Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Market Research Company Secretly Installs Spyware

Zonk posted more than 7 years ago | from the you-wanted-to-participate-anyway dept.

Privacy 206

An anonymous reader writes "Forbes reports that two security experts are raising new questions about comScore, claiming that company's tracking software is being installed without consent on an unknown number of computers. The widely-used online research company takes screenshots of every Web page viewed by its 1 million participants, even transactions completed in secure sessions, like shopping or online checking. ComScore then aggregates the information into market analysis for its clients, which include such large companies as Ford Motor, Microsoft and The New York Times Co." From the article: "'[The] software is sneaking onto users' computers without the user agreeing to receive it,' says Harvard University researcher Ben Edelman, who documented at least ten unauthorized comScore downloads. Eric Howes, director of malware research at antivirus company Sunbelt Software, and his researchers separately observed hundreds of unauthorized comScore downloads in a three-month period this fall."

Sorry! There are no comments related to the filter you selected.

Well? (5, Insightful)

flyneye (84093) | more than 7 years ago | (#17186330)

Is anyone going to do something about this?
Some justice,revenge,butt chewing,anything?
Do we write our congressman,DOS them or what?
all problems and no solutions.
It must be illegal on some level.
do we file a massive suit and each collect $5 or what?

I can't find the repository (1, Insightful)

symbolset (646467) | more than 7 years ago | (#17186958)

Isn't it sad that poor Windows users have to put up with this nonsense to get a "free" program? It's so much nicer just to click add/remove software and search for the program I want to use. It must be awful not to be able to trust the people who make your software when any one bad program eventually will give away your banking information and you would never know until UPS contacts you to get directions to your Lithuanian address.

Windows users: when you use linux, a program that does just what you need is almost always just a few clicks away, is free, and doesn't have toxic junk like this attached to it. Usually linux comes with your choice of industrial-strength database servers and clients, web servers and scripting languages, a complete software development kit for the whole thing in dozens of programming languages, a choice of office suites and so much more that it's just amazing. One of the nicer things about it is that you can throw out that filing cabinet with the installlation CDs , packaging and license agreements that came with every piece of hardware and software because you just don't need it. You can replace it with a nice japanese fountain and improve your Feng Shui.

Re:I can't find the repository (2, Interesting)

flyneye (84093) | more than 7 years ago | (#17187066)

Is it necessarily a winblows problem or a browser plug-in/extention problem?

Re:I can't find the repository (0)

Anonymous Coward | more than 7 years ago | (#17187738)

While technically it doesn't have to be, 99.99999% of the time it is. Windows just makes it so easy.

Am I the only one who things this article is a bit obvious? I mean it's like having a headline that reads "Fast food chains pump food full of fat" or "Cat licks own butt."

Thanks Dr. Obvious!

Re:Well? (2, Funny)

gardyloo (512791) | more than 7 years ago | (#17187036)

Personally,
I think we should all write in this style.
A real Story-of-Mel [wizzy.com] style.

Hawt.

Seriously. The world
might not be made better for it.
But *I* might be made better for it.

When Congress writes anti-spam/anti-spyware laws
in this style, and the FBI enforces them,
with judges reading sentences in
i-am-bic pentameter,
humanity will be restored
(whatever THAT means).

[Now, watch slashdot's formatter totally f this up]

Yawn... (2, Funny)

Colin Smith (2679) | more than 7 years ago | (#17186338)

I'm sorry but monocultures and all that. I've given up warning people. It's their own responsibility to look after their computers? What they can't? Dearie me, that'll be hmmm, $$$ then.

 

Re:Yawn... (1)

UrbanPeasantsPolitic (984466) | more than 7 years ago | (#17186392)

yes, if you dont want this crap, have sense enough not to plug into the net.............

Re:Yawn... (3, Insightful)

Ngarrang (1023425) | more than 7 years ago | (#17186518)

Yawn? Don't plug into the net? What arrogant uncaring tripe. What kind of jackass gives that sort of a response? Oh, right, an OS snob. People have the right to privacy and surf the net unmolested, no matter the OS they use. ComScore trampled on that right and deserve to burn, so don't turn this around and blame the user.

Do you have to deal with the problems? (3, Interesting)

Colin Smith (2679) | more than 7 years ago | (#17186910)

Yawn? Don't plug into the net? What arrogant uncaring tripe. What kind of jackass gives that sort of a response? Oh, right, an OS snob
Actually it's the sort of response that you get from someone who's constantly asked to fix computers that are repeatedly infested with viruses, spyware and other malware.

Maybe you're 12 and your time's worthless. Mine isn't and I now charge $$$ to fix computers. You don't want to pay? YeeHaw! Go away, fix it yourself then, or find some rather dim student who has nothing better to do.

People have the right to privacy and surf the net unmolested, no matter the OS they use.
Awww, how sweet. Welcome to the real world, not the idealised socialist one you have in your head.
 

Re:Do you have to deal with the problems? (1)

Score Whore (32328) | more than 7 years ago | (#17186992)

You sound like you lack the social skills necessary to tell people that it consumes too much of your time to fix all your friends computers in such as fashion as to retain them as your friends. Another option you might want to consider is to help them learn to browse safely. In addition to using Solaris and Linux, I also use Windows. For years the full extent of my anti-virus was the web based scan from trend micro once in a while. I never had a problem. It is entirely due to my habits. You should be able to teach similar sorts of things to your friends, strengthen your friendship and give yourself more time to do fun things.

Re:Do you have to deal with the problems? (3, Insightful)

jlarocco (851450) | more than 7 years ago | (#17187312)

You sound like you lack the social skills necessary to tell people that it consumes too much of your time to fix all your friends computers in such as fashion as to retain them as your friends.

Real friends don't expect you to do work for them. If that offends them, good riddance.

You should be able to teach similar sorts of things to your friends, strengthen your friendship and give yourself more time to do fun things.

Yes, but it's not my responsibility, nor is it a way I want to spend my free time. There are much more fun ways to strengthen friendships that don't involve one person doing work for free.

As far as I'm concerned, my help stops after I tell them to run Debian.

Re:Do you have to deal with the problems? (1)

Score Whore (32328) | more than 7 years ago | (#17187522)

Selfish much? Like I said, "...you lack the social skills..."

Re:Do you have to deal with the problems? (1)

jlarocco (851450) | more than 7 years ago | (#17187622)

Selfish much? Like I said, "...you lack the social skills..."

When it comes to this: very. Life's too short to spend it doing other people's work for free.

And it's not a lack of social skills. I just don't hang out with people who want me to be their bitch. I don't hang out with them to get free stuff from them, so why should I be expected to provide free services to them? That's not what friendship is about.

I might feel differently if they wanted coding done (my actual job, which I enjoy), or if cleaning shit out of Windows machines was fun or rewarding, but they don't, and it's not.

Re:Do you have to deal with the problems? (0)

Anonymous Coward | more than 7 years ago | (#17187680)

Isn't part of friendship something like, 'you scratch my back, i'll scratch yours'? Like cooperating? (somehjow I feel like these are alien concepts to you).

Doing stuff for other people doesn't make you 'their bitch', it's just about being nice. And if you don't get anything in return, then fine, that person has turned out to be a bad friend. You live and learn. In addition, if the things you do for other people is only stuff you enjoy (ie, you're really only doing it for yourself), then you're the bad friend.

So yes, it a lack of social skills.

Re:Do you have to deal with the problems? (1)

Steppman2 (1029992) | more than 7 years ago | (#17187380)

Is this some kind of bad Nick Burns impersonation?

Re:Yawn... (4, Insightful)

Temsi (452609) | more than 7 years ago | (#17186618)

That's about as stupid as teaching abstinence only as the only way to fight STD's.

Interestingly, the advice given is almost the same too: don't plug in...

People are doing it and kids will do it, so instead of closing your eyes and yelling "don't do it", you should at least show them how to use protection first.

Re:Yawn... (5, Funny)

Harmonious Botch (921977) | more than 7 years ago | (#17186646)

But most Windows users are as interested in secure computers as teenagers are in condoms.

Re:Yawn... (0)

Anonymous Coward | more than 7 years ago | (#17187038)

And as Unix users are in social lives

Re:Yawn... (0)

Anonymous Coward | more than 7 years ago | (#17187682)

True... but the first trip to the doctor for penicillin shots (e.g. major reinstall), then they will become interested. ;)

Re:Yawn... (0)

Anonymous Coward | more than 7 years ago | (#17187706)

But most Windows users are as interested in secure computers as teenagers are in condoms.


I never could get into screwing a piece of latex, it just doesn't do anything for me. I'd rather not bother.

Secure windows has never been a problem for me though.

I guess that defines my geekish priorities pretty well...

Yawn...Just say no to sex. (0)

Anonymous Coward | more than 7 years ago | (#17186680)

"That's about as stupid as teaching abstinence only as the only way to fight STD's."

Well since they're called Sexually Transmitted Diseases, then yes abstinence (not engaging in SEX) is the one hundred percent way of avoiding STDs through that vector.

"People are doing it and kids will do it, so instead of closing your eyes and yelling "don't do it", you should at least show them how to use protection first."

And kids are bringing guns to school and shooting everyone. Maybe we should start them on some gun lessons, and practice at the firing range?

Re:Yawn...Just say no to sex. (3, Insightful)

Temsi (452609) | more than 7 years ago | (#17186868)

OK, now you're just being silly.

Sure, abstinence is the only 100% effective way of preventing STD's, but teaching that and nothing else, is an extraordinarly dumb thing to do, because it goes against our natural instincts. We are born with the need for sex, and when it awakens it tends to go a little nuts. Abstinence only education can lead directly to teen pregnancies and the transmission of std's, because kids are not given an alternative method of protection, and in fact statistics show that it simply doesn't work in any way shape or form. Ignorance is not protection.

Your gun lesson analogy is a bad one. Firing guns is not a natural urge written into our genes.
ALL teens have sexual urges, but only a handful of nutcases have the urge to shoot their classmates.
Thus, your argument is a red herring.
That being said, it wouldn't hurt to have an alternative method of protection against guns, such as trigger-locks, and not rely solely on the "don't do it because I said so" method (which incidentally is the same one used in abstinence only education).

A more proper analogy would be:
You have a swimming pool in your back yard. You can tell your kids not to go in it all you want, but one day, when you're not looking, they will, and when that time comes, wouldn't it be safer if they've been taught how to swim?

Re:Yawn...Just say no to sex. (0)

Anonymous Coward | more than 7 years ago | (#17186944)

"Sure, abstinence is the only 100% effective way of preventing STD's, but teaching that and nothing else, is an extraordinarly dumb thing to do, because it goes against our natural instincts. We are born with the need for sex, and when it awakens it tends to go a little nuts."

*rased eyebrow*

I'm being silly? You're the one with the "it's human nature so enough with the limits!" POV. Just because it's human nature doesn't mean that we shouldn't establish boundardies. Abstinance isn't some kind of death sentence, and marriage is a perfect outlet for those "urges" you think we can't control.

BTW I guess if abstinance is "because we said so" then you must have had a rough childhood with your parents aying "No don't do that". There's a reason for everything and the high incidents of STDS and unwanted pregancies shows that humanisms "permissiveness" is no better a solution.

Re:Yawn...Just say no to sex. (1)

nysus (162232) | more than 7 years ago | (#17187172)

This is just ignorant and backwards and puritanical and not practical. It's 2006, not 1621.

Abstinence is Cool. (1)

s16le (963839) | more than 7 years ago | (#17187228)

Just for perspective these two [flickr.com] probably think Abstinence is just a wonderful idea.

Abstinence is for losers, period.

Re:Yawn...Just say no to sex. (0)

Anonymous Coward | more than 7 years ago | (#17187612)

Right, you're not being silly.

You're being completely, utterly stupid.

Abstinence doesn't work - because it doesn't and won't happen.

Now, just because in your case you have no ability to get laid doesn't mean that most of the population won't.

Oh, and I suppose you're going to say that gays should only have sex in Canada and Massachusetts where they can get married? Or perhaps you're the sort of bigoted homophobe who doesn't want them to have sex at all, ever.

Re:Yawn... (1)

Urza9814 (883915) | more than 7 years ago | (#17187580)

Have you every actually tried that? If they don't ignore you, they forget what you told them the next day. I've even installed it, said 'this is an antivirus program, it'll run by itself, it'll protect your computer, don't mess with it'...come back later to fix it again and find no trace of any of the software I installed. Most of the time I get the blank stare of 'yea, sure, whatever. Can I go back to downloading everything that says 'click here' yet?'

Re:Yawn... (1)

Dutch Gun (899105) | more than 7 years ago | (#17187734)

A more fitting comparison would be:

If you'd like to avoid STD's, avoid having sex with skanky prostitutes.

Likewise, if you'd like to avoid spyware, avoid installing "free" software from companies you neither know nor trust.

Seriously, the headline essentially reads "Marketing firm installs spyware on users system. World is shocked." WTF?

Yawn...Reading hurts. (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#17186472)

"I'm sorry but monocultures and all that. I've given up warning people. It's their own responsibility to look after their computers? What they can't? Dearie me, that'll be hmmm, $$$ then."

You might want to read the article. It says NOTHING about a monoculture, and in fact my reading shows that there's nothing keeping this from showing up on Macs or Linux platforms. In other words it's all about the user.

Re:Yawn... (0)

Anonymous Coward | more than 7 years ago | (#17186508)

I'm sorry but monocultures and all that.

It has got nothing to do with monocultures. If everyone was running OpenBSD it would be a monoculture, but everyone would be a lot safer.

Re:Yawn... (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17186684)

Really? Or would they all be downloading bash scripts from pr0n emails that delete their home directories and open up high numbered ports with shells running on them?

Sad news ... Augusto Pinochet, dead at 91 (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17186348)

I just heard some sad news on talk radio - Former Chilean dictator Augusto Pinochet was found dead in his Santiago home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an Chilean icon.

Re:Sad news ... Augusto Pinochet, dead at 91 (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17186418)

Yeah, like Stalin also sweeped millions, but hey, what the hell, he hunted the nazis, we should be proud of him!

That's sort of odd... (3, Insightful)

zappepcs (820751) | more than 7 years ago | (#17186374)

the previous story mentioned social justice in the headline... social justice here would be to have CD copies of their malicious software being rammed up their backsides "without their consent" so to speak...

Why is the DOJ worried more about aunt Eunice downloading MP3s than they are about people who are maliciously causing harm?

sigh, I'll write but I wonder if my representatives will actually notice...

Re:That's sort of odd... (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17186426)

Because he who has money wins. This case; it's the RIAA. DOJ doesn't care about you.. or your well being.. They care about the $, just like everything else.

Re:That's sort of odd... (1)

ScrewMaster (602015) | more than 7 years ago | (#17186794)

Well, Department of Justice employees are appointed or hired, not elected, and if caught taking bribes are in deep doo-doo ... but the DOJ is not as independent an entity as one might desire. There are a lot of political favors that have to be accepted in order to reach a high rank in such an organization, and those favors are often owed (Mr. Gonzales, this means you) to people (are you listening, Mr. Hatch? Mr. Berman?) who don't mind a few extra contributions.

Re:That's sort of odd... (1)

jb.hl.com (782137) | more than 7 years ago | (#17187122)

Because downloading MP3s is explicitly against federal law, whereas (IIRC) spyware is only legislated against by state law?

Re:That's sort of odd... (1)

Evilest Doer (969227) | more than 7 years ago | (#17187226)

Why is the DOJ worried more about aunt Eunice downloading MP3s than they are about people who are maliciously causing harm?
Well, I'm sure that given the clear illegality of this Market Research company's activities, the DOJ will hunt down and prosecute the people responsible, and those responsible will be heavily fined and have to spend a good bit of time in jail. Oh wait. I forgot. This is America, where corporations are given free rein to run roughshod over everyone and ordinary people are tossed in prison for anything and everything the government can think of. My mistake.

Re:That's sort of odd... (2, Insightful)

StikyPad (445176) | more than 7 years ago | (#17187690)

Because Joe Websurfer doesn't have a lobbiest bending the ear of Congress.

Linux (0, Flamebait)

nozzo (851371) | more than 7 years ago | (#17186408)

Hmmmmm, I'm getting really fed up with reading stories like this. For me, the whole Windows pain experience is coming to a head with continuous spyware stories, malware, virus/worms, the cumulative Windoze effect and the forthcoming Vista licencing restrictions. Hey wait! what's this? Why it's an Ubuntu CD, looks cool, does web browsing, email and I can even use my existing docs and spreadsheets on it. Nice one, and I don't see *nix been reported daily as having nasties installed just by surfing as well - very tempting. I wonder if Orbiter plays on it in emulation mode? Looks like I'll be finding out real soon :-)

Re:Linux (1)

FLEB (312391) | more than 7 years ago | (#17186702)

Just don't let it get too popular.

Re:Live CDs (1)

EsbenMoseHansen (731150) | more than 7 years ago | (#17186956)

Flamebait? Maybe, but I personally think you are on to something there, though it has little to do with linux per se, but rather with that Ubuntu CD. What about it? It's a livecd. Use that, and you *will* be safe from even the most blatant user errors and the most malicious crackers (but not social engineering, sadly). Replace it once a year to be on the safe side.

Now actually, that would make browsing a mite slow. So maybe an install option where everything is mounted read-only? It might work.

This is of course only meant for the "I write email & browse the web" people. But those are the ones most likely to get hit by something like this.

Win-win-win solution (5, Funny)

straponego (521991) | more than 7 years ago | (#17186410)

I think everyone who isn't a total scumbag agrees that spammers and spyware makers are evil and a drain on society. Furthermore, in terms of lifetimes wasted, they time they cost us surely adds up to many times the lives we've lost due to terrorism. I have the answer, one which will heal the political rift in the US as a side effect.

First, we have the NSA, DHS, et al target their illegal wiretapping programs at spammers and spyware makers. They've got the infrastructure to track these people down, and this is a justification for the programs everybody can get behind.

Second, when a spammer is caught, we ship them down to Gitmo. It doesn't matter, in this case, whether torture is an effective means of getting information. We don't need information from them, we just want them out of circulation. We can hope that it would be a deterrent, but really they'll be getting it for the simple reason that they deserve it. Republican/Christians get to torture and sodomize to their shrivelled little hearts' content, and we don't have to worry about damaging our reputation in the world community. Everybody's happy!

Gentlemen, there is no way that we can lose on this one!

Re:Win-win-win solution (1)

davidsyes (765062) | more than 7 years ago | (#17186906)

"We don't need information from them, we just want them out of circulation."

LOL. That sentence alone ought to have earned you 2 to 3 mod points... Or, maybe you had them, but had them taken away by:

"spammers and spyware makers are evil and a drain on society" supporting types....

Re:Win-win-win solution (3, Interesting)

Steve B (42864) | more than 7 years ago | (#17187022)

One important point is that spam is about the perfect method of communicating "go-codes" to terrorist cells -- it's trivial to encode a message in the anti-filtering gibberish attached to most spam, and the indiscriminate broadcast completely negates traffic analysis.

Re:Win-win-win solution (1)

operagost (62405) | more than 7 years ago | (#17187082)

Republicans/Christians? What kind of trolling idiot are you?

Re:Win-win-win solution (2, Funny)

ScrewMaster (602015) | more than 7 years ago | (#17187116)

Republicans/Christians? What kind of trolling idiot are you?

I'd say a Democratic/Atheist one, you know, so long as we're making snap judgments about people.

Re:Win-win-win solution (1)

Evilest Doer (969227) | more than 7 years ago | (#17187254)

I'd say a Democratic/Atheist one, you know, so long as we're making snap judgments about people.
Really? I thought it had more of a Green Party/Universalist flavor. But, maybe that's just the sauce.

"unauthorized download" (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17186414)

Keep in mind when reading that by "unauthorized download" they don't mean copyright infringement, they mean that a third party installed ComScore software without *your* authorization.

Re:"unauthorized download" (1)

Dunbal (464142) | more than 7 years ago | (#17187114)

they mean that a third party installed ComScore software without *your* authorization.

      Oh I hope it DOES make its way onto my machines. I can't wait until they see how much I charge for CPU cycles.

Re:"unauthorized download" (1)

Loconut1389 (455297) | more than 7 years ago | (#17187252)

You know, that's an interesting question. What if you do work that uses all or nearly all of the CPU and you litterally lose money if it takes longer. Could you then sue for lost revenue?

Overzealous Staffers (0)

Anonymous Coward | more than 7 years ago | (#17186466)

I love it when the organization in question blames the distributors/staffers/private investigators:
"I had no idea Joey Three-Fingers would break you kneecaps. I merely asked him to follow up on some overdue accounts."

HOSTS entry to block? (3, Informative)

martyb (196687) | more than 7 years ago | (#17186486)

I want to proactively block any chance of getting caught by this. I just added this to my (Windows/XP HOME SP2) HOSTS file (C:\windows\system32\devices\etc\HOSTS):

127.0.0.1 comscore.com # ComScore, nee MediaMetrix, et al

I recognize this is but a start. I expect this has been investigated by others already. Rather than re-invent the wheel, I'm looking for some input on what else I can do to protect myself from them. (I already use ONLY firefox, and also have AVG, AdAware, Spybot, and WinPatrol)

Questions:

  1. What other entries should I add to my hosts file? (Prevent)
  2. What program(s) have you used to locate and remove this? (Detect and Remove)

FYI: Wikipedia's ComScore Entry [wikipedia.org]

Re:HOSTS entry to block? (1)

interiot (50685) | more than 7 years ago | (#17186542)

This lists some of the IP addresses that Texas Tech University has internally blocked. The most important thing to block is their proxy servers, since that's the bit that actually does the monitoring, and because the end-user software is distributed via a number of different sites and organizations.

Re:HOSTS entry to block? (4, Informative)

interiot (50685) | more than 7 years ago | (#17186568)

Oops, I forgot to include the Texas Tech link [ttu.edu] with the IP addresses.

Your best bet (1, Troll)

Slur (61510) | more than 7 years ago | (#17186814)

To be frank, the only software that will ultimately protect you is another operating system. Windows is fundamentally broken. Switch to Linux - or better yet, Mac OS X - and you will not only have a better internet experience, you'll have a better desktop experience overall.

Re:Your best bet (3, Funny)

the_humeister (922869) | more than 7 years ago | (#17186840)

Indeed. That's why I use Minix as my operating system, vi as my word processor, and links as my web browser. Come and get me, you bastards!!!

Links? (1)

SkiifGeek (702936) | more than 7 years ago | (#17187350)

It hasn't received much coverage (it was only made public a couple of weeks ago), but there is an exploitable buffer overflow vulnerability that affects Links. Technically, it affects the libpng library that Links links against, but the exploit / vulnerability development was focussing on Links as the vector to achieved the buffer overflow.

Re:Your best bet (1)

budgenator (254554) | more than 7 years ago | (#17187744)

you sir are a savage, civilized people use Linux, Vim and w3m!

Re:Your best bet (1)

HRbnjR (12398) | more than 7 years ago | (#17187456)

To be really frank... these problems are all driven by money. As long as your computing interests and operating system are in the hands of a for-profit company, there is a good chance that at some point they will make choices which are better for their bottom line, rather than for providing you the best internet/desktop experience. Annoying advertisements, DRM restrictions, etc.

GNU/Linux and Free Software put the ultimate control in the hands of the people. We allow the vendors like RedHat to set our experience, but only for so long as they don't do anything we don't like, else we all leave for some new vendor, taking our software with us. With Mac OS X, you have no such freedoms, should things someday go sour.

Re:Your best bet (1)

hitmanWilly1337 (1034664) | more than 7 years ago | (#17187712)

Mac and apple in general want to be just like M$. Granted, they deliver a better product (feel free to flame away on this), but they try to control not only your software, but your hardware too. Switch to Linux. I use slack 11 myself, and have never had a problem w/ it.

Talking about OS's is like talking about religeon. Everyone is sure theirs is the best, and they're all wrong.

Intercepts https:// (5, Interesting)

interiot (50685) | more than 7 years ago | (#17186498)

The thing that really gets me is that their monitoring software installs a root certificate in the user's browser so that they can do a "man in the middle" attack to https:/// [https] connections at their proxy servers. In many cases, comScore gets permission from end users to do this, but I don't think many users really realize how much information they're exposing by doing this. Most obvious is bank passwords, etc, but comScore says they don't monitor those. comScore DOES however say that they verify their user's name, address, income, etc., which I'd imagine most users wouldn't actually agree to if they were fully informed.

Re:Intercepts https:// (1)

khallow (566160) | more than 7 years ago | (#17186648)

Most obvious is bank passwords, etc, but comScore says they don't monitor those. comScore DOES however say that they verify their user's name, address, income, etc., which I'd imagine most users wouldn't actually agree to if they were fully informed.

In other words, comScore does a credit check. People routinely agree to those. So I'm not sure that your last statement is correct.

Re:Intercepts https:// (1)

interiot (50685) | more than 7 years ago | (#17186708)

It's sort of like credit check, I suppose, but they can (and based on the "buying power" reports they generate, I believe there's a good chance they do) track purchases made, and may track bank balances (I'm not sure how easy this is to do, but it's possible they do this for the X largest ecommerce sites and the X largest banking sites).

Yes, people routinely agree to credit checks, but usually there's a direct financial benefit... eg. getting a loan or something like that. comScore rarely pays its participants anything (they do run sweepstakes [permissionresearch.com] , but with ~2 million participants, there's very little chance you'll get compensated for giving away your private information).

Re:Intercepts https:// (1)

15Bit (940730) | more than 7 years ago | (#17186778)

Obviously having anything installed on your computer without your consent is a problem, but i'm fascinated as to how this service (with consent) exists. In many countries you have a core set of "Rights" that the law explicitly says you are not allowed to sign away, no matter how much someone pays you or how charming the salesman is. They are there to save stupid people from clever and dishonest ones (and occasionally to save you from yourself). Now I don't like the nanny state any more than the next person, but this looks to me like a magnificent poster case for why you shouldn't be allowed to just sign up for anything you like. You simply should not be allowed to sign up for something this intrusive and surreptitious.

Re:Intercepts https:// (4, Insightful)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#17186908)

Inviting the question, even if you trust them with your credit card numbers, and trust all their employees, do you want to bet that there won't be a security breach on one of their servers?

This is a serious limitation of SSL on commodity operating systems, by the way. IE's list of trusted root certificates is simply entries in the registry. Even if you're part of the infinitesimal fraction of users who knows what a CA cert is and where to look for them, how can you do a security review on all 39 of the root certificates that come with Firefox, or spot a new unwanted one? (One of those root certs is from AOL, by the way). If you trust the Mozilla foundation to audit the security and practices of each and every one, do you have the same trust in a proprietary browser's developers? Even assuming the developers make the decision instead of the marketers?

this is what they should do! (5, Interesting)

ILuvRamen (1026668) | more than 7 years ago | (#17186538)

why the hell don't the cops show up at the company's door, break it down, and arrest everyone responsible and make sure CNN news crews are there to record it and make a story out of it. Then maybe these stupid, evil marketing people will stop thinking they can get away with it! It's called illegal for a reason. If they can arrest a guy for putting a distributed processing screensaver on school computers, they can arrest marketing execs!

Re:this is what they should do! (1)

Jerry (6400) | more than 7 years ago | (#17186728)

Exactly!

How is what these scum are doing any different from a thief photographing the contents of letters in your mailbox?

None that I can see.

Re:this is what they should do! (1)

interiot (50685) | more than 7 years ago | (#17186826)

I don't think Ford, Microsoft, etc. would do business with them if what they did was really obviously illegal. Also, if taken to court or whatnot, they'd probably say that most users agreed to their EULA [opinionsquare.com] , which says things like:

Once you install our application, it monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions, such as filling a shopping basket, completing an application form or checking your online accounts, which may include personal financial or health information. We may use the information that we monitor, such as name and address, for the purpose of better understanding your household demographics.

They pretty much explicitly say that they track user's online financial transactions. Obviously, end users don't usually read EULA's. IMHO, it's journalist's job to point out really egregious EULAs like this, and hold the company's feet to the fire. In this case though, unfortunately their EULAs haven't gotten much press coverage. And the company's entire business is based around this information collection, so it's not like a small amount of press would be enough to remove a small clause that lawyers added in as an afterthought.

Re:this is what they should do! (1)

davidsyes (765062) | more than 7 years ago | (#17187090)

Sure they can. But then the/that local police chief won't make mayor. See, the marketing lobby will lobby the living shit out of the local police union to NOT give their votes to that chief. Maybe even a few lawyers/pro tems and the DA might get recalled or not re-elected if they signed off on the city breaking down the door of these evil marketing execs. The word EVIL exists for a REASON, ye know?

I feel how you feel. Maybe what we end users need is a hella intense honey net with our OWN real-time MITMA to modify our data to feed SHIT to those marketing companies. We'd be a "GOOD EVIL" bunch, eh?

Re:this is what they should do! (1)

ILuvRamen (1026668) | more than 7 years ago | (#17187648)

if I was a cop on that squad and they tried to bribe me or worse, take me out to eat, I'd order a really expensive steak and a bowl of chilli then shove the chilli in their face after I was done with the steak and then mace them if they got mouthy about it :-D too bad I'm not a cop lol. Hmmm I wonder what I can do to lobnyists as a programmer...

Screenshots? (4, Interesting)

slashkitty (21637) | more than 7 years ago | (#17186594)

The submitter claims the software takes screenshots of every page the users visit.

This isn't what the actual article says. It says "virtual photos". Most likely is that it's just collecting URLs.. and maybe the contents of the page.. There would be no reason to do screenshots... It would make things much more difficult to analyze.

Re:Screenshots? (4, Informative)

interiot (50685) | more than 7 years ago | (#17186650)

The installed software re-routes all of your internet traffic [stanford.edu] through comScore's proxy servers. In most cases, they're probably just monitoring the URL's you visit, but they also check check more specific information in some cases... they say they verify the user's demographics (name, address, it sounds like purchases are tracked as well), and depending on what they're doing research on at the time, they sometimes track P2P activity, audio streaming activity, instant messaging statistics, etc.

Re:Screenshots? (1)

slashkitty (21637) | more than 7 years ago | (#17186978)

If it's just a proxy, it's not even going to be able to see your https post data (just the URLS you're going to). There is a big difference between credit card, bank account numbers and just the URLs you're going to.

Re:Screenshots? (5, Informative)

interiot (50685) | more than 7 years ago | (#17186998)

From TFA:

While ordinarily an HTTPS connection would simply pass through a proxy securely, in this case MarketScore also installs a new root certificate in your browser so that it can decrypt all intercepted SSL connections (a "man-in-the-middle" attack) without triggering a security warning from the browser. In normal operation, browsers would complain if a site certificate doesn't match the domain of the URL, but the new root certificate tells the browser to trust ComScore's site certificate for any URL.

MOD UP (1)

shenanigans (742403) | more than 7 years ago | (#17187192)

.. that is some pretty important information.

Re:Screenshots? (1)

Otter (3800) | more than 7 years ago | (#17186862)

This isn't what the actual article says.

For that matter, the title "Market Research Company Secretly Installs Spyware" is completely wrong. Even the researchers aren't suggesting comScore* is actively involved in anything illegal, just that they're indiscriminate about what kind of scum they use as distributors.

* I was going to ridicule the submitter/editor but they actually got the company's name right, while Forbes is wrong...

Re:Screenshots? (1)

slashkitty (21637) | more than 7 years ago | (#17187004)

I think the article is suggesting that by letting 3rd party vendors distrubute their software, they are opening themselves and the users to all sorts of trouble.

So what good is a unenforced law? (4, Insightful)

canuck57 (662392) | more than 7 years ago | (#17186620)

So what good is the Computer Fraud and Abuse Title Act 18 Section 1030 if the FBI will not enforce it?

Re:So what good is a unenforced law? (4, Informative)

Threni (635302) | more than 7 years ago | (#17186770)

> So what good is the Computer Fraud and Abuse Title Act 18 Section 1030 if the FBI will not enforce
> it?

It would also appear to break the UK's Interception Of Communications Act 1988.

Re:So what good is a unenforced law? (2, Informative)

Anonymous Coward | more than 7 years ago | (#17187178)

And the UK Computer Misuse Act 1990.

But the authorities won't do anything without a complaint. So if you find this software on your computer then make a complaint to the police. Otherwise nothing will happen.

Re:So what good is a unenforced law? (1)

TubeSteak (669689) | more than 7 years ago | (#17186810)

Question: So what good is [Some law passed by Congress] if the FBI will not enforce it?

Answer: It makes Congress look good. The can go home & tell their constituents "look what wonderful law I voted for".

In reality, it takes either some Attorney General makes a stink over it, or some high profile mishap lights a fire under their asses.

Re:So what good is a unenforced law? (1)

slimjim8094 (941042) | more than 7 years ago | (#17186896)

Oh, they enforce it alright. Just not against people who actually cause harm (the people who the law is SUPPOSED to punish)...

They have to! Think of the poor marketers! (5, Funny)

orkysoft (93727) | more than 7 years ago | (#17186692)

They have to install it on the computers of people who don't agree to it, because if they only monitored people who agreed to it, it would skew their results, because they'd be using self-selected samples! Think of the marketers!

Skew them ! (3, Insightful)

Anonymous Coward | more than 7 years ago | (#17186796)

Download their software onto a 'tame' computer, and use it to browse 'interesting' sites.

Who would have thought that people who regularly view Ford's web site also like Goats ?

More examples of software Mac users don't have (0)

Anonymous Coward | more than 7 years ago | (#17186866)

Hi:

Yet another reason to own a Mac. No, I'm not being a snob, I just think that being able to screw over joe user who wants a computer that functions without hosing him is an entirely reasonable expectation.

Re:More examples of software Mac users don't have (1)

Goaway (82658) | more than 7 years ago | (#17187446)

Macs are just as vulnerable, if not even more so, to this kind of thing. We're lucky we haven't been targeted yet, but if we ever are, it will be just as hellish as on Windows.

I hope someone takes the lead on this (2, Insightful)

erroneus (253617) | more than 7 years ago | (#17186874)

I hope that some group or someone special takes the lead on this and not only goes after civil penalties but criminal penalties as well. I was to see someone in control of these decision sent to prison for their decisions to make this happen. I ALSO want to see the programmers and implementers of the methods used here sent to prison for their misdeeds.

I think there is a point that needs to be driven home into our culture that it's NOT okay to do anything for money. Because I believe that at some level we all somehow forgive these people for their tresspasses because their motivation was for profit... and we all understand the need for profit right? No, there are limits to what is acceptable behavior with a profit motive and like HP's spying (which arguably wasn't directly a profit motive but performed by a profit seeking competitive organization) we should not simply dismiss this as yet another "white collar crime" and move on. If people felt like they were risking more than a few hundred thousand of their millions of dollars, they just might think twice before ordering these things be done.

if you think this is bad, (0)

Anonymous Coward | more than 7 years ago | (#17186938)

you should see what their ComeScore software does!

Client List (5, Informative)

phantomcircuit (938963) | more than 7 years ago | (#17187136)

Corporations supporting comScore's actions
  • AOL
  • Best Buy
  • Borders
  • CareerBuilder.com
  • Clear Channel Communications
  • Columbia House
  • Digitas
  • Discover Financial Services
  • Eli Lilly and Company
  • Expedia
  • ESPN
  • Ford Motor Company
  • General Mills
  • Google
  • HP Home & Home Office Store
  • Hyatt Corporation
  • Interpublic Group
  • iVillage
  • Johnson and Johnson
  • Knight Ridder Digital
  • Mattel
  • Medscape (Web MD)
  • Mercado Libre
  • Microsoft
  • Monster Worldwide
  • NASDAQ
  • NAVTEQ
  • Nestlé USA
  • The Newspaper Association of America
  • New York Times Digital
  • Office Depot
  • OMD Digital
  • Orbitz
  • Pepsi
  • Procter and Gamble
  • Starcom IP
  • Terra Networks
  • Ticketmaster, LLC
  • T-Mobile
  • Tribune Interactive
  • Verizon
  • Viacom International
  • Washington Mutual
  • Yahoo!
Retrieved from http://www.comscore.com/about/clients.asp [comscore.com]

Re:Client List (1)

NewbieProgrammerMan (558327) | more than 7 years ago | (#17187346)

That's the most useful information I've seen in all the posts under this article...time for some letters/emails informing their clients that I will be terminating my business with them if they can't tell me they won't be using this advertising firm any more. Whether it will hurt them or not I don't know, but it seems that I can't count on my government to do anything about people like this.

Availability of garbage (2, Interesting)

The Hobo (783784) | more than 7 years ago | (#17187156)

I find it sort of funny that whenever I want to find a place to download the garbage mentioned in stories, I can't.. I can only remember Gator letting you go on their website to directly download what it is you wanted.

(For those wondering, sometimes I feel like downloading things just so I can play with it if I wanted to, in a VM for example, where a snapshot can make everything go away)

Re:Availability of garbage (1)

interiot (50685) | more than 7 years ago | (#17187210)

Well, they're a market research company, so they're legitimately interested in avoiding self-selection bias. Anyway, opinionsquare.com and permissionresearch.com are two places you can download the software. In this case though, it's clear that self-selection bias isn't the only concern... they almost completely avoid mentioning their connection with comScore (though if you click on the WebTrust / Earnst&Youngthing in the bottom corner, and then click on "Audit Report and Management's Assertions", you can see they're connected).

They don't do it (3, Insightful)

wytcld (179112) | more than 7 years ago | (#17187180)

They commission third parties to do it. That's plausible deniability.

Enticing a third party to commit a crime should carry heavier penalties than doing the crime yourself. Especially when as in this case multiple third parties are enticed.

And comShare is receiving stolen property - property stolen only because they offered to buy it. But do we need new law in this area to properly jail these fuckers?

It's the stupidity, stupid. (3, Funny)

rudy_wayne (414635) | more than 7 years ago | (#17187216)

from the article:
"Two years ago, university IT managers busted comScore for tricking students into installing tracking software packaged with a free Web-accelerator program."

Why are university students downloading a "Web-accelerator program"? Because they're too stupid to know that these programs are worthless bullshit. Once again, we see that the biggest problem is not viruses or "spyware" -- it's user stupidity.

news? (1)

Nikademus (631739) | more than 7 years ago | (#17187304)

How is that news? I mean spyware is a part of windows and is even installed stock from windows 2000 and upwards. This is just yet another spyware company.

Bandwidth (0)

Anonymous Coward | more than 7 years ago | (#17187382)

I did not the RTFA, nor do I plan to RTFA, but did anyone else see the screenshot of every page part and their first though was, Dam that gotta be a hell lot of bandwidth. And how many employees did they fire for working and looking at Pron? (think about it for a second)

Does this effect me? (0)

Anonymous Coward | more than 7 years ago | (#17187486)

I use Linux, does this effect me?

Of course it doesn't dumb ass!!

route reject (0)

Anonymous Coward | more than 7 years ago | (#17187664)

If you don't have a proper firewall you could blackhole the route to the offending place.

On Linux: route add -net the_offending_ip_or_network netmask netmask_of_the_network_or_host reject
(On Solaris route add -reject network/netmask some_gateway)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?