Feeds

NebuAd makes meal of opt-out cookie

Whither the opt-in?

Beginner's guide to SSL certificates

As it prepares for a Congressional pow-wow on the "Privacy Implications of Online Advertising," behavioral ad targeter NebuAd has vowed to eat its infamous opt-out cookie.

"NebuAd is...developing a network-based opt-out mechanism that is not reliant on web browser cookies," reads a company press release. "Leveraging this advanced technology, ISP partners can offer this to their subscribers in order to honor their opt-out choices in a more persistent manner than current systems widely used today."

In Phorm-like fashion, NebuAd tracks the online activity of net surfers from inside ISPs, before shuttling this data to various online advertising networks. The technology does not require an opt-in, and at the moment, the opt-out mechanism is rather crumbly.

If you opt-out, NebuAd places a cookie on your system so it knows you've opted out. And if that cookie disappears, you're no longer opted-out. Among other things, this makes life ridiculously difficult for those privacy-minded folk who regularly rid their machines of browser cookies.

It's nice to know that NebuAd plans to eat its opt-out cookie. But this solves only half a problem. There should also be an opt-in.

US Congressmen Ed Markey, chairman of the House Subcommittee on Telecommunications and the Internet, and Joe Barton, a ranking member of the House Committee on Energy and Commerce, say that if ad targeters like NebuAd don't move to an opt-in model, they could violate Section 631 of the US Communications Act.

"Any service to which a subscriber does not affirmatively subscribe and that can result in the collection of information about the web-related habits and interests of a subscriber, and achieves any of these results without the 'prior written consent of the subscriber,' raises substantial questions related to Section 631," the Congressmen say.

Markey has urged American ISPs to freeze their behavioral ad systems while Congress looks into the matter. And many have obeyed.

Meanwhile, the Center for Democracy and Technology (CDT) has unveiled a new report (PDF) that questions whether an opt-in-less NebuAd skirts federal wiretapping regulations laid down by he Electronic Communications Privacy Act (ECPA) of 1986 and the Cable TV Privacy Act of 1984.

"We believe [NebuAd] may run afoul of current laws, which prohibit copying or use of the internet communications without the consent of the subscriber," CDT vice president of public policy Jim Dempsey tells us. "We believe that in this case, consent means prior express opt-in consent."

It's worth noting, however, that these federal statutes were enshrined before the internet changed the universe. They may or may not apply to newfangled privacy invasions like Phorm and NebuAd.

"I'm not so easily convinced the wiretapping laws come into play here. The purpose and techniques of true wiretapping are really very different from tracking someone on the internet," says Jonathan Kramer, a telecoms-savvy attorney with the Kramer Telecom Law Firm. "These laws are like rubber bands. You can stretch them to new technologies - but they may pop right back at you."

Congress will tug a few rubber bands this very morning, when the Senate Committee on Science, Commerce, and Transportation meets to discuss Phorm and the Phormettes. NebuAd CEO Bob Dykes will be on hand to defend the Silicon Valley startup, which likes to call itself "an online media company that provides state-of-the-art online privacy protection for consumers."

He may be fighting for the company's life. With an opt-in in place, a NebuAd has little hope of corralling the web surfers it needs to make its ad-happy technologies commercially viable. Heck, if an opt-in is required, most ISPs won't even sign the contract. They're more than willing to pimp your data, but not without an ample return. ®

Bootnote

Like Charter Communications, CenturyTel, Bresnan Communications, Embarq, and others, Midwestern ISP WOW! has suspended its use of NebuAd amidst those Congressional conversations. And other ISPs have frozen their use of Front Porch, another behavioral ad targeter. Unlike NebuAd, Front Porch says its system is opt-in only. But it's unclear whether the company has used an opt-out model in the past.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
Sea-Me-We 5 construction starts
New sub cable to go live 2016
EE coughs to BROKEN data usage metrics BLUNDER that short-changes customers
Carrier apologises for 'inflated' measurements cockup
Comcast: Help, help, FCC. Netflix and pals are EXTORTIONISTS
The others guys are being mean so therefore ... monopoly all good, yeah?
Surprise: if you work from home you need the Internet
Buffer-rage sends Aussies out to experience road rage
EE buys 58 Phones 4u stores for £2.5m after picking over carcass
Operator says it will safeguard 359 jobs, plans lick of paint
MOST iPhone strokers SPURN iOS 8: iOS 7 'un-updatening' in 5...4...
Guess they don't like our battery-draining update?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.