A federal lawsuit earlier filed this week accuses Casper, the direct-to-consumer mattress startup, and a software company named NaviStone of illegally collecting information from visitors to the Casper website in an attempt to learn their identities.
The 21-page suit, which is seeking class-action status, alleges that New York City resident Brady Cohen visited the Casper website several times over the past six months while he was shopping for a new mattress. He didn't know the company, which has disrupted a $14 billion mattress industry, was using NaviStone's technology to learn his personally identifiable information (PII), such as his name and postal address, without his consent. Cohen wound up not buying a Casper mattress.
According to the court filing, Casper is able to observe the keystrokes, mouse clicks and other electronic communications and get detailed information on visitors' habits, thanks to secret NaviStone code embedded in its site, which functions as an illegal wiretap.
The Nov. 28 filing says: "...when connecting to a website that runs this remote code from NaviStone, a visitor's IP address and other PII is sent to NaviStone in real-time. This real-time interception and transmission of visitors' electronic communications begins as soon as the visitor loads casper.com into their web browser."
The filing added that "The intercepted communications include, among other things, information typed on forms located on casper.com, regardless of whether the user completes the form or clicks 'Submit.'"
On its website, NaviStone says its technology enables clients to reach "previously unidentifiable website visitors." The company, which says it takes privacy laws seriously and insists that its clients do the same, said it was surprised to learn of the lawsuit.
"The first NaviStone heard of this lawsuit was when it was filed," NaviStone said in a statement. "As a result, we have not had the opportunity to speak to the plaintiff or his attorneys about their concerns. We are hopeful that, once that conversation takes place, we can clear up any misunderstandings they may have regarding what NaviStone does -- and does not."
New York attorney Scott Bursor, who is representing Cohen, didn't immediately respond to a phone message left at his office. Bursor is arguing that Casper and NaviStone violated the federal Wiretap Act and is seeking to represent all consumers nationwide whose communications were intercepted after visiting Casper.com.
NaviStone's business practices came under scrutiny earlier this year in an expose on Gizmodo that found at least 100 sites use the company's code, including Quicken Loans, home goods retailer Wayfair and Road Scholar, a nonprofit educational travel company. According to Gizmodo, NaviStone masks its activity through so-called "dummy domains."
Both Wayfair and Road Scholar have said they have since quit using NaviStone. Officials from Quicken Loans didn't immediately respond to a request for comment.