Be careful what you rent — rent-to-own computers from seven companies spied on users, stealing passwords and photographing… sex

You know those scary stories you hear about how a hacker took control of someone’s webcam and videotaped or photographed them without their knowledge? Yeah, well, it turns out hackers aren’t the only ones doing such things — companies that rent out computers do such things, too.

The Federal Trade Commission (FTC) has recently reached a settlement with seven rent-to-own companies that used a program called PC Rental Agent to spy on customers that rented PCs. Through PC Rental Agent, which is estimated to be installed on 420,000 PCs worldwide, the companies were able to to log keystrokes and capture photographs from webcams. This resulted in the collection of extremely sensitive data — such as usernames, passwords, social security numbers, medical records, credit card information, etc. — and the photographing of people without their knowledge. Photographs secretly taken by PC Rental Agent include photos of kids, semi-dressed individuals, and even people having sex.

From the looks of it, PC Rental Agent was originally intended to be a legitimate program for rental companies to use to try to recover stolen computers or rented PCs if customers stop paying; one of the major features of PC Rental Agent is being able to geolocate a PC. However, the program was obviously abused and the FTC says it violated the privacy of customers and its use is “unfair”, “deceptive”, and “illegal”.

It isn’t entirely clear if the guilty parties were made to pay any sort of fine but the FTC has banned the seven rent-to-own companies and the developer of PC Rental Agent from using PC Rental Agent-like software:

The proposed settlement orders will ban the software company and the rent-to-own stores from using monitoring software like Detective Mode [Detective Mode is a specific feature of PC Rental Agent] and will ban them from using deception to gather any information from consumers.  They also will prohibit the use of geolocation tracking without consumer consent and notice, and bar the use of fake software registration screens to collect personal information from consumers. In addition, DesignerWare [developer of PC Rental Agent] will be barred from providing others with the means to commit illegal acts, and the seven rent-to-own stores will be prohibited from using information improperly gathered from consumers in connection with debt collection.  All the proposed settlements contain record keeping requirements to allow the FTC to monitor compliance with the orders for the next 20 years.

Moral of the story? Avoid renting computers. If you must rent a computer, make sure to “read the fine print” to find out if the company you are renting from is spying on you.

[Thanks Eric989 | via BBC, FTC]

Related Posts

  • SomeTech

    The way this software works is to run independent of the user session which makes it pretty much impossible to remove by a layperson. PC Rental Agent also locks the built-in manufacturer’s restore on modern computers which prevents you from creating your own restore disks. So, Ed at the top is either blowing smoke or got a computer that never had the software installed.

    The only way for the average user to completely remove the PC Rental Agent software is with Factory Restore disks. These can be ordered from the computer manufacturer (usually somewhere on their website). The restore disks will completely wipe your hard drive, however, and any important data on the computer will be lost. After the restore process the computer’s software will be in the same condition as when it first came out of the box. This works 100% of the time, even in the event the PCRA software has locked down the computer.

    PC Rental Agent does absolutely nothing to change BIOS or UEFI firmware so don’t worry about that. The clown shoes who write the software aren’t good enough programmers for such things, and they know they’d end up bricking hundreds if not thousands of computers. This would lead to another huge lawsuit on the part of the rental companies.

    I’ve also had some luck by removing the hard drive from the computer in question and installing it into a desktop with extra sata ports. The mere act of “opening” the hard drive in Windows on the desktop computer will sometimes unlock the built-in factory restore allowing you to do a factory restore without disks. This will also allow you the opportunity to recover any important data files in the event you must do a full factory restore.

  • Ed

    I have gotten several computers from rent-to-own places.
    First off, yes you can reformat without the disks. The trick is to tell them you want a brand new computer still in the box because you plan on renting to own it. Per the contract agreement you will not get the restore disks untill you pay off the computer but who needs restire disks when you can make your own right from the start menu of your brand new rented computer. MOST brand new computer purchases do not come with restore disks these days, you must make your own from within the OS when you get your new system set up.
    So yes, I have gotten a brand new rent to own pc from a rental place and have reformatted and reinstalled the OS as soon as I got it out of the box, rental agreeement? who cares.

  • J.L.

    @greg: Lol, and they didn’t charge you for “vandalism”?

    Personally, if I ever need one, I’d use a Linux Live CD and maybe flash the BIOS. Hardware is still fishy though.

  • greg


    About #2, they come with whatever OS the manufacturer had on them when they were sold, The rental company keeps the “restore” disks and runs it when the PC is returned. When I rented a PC, I used Boot and Nuke to wipe the drive before I returned it.

  • mukhi

    in the world of hacking and spying, anything can happen specially when i see even a mobile phone can be remotely hacked, tracked, used to take pics, steal info.
    bottomline: restrict network use to limited number of devices, use security software and watch for suspicious activities, and last but not the least, use bizarre passwords.

  • Peter

    @Grantwhy: Answer to question #3: Every Windows user ;-)

  • Grantwhy


    1) probably against the rental agreement (to remove) and probably quite hard to find.

    2) I would be surprised if the rental computers go out with the installation disks so the people renting would have to buy/provide their own OS = when you take it back to the shop they would have to remove stuff from/re-format the drive (and probably restore the original OS).

    3) what percentage of people with computers have *ever* re-formated and installed an OS on their own?

    and the main reason: I doubt the vast majority of people renting those computers knew there was software on computer that could be used to spy on them (hard for people to remove software they don’t know is on the computer;-))

  • Eric989

    @Ashraf: Ok, thanks. It’s interesting that Aaron’s is mentioned in the first quote but not the second. I guess that means that a franchisee of Aaron’s was doing it but not Aaron’s corporate.

  • chuck (detailer)

    @Daniel: Or a scan with Malwarebytes

  • Daniel

    If one was smart enough, can’t they just remove the software or just re-format?

  • Ashraf

    @Ashraf: Oh wait, here it is:

    Those named in the FTC’s complaints include DesignerWare, LLC; its principals, Timothy Kelly and Ronald P. Koller, individually and as officers of DesignerWare, LLC.; Aspen Way Enterprises, Inc.; Watershed Development Corp.; Showplace, Inc., d/b/a Showplace Rent-to-Own; J.A.G. Rents, LLC, d/b/a ColorTyme; Red Zone, Inc., d/b/a ColorTyme; B. Stamper Enterprises, Inc., d/b/a Premier Rental Purchase; and C.A.L.M. Ventures, Inc., d/b/a Premier Rental Purchase.

  • Ashraf

    @Eric989: FTC’s websites says “The FTC also reached settlements with seven companies that operate rent-to-own stores and licensed software from DesignerWare, including franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase.”

  • Eric989

    Does anybody know the names of the 7 rental companies? Has this not been made public?