GigaOM

The uproar over Charter Communications testing out a deep-packet inspection system to deliver advertising to its customers is far quieter than the one that erupted over similar plans by British ISPs, but it, too, has led to government questions about privacy and what rights a web surfer has online. I chatted this week with Bob Dykes, CEO of NebuAd, the company that’s providing the ad-insertion service to Charter.

Redwood City, Calif.-based NebuAd relies less on cookies than competitor Phorm, and instead tracks users via an appliance that sits inside a carrier’s network. The only cookies it serves on the browser are for monitoring how many times a user sees certain ads. Dykes, who was formerly CFO of Juniper Networks, talked to me about the company’s privacy practices and the motivation of the ISPs that underpins such intrusive monitoring.

GigaOM: How does NebuAd protect the privacy of users’ surfing habits?

Bob Dykes: We operate without ever identifying the user and we have no personally identifiable information. We know if it’s the same user but we can’t know who the user is, just an identifier to track an anonymous user. Against that anonymous user identifier we can link them to qualified market segments, so if they visit a recycling site they are linked to a green market category.

It is that type of qualification linked against the anonymous identifier — that’s the value we offer, but at no time do we know who the user is. We also don’t show ads on sensitive subjects such as HIV-positive status and sexual orientation.

We link market segments against a profile, not the sites themselves, so there’s no storing of web sites that are visited. We also map search terms to a dictionary to strip out personally identifiable information from search requests. We only keep market segments, not the raw data.

GigaOM: What is the use case for most of your clients? What are they trying to achieve with NebuAd?

Dykes: The ISPs have not been able to share in the ad revenue and wealth creation around the publishing side of the Internet: They see their role as a valuable and a key role in the Internet, but many of them are making no money, are regulated and see this as a way of funding their capital requirements, especially as they need to build out networks to meet the demands of video and peer-to-peer computing.

We are an online advertising company with 10 percent of the Internet subscribers in the U.S. under contract, and are taking advertising today.

GigaOM: Do you think NebuAd violates federal wiretapping laws or should be concerned about future legislation?

Dykes: There’s a large penumbra of folks that do some form of direct marketing based on the knowledge of the person they’re marketing to. This ranges from mail-order to cookie companies. We don’t gather such personally identifiable information. There are search companies and there are people with browser add-ons and toolbars that see the sites that you go to. We’re much more innocuous than many of the processes to understand who the users are, and more consumer-friendly. If you understand very much about the mail-order business, we’re not breaking any new areas in terms of the users.

Most congressmen see where we’re coming from and we do send out notification to the users and require our ISP clients to do so and allow [users] to opt out. Each ISP puts together their own document, but there are very clear essentials that require them to say the ads will be delivered based on web surfing behavior and give users a link to the opt-out page

GigaOM: Would you or have you allowed an independent testing agency to come in to certify your privacy precautions?

Dykes: We are engaging one of the big four accounting firms to audit the process.