Hundreds of thousands of PCs are rented every year in the United States. And, it turns out, a huge chunk of them have absurdly invasive, incredibly dangerous spyware preinstalled—by the company that rents them.
Here are the main players: DesignerWare is a software company that provides a program called PC Rental Agent to rent-to-own computer stores. At issue is a feature of that program called "Detective Mode" that allows administrators to spy on keystrokes, and access basically every component of the computers, including the camera. It was installed and activated on every computer with PC Rental Agent—without disclosing it to the owner. Now, thankfully, DesignerWare and seven of the companies it supplied software to have agreed to settle with the FTC over multiple charges.
By the FTC's count, "as of August 2011, approximately 1,617 rent-to-own stores in the United States, Canada, and Australia have licensed PC Rental Agent. PC Rental Agent has been installed on approximately 420,000 computers worldwide." That's a lot of spyware. The FTC claims that, since at least 2007, DesignerWare has made Detective Mode available to every single one of them.
Sounds bad, right? Well it gets worse. According to the FTC, this is the next step for your gathered data:
DesignerWare's servers send data captured by Detective Mode, unencrypted,
directly to the email accounts designated by its licensees.
Obviously, that represents a massive breach of privacy. And probably an illegal one. Keylogging tracks every single keystroke on your computer, so using software designed to pick out patterns, and especially with unencrypted data, anyone could just go through and find your credit card numbers and security codes, your email and passwords, your social security number, or anything else you've ever typed into your computer.
Nearly as disturbing as the granular level at which DesignerWare was spying on customers is the lengths its software went to fool people into thinking it was legitimate. For example, it used a "Software Instillation" popup box that was literally unclosable until a user entered contact information like phone number, home address, and email address, which was then transmitted back to the rental company. No software was ever installed—it was purely there to trick people into giving up their information. That level of subterfuge goes beyond even the "our customers are basically criminals, and we should be allowed to treat them as such" thesis of the tracking software.
And all that would would be terrible enough. But then, in Semptember of last year, DesignerWare took the spying even further and began automatically logging the Wi-Fi login points of every computer with a wireless card. It then cross-referenced that with the location of those hotspots, and logged the physical location of every computer. It's like the Locationgate scandal from last year—where cellphone companies were accused of tracking your every move by triangulating your signal—just decidedly on purpose, and just five months after the original iSpy mess happened.