Feeds

How ComScore can track your mouse clicks

Explores stream of unconsciousness

5 things you didn’t know about cloud backup

Permission Research

There are two primary ways that comScore distributes its software. In some cases, it distributes on its own, through a site called PermissionResearch. In others, it pays third-parties to install the software, tagging it with a separate brand name: Relevant Knowledge.

At PermissionResearch, the game is fairly straightforward. Additional software and services are offered alongside comScore's net monitor, including an online backup tool, a privacy guard, and, believe it or not, screen savers. "PermissionResearch relies on its members to gain valuable insight into Internet trends and behavior," the site home page reads. "In exchange for having their Internet browsing and purchasing activity monitored, members have access to free software downloads and a variety of other benefits."

And you can't become a member without agreeing to comScore's privacy policy. Yes, it's a lengthy policy. And yes, the average user is unlikely to read it. But comScore doesn't install its net monitor unless you give consent.

PermissionResearch Web Site

The PermissionResearch pitch

The question is what happens with third-party distributors - who comScore does not identify. Officially, these third parties distribute much like comScore itself: They piggyback the company's net monitor on other "free" software packages - and they clearly explain the monitoring bit. "It's not like you download an mp3 player and they sneak this comScore thing past you," Chasin said. "They explain, very specifically, that in order to get the mp3 player, you have to join our panel.

"The affirmative consent for the panel is separate and distinct from that required for the mp3 player. Prospective panelists are solicited to join the panel with a standalone invitation, privacy policy, and request for consent - separate from the offer for the value proposition."

But this doesn't always happen. Harvard Business School assistant professor Ben Edelman offers bona fide video proof of a well-known banner ad farm - ExitExchange - installing comScore's software via drive-by download. This was captured almost a year ago, but he witnessed a similar incident as recently as last month. And recent tests from both Edelman and McAfee show that a site called TopDesktop continues to bundle comScore alongside other software without proper notice.

"comScore distributors are supposed to get consent, but in practice, they don't always do that," Edelman told us. "Sometimes, they install the software in tricky and underhanded ways."

comScore vows to jettison partners who distribute without consent. And Edelman has witnessed the company remotely removing software installed via drive-by download. But drive-bys and non-consensual bundles aren't the only problems. There's also that gray area between consensual and non-consensual.

Sears - the venerable American retailer - has distributed comScore software, and as we reported in January, the company wasn't exactly upfront about it.

"[The] extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software," wrote Benjamin Googins, a researcher in the anti-spyware unit at Computer Associates, in his critque of the retailer's My SHC Community service. "In fact, while registering to join the 'community,' very little mention is made of software or tracking." At the time, Sears buried such mention on page 10 of a 54-page user agreement.

Judging from the current user agreement on the My SHC Community service, it appears that Sears no longer distributes comScore software. A company spokesman told us: "We don't talk about our business partners...I don't know that we ever distributed comScore software." But he acknowledged that Sears turned off part of the SHC service earlier this year.

Secure remote control for conventional and virtual desktops

Next page: The easiest way

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday
Customer: 'Please change your name to occasionally somewhere'
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.