Feeds

Netizens sue NebuAd, data pimping ISPs

More woe for American Phorm

High performance access to file storage

Fifteen American netizens have sued behavioral ad targeter NebuAd and several of its data pimping ISP partners, alleging wiretapping, packet forgery, and browser hijacking.

Filed Monday in a California federal court, the class action accuses NebuAd and its partners of violating the US Electronic Communications Privacy Act, the US Computer Fraud and Abuse Act, California’s Invasion of Privacy Act, and California’s Computer Crime Law. And that's just a start.

Using deep packet inspection, NebuAd's ISP-level hardware tracks a web surfer's search and browsing activity and shuttles it to various advertising networks, where it's used to target ads. If you search for, say, French vacations, you'll soon see ads for French vacations.

By the late spring, NebuAd had deployed its hardware inside several mid-sized American ISPs. The Silicon Valley outfit claimed these partners explicitly notified customers before turning the system on, but this wasn't always this case. NebuAd did provide a cookie-based opt-out and claimed to anonymize all user data with a one-way hash, but the law may require an opt-in.

In mid-May, after weeks of press coverage, Congress publicly questioned the legality of ISP-level ad targeting, and lawmakers eventually asked all American ISPs to put their data pimping plans on hold. By August, NebuAd had downsized its workforce, and in September, after Congressman Ed Markey accused him "beating consumers," CEO Bob Dykes declined to go down with the ship.

Monday's lawsuit names NebuAd, its Fair Eagle subsidiary, and six ISPs: Bresnan Communications, Cable One, CenturyTel, Embarq, Knology, and WOW (formerly WideOpenWest).

"The collection of data by the NebuAd device was wholesale and all-encompassing," the suit reads. "Like a vacuum cleaner, everything passing through the pipe of the consumer's internet connection was sucked up, copied, and forwarded to the California processing center.

"Regardless of any representations to the contrary - all data - whether sensitive, financial, personal, private, complete with all identifying information, and all personally identifying information, was recorded and transmitted to the California NebuAd facility."

The suit goes on to question whether user data was actually anonymized and claims that even if it was anonymized, it was done so too late. "Any alleged anonymization of subscriber’s identity during any phases after the point of initial interception of the online communication," the suit continues, "did not 'anonymize' the intentional initial interception of online communication."

The complaint, which seeks class action status, also cites research from net crusader Robb Topolski in alleging packet forgery and browser hijacking. ®

High performance access to file storage

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
Skype pimps pro-level broadcast service
Playing Cat and Mouse with the media
Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month
... but don't worry, charter members, you're still in 'for life'
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.