Unethical corporate behavior: comScore

Posted on Categories Personal

Forbes.com asks How Much Privacy? in an article on the practices of online marketing research firm comScore. Apparently the firm tempts people into using their software with small rewards (gift cards and the like) so they can track web activity, correlate it with user-supplied demographics and sell the (aggregated) information to some very big name corporate clients. [via Slashdot]

Not my cup of tea but some single digit millions of my fellow Americans are okay enough with it to install the software. This begs the question of how well these folks understand what they’ve agreed to but caveat emptor, right?

Except that comScore goes just a bit further than most anyone but the geekiest will be able to understand. Their software, you see, inserts a root certificate authority into your Windows Registry (yay for us Macsters) which allows them to track your activity into otherwise secure websites. That is, after depending for years on the fact that when you see a URL beginning with https instead of http you’ve loaded a secure webpage for, say, online shopping or banking you no longer can feel so safe.

The root CA allows comScore to intercept whatever you send even over those seure http links. The company, of course, claims that they aren’t going to store or use any bank account or credit card numbers or passwords that passes through their software’s filter–which gets a crack at every page visited by their users. Perhaps they won’t.

Even if we’re to trust them, which is an increasingly unlikely proposition, how can one rely on the integrity of their own servers and network when its clearly a juicy target for the criminal types who are attempting to hack into as many potentially useful systems as they can manage?

Further, what if some black hat cracker decided to take a copy of the software, hack it to replace the address of the comScore server with one of their own and then put the package back out for download far and wide? By the time the victims realized what’s happened these criminals will have feasted on the ill-gotten data. Anyone who thinks comScore is going to take liability for such victimization, well, their the most likely folks to download the software.