Sears Settles With FTC Over Spyware Charge

In 2007 and 2008, Sears invited select customers to join the exclusive “My SHC Community,” which involved installing an app that would monitor online browsing in exchange for $10. The app was called spyware by researchers and the FTC, because the data it collected on customers included “details from their online shopping, bank statements, drug-prescription records, video rentals, library-borrowing histories, even the names and addresses of their e-mail correspondents,” as well as “data about the users’ computers, printers, and other devices.”

The FTC charged that Sears had misled consumers about the degree to which it was collecting data. Sears argued that the devil was in the details of the lengthy user agreement, but has agreed that if it does it again, it will “clearly and prominently” disclose the full breadth of any data collection attempts. All the data has been destroyed.

As usual in settlements like this, Sears officially admits no wrongdoing.

“Sears agrees to settle spyware charges” [Philadelphia Inquirer]

“Researchers Accuse Sears Of Distributing Spyware”
(Photo: robinsonsmay)


Edit Your Comment

  1. IT-Chick says:

    And this is why you shouldn’t install crap from stores. What sounded so great about this istallation that would make people want to do it? (Aside from the $10)

    • hedonia says:

      @IT-Chick: You’d get your answer if you didn’t choose to put the $10 aside.

    • bibliophibian says:

      @IT-Chick: The first time I read it, I thought that the users had to PAY $10 for the privilege of using the app and being part of the elite community, which made it even more unbelievable.

      But yeah, people will do some amazingly dumb things if you tell them they’ll get even a tiny amount of money for it.

    • Black-Cat says:

      @IT-Chick: Because the masses are the asses. These are the same dumbfucks that click on pop up boxes that say “you have a virus! click here to clean it!”

  2. nato0519 says:

    Does amazon do this already without installing anything? Just when I thought people couldn’t be any more stupid here I am surprised again.

    • Firethorn says:

      There are various services that attempt to do this, doubleclick and brethren for example.

      Still, you get much MORE data if you can compromise a person’s personal computer.

      For example, it’d be much more difficult to get my bank balance without a client on my machine.

    • Kogenta says:

      @nato0519: While various methods would allow a certain level of information such as types of web sites, and for amazon obviously whatever you’ve bought through them. It’s somewhat harder to get people’s financials, or their ordering history for non-affiliated sites without installing some sort of software on a person’s computer.

  3. GreatWhiteNorth says:

    With so much crap like this be pushed down to computers… and the risky behaviour of most users when it comes to protecting their computers and data… I have decided that it makes more sense to install a program like DeepFreeze from [] to protect computer users.

    DeepFreeze protects your computer by restoring it to a predeturmined state every time you reboot it. So all changes to the system, all viruses, all spyware, all the stupid stuff websites leave on your system are gone when the system is rebooted. Yes, there are provisions for keeping the system updated… etc.

    It costs as much each year as Symantec AV or Mcafee… and of course you wouldn’t bother installing them with it. This is another benefit since AV software slows your machine down.

    Save your data to a stick or other HDD and surf the web with impunity…

    • dave_coder says:

      @GreatWhiteNorth: And what about files? What about programs that people wish to install? And if it allows you keep programs what about the programs that people allow and trust but are malware in disguise like the Sears application?

      Better to still have an anti-virus program. Free or store bought.

  4. Donathius says:

    I can’t believe someone actually thought that this was a good idea. Idiots.

    On a slightly different note – I think these massive EULAs are soon going to be a thing of the past. No one reads them, partially because no one can understand them. I’m in law school and I can make sense of the stupid things, but most of them are exactly the same. Every now and then something different will drop.

    This issue with Sears is actually a good case study for the fact that oftentimes EULAs are legally indefensible, and just plain stupid. There is a serious movement going for there to be two types of legal documents now. The one with all of the legalese (which does have its purpose – making sure all the loopholes are closed) and one that spells things out in plain english so that the client can understand just what’s going on. Not to mention the issues with shrink-wrap EULAs that say you agree to the EULA by opening the package. Most of the time the EULA is inside the package so you are not even given the opportunity to read what you are agreeing to. There are several countries (not the US though) that have ruled that consumers CANNOT be bound by shrink-wrap EULAs as there is really no good opportunity for the consumer to read and understand it.

    • Tiber says:

      @Donathius: I think the problem is that people don’t care enough about them until someone pulls crap like this, and the ones that like the current system are the ones that rely on sneaking unethical behavior and hoping nobody reads it. Really, I can only hope those guys become identifiable because they’re the only ones left using the lengthy EULAs.

      Personally, I’d like to see them move more into templates. I mean, I can see the Creative Commons logo and pretty much know what I can do with it.

      As a side note, even if they do move to plain english, that doesn’t mean they won’t try to screw you over. Look up “Tokyopop rising stars contract” as an example of how they can use it against you.

    • UniComp says:

      @Donathius: You’re totally my lawyer for my next EULA lawsuit.

  5. perruptor says:

    Couldn’t Sears just buy all that data from the NSA?

  6. Paul E. Dykes says:

    I agree that pretty much all EULAs and TOSs are pretty much the same. They more or less say that the company can do anything they like and there’s nothing the consumer can do about it. I don’t believe many people read them. I know I don’t. It all comes down to this: are you going to use the software (service, credit card, etc) or not? If you are, you just go ahead and sign. My bank sends me four or five changes in TOS every year which I can agree to by continuing to use their service or opt out by closing my account. I have better things to do than try to decipher the legalese in these things every other month.

    I think that if a few enterprising companies put out a EULA or TOS that was short, simple, easy to understand and fair to both parties, the other companies would be forced to follow suit or lose business.

  7. HomersBrain says:

    on the good news front, Sears finally found something that they were good at installing !

  8. Kos says:


    You need “Admitted No Wrongdoing” tag.

    – Kos

  9. Coyote says:

    I don’t know if Sears intended to get bank statements and medical records. Sounds like it was a rather dumb app that just hoovered up data on ANY site the user went to.

    perruptor – I have a new term for people who overuse a very old meme like you did


    • perruptor says:

      @Coyote: Overuse? Very old?


      I have an old, hardly-ever-used term for someone who doesn’t know that a term has no line breaks in it. Guess what it is.

    • Black-Cat says:

      @Coyote: No, of course not. Why would a huge corporation gather and sell customer information? I’m mean, it’s not like there is any money to be made. I bet you think Chevy is going to start building quality cars, too…

  10. JeffMc says:

    This is another case where if it was me stealing this information I’d be in jail but since it’s a corporation they can settle and “admin no wrongdoing”.

    These sorts of things drive me nuts.

    • dragonfire81 says:

      @JeffMc: You know just once, I wish some big company when they get busted like this would stand up and say “yeah ok, we screwed and made a mistake, we apologize to all our customers and business partners.”

      This “no wrongdoing” crap makes me want to puke.

    • dave_coder says:

      @JeffMc: It’s a legal thing. If they were to admit wrong-doing they could be sued by all the trigger-happy lawyers that always float around waiting for a class-action.

      This is a difficult case since they did get the user to agree to the terms through the fine print. It may be small type but the terms are listed there clearly if the user wants to read it.

      So in light of that a compromise was reached and Sears settled.

  11. dragonfire81 says:

    “Ok we screwed up and made a mistake…”

  12. Anonymous says:

    The point of “admitting no wrongdoing” is that the feds get the company to stop doing the bad thing right away, and it doesn’t open the company up to a huge lawsuit because they admitted it. The feds want the company to stop now, but if they wanted the company to be found guilty of something, that is going to take years to go through the courts, meanwhile the company won’t necessarily change its behavior. In order to get the companies to more quickly stop their bad behavior, the feds offer that the company stop their bad behavior and not suffer and repercussions. If the company admits wrongdoing, lawsuits are sure to follow, and so it would not be in the company’s best interests to settle and admit wrongdoing.

  13. Bobg says:

    I keep reading about Sears in What is going on with these people? Are they intentionally driving Sears into bankruptcy?

  14. parrotuya says:

    Sears will soon follow GM and Citibank into the dust bin of defunct corporations. Shoddy goods and bad service are a recipe for bankruptcy!

    DOWn, baby, DOWn!

  15. KylieH says:

    Oh, yeah, the data has been destroyed. I bet that thing is with the FBI right now.

    • Black-Cat says:

      @KylieH: For those people concerned about data harvesting and the FBI: stay the hell off of Facebook and Myspace! Social networking sites send all data to government agencies. And no, I’m not a conspiracy theorist; this is a proven fact.

  16. Black-Cat says:

    Being in IT, I love stuff like this. Keep making more spyware and scumware for the stupid people to install! It just insures that I will always have work.