Two watchdog groups accused Silicon Valley startup NebuAd June 18 of hijacking Web sites and intercepting users’ browsers. NebuAd is an online advertising company that provides targeted advertising for ISPs.
According to a new technical report (PDF) by Free Press and Public Knowledge, NebuAd uses special equipment that “monitors, intercepts and modifies the contents of Internet packets” as consumers go online. The report found that NebuAd inserts extra hidden code into users’ Web browsers that was not sent by the Web site being visited.
In turn, the code directs the browser to another site not requested or even seen by the consumer, where more hidden code is downloaded and executed to add more tracking cookies. Using the secretly collected information, NebuAd serves up ads based on the user’s browsing habits.
“Apparently, neither the consumers nor the affected Web sites have actual knowledge of NebuAd’s interceptions and modifications,” the report stated.
The report was written by Robert M. Topolski, chief technical consultant for the organizations, who made headlines by first reporting Comcast’s throttling of BitTorrent applications.
NebuAd has announced partnerships with Charter Communications, WOW, Embarq, Broadstripe, CenturyTel, Metro Provider and other ISPs. NebuAd pays ISPs to install monitoring boxes on their networks. Charter, the nation’s fourth-largest cable provider, was scheduled to be begin testing NebuAd on June 15 but postponed the trials after a U.S. House Committee questioned the privacy implications of the monitoring system.
“This report shows that NebuAd’s Internet wiretapping is highly questionable,” Free Press General Counsel Marvin Ammori said in a statement. “Phone and cable companies should press pause on NebuAd and any similar venture until consumers and members of Congress can address the serious concerns raised by this report.”
In May, Reps. Ed Markey and Joe Barton, the majority and ranking members of the House Subcommittee on Telecommunications and the Internet, wrote (PDF) to Charter Communications President and CEO Neil Smit asking him to stop NebuAd testing until the subcommittee has had time to review the program.
“Any service to which a subscriber does not affirmatively subscribe and that can result in the collection of information about the Web-related habits and interests of a subscriber, or a subscriber’s use of the operator’s services … without the ‘prior written consent or electronic consent of the subscriber’ raises substantial questions related to [privacy],” Markey and Barton wrote.
NebuAd allows users to opt out of the customized ads program but not online tracking.
“NebuAd breaks the rules of acceptable behavior on the Internet,” Topolski wrote. “It monitors what you do and see on the Internet, it breaks in and changes the contents of your private communications, it keeps track of what you’ve done, and if you even know that it’s happening, it is impossible to opt out of it.”