A poster child for privacy invasion

This cannot be a comfortable time for the venture capitalists who invested in NebuAd, an advertising service that tracks users’ Web activities. Overwhelmingly negative attention by the press and a congressional committee are not the way for a company that has depended on having a low profile to have an assured future.

Over the course of the last few months, NebuAd has become, perhaps somewhat unfairly, the poster child for greedy ISPs and privacy invasion; and this attention seems to have dried up its already small pool of tone-deaf ISPs that were trying out the technology.

I wrote about NebuAd more than a year ago. After talking to NebuAd, I concluded that the company was trying to be responsible, but I still did not much like what it was doing. I particularly did not like its ineffectual, cookie-based opt-out mechanism; and, although I did not say it at the time, I’m not sure that the data the company collects is as anonymous as it maintains.

NebuAd says it does not collect detailed information about Internet activity, but only notes rough categories of visited sites and hashes the IP address before it stores that data. I expect, however, that if NebuAd were supplied with an IP address, it could tell you the categories of sites that the computer with that IP address visited. Not a big risk, but a privacy issue in any case.

NebuAd’s activities have been the subject of congressional hearings and a lot of posturing by politicians. I expect that its CEO does not have warm feelings for Washington these days.

As part of one of these hearings, the House Committee on Energy and Commerce asked 33 ISPs and other Internet companies to respond to a series of questions about their use of technology like NebuAd’s. The committee received 31 real responses and one plea for more time.

Some of these responses are quite interesting. No one admits to be using NebuAd, but a couple of ISPs said they had run trials that they stopped after they saw the adverse publicity about the idea and vendor. Most ISPs said they did not use anything like NebuAd and had no plans to, but quite a few hedged their bets a bit, maybe to preserve their options. The response that was most to the point came from Frontier Communications, whose one-paragraph letter basically said, “Frontier does not and cannot do this kind of thing, so the answers to your questions are ‘no’ or ‘not applicable.'”

The ISPs that had tested NebuAd tried to say that it was “advanced advertising” that would “help improve your favourite Web sites by showing ads that are relevant to you, and reduce clutter.”

They also pointed to NebuAd’s poor opt-out process. NebuAd recently has said it was going to come up with a non-cookie-based opt-out mechanism, but if the company actually believed that it provided value to the customer, it would switch to opt-in.

The most interesting response was from AT&T. It basically said it did not use this kind of technology but that such technology “could prove quite valuable to consumers and could dramatically improve their online experience.”

I bet AT&T does not believe this enough to use opt-in, however. AT&T also said that Google was far worse than anything that NebuAd-like technologies could do. The carrier is not wrong, but claiming to be good by not being as bad as the other guy does not make me feel warm and fuzzy.

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now