Feeds

How ComScore can track your mouse clicks

Explores stream of unconsciousness

Secure remote control for conventional and virtual desktops

Permission Research

There are two primary ways that comScore distributes its software. In some cases, it distributes on its own, through a site called PermissionResearch. In others, it pays third-parties to install the software, tagging it with a separate brand name: Relevant Knowledge.

At PermissionResearch, the game is fairly straightforward. Additional software and services are offered alongside comScore's net monitor, including an online backup tool, a privacy guard, and, believe it or not, screen savers. "PermissionResearch relies on its members to gain valuable insight into Internet trends and behavior," the site home page reads. "In exchange for having their Internet browsing and purchasing activity monitored, members have access to free software downloads and a variety of other benefits."

And you can't become a member without agreeing to comScore's privacy policy. Yes, it's a lengthy policy. And yes, the average user is unlikely to read it. But comScore doesn't install its net monitor unless you give consent.

PermissionResearch Web Site

The PermissionResearch pitch

The question is what happens with third-party distributors - who comScore does not identify. Officially, these third parties distribute much like comScore itself: They piggyback the company's net monitor on other "free" software packages - and they clearly explain the monitoring bit. "It's not like you download an mp3 player and they sneak this comScore thing past you," Chasin said. "They explain, very specifically, that in order to get the mp3 player, you have to join our panel.

"The affirmative consent for the panel is separate and distinct from that required for the mp3 player. Prospective panelists are solicited to join the panel with a standalone invitation, privacy policy, and request for consent - separate from the offer for the value proposition."

But this doesn't always happen. Harvard Business School assistant professor Ben Edelman offers bona fide video proof of a well-known banner ad farm - ExitExchange - installing comScore's software via drive-by download. This was captured almost a year ago, but he witnessed a similar incident as recently as last month. And recent tests from both Edelman and McAfee show that a site called TopDesktop continues to bundle comScore alongside other software without proper notice.

"comScore distributors are supposed to get consent, but in practice, they don't always do that," Edelman told us. "Sometimes, they install the software in tricky and underhanded ways."

comScore vows to jettison partners who distribute without consent. And Edelman has witnessed the company remotely removing software installed via drive-by download. But drive-bys and non-consensual bundles aren't the only problems. There's also that gray area between consensual and non-consensual.

Sears - the venerable American retailer - has distributed comScore software, and as we reported in January, the company wasn't exactly upfront about it.

"[The] extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software," wrote Benjamin Googins, a researcher in the anti-spyware unit at Computer Associates, in his critque of the retailer's My SHC Community service. "In fact, while registering to join the 'community,' very little mention is made of software or tracking." At the time, Sears buried such mention on page 10 of a 54-page user agreement.

Judging from the current user agreement on the My SHC Community service, it appears that Sears no longer distributes comScore software. A company spokesman told us: "We don't talk about our business partners...I don't know that we ever distributed comScore software." But he acknowledged that Sears turned off part of the SHC service earlier this year.

Intelligent flash storage arrays

Next page: The easiest way

More from The Register

next story
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
YOU are the threat: True confessions of real-life sysadmins
Who will save the systems from the men and women who save the systems from you?
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.