17 Comments

Summary:

Two non-profit organizations, Free Press and Public Knowledge, have ridden down the data trail of ad insertion technology provided by NebuAd and declared that it violates “several fundamental expectations of Internet privacy, security and standards-based interoperability.” In a report published today, the two compare NebuAd to […]

Two non-profit organizations, Free Press and Public Knowledge, have ridden down the data trail of ad insertion technology provided by NebuAd and declared that it violates “several fundamental expectations of Internet privacy, security and standards-based interoperability.” In a report published today, the two compare NebuAd to malware and accuse it of Internet wiretapping.

NebuAd provides a deep-packet inspection appliance that sits on the network of an ISP. The appliance tracks information about the type of sites a user visits and serves up ads against that information. The company got a lot of attention after Charter Communications signed a deal to test the technology.

One of the biggest issues with the technology highlighted in the report include a consumer’s inability to truly opt out of having his Internet communications intercepted. In an interview with NebuAd CEO Bob Sykes in May, he told me all ISPs have to provide opt-out information to consumers, and defended the legality of the product on those grounds.

However, the investigation shows that even if a consumer opts out, they can only opt out of seeing an ad, not out of having their Internet usage tracked. Furthermore, the decision is tracked by a cookie installed in the browser software, which many users delete and is rendered ineffective if the user changes computers or browsers anyway. In response to the report, NebuAd issued the following statement:

“We are disappointed with the misleading characterization of NebuAd in the Free Press and Knowledge Review report issued today. Specifically, we take issue with the inaccurate statements made in reference to NebuAd’s consumer privacy standards and apparent disregard for the controls and policies we have in place to inform and protect internet subscribers. Transparency and consumer privacy protection are core to our business. Reasonable review of materials that have been made available online would have educated the organization that NebuAd requires its ISP partners to provide robust notice to their subscribers prior to deployment of the service.”

In general, the technology may be irritating much in the same way ISPs using forced redirects after a user types in a web site incorrectly is irritating, but it’s not illegal. Congress has threatened to get involved, but I doubt that much will be done any time soon (especially in an election year) to protect consumers from this type of scheme. With ISPs resorting to metered pricing or traffic throttling in a supposed effort to protect their video business, and inserting themselves between consumers and their choice of web sites in an effort to snag ad revenue, you’d think they believe they have a monopoly and can do whatever the hell they want. Oh, wait.

  1. Even though it far fetched it is necessary to have encrypted communication between end users and destination servers in all internet usage.packet sniffing is not new either robbery.both requires to be guarded against vigilantly.

    Share
  2. You all throw around some very strong opinions for being as uneducated about the issues as you are. You take the words of extreme organizations like the Free Press are for their word and cry “big brother”. Get your facts straight before you cast stones and cry woe is me.

    Share
  3. Herman Manfred Thursday, June 19, 2008

    So now a NEW product comes along – a proxy server at a single location that your browser/PC =always= uses to surf – all HTTP requests automagically convert to a form like “http:///centralproxy.com?addr=http://www.gigaom.com” (that better not work for real!) and NebuAd thinks you really REALLY like the site “centralproxy.com”…

    Share
  4. [...] Higginbotham reports at GigaOm that users can’t truly opt out of the system. The investigation shows that even if a [...]

    Share
  5. Who will look into how Google, Yahoo, and Microsoft search engines track us? I guess since they say they’re not evil they must not be. Or maybe we all prefer to demonize everyone else instead of giving equal review to all major providers.

    Share
  6. [...] seems like everyone has a recent article on NebuAD’s technology, which was once thought to be simple deep packet [...]

    Share
  7. Stacey Higginbotham Thursday, June 19, 2008

    Hines, you bring up a good point about search engines seeing and storing search data. That’s a different battle in the same online privacy war.

    Share
  8. Actually I think that it’s the same war. ISPs are just trying to get the money back from Google using the exactly same method.

    A solution protect your privacy against any data-profiling (search engine or ISP) is to pollute the recorded data.

    Two FF extensions generate fake queries on search engines to pollute the collected data (at search engine level, but it also pollute ISP data): SquiggleSR (https://addons.mozilla.org/en-US/firefox/addon/5986)and TrackMeNot(https://addons.mozilla.org/en-US/firefox/addon/3173). Notice that the former also clicks on non-sponsored results so it may simulate realistic browsing activity.

    Share
  9. So let’s see here… so why aren’t you writing about direct marketers and all the personal information they have about you like your physical home address, phone number, household income etc. etc. None of which technologies like Nebuad have nor will have. They don’t even know your IP address let alone physical home address or phone number.

    You are severely paranoid for all the wrong reasons.

    Share
  10. [...] system that had stirred privacy fears about the way user data was intercepted and anger over an inability to truly opt out of the program. The cable provider said back in May that it was working with NebuAd, a startup in Redwood City, [...]

    Share

Comments have been disabled for this post