How ComScore can track your mouse clicks

Permission Research

There are two primary ways that comScore distributes its software. In some cases, it distributes on its own, through a site called PermissionResearch. In others, it pays third-parties to install the software, tagging it with a separate brand name: Relevant Knowledge.

At PermissionResearch, the game is fairly straightforward. Additional software and services are offered alongside comScore's net monitor, including an online backup tool, a privacy guard, and, believe it or not, screen savers. "PermissionResearch relies on its members to gain valuable insight into Internet trends and behavior," the site home page reads. "In exchange for having their Internet browsing and purchasing activity monitored, members have access to free software downloads and a variety of other benefits."

And you can't become a member without agreeing to comScore's privacy policy. Yes, it's a lengthy policy. And yes, the average user is unlikely to read it. But comScore doesn't install its net monitor unless you give consent.

The PermissionResearch pitch

The question is what happens with third-party distributors - who comScore does not identify. Officially, these third parties distribute much like comScore itself: They piggyback the company's net monitor on other "free" software packages - and they clearly explain the monitoring bit. "It's not like you download an mp3 player and they sneak this comScore thing past you," Chasin said. "They explain, very specifically, that in order to get the mp3 player, you have to join our panel.

"The affirmative consent for the panel is separate and distinct from that required for the mp3 player. Prospective panelists are solicited to join the panel with a standalone invitation, privacy policy, and request for consent - separate from the offer for the value proposition."

But this doesn't always happen. Harvard Business School assistant professor Ben Edelman offers bona fide video proof of a well-known banner ad farm - ExitExchange - installing comScore's software via drive-by download. This was captured almost a year ago, but he witnessed a similar incident as recently as last month. And recent tests from both Edelman and McAfee show that a site called TopDesktop continues to bundle comScore alongside other software without proper notice.

"comScore distributors are supposed to get consent, but in practice, they don't always do that," Edelman told us. "Sometimes, they install the software in tricky and underhanded ways."

comScore vows to jettison partners who distribute without consent. And Edelman has witnessed the company remotely removing software installed via drive-by download. But drive-bys and non-consensual bundles aren't the only problems. There's also that gray area between consensual and non-consensual.

Sears - the venerable American retailer - has distributed comScore software, and as we reported in January, the company wasn't exactly upfront about it.

"[The] extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software," wrote Benjamin Googins, a researcher in the anti-spyware unit at Computer Associates, in his critque of the retailer's My SHC Community service. "In fact, while registering to join the 'community,' very little mention is made of software or tracking." At the time, Sears buried such mention on page 10 of a 54-page user agreement.

Judging from the current user agreement on the My SHC Community service, it appears that Sears no longer distributes comScore software. A company spokesman told us: "We don't talk about our business partners...I don't know that we ever distributed comScore software." But he acknowledged that Sears turned off part of the SHC service earlier this year.