ComScore Says 'Researchware' Isn't 'Spyware' - InformationWeek
Software // Enterprise Applications
06:20 PM
Connect Directly
7 Key Cloud Security Trends Shaping 2017 & Beyond
Dec 15, 2016
Cloud computing is enabling business transformation as organizations accelerate time to market and ...Read More>>

ComScore Says 'Researchware' Isn't 'Spyware'

Despite criticism, the company maintains that users appreciate the download accelerators, games, and screen savers that come with the company's tracking software.

ComScore chairman and co-founder Gian Fulgoni believes there's a distinction between overt and covert data gathering. Market researchers, he suggests, rely on "researchware," in contrast to criminal researchers who employ "spyware."

"Market research tracking software (we have dubbed it 'researchware') needs to be differentiated from 'adware,' 'spyware,' and 'malware' and should not be treated in the same way as these intrusive and potentially harmful applications," Fulgoni said in a blog post Wednesday. "We must not let the purveyors of spyware -- the rotten apples -- give market researchers a bad name."

Such name calling has significant implications for ComScore's business: using "researchware" to track the actions of its 2 million-person panel of Internet users and mining that data for salable market intelligence. As the company warns in a third-quarter 2007 SEC filing, "Concerns over the potential unauthorized disclosure of personal information or the classification of our software as 'spyware' or 'adware' may cause existing panel members to uninstall our software or may discourage potential panel members from installing our software."

To critics, Fulgoni's attempt to separate "researchware" from "spyware" looks like an effort to divide conjoined twins.

"ComScore goes to great lengths to tout its supposed good behaviors," said spyware researcher Benjamin Edelman in an e-mail. "But the fact is, there's indisputable video proof of ComScore software becoming installed without any notice at all and without any consent at all. There's also indisputable proof of recent installation sequences where notice was hidden, muddled, or otherwise opaque. ComScore claims its software should be differentiated from adware or spyware. But just like adware and spyware, ComScore's software has a history of arriving on users' computers without users knowing what it is or agreeing to receive it. And just like adware and spyware, ComScore's software tracks and transmits detailed information about users' online activities. These behaviors give users ample reason to distrust ComScore's approach."

Edelman published two critiques of ComScore's practices recently. In January, Edelman wrote, "The basic challenge is that users don't want ComScore software. ComScore offers users nothing sufficiently valuable to compensate them for the serious privacy invasion ComScore's software entails. There's no good reason why users should share information about their browsing, purchasing, and other online activities. So time and time again, ComScore and its partners resort to trickery (or worse) to get their software onto users' PCs."

ComScore sees things differently. It maintains that users appreciate the download accelerators, games, and screen savers that come with the company's tracking software, and it claims it behaves in accordance with accepted marketing practices.

There Is A Precedent

To support his proposed distinction between market research and intrusive spyware, Fulgoni points to Federal Trade Commission precedent: The FTC exempts tele-research calls from the Do Not Call Registry rules that govern intrusive telemarketing calls.

The problem Fulgoni faces in his campaign to legitimize "researchware" is that marketers and security professionals have differing opinions about the ethical and legal dividing line between good software and bad software. As Steve Schuster, director of IT security at Cornell University, put it in 2005, whether or not ComScore's software is spyware "depends on who is asked."

Cornell blocked ComScore's Marketscore software from October 2004 through early May 2005. It subsequently stopped doing so both because the university community became more aware of the risks of the software and because two antivirus packages adopted by the university could detect and remove Marketscore.

Despite ComScore's claim that its software collected data with the informed consent of its users, Schuster said "many believe that ComScore Networks is walking a rather fine line by purporting that a very large and lengthy user agreement constitutes appropriate user notification, and may be taking advantage of the fact that very few people actually read user agreements before installing software."

Last July, shortly after Edelman's initial post about ComScore's failure to obtain user consent to install it software, TRUSTe, an organization that certifies and audits privacy practices, confirmed that a rogue distributor of ComScore's RelevantKnowledge application had been using a security exploit to force the software on users. The organization then removed RelevantKnowledge from its Whitelist of Certified Applications.

"This is a good example of how the Whitelist and the program works," said a TRUSTe spokeswoman. "We think we're actually encouraging our customers to be more accountable."

She said that TRUSTe was still in the process of working with ComScore to make sure the company can secure its distribution program. "We're looking forward to them being in compliance and coming back on the Whitelist," she said.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll