ISP's want to collect your surfing habits, build a profile, and sell it to advertisers

motivez · 07-09-2008, 11:56 AM

Ad-Targeting Companies and Critics Prepare for Senate Scrutiny

By Stephanie Clifford

The Senate Commerce Committee will hold a hearing Wednesday to look at the policy issues raised by advertising that is targeted to the online behavior of Internet users. Some of the participants are trying to bolster their positions in advance.

The hottest topic will be proposed systems by which Internet service providers can watch users and sell information about their surfing habits to advertising companies. The Center for Democracy and Technology — whose chief executive, Leslie Harris, will testify — issued a report suggesting that these systems may violate federal law.

On the other side NebuAd, the most active ad-targeting company working with Internet providers in the United States, has introduced two new features to try to tamp down the controversy over its technology. One feature will allow Internet service providers to more prominently disclose to customers that their activities are being tracked. The other will give users a new method to opt out of tracking.

NebuAd “definitely creates some privacy concerns, so we have bent over backwards to make sure we address all those consumers’ privacy concerns,” said Robert Dykes, the company’s chief executive, in an interview. Mr. Dykes will also testify at the hearing Wednesday.

Privacy advocates worry that NebuAd’s business model relies on tracking Web surfers without the surfers being aware of it. NebuAd partners with Internet service providers, uses information from their customers’ surfing to amass profiles and then shows the customers ads based on their interests.

“Advertising per se is not the evil here,” Ms. Harris said in a conference call with reporters Tuesday. “It’s the collection of individuals’ information, usually without their knowledge, always without their consent, creation of profiles and the complete inability of people to make choices about that.”

NebuAd says its profiles are interest-based, and not personally identifiable. The company says it can create profiles as broad as “someone interested in autos” or as granular as “someone interested in a used German luxury car” in order to serve relevant ads. (My colleague Saul Hansell has written in detail about NebuAd’s tracking system.)

“What’s important is we don’t have the raw data. They’re anonymous profiles,” Mr. Dykes said.

The two updates to NebuAd’s privacy standards include an online alert that Internet providers can use to tell subscribers that they are being tracked by NebuAd, and a way that people can opt out of NebuAd tracking even when they are also deleting their cookies.

Mr. Dykes said it was up to the Internet providers to choose whether and when they wanted to display the online notice. Currently, the Internet providers have told users about their use of NebuAd through an e-mail message or a notice in their billing statements.

As for the cookie-based opt-out, he said, “people are looking for other means to ensure that once they’re opted out, there is really a network-based approach to ensure they stay opted out. While we’re not revealing technology details, we are saying we’ll be offering users a choice. They’ll have the opportunity if they want cookie-based opt-out, but also another choice to use a network-based opt-out.”

The changes come as parts of NebuAd’s business have stalled over privacy concerns. Charter Communications said last month that it would suspend a trial of NebuAd due to customer concerns about privacy. Other companies testing the software, including Wide Open West and CenturyTel, have also halted their tests of NebuAd.

Mr. Dykes said the Internet service providers want to make sure the users and public understand how NebuAd’s system benefits the Internet by driving advertising dollars to the more general-purpose Web sites while also operating under very strict privacy rules.

Asked how many ISPs the company was currently working with, Mr. Dykes did not specify the number. “We are deployed with some Internet service providers, but we are perfectly O.K. for some of our partners to wait until we have a better, more informed education of the public and folks in Washington before they resume their rollout,” he said.

The C.D.T. noted in a press release “that Federal law would allow the practice with the consent of the subscriber.” However, CDT added, “that consent should not be obtained through a notice buried in a ‘terms of service’ agreement or inserted in a billing statement.”

The C.D.T. representatives at the press conference said they had not examined NebuAd’s new privacy standards in depth. “I think it’s important to say that they’re still going with an opt-out model,” said Ari Schwartz, vice president at C.D.T. What is still unclear, he said: “Are they stopping collection of information when people actually do opt out?”

Mr. Dykes argued that because NebuAd was not collecting personal or sensitive information, the opt-out procedure (as opposed to opt-in) was appropriate. “If you do collect personally identifiable information, or if you do collect sensitive information, it should be opt-in,” he said. “We have designed our entire company to make sure that we stay on the opt-out side of those laws and policies.”

Ad-Targeting Companies and Critics Prepare for Senate Scrutiny - Bits - Technology - New York Times Blog

What do you guys think about this? I suspect the libertarian response is well, you signed up to use their network, they can do with the information they have about your usage what they want with it. If you don't like it, don't use the service

But I don't think that's a realistic response, since in many areas your choices for broadband are extremely limited, and it's likely if its allowed, all companies would be taking advantage of the gold mine offered by sifting through their customers viewing habits in order to make more money.

I certainly think they should be forced to require users to opt in to the service, rather than opt out, so anyone wanting to do it would know full well what they're getting themselves into, rather than having to sift through a bunch of legal jargon to find it embedded somewhere in their EULA or whatever they have..

And I don't particularly care that the data is supposed to be anonymous, there's no guarantees that that data remains safely in the hands of someone without the ability to connect the dots

Ardentfrost · 07-09-2008, 01:33 PM

No, the libertarian response will be that if all companies move to this with no alternatives, then there isn't enough competition in the industry and whatever is preventing that competition needs to be stopped.

However, if one ISP does this, I would sincerely hope that the customers balk and move their business elsewhere. It really is unacceptable practice.

Ardentfrost · 07-09-2008, 01:33 PM

Oh, and spoiler alert, porn is the most searched on the internet

motivez · 07-09-2008, 06:32 PM

Originally Posted by Ardentfrost

No, the libertarian response will be that if all companies move to this with no alternatives, then there isn't enough competition in the industry and whatever is preventing that competition needs to be stopped.

However, if one ISP does this, I would sincerely hope that the customers balk and move their business elsewhere. It really is unacceptable practice.

There's really not very much choice for users, though. And new, big companies with their own infrastructure are unlikely to spring up, at least in any reasonable time frame because entry costs into such a thing are gigantic

Ardentfrost · 07-09-2008, 07:27 PM

Infrastructure is rarely maintained by these consumer-level ISPs now-a-days. Comcast has a peer, but they are small and just latch onto larger peers such as Level 3 and Qwest.

As far as the infrastructure to your door is concerned, there is satellite, DSL, and cable, which usually offer multiple choices for each medium (except cable, which doesn't offer multiple carriers because of regulations that help them out... I'm against those regulations). Not to mention the advent of wireless internet to your house, which is closer than most realize.

kombayn · 07-09-2008, 11:39 PM

It's already half-way done with Google Ads. I can see how this clearly violates your privacy.

motivez · 07-10-2008, 11:01 AM

Originally Posted by kombayn

It's already half-way done with Google Ads. I can see how this clearly violates your privacy.

I don't think that's very similar, to be honest. Google advertisements insert code into the page that provides advertisements relevant to the content on the page you happen to visit, not on your viewing habits directly

avsp · 07-11-2008, 08:31 AM

AntiPhorm - Surfing Privacy

I'm not too sure if this really going to work adequately, ..., stochastic resonance etc.

Is it all possible to in someway claim copyright to your surfing habits?
Even if so an ISP could make it a ToS that you transfer the rights to them

WickedLou9 · 07-11-2008, 09:25 AM

Originally Posted by Ardentfrost

Infrastructure is rarely maintained by these consumer-level ISPs now-a-days. Comcast has a peer, but they are small and just latch onto larger peers such as Level 3 and Qwest.

As far as the infrastructure to your door is concerned, there is satellite, DSL, and cable, which usually offer multiple choices for each medium (except cable, which doesn't offer multiple carriers because of regulations that help them out... I'm against those regulations). Not to mention the advent of wireless internet to your house, which is closer than most realize.

Satelite is crappy in terms of speed. DSL makes you pay through the nose for decent speeds. Cable has very high speeds for lower prices than the others. Most people won't pay the extra.

Ardentfrost · 07-11-2008, 04:33 PM

Originally Posted by WickedLou9

Satelite is crappy in terms of speed. DSL makes you pay through the nose for decent speeds. Cable has very high speeds for lower prices than the others. Most people won't pay the extra.

All I'm saying is there are alternatives. I didn't say that everything else would be equal. Personally, I think there aren't as many alternatives as there would be if the FCC didn't support the status quo of communication companies.

But anyway, you give all your options a monetary value (even if you don't know you do it). If each benefit wasn't given an individual value, everyone would just use NetZero's $10 service. But instead, people value things like bandwidth, how easy it is to connect, rates of outages, and even company policy.

And from what I hear, satellite isn't near as bad as it used to be.

Kytro · 07-11-2008, 09:57 PM

You could always use Tor, though that can be slower.