Join 3,514 readers in helping fund MetaFilter (Hide)


Sears Wants To Hack Your Computer
January 3, 2008 6:52 PM   Subscribe

Online communities to become more 'all-encompassing.' If you join the SHC community on Sears.com, all web traffic to and from your computer thereafter will be copied and sent to a third party marketing research firm - including, for example, your secure sessions with your bank! The Sears.com proxy will send your logins and passwords along with a cleartext copy of all the supposedly secure data. But wait, it gets better: you can only view the true TOS once the proxy has already been installed.

Hey Matt, you're lagging behind - this is the future of online community-building! [Via.]
posted by ikkyu2 (70 comments total) 8 users marked this as a favorite

 
I think Sears must have hacked my computer already from the future! Because THEY DON'T WANT US TO KNWO THE TRUTH. So they have altered the way your first link appears on my internet! So it looks like unrelated sports. I think they are in league with teh Google please remove them all from my intent.
posted by freebird at 6:59 PM on January 3, 2008


I was just about to ask. Wrong link get pasted in, ikkyu2? This Sears thing sounds really interesting, and I'd love to read about it.
posted by EatTheWeak at 6:59 PM on January 3, 2008


Here's the link.
posted by Pants! at 7:02 PM on January 3, 2008


Bruce Schneier on the matter.
posted by ardgedee at 7:03 PM on January 3, 2008


This is even worse than the Sony CD DRM fiasco.
posted by Steven C. Den Beste at 7:10 PM on January 3, 2008


Jesus Christ, Sears!
posted by danb at 7:10 PM on January 3, 2008


The most awesome thing about this is the (broken) Netscape Now! link on their 'your OS is not supported' page.
posted by bbuda at 7:15 PM on January 3, 2008 [1 favorite]


In what way is this different than the google or yahoo toolbars that also record everything you do and phone home?
posted by Pastabagel at 7:18 PM on January 3, 2008


Come see the darker side of Sears.
posted by never used baby shoes at 7:20 PM on January 3, 2008 [8 favorites]


In what way is this different than the google or yahoo toolbars that also record everything you do and phone home?[citation needed]
posted by MikeKD at 7:25 PM on January 3, 2008 [3 favorites]


I'd like to know the most recent visit to Sears of everyone here. It's been over 7 years since I've been to a sears (The mission of the visit was to acquire a suit for what turned out to be quite an awkward prom). Oh, prom. Highschool. Sears. They've restorting to trying to steal my internet infos. Highschool. Wait..

/* premature:

Obama for the Iowa win!

*/
posted by localhuman at 7:31 PM on January 3, 2008


This thread is useless without the cell number, SSN, home address, and boat landing of every suit on top of the food chain at Sears, the sniveling crop of MBAs that greenlighted this project, and the assholes who agreed to code and host it. Also: David Cross.
posted by hal9k at 7:42 PM on January 3, 2008 [2 favorites]


This would be so illegal where I live that we would end up with all the details of every suit etc.

I guess we're not the land of the free...
posted by pompomtom at 7:54 PM on January 3, 2008


sears is a poorly run company. it went from retail colossus to irrelevancy in my lifetime because it doesn't know how to sell merchandise. i remember as a kid in the sears in santa monica, my dad would have to holler at huddling salesdroids "would someone come over here and sell me something already?" two years ago i got a new washer, dryer and refrigerator, the two options in coos bay were sears and farr's true value. the sears manager told me there was also a delivery charge of $50/unit, but that she would give me coupons to mail in to get this money rebated in 6-8 weeks. i told her no, she could knock the money off at the register, then mail in the forms herself and wait 6-8 weeks, when she said she lacked the authority to do that, i sternly intoned to her over the phone "your store sucks donkey poo!"
posted by bruce at 8:02 PM on January 3, 2008 [1 favorite]


If you hit port 80 on the domain it's talking to, you get redirected to — I wish I were making this up — permissionresearch.com:
In exchange for having their Internet browsing and purchasing activity monitored, members have access to free software downloads and a variety of other benefits.
Install our spyware, and get our spyware — free!

I wonder if Dan Kaminsky (aka effugas) still has that list of nameservers with externally-testable caches?
posted by enn at 8:04 PM on January 3, 2008 [1 favorite]


You Can Count On Sears to Know It All!

Sears: Knows What You''ve Been Up To. Where Else?

Good Life. Great Price. Thanks for The Info.

Sears: Where It Begins and Your Privacy Ends.*
posted by ericb at 8:05 PM on January 3, 2008


Christ what assholes. What were they thinking? That no one would notice? No one would care? This is going to get picked up by the media and bandied about for days. You can't buy this kind of publicity.
posted by LarryC at 8:13 PM on January 3, 2008


let's see, what is Sears good for? The last time I bought something from Sears that wasn't tools, with cash (in the billiard room, with the candlestick) was some towels to wax my freshly-painted '70 impala. That would make it...1997.
posted by notsnot at 8:16 PM on January 3, 2008


Holy shit. Bring on the legal carpetbombing. My fondest hope for the outcome of this is that Sears and the marketing companies are smoking ruins littered with the barbequed testicles of the shitheels who thought this one up -- a permanent disincentive to the rest.

That said, let's face it, this kind of thing is the future for all of us, unless we educate ourselves and go digi-Rambo on those fuckers.
posted by stavrosthewonderchicken at 8:18 PM on January 3, 2008 [1 favorite]


The sears.com online community? WTF?
posted by ph00dz at 8:27 PM on January 3, 2008 [1 favorite]


I was headed to Sears tomorrow to replace our broken dryer. Guess they just lost that sale.
posted by tula at 8:27 PM on January 3, 2008


Sears is so hosed. This is a public relations nightmare. It is getting a lot of play on the internets today, but once the media really catches on this will be bad.

As for all the snide remarks about Sears as a store, they are good for quality appliances at good prices, Craftsmen tools with iron clad lifetime warranties, cheaper prices than you would think on many electronics and a handful of other surprising bargains. I am no big fan, especially of their upper management (they could have been a contender) but just because they are old school does not mean they can't compete.
posted by caddis at 8:33 PM on January 3, 2008


Last time I was in Sears I got a fucking car battery that lasted about a third of an upstate New York winter, needless to say I haven't been exactly tumescent to join their online community. I had it in for them since that quitter battery, you see. Point being, any place that sells you such a shitass battery can't have any kind of a good web forum, stands to reason. I say fuck them for that battery and anything that came after it is just icing on the cake.
posted by Divine_Wino at 8:53 PM on January 3, 2008


just because they are old school does not mean they can't compete.

No, the fact that they're managed even worse than Givewell means they can't compete
posted by Mick at 8:54 PM on January 3, 2008


Wow, this is worse. These people are dangerous idiots. Buying stuff at Sears (online or off) is fucking nuts.
posted by swell at 8:56 PM on January 3, 2008 [2 favorites]


Oh my god. What if you live in a Sears house?! What then?
posted by dhartung at 9:06 PM on January 3, 2008


Holy shit, swell. That's one hell of a security issue!
posted by ryanrs at 9:22 PM on January 3, 2008 [1 favorite]


Huh. Can't wait to learn what having a Sears credit card means for your privacy.

I haven't paid by Sears card in years, and I guess cash will remain the mainstay if I need tools.
posted by maxwelton at 9:24 PM on January 3, 2008


The last thing I got at sears was a tire. It was nice to have a place in town that could change tires and was open past 6 pm. Was, because the store closed a couple months ago.

Talk about not getting it. Man, sears could have been Amazon.com easily.

Oh well.
posted by delmoi at 9:53 PM on January 3, 2008


I used to work for Sears. Based on what I experienced as an electronics salesman for them, this abuse doesn't surprise me in the slightest.

Two things:

1) Maintenance agreements: When you purchase something from Sears for $100+, the salesman will invariably offer you a 'maintenance agreement.' Know why? Because they drug us in every fucking Saturday morning for a meeting wherein we were hassled to sell more maintenance agreements. And the commissions we were awarded for selling them were a good 50% more lucrative for the salesman than the actual product. Looking at it through the lens of their business model, it makes total sense. These 'agreements' were essentially extended warranties, with Sears' responsibility so carefully defined that we could disavow our culpability in almost any situation. There were various levels of 'service' available, but every one of them added up to screwing the customer, no matter what trouble their product developed. It seemed that at least five planets had to be in perfect alignment before we'd send out a technician.

In short, the sale of a maintenance agreement added up to 100% profit for Sears. After purchasing a product, the sale of a maintenance agreement effectively meant a 'tip' for Sears and the salesman. When my maintenance agreement sales lagged, my manager told me that id Sears only sold products, they'd go out of business. I wound up quitting because a Saturday came where I was unwilling to get out of bed and overcome my hangover just to hear how I wasn't ripping enough people off. Instead of putting in notice, I hit my snooze button.

2) Credit Card sales: We would often advertise sales wherein the customer would enjoy a 10% discount on any purchase made on their Sears card. And this discount was valid even if the Sears card in question was approved that very day -- customers flipped out about it, and made major purchases at absurd speeds. The 10% discount was a pittance to Sears, since the base interest rate on our credit accounts was 19%. After one month, the 'loss' was recouped. After two months, the interest was making a profit for the firm. Some of my richest days of sales happened during these Sears Card 'events.'

Despite these maneuvers, Sears has been bleeding capital for years. I would bet a pretty penny that the internet traffic data they collect goes to a third party because they make a shitton of cash for selling off that tracking data.

Moral of the story? Don't shop at Sears.
posted by EatTheWeak at 9:56 PM on January 3, 2008 [3 favorites]


Man this is even more insane, swell linked to it earlier but wtf. This isn't even opt in, apparently Sears has opened up it's entire database of all your purchases going back to '89 with so little security that anyone can pull up details on anyone else (apparently with just knowing a name and address)

Is Holden Karnofsky in charge over there? What's the deal?
posted by delmoi at 9:59 PM on January 3, 2008


*facepalm*

I really used to like Sears. Maybe it's just good luck, but I've never had a truly bad experience there. Yeah, it's not exactly a high-class place in most respects, but it's decent -- sort of the white bread of retail. Maybe it's because I remember going there or ordering out of the catalog so much when I was growing up.

It's been painful to watch them hit rock bottom, and with this, they're seriously starting to dig. First was when they miscalculated the whole retail vs. online/catalog-shopping and threw away their catalog division and all the backend fulfillment infrastructure in order to build more crappy mall stores. I mean, they got rid of the only thing they knew how to do well, right before it would have positioned them to become the dominant Internet retailer, if they'd played their cards right.

And now, as if to reinforce that they have absolutely no fucking clue whatsoever, they decide to outdo Sony in corporate-internet-creepydom, just as the American public is waking up to online-privacy and data-security issues. Nice.
posted by Kadin2048 at 10:14 PM on January 3, 2008


The 10% discount was a pittance to Sears, since the base interest rate on our credit accounts was 19%.

Not when one waits for the 0% financing offer. Paid off a dishwasher, washer, dryer set of high quality over two years painlessly. Never used it since, but for a one-time special, it sure worked for me.

But that's Sears Canada. Maybe they play a different game up here.
posted by five fresh fish at 10:18 PM on January 3, 2008


five fresh fish - almost certainly. I can't recall a single %0 percent sale during my tenure.
posted by EatTheWeak at 10:24 PM on January 3, 2008


Mitch, do you like submarine sandwiches?
posted by ORthey at 10:57 PM on January 3, 2008


Guess I won't be able to hide the fact that I have a Sears vacuum anymore. And lucky for me that I didn't buy, oh, say, a big flat screen TV or something.
posted by TeatimeGrommit at 11:00 PM on January 3, 2008


Unbelievably sleazy. Harvard Business School prof Ben Edelman explains why this violates FTC rules, and notes comScore has gotten in trouble for this before:

Why so many problems for ComScore? The basic challenge is that users don't want ComScore software. ComScore offers users nothing sufficiently valuable to compensate them for the serious privacy invasion ComScore's software entails. There's no good reason why users should share information about their browsing, purchasing, and other online activities. So time and time again, ComScore and its partners resort to trickery (or worse) to get their software onto users' PCs.

Don't miss this part:

...an old comScore press release shows that before becoming VP in charge of Sears' tracking program, Rob was the senior vice president for comScore - the creator of the Sears spyware and the registrants of the domains to which the Sears spyware data is sent.

The guy who's VP of the Sears SHC community used to be a senior VP for the spyware company Sears is busy giving all kinds of customer data to. Quelle surprise.
posted by mediareport at 11:41 PM on January 3, 2008 [2 favorites]


Huh. Apparently my mom bought a CD player from Sears in 1997. Who knew?
posted by OverlappingElvis at 12:14 AM on January 4, 2008


Hell, I was just at Sears for the first time in a while hoping against hope they had a red DS Lite - good thing they (and the ENTIRE WORLD INCLUDING AMAZON) are all sold out, or I would have accidentally supported a bunch of sleazebags - silver lining I guess....
posted by thedaniel at 12:18 AM on January 4, 2008


This morning there were at least 4 red DS Lites in the local GameStop.

I have made it a personal policy to NEVER accept any kind of store card, service agreement, extended warranties, etc. This means that I often have to hang up the phone, or just turn around walk mid-pitch. I am a rude asshole, but with his privacy.

Sears are one of the worst offenders, in 2003 I tried to buy a dryer from them. We had already exchanged the money, and the salesman WOULD NOT close the sale if I did not get a service agreement or store card. 10 minutes and I grabbed the cash, turned around and walked out. He called security.

So yeah, fuck Sears.

BTW, this was a Sears in Mexico.
posted by Dr. Curare at 1:34 AM on January 4, 2008


This will not GiveWell.
posted by Rumple at 2:08 AM on January 4, 2008 [2 favorites]


I bought a pair of dress slacks from Sears last fall. While I was there, I noted how empty the store looked compared to JCPenney and the other two anchors at the mall. And I got turned down for a store charge card even though I'd gotten them from several other clothing chains.
posted by pax digita at 3:08 AM on January 4, 2008


Crap. I always believed their tools were among the best you could get for the price, and easier to get since Sears kept more convenient hours than specialty shops.

But I suppose if you cared, you could have found out what I thought on your own time.
posted by ardgedee at 3:20 AM on January 4, 2008


I have a red ds lite. Are they really in demand?
posted by bashos_frog at 3:48 AM on January 4, 2008


I'd like to know the most recent visit to Sears of everyone here. It's been over 7 years since I've been to a sears
Let's see...
Replaced the batteries in two cars with DieHards this year.
Bought a water heater.
Some tools.
Parts for my mower.

Sears may be the last dinosaur standing, but they really do rule when it comes to tools and certain household hard-goods. All my hand tools are Craftsman and my major appliances (except for the dishwasher) are Kenmore. And they just keep working.

The best part about buying a Sears appliance is the owner's manual. Wherein you are provided with some very good exploded-view schematics that show you how to disassemble the appliance, if need be. Makes most repairs a snap for the homeowner. I did major surgery to my riding mower thanks to the manual.

And, if you DO need to call a repairman, I've found the Sears repair people to be well-trained and extremely good at what they do.

As far as I'm concerned, Sears could ditch the clothes, jewelry, tv's, etc and stick to tools, car batteries, and hard-goods.

All that said, there's no way in hell I would ever join a Sears (or any other retailer) "community". I mean, you just KNOW it's a demon-spawn from marketing.
posted by Thorzdad at 4:48 AM on January 4, 2008


swell's link is jaw-dropping. I just pulled up my father's and my sister's purchase histories in seconds.
posted by Wolfdog at 5:39 AM on January 4, 2008


Wow. Apparently my parents have bought four microwaves since 1994. *That's* quality.
posted by notsnot at 6:01 AM on January 4, 2008


The Sears hardware area is like a little slice of 1955 in the middle of my world. What kind of mall department store sells self-tapping screws? And I've returned Craftsman tools YEARS after I bought them, and they replace them no questions asked.

Yes, it's a little slice of 1955, surrounded by the pulsing weeping ooze of customer-hostile 2008 retailing, where the only guarantee is a minimum 25" receipt tape.

Spin off the hardware, Sears. Spin off the hardware.
posted by stupidsexyFlanders at 6:16 AM on January 4, 2008


Jesus. It has the dryer my mom bought in 1980 (and two subsequent ones), her range-top, microwave, water heater, and a bunch of other stuff.
posted by MrMoonPie at 6:26 AM on January 4, 2008


Yeah, in all fairness, Craftsman tools and Kenmore appliances are very high-quality.
posted by EatTheWeak at 6:39 AM on January 4, 2008


Google does it all the time with its own toolbar, and people dont care. The difference is that google is well-loved by geeks because its supposedly the cool anti-microsoft that gives you a toolbar that lets you see the rank of pages. In other words people regularly piss away their privacy to companies all the time, its just they expect some token in return. The idea that people in general are interested in online privacy goes against everything I've ever seen with average users and how regular people use the internet.
posted by damn dirty ape at 6:40 AM on January 4, 2008


You haven't got a sliver of a clue about what you're talking about, do you? That's cool, though. That whole shouty first-approximation iamwin shit rules on the internet.
posted by stavrosthewonderchicken at 6:49 AM on January 4, 2008 [1 favorite]


My only experience with Sears in the last decade was when I tried to buy something off my brother's wedding registry, and shortly afterwards got a call from a bewildered human asking where I wanted it shipped. Because, you know, sending it to the address I entered under Shipping Address when I placed the goddamn order would just be crazy.
posted by emmastory at 6:54 AM on January 4, 2008


I would just like to nth that their tools are pretty nifty (with prices to match the quality).
posted by drezdn at 6:54 AM on January 4, 2008


False equivalency, damndirtyape. Google and Yahoo are not known to log the keys and contents of secure transactions they are not involved in. This is what Sears has been caught doing through their vendor's software.

If Google and Yahoo do this -- I have no way of finding out at the moment -- I'd be really interested in knowing about it, as would a few million other people. Do you have any leads?
posted by ardgedee at 7:06 AM on January 4, 2008 [1 favorite]


Yup, just loaded up everything my Dad's purchased since 1994. Ick. This is pretty damned creepy. It's got the warranties listed and everything. At least the search is warded with one of those .gif word-scrambles. Awesome. It's as secure as Yahoo Groups.

I'm a little proud of him, though -- doesn't look like he's ever purchased a maintenance agreement. I'd like to congratulate him, but I just don't see how to phrase my praise.

"Hey Dad - with a couple dozen keystrokes, I was able to view fourteen years worth of your purchases. Well done not falling for the maintenance agreements!"
posted by EatTheWeak at 7:20 AM on January 4, 2008


No, no, guys, you've got it all wrong - this is about Warren Sapp.

(Thanks to the mods who fixed the link. Dunno how that crept in there.)
posted by ikkyu2 at 8:19 AM on January 4, 2008 [1 favorite]


This has the look of something you do to pump up your balance sheet right now and damn the long and medium term consequences-- which are going to be terrible, I trust.

So is some kind of buyout in the offing?
posted by jamjam at 8:54 AM on January 4, 2008


While ordering a major appliance there, I bought a window air conditioner that was on display in boxed stacks in the appliance center. When I went down to the pickup area, the kid who eventually came out told me they didn't have it in stock. Even though I'd just seen about thirty of them two floors up. I went back up, told the salesman, who gritted his teeth and talked about what a bunch of idiots they all were. I said "how about if I just hoist one of these onto my shoulder and you walk me out with it so I don't get hassled about it?" He agreed and we carried it out, him ripping that kid a new one on the way.

That said, I took the 10% discount on that and the major appliance I was actually there to buy, by signing up for the credit card. That month I paid in full and cancelled the card, thereby getting the discount and paying no interest.

The 10% discount was a pittance to Sears, since the base interest rate on our credit accounts was 19%. After one month, the 'loss' was recouped. After two months, the interest was making a profit for the firm.

There's something wrong with your math: at 19% apr it would be in the neighborhood of six months before they broke even.
posted by George_Spiggott at 9:02 AM on January 4, 2008


I maintain that the single most important tale every MBA must know is the fall of Sears, and how it never should have happened.

enn--

I do indeed have my ability to get rough estimates of traffic levels from the world's DNS servers :) Unfortunately, Permission Research probably has banner ads or something polluting the dataset.
posted by effugas at 9:47 AM on January 4, 2008


Did someone ask for smoking ruins ? That's probably the cause of this stuff, not the effect.
Sears' 99 percent drop in 3Q profit prompts selloff; Lampert strategy, Sears future questioned

11/29/2007 CHICAGO - Sears Holdings Corp. stumbled to its worst performance yet under Edward Lampert, earning just $2 million in a dismal third quarter that heightened questions about his strategy and Sears' future as a retailer, prompting a huge selloff in its stock Thursday. [more]
Their stock has lost almost 50% in the last six months: SHLD (Google Finance)
posted by ryanrs at 10:13 AM on January 4, 2008


Well, I just went into my history to get back to the entry form page, and it said, "this feature has been disabled".
posted by notsnot at 12:49 PM on January 4, 2008


You know who else hates Sears? Ron White
posted by Smedleyman at 1:08 PM on January 4, 2008


d'oh!

okay, it the practice was slightly less dishonest than I thought
posted by EatTheWeak at 1:38 PM on January 4, 2008


My last dealing with Sears was a number of years ago. I bought a TV cabinet through at Sears. A couple days before it was supposed to be delivered, "Sears Home Life" went bankrupt. I thought I was dealing with "Sears", but apparently, "Sears Home Life" was not just the name of their furniture line, but was actually a separate company that had floor space within the Sears store.

They should have just said, "We're so sorry about this, here is your money back." Instead, I had to fill out a bunch of paper work, file it with the bankruptcy court, and wait 6 or 7 months to get the money back. I still wonder if there were some customers that did not actually get a refund. They really screwed the pooch on that one. Haven't set foot inside a Sears since then.
posted by mach at 1:49 PM on January 4, 2008


Mach, that's actually funny to me because Sears is known for aggressively pursuing debts to bankruptcy and beyond. When I went through the process, in the final hearing, the only creditors on hand for anyone were Sears Reps (fortunately, I didn't owe them anything). They try to cut deals with people in the bankruptcy process, to the point that they got smacked down once by a judge for it.
posted by drezdn at 2:30 PM on January 4, 2008


Maybe because the store is always empty, but I've found Sears employees to be some of the friendliest and most helpful salespeople around. (I think they're always excited to find someone to talk to.) Five years ago, Sears purchased Lands End, and it's been really convenient to try on LE stuff in-store. You can also do in-store catalog returns. Plus, if the mall is crowded, there are always parking spots at Sears.

Why, Sears, why are you so creepy? Oh, how I loved you so...
posted by Gable Oak at 4:04 PM on January 4, 2008 [1 favorite]


ryanrs writes "Their stock has lost almost 50% in the last six months: SHLD (Google Finance)"

Yeah, but it's up fivefold since 2003, I guess since the purchase of Lands End. Wish I had bought back then. Looks like a good time to dump it.
posted by krinklyfig at 7:33 PM on January 4, 2008


Did someone ask for smoking ruins?

Well, to be fair, I also asked for those ruins to be littered with the barbequed testicles of executives...
posted by stavrosthewonderchicken at 3:46 PM on January 6, 2008


Sears Data Breach Draws Lawsuit
"Sears Roebuck was caught in a major online privacy breach late last week, just days after news surfaced that it was distributing spyware on behalf of comScore. Researcher Ben Edelman reported Friday that Sears was making public the entire purchase history of users who had registered at the Manage My Home portal, which offers users information about remodeling and repairs."*
Privacy Lawsuit Against Sears Is Ridiculous.

Sears' Online Functions Under Fire.
posted by ericb at 5:18 PM on January 7, 2008


« Older Lie, bitch, flirt your way to the top of the high ...  |  The solution... Newer »


This thread has been archived and is closed to new comments