I am sure some of you are already familiar with NebuAd, the ad network that partners with ISPs to capture all of your HTTP travels for the purposes of better ad targeting. That's ALL your nonsecure web travels, not just some.
As you know, BT has been a particularly controversial area for the past...couple years among privacy advocates. Naturally, because NebuAd captures more information about consumers, ISP based targeting has been particularly questioned.
NebuAd and FrontPorch have been quietly working with ISPs for some time doing this sort of tracking, but the big break in the industry came when NebuAd signed Charter ISP to be a part of its service. Before Charter, most of the participating ISPs have been small and quiet about their partnerships.
But as NebuAd and Charter made their announcement, the inquiring minds of privacy advocates really turned the klieg lights on this BT segment. Reps Ed Markey (D) and Joe Barton (R) -- yes you are seeing Democrats and Republicans work together for once -- sent a letter to Neil Smit, President and CEO of Charter, to ask him not to move forward without further review. When you visit the letter you'll see it's written in that impenetrable Congessional way, but as I read it the "request" is the governmental equivalent of getting a black rose in the mail from Mafiosi.
Charter postponed their move (natch), and the trades have been abuzz pretty much ever since.
But the story got a scosh darker for NebuAd with report from Free Press entitled "NebuAd and Partner ISPs: Wiretapping, Forgery and Browser Hijacking."
The press release for this study reads in part:
Topolski found that NebuAd, after being installed on the WOW! network, injects extra hidden code into a user’s browser that was not sent by the Web site being visited. That code directs the user’s Web browser to another site not requested or even seen by the consumer, where hidden code is downloaded and executed to add more tracking cookies. The consumer then sees ads based on NebuAd’s profile of a user’s browsing habits — built through the secretly collected information.
By changing the computer code for Web sites to insert information into the packets of data sent to consumers, NebuAd and its ISP partners “violate several fundamental expectations of Internet privacy, security and standards-based interoperability,” the report found.
The study itself is rather technical -- I had to read it seven times before I got the gist, and there are nine pages of packet trace code as an appendix -- but posits that there are fundamental issues with the NebuAd methodology. The parts I found most interesting were the connections it drew between what it said NebuAd is doing and browser hijacking (common manifestations are when your home page is changed of favorites appear on your list without your consent,) XSS attacks (when others have access and control of your PC,) that Intel serial number controversy of 1999 when Intel inserted unique codes into chips that made it impossible for users to remove encroachments to their anonymity, and something called a "man in the middle attack" which allows a third party to monitor messages sent between your PC and others.
I don't pretend to understand all of the above paragraph. What I do understand is that this is more evidence that the business of digital media and understanding it is becoming incredibly complex and technical.
The thought that comes to my mind, though, is that it's a little scary that our federal government will be making decisions on this stuff given that relatively few of our elected leaders have even my puny level of technical knowledge. Naturally there will be experts involved in setting guidelines and standards if it comes to that, but make no mistake...there are very few people in Congress or on Congressional teams that have even an iota of knowledge about the privacy issues raised by the Internet.
Let's hope that for the sake of the web and the future of media, the decisions are made not based on hyperbole or selective presentation of facts, but rather on a real assessment of the issues by people who have depth of Internet understanding.
In any case, it can't be a whole lotta fun to be NebuAd this week.
POST SCRIPT: I got two emails about my second to last sentence here. I did not mean to imply that either NebuAd's position, nor that of the study referenced above, are hyperbole or half truth. I am just weary of technical issues being resolved in "food fights" on cable news when the reality is that people who actually know what they are talking about should be helping guide the regulatory future of ISP-based targeting.
Jim- good stuff. Thanks for reading it seven times...I gave up after one.
ReplyDeleteHi Bill,
ReplyDeleteI wrote it.
The reason that I drew comparisons to known types of classic attacks is to help put all of this gobbledegook into context. It -is- technical, because without the facts it amounts to bomb-throwing.
If you understand it, please help me put it into words that are meaningful. I'm always looking to improve my writing skills.
Great entry and I love the baby picture!
Robb Topolski
robb@funchords.com
Hillsboro, OR
Hi Robb,
ReplyDeleteI wasn't intending to take a shot about the technical-ness of the writing, so if it came across that way, please accept my apology.
It didn't take me seven reads because it was obtusely written. It took me seven reads because it IS technical -- the topic I mean.
What I was to say was that we (the marketing people who read this blog and myself) are truly in a new World here. Which is an idea that we've all understood in the abstract, but your report really broght home for me. These issues ARE highly technical, and the material of your discussion is stuff that one cannot skim and believe they get the essence of.
My real concern is that, as with Net Neutrality, people in Washington for whom the Internet is largely a black box will now be looking into this and potentially making law about it.
The Congressmen who sent the letter to Charter may be very well versed in technology and the web. But most are not.
I also fear that the debate over this kind of BT would be a welcome topic of vitriole for a Congress that would much rather talk about NebAd than warrantless wiretapping conducted by the government and retroactive changes to law to protect phone companies that acted illegally.
jim