Mattress startup Casper sued for "wiretapping" website visitors

A Casper mattress and the box it shipped in.

Casper

A federal lawsuit earlier filed this week accuses Casper, the direct-to-consumer mattress startup, and a software company named NaviStone of illegally collecting information from visitors to the Casper website in an attempt to learn their identities.

The 21-page suit, which is seeking class-action status, alleges that New York City resident Brady Cohen visited the Casper website several times over the past six months while he was shopping for a new mattress. He didn't know the company, which has disrupted a $14 billion mattress industry, was using NaviStone's technology to learn his personally identifiable information (PII), such as his name and postal address, without his consent. Cohen wound up not buying a Casper mattress.

According to the court filing, Casper is able to observe the keystrokes, mouse clicks and other electronic communications and get detailed information on visitors' habits, thanks to secret NaviStone code embedded in its site, which functions as an illegal wiretap. 

The Nov. 28 filing says: "...when connecting to a website that runs this remote code from NaviStone, a visitor's IP address and other PII is sent to NaviStone in real-time. This real-time interception and transmission of visitors' electronic communications begins as soon as the visitor loads casper.com into their web browser."

The filing added that "The intercepted communications include, among other things, information typed on forms located on casper.com, regardless of whether the user completes the form or clicks 'Submit.'"

New York-based Casper, which reportedly more than doubled sales last year to $220 million, vehemently denied the allegations in the suit, calling them a "blatant attempt to cash in on and extort a successful, high-growth startup." Casper said its online advertising practices are standard in the industry and are documented in its privacy policy.

The company announced in June that it raised $170 million from investors including Target (TGT) after earlier buyout talks with the retailer broke down, according to The New York Times.

On its website, NaviStone says its technology enables clients to reach "previously unidentifiable website visitors." The company, which says it takes privacy laws seriously and insists that its clients do the same, said it was surprised to learn of the lawsuit.

"The first NaviStone heard of this lawsuit was when it was filed," NaviStone said in a statement. "As a result, we have not had the opportunity to speak to the plaintiff or his attorneys about their concerns. We are hopeful that, once that conversation takes place, we can clear up any misunderstandings they may have regarding what NaviStone does -- and does not."

New York attorney Scott Bursor, who is representing Cohen, didn't immediately respond to a phone message left at his office. Bursor is arguing that Casper and NaviStone violated the federal Wiretap Act and is seeking to represent all consumers nationwide whose communications were intercepted after visiting Casper.com. 

NaviStone's business practices came under scrutiny earlier this year in an expose on Gizmodo that found at least 100 sites use the company's code, including Quicken Loans, home goods retailer Wayfair and Road Scholar, a nonprofit educational travel company. According to Gizmodo, NaviStone masks its activity through so-called "dummy domains."

Both Wayfair and Road Scholar have said they have since quit using NaviStone. Officials from Quicken Loans didn't immediately respond to a request for comment.

  • Jonathan Berr On Twitter»

    Jonathan Berr is an award-winning journalist and podcaster based in New Jersey whose main focus is on business and economic issues.