Unless you're using strict privacy controls in your browser, you generally expect that online stores will track at least a bit of your activity, if just to send you targeted ads when you browse the web. However, a proposed class action lawsuit is claiming that Casper was far nosier. The suit alleges that the mattress-in-a-box startup violated the Electronic Communications Privacy Act by using code from NaviStone to grab personal data from web visitors without permission. Reportedly, it would collect keystrokes, clicks, IP addresses and other identifying info whether or not you actually submitted it. In theory, Casper could see what you'd typed into a form even if you backed out.
Not surprisingly, both Casper and NaviStone reject notions that this amounted to spying on visitors. Casper described the lawsuit to CBS as a "blatant attempt to cash in on and extort" a rapidly growing startup. NaviStone was caught off-guard by the lawsuit, but has said that it takes privacy laws seriously and wanted to "clear up any misunderstandings" about what its web tracking tools do. It doesn't link email addresses to personal information, for instance.
There is good reason to be skeptical of a potential class action suit, since it's all too common to see lawyers encourage them in a bid to get their name in the spotlight over a hot-button issue. However, this isn't the first time questions have surfaced over NaviStone's tools. Gizmodo recently learned that dozens of websites (such as Quicken Loans) used NaviStone, and its reporting led to NaviStone backing away from a practice of emailing customers who'd typed in their addresses but never sent them. Users clearly aren't consenting to or aware of the data sharing, and while Casper may only have intended to pitch would-be mattress buyers, there are serious privacy implications if it was identifying those customers before they'd even clicked a "submit" button.