me like I'm an idiot.

This snowballs. I show up, a trainee, during a heavily promoted sale, as the only "associate" (Can't I be a freakin' employee) working the electronics floor for four hours. I can't ring up sales. So I tell people the truth. I also tell them about other locations in the mall where they can find the product they're looking for. And you know what, about 30% came back to me later to buy the stuff when they knew I could ring up sales. One person even told the manager that I was the best employee he'd seen at that store and I bent over backwards to make him happy even if he didn't buy from me, and that if I wasn't there whenever he came in, he wouldn't buy from the store at all.

So now the manager was not happy with me because I made him and the other employees "look bad", to quote him.

I drove into work on that seventh day, and it was an absolute mad house. Big sale, horribly understocked (1 new computer, 3 floor models, about 25 people wanting them) and the manager starts telling me how he needs me on the floor.

So I look at the chaos that his scheduling and his lack of proper planning created, looked him in the eye, told him I quit, and walked out the door.

Shame I had to throw away that 3-cent commission on the big screen TV.

Re:Sears is evil.

[himurabattousai]

GP is not off-topic. The treatment a company gives its employees and the treatment a company gives its customers are often one and the same. After all, the employees are just an indirect revenue stream (by helping to separate the customer from his money). As far as the big mega-corp is concerned, money is king, and it will do whatever is necessary to milk their customers (and employees) for every cent of profit it can get. Things like good customer service only cut into that profit (in the mega-corp's mind), and the mega-corp would rather take the small chance that spyware would bring them more money than to have good customer service because the spyware costs less.

Of course, the obvious way to avoid problems like these is to not sign up for such things in the first place. How many people receive an actual benefit by signing up for this kind of service?? I'd bet the number is somewhere between zero and two.

Re:Sears is evil.

[lpangelrob]

I bought a vacuum from Sears. The thing is, they tend to be the exclusive seller of good to great products, as verified in Consumer Reports.

Will they push the extended warranty on you at the point of sale? Of course. So does just about everyone in a decently sized store.

If they didn't care about people as much as most Slashdotters think most corporations don't care about people, they wouldn't bother with the quality products. Of course, this doesn't absolve spying on their customers (time to turn of Javascript for them, eh? Thanks NoScript!).

Re:Sears is evil.

[pongo000]

I worked for Sears (retail) for about 4 years. I never experienced any of the issues related here, which just goes to show you that there are always both sides of the story.

In fact, the Sears I worked at (in Houston) went out of their way to accommodate us (most of us high school or college students at the time). The supervisors were, for the most part, reasonable to work with, and nobody put undue demands on us to perform. I wasn't commissioned sales, but I probably knew everybody in the store, and I don't recall anybody relating horror stories like those mentioned already.

I'm not saying the stories related here didn't happen...but let's be fair: Mod up four or five "negative" stories without counterbalance?

Oh, wait, this is /. What am I thinking...

Re:Sears is evil.

[TheDarkener]

Glad to see your response. You're right, there are always two sides to a story, and your post proves it.

Just so happens that you're the only one who's counter-balanced so far. That would lead me to believe that there are many more negative stories about Sears than not...until other people decide to speak up, of course.

Re:Sears is evil.

[phantomlord]

Back when I was a teenager, I went through management training for a chain restaurant with an Irish name.

One of the first things we learned is (a series of studies they did said) people are 10x more likely to be vocal about a negative experience than a positive one. I would imagine that's just as true on the employee perspective as it is the customer's side. People usually don't talk about how their boss pretty much met their expectations, just like they don't go around bragging that the toaster they got from Target seems ok. Once in a while, you'll hear about some great manager somewhere, but it's almost always in response to someone (or a bunch of people) talking about how much their management sucks

So, just because he's the only one with a positive story about working there doesn't mean that there aren't plenty of other people who had good experiences. It just means that people who had bad experiences are more likely to vocalize them.

Re:Sears is evil.

[thePowerOfGrayskull]

Quality products = better reputation = more customers = more profits. Even good customer service equates directly to more customers and more profits. It has nothing to do with caring about customers. I work for a large credit card company, that before it was bought out, had a horrible reputation and customers were leaving in droves. Then the first buyout occurred, and our call center advisors were told all about how they had to start being sympathetic to the customers and make good impressions. And lo! customers started coming back, once the customer service reputation improved.

While there are some /employees/ in the large corporations who actually care about the customers, the ones making the executive decisions literally care only insofar as it affects the bottom line. If it was more profitable to sell crappy products and give shit service, Sears would be first in line to start doing that.

Re:Sears is evil.

[poot_rootbeer]

So I look at the chaos that his scheduling and his lack of proper planning created, looked him in the eye, told him I quit, and walked out the door.

BIG mistake.

What you should have done is tell him you quit, and then stick around to observe the carnage until asked to leave.

Re:Sears is evil.

[plover]

I've bought six Kenmore appliances from Sears over the past couple of years. No problems, and apart from one overly aggressive salesman, no hassles. And when the refrigerator they delivered didn't fit our space (the left door wouldn't open in the recessed spot in which we had placed it) they politely and quickly exchanged it for a single-door model, giving us full credit for the exchange. Their delivery and installation crews showed up when they said they would. And the appliances work as advertised.

On top of that, most of the appliances we replaced were 20 year old "entry level" (a.k.a. cheapest) Sears appliances that were still 95% functional. Only a few small things had broken, such as the clock/timer on the oven, and we rationalized that into an excuse to modernize our kitchen and laundry. We felt we received good value from our original investments in them, and we have had no problems with the new appliances.

I also have had very good luck with a large number of Craftsman hand tools. And their service on my gas powered string trimmer was prompt and completed without problems.

My wife also likes the convenience of being able to return online orders of Land's End products at the local Sears store.

From a satisfied customer perspective I have no complaints about Sears. And if they are treating their employees unfairly, they have hidden it from me very well.

What is Sears Looking For?

[JohnAllison]

Granted, I fall into the crowd of Spy Ware is evil, but I really want to know what Sears's plan was for the data they were monitoring.

I would love to meet the decision maker that believes this is morally permissive act that can be "contracted" through an EULA.

Re:What is Sears Looking For?

[viking099]

Sears and Kmart are suffering heavily from their competitors like Wal-Mart, Target, Home Depot, and Lowes. They need to find new revenue streams, and this is probably some marketing tech-savvy manager's way of doing that.

They link up with a spyware company, get people to sign up for a community or whatever, then rake in the user data that is generated from their browsing. There may or may not be any specific danger to an individual user, and most of the gathered data is probably used in an aggregate sense, but the problem lies in the fact that no one knows what's there, how it's gathered, coded, or stored, and how secure it is.

I wonder if a SHC Community member has their identity stolen because of weak software programming on the spyware company if that company can be held liable, or if there's a clause in there that absolves them of any real responsibility regarding the security of the data being collected.

Re:What is Sears Looking For?

[gstoddart]

I would love to meet the decision maker that believes this is morally permissive act that can be "contracted" through an EULA.

Surely, you're kidding right?

Large companies operate on what is legally permissible. If current case law says you can legally put any bullshit into an EULA and have it be valid, that's the bar.

They don't give a flying crap about morally OK -- it's irrelevant.

Companies are impersonal entities, managed by people with a profit motive to maximize their bonuses by doing what they can do to maximize shareholder value in the short term. Morality doesn't apply if the lawyers tell them it was legal.

Cheers

Re:What is Sears Looking For?

[rah1420]

IDK about identity theft, but you should read the comment that "heather" left on the CA blog about "managemyhome.com," another Sears web site. Apparently all you need is a name, address, and phone number and you can log on as that person and view purchase history from Sears for, what I would surmise, is the big ticket items like refrigideezers and washers.

Now that's almost criminal.

Re:What is Sears Looking For?

[radish]

That's actually not universally true. I've sat in a lot of meetings with very senior, very well paid people (and their associated lawyers) and have heard them literally say "we wouldn't be breaking the law, but it wouldn't look good in the press". Many companies value their image and reputation extremely highly and doing something which leads to the company being embarassed, even if it's 100% legal, would be a firing offence.

Re:What is Sears Looking For?

[Trails]

Actually, it's much more nepostistic and unsettling than that. The company who provides the tracking software, called comScore, is not new to spyware. http://www.benedelman.org/news/062907-1.html

The Sears VP responsible for this is a former VP of comScore. http://community.ca.com/blogs/securityadvisor/archive/2008/01/02/2nd-response-to-rob-harles-vp-of-sears-shc-community.aspx (last paragraph of the post).

Somethin' sure does smell funny round bouts here.

Screwed Up

[coop247]

In my opinion this is worse than the "communities" some e-com sites have you join that secretly charge your card $2 a month, at least that you see on your CC statement. Also, does it put anything visible in your Programs folder or does this program show up in Add/Remove Programs?

Re:Screwed Up

[halcyon1234]

In my opinion this is worse than the "communities" some e-com sites have you join that secretly charge your card $2 a month, at least that you see on your CC statement.

Those "communities", my friend, are called "porn websites"

This is Sear's Privacy Statement

[Bryansix]

Not only will we track where you browse on our website which has legitimate marketing value for us; we will also break into your computer without your knowledge and track every other website you visit. You are not safe within your own home.... muahahahah.... I mean we do this to PROTECT your privacy. We will not give out this information unless we get your consent or we get a good enough offer for the data. Anything over one cent per one thousand records consitutes a good offer. We do not disclose offers for data purchase so pretty much you have to assume we are giving your browsing habit data away. We also do this to PROTECT your privacy. Thank you for choosing Sears.

Re:This is Sear's Privacy Statement

[tyraen]

That was too long for me to read so I just clicked past it.

What a deal!

[charlesbakerharris]

This is the least expensive install Sears has ever done for me!

Cue Sony Parallels

[WizMaster]

What does SEARS need with this info? Honestly, this just smells bad. I won't call them evil just yet but this is pretty serious from a privacy POV.

Also, isn't it about time we push for a law that makes these privacy agreements shorter and in english (not legalese). One thing I like about CC is that they have a layman's terms version of all their licenses as well as the legalese ones. Not only would people be more likely to read them but it makes it hard for companies to bury important info several pages deep.

I realize that the layman's version would be long as heck but it's better then nothing (and people would STILL be more likely to read it since they can understand it without thinking to hard).

Part of a general trend: consumer as commodity

[tbg58]

This is a fairly obvious example of what has happened to the concept of "the customer" in the retail space. The old principle of serving the customer still applies, but the identification of the customer has changed. The customers of K-Mart Sears are no longer the people buying products in stores and use the Sears website; the new customer is the stockholder. The people who buy products and use the website are just commodities to be traded like anything else.

Installing spyware on website users? Why not, if the website users are just inventory to be controlled and traded.

This is true not only in retail, but in IT. Do you think the people who actually buy, say, operating systems, are the customers of the software companies that make them? Think again. Their customers are their stockholders too. The purchaser is just a commodity. Maybe companies which commoditize consumers need a wake-up call to remind them that consumers are still the real customers. A PR mess like this sends a bit of a reminder, but the only message that really hits home is one that impacts the EPS.

Re:Part of a general trend: consumer as commodity

[i.r.id10t]

The customers of K-Mart Sears are no longer the people buying products in stores and use the Sears website; the new customer is the stockholder.

This is true of any publicly traded company. How or what that company does to produce max profits for its shareholders is a different matter...

I Didn't Know Anybody Still Shopped at Sears

[Zordak]

Wow! I'm so FLAMING HOT MAD about this, that I would boycott Sears if not for the fact that I never shop there anyway. Are you with me people?! MAKE YOUR VOICES HEARD! Punish Sears by refusing to purchase from them the things you already don't purchase from them!

Re:I Didn't Know Anybody Still Shopped at Sears

[$RANDOMLUSER]

If you're buying screwdrivers and wrenches and pliers anywhere else, then you're going to the wrong place. You can take a 25 year-old pair of (Craftsman) pliers back to Sears and go "I broke it" and they'll give you a new one.

Re:I Didn't Know Anybody Still Shopped at Sears

[Joe+Jay+Bee]

Or, to quote Dilbert, "Why trade perfectly good money for something that does the same thing only less well?"

New FTC rules should state . . .

[DodgeRules]

... that all company officers and directors MUST have installed on every work and home computer the same software that they are installing on everyone else's computers. I'll bet money that none of them have installed this onto their own computers.

Tell StopBadware.org

[Animats]

StopBadware should hear about this. It's exactly the sort of thing that gets a company a big red X on the StopBadware site. Plus some really bad publicity.

StopBadware is sponsored by Harvard Law School, Oxford University, and Consumers' Union. There's heavy legal firepower available if needed.

Re:Plain English

[LordKazan]

the problem with that is that plain simple language is also immensely inprecise.

Re:Surprised that Sears is still in business?

[BigHungryJoe]

If Sears goes out of business do my Craftsman tools still have a lifetime warranty? Who will honor that warranty?

I'll be goddamned if I'm going to buy TWO hammers during this lifetime.

Re:Plain English

[viking099]

It depends on what your definition of the word "is" is.

Nobody checked his resume?

[RobertB-DC]

There's a telling fact in the "2nd Response to Rob Harles, VP of Sears' SHC Community"

Finally, while we can't draw any conclusions from this, an old comScore press release shows that before becoming VP in charge of Sears' tracking program, Rob [Harles] was the senior vice president for comScore - the creator of the Sears spyware and the registrants of the domains to which the Sears spyware data is sent.

CA's Benjamin Googins is being diplomatic, of course. If the guy in charge of the "community" was previously a senior VP at the spyware company, then he clearly has a vested interest in the continued success of comScore.

If this were happening in a government agency, there would rightly be cries of conflict of interest. So much for the "perfection" of the free market over the ebil gubbermint...

FWIW, I haven't stepped foot in a Sears in about 5 years, when I needed a spark plug socket, and I can't recall my last purchase before that. And I've rarely been in a K-Mart since they closed most of their Texas stores -- the ones in other states still suck just as hard as they did before the buyout, but it's hard to compare one strong vacuum against another.

Re:Part of a general trend: consumer as commodity

[GreyWolf3000]

You're like...completely right (in my opinion).

To expand on the economic side a bit, the stock holders own shares of publicly traded companies because they believe those companies will earn profit and grow in the future. Investment is a beautiful but risky thing. A company that no longer maintains the ability to expand and sell more widgets/services will not realize the growth needed to bring a return on the investments. That means a company like Sears always needs to expand and sell more and more stuff in order to compensate for the "interest" that must be paid out to the investors. Basically, investors will pull out if a company can't realize a certain growth in share value, so the company must grow. Hence, it is reasonable for the company to try and push spyware on to products they sell, because it opens them up to a new customer base--advertising companies willing to pay to gain access to marketing information people's computers. Companies who's cash is 'borrowed' from investors will always face this problem. They can't afford not to grow.

Do I lay blame to these "evil" companies for trying to screw over the consumer? Some of it is their fault, but I tend to also (read: not entirely) lay blame the consumer for making spam, spyware, rootkits, etc. profitable. Just as companies have an ethical code we more or less hold them to, consumers also must take responsibility and understand that their choices also effect change in the marketplace.

I really like supporting companies like Google and Whole Foods whose management teams profess to see value in giving back to the community. I also respect individuals who understand that the only way large, evil companies can seem to rule the world is if the majority of a society tolerate them. And if the majority of the society is not willing to tolerate these companies, then they won't buy the crapware filled computers, and no laws are needed. If the majority of the society is willing to tolerate these companies, than "Democracy" has failed.

Basically, I find that a society that needs huge amounts of laws above and beyond basic things like anti-trust in order to keep corporations in check will end up having a bunch of citizens who can't make responsible decisions for themselves. That means that such a society cannot support a democracy. Scary thought to me.

Things to know about Sears

[wytcld]

First off, Sears isn't Sears anymore. Sears was bought by Kmart after Kmart was bought by what became Sears Holdings, which is controlled by hedge fund manager Eddie Lampert, who apparently is incompetent:

In the period ended November 3, the company earned a sickening $2 million (1 cent per share). That's far below the $196 million ($1.27 per share) it earned in the same period last year. It's also 49 cents below what analysts had been expecting.

That's right, under his management profits went down over 99%. I've been to his stores, and the merchandising is awful. There's certain stuff I'd rather buy from Sears and/or Kmart than Wal-Mart, Home Depot or whoever, but the stocking and selection is so haphazard now that, except for the Sears appliances, the only thing you can count on finding is bizarre junk on sale.

And now with this story, maybe it's time to stop even trying. (I had a minor loyalty to Kmart because I'm originally from their part of the country; and to Sears because the Craftsman guarantee policy is good.)

Re:What are you people thinking?

[geekoid]

a 54-page privacy document is unreasonable. To say 'don't install the software' isn't practical.

Sears is a trusted brand. They are using the trust to abuse consumers.

Re:Reminds me of Radio Shack

[Intron]

Give them 703-482-0623. It's the main switchboard at the CIA.

Sears: The Scam Business

[bradgoodman]

Sears is often described as "A finance company with a retail arm". Though that concept doesn't really apply here, it draws a parallel.

Without going into gruesome detail, I believe Sears is in "The Scam Business". I know, I know - such a large, public (?) company wouldn't pull such shenenagans on such an ongoing basis, would they?

One day I found that may Sears card, which hadn't been used in years was getting charges on it for some "Sears Health Care" insurance plan I never signed up for. Upon calling "Sears" to debate the charge, they refused to remove it from my bill, and I was livid. They told me to "Call the vendor, and debate it with them".

"What?! This is not a regular "Credit-Card", it's my Sears card, you are the vendor." Much to my surprise, despite the recordings that identified themselves as "Sears" when I answered the phone - the people on the phone told me that they were "CitiBank", not "Sears". "Okay" - I thought - so CitiBank bought the credit cards from Sears? This is sort of okay - but I've never heard of a credit card refusing to remove a fraudulent charge. Not only did they do this, but they went as far as to tell me that if "the vendor" did not volintarily remove the charge, I had no recourse.

No...this is too unbelieveable - CitiBank, too? Surely I must be completely confused.

So I reluctantly took the number that CitiBank gave me for "The Vendor", which was something like "Sears Home Health Care" or something and called them. When they guy answered the phone, I immediately demanded to speak to a supervisor and gave no other information. After he reluctantly put me through to a super, the super immediatley came on and agreed to remove the charge and "cancel" the "Health Plan".

Wow - that's interesting - because I never even told him (or anyone) why I was calling, but he knew/assumed this was the case! Are all their calls like this??

I was so blown away by this, I did a little research on the web. It turns out, Sears, and "Sears Home Health" - or whatever, had already settled a class-action lawsuit with the state of California for this type of deal, and had one in the works with Florida. On looking at a few sites on Business scams, on the popup "short-list" of buisinesses they list, both "Sears" and "Sears [whaatever] Health" were always listed!

I refuse to shop at or buy anything from Sears, and enter only to use their bathroom. You probably don't believe my story, or the level of "conspiracy" involved, as I hardly do myself.

My point of this post, is in-fact in response to the original topic: Do you think that a large, public company like Sears risk penalties, suits and their reputation, and would deal in these little petty shenanigans to try to make an extra buck?

Yes, they damn well, would.