Feeds

NebuAd makes meal of opt-out cookie

Whither the opt-in?

Build a business case: developing custom apps

As it prepares for a Congressional pow-wow on the "Privacy Implications of Online Advertising," behavioral ad targeter NebuAd has vowed to eat its infamous opt-out cookie.

"NebuAd is...developing a network-based opt-out mechanism that is not reliant on web browser cookies," reads a company press release. "Leveraging this advanced technology, ISP partners can offer this to their subscribers in order to honor their opt-out choices in a more persistent manner than current systems widely used today."

In Phorm-like fashion, NebuAd tracks the online activity of net surfers from inside ISPs, before shuttling this data to various online advertising networks. The technology does not require an opt-in, and at the moment, the opt-out mechanism is rather crumbly.

If you opt-out, NebuAd places a cookie on your system so it knows you've opted out. And if that cookie disappears, you're no longer opted-out. Among other things, this makes life ridiculously difficult for those privacy-minded folk who regularly rid their machines of browser cookies.

It's nice to know that NebuAd plans to eat its opt-out cookie. But this solves only half a problem. There should also be an opt-in.

US Congressmen Ed Markey, chairman of the House Subcommittee on Telecommunications and the Internet, and Joe Barton, a ranking member of the House Committee on Energy and Commerce, say that if ad targeters like NebuAd don't move to an opt-in model, they could violate Section 631 of the US Communications Act.

"Any service to which a subscriber does not affirmatively subscribe and that can result in the collection of information about the web-related habits and interests of a subscriber, and achieves any of these results without the 'prior written consent of the subscriber,' raises substantial questions related to Section 631," the Congressmen say.

Markey has urged American ISPs to freeze their behavioral ad systems while Congress looks into the matter. And many have obeyed.

Meanwhile, the Center for Democracy and Technology (CDT) has unveiled a new report (PDF) that questions whether an opt-in-less NebuAd skirts federal wiretapping regulations laid down by he Electronic Communications Privacy Act (ECPA) of 1986 and the Cable TV Privacy Act of 1984.

"We believe [NebuAd] may run afoul of current laws, which prohibit copying or use of the internet communications without the consent of the subscriber," CDT vice president of public policy Jim Dempsey tells us. "We believe that in this case, consent means prior express opt-in consent."

It's worth noting, however, that these federal statutes were enshrined before the internet changed the universe. They may or may not apply to newfangled privacy invasions like Phorm and NebuAd.

"I'm not so easily convinced the wiretapping laws come into play here. The purpose and techniques of true wiretapping are really very different from tracking someone on the internet," says Jonathan Kramer, a telecoms-savvy attorney with the Kramer Telecom Law Firm. "These laws are like rubber bands. You can stretch them to new technologies - but they may pop right back at you."

Congress will tug a few rubber bands this very morning, when the Senate Committee on Science, Commerce, and Transportation meets to discuss Phorm and the Phormettes. NebuAd CEO Bob Dykes will be on hand to defend the Silicon Valley startup, which likes to call itself "an online media company that provides state-of-the-art online privacy protection for consumers."

He may be fighting for the company's life. With an opt-in in place, a NebuAd has little hope of corralling the web surfers it needs to make its ad-happy technologies commercially viable. Heck, if an opt-in is required, most ISPs won't even sign the contract. They're more than willing to pimp your data, but not without an ample return. ®

Bootnote

Like Charter Communications, CenturyTel, Bresnan Communications, Embarq, and others, Midwestern ISP WOW! has suspended its use of NebuAd amidst those Congressional conversations. And other ISPs have frozen their use of Front Porch, another behavioral ad targeter. Unlike NebuAd, Front Porch says its system is opt-in only. But it's unclear whether the company has used an opt-out model in the past.

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.