Skip to main content
  1. Home
  2. Computing
  3. News

Casper’s mattresses may be comfortable, but its alleged data collecting isn’t

By

casper navistone lawsuit mattress 2
Image used with permission by copyright holder
Casper may want its customers to get a good night’s rest on its mattresses, but no matter how comfortable these beds might be, Casper’s alleged practice of illegally collecting customer data may make it hard to sleep soundly. The bed in a box company is now facing a federal lawsuit that accuses it and software company NaviStone of collecting information from visitors to the Casper website to try to determine their identities.

The lawsuit, which is seeking to be granted class-action status, claims that New Yorker Brady Cohen visited casper.com “several times over the past six months while he was shopping for a new mattress,” as CBS reported. But what Cohen (and most customers) didn’t realize was that Casper utilized NaviStone’s technology to figure out Cohen’s personally identifiable information (PII), such as his name and postal address, all without his explicit consent. The lawsuit alleges that Casper can keep tabs on a user’s keystrokes, mouse clicks, and more, helping the company obtain detailed data on user habits.

As the filing asserts, “…when connecting to a website that runs this remote code from NaviStone, a visitor’s IP address and other PII is sent to NaviStone in real-time. This real-time interception and transmission of visitors’ electronic communications begins as soon as the visitor loads casper.com into their web browser.” It continues, “The intercepted communications include, among other things, information typed on forms located on casper.com, regardless of whether the user completes the form or clicks ‘Submit.'”

Casper, for its part, has denied the charges, branding them as nothing but a “blatant attempt to cash in on and extort a successful, high-growth startup.” And for its part, NaviStone also seems surprised by the lawsuit. The company readily admits on its site that it allows clients to reach “previously unidentifiable website visitors,” but that it still complies with privacy laws.

“The first NaviStone heard of this lawsuit was when it was filed,” NaviStone said in a statement. “As a result, we have not had the opportunity to speak to the plaintiff or his attorneys about their concerns. We are hopeful that, once that conversation takes place, we can clear up any misunderstandings they may have regarding what NaviStone does — and does not.” All the same, NaviStone has come under fire this year, particularly after Gizmodo published a story on the 100-plus companies that appear to use the company’s code. Since that piece ran, companies including Wayfair and Road Scholar have revealed that they no longer use NaviStone, and just maybe, Casper will follow.

Topics
Lulu Chang
Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more