Feeds

Netizens sue NebuAd, data pimping ISPs

More woe for American Phorm

Top three mobile application threats

Fifteen American netizens have sued behavioral ad targeter NebuAd and several of its data pimping ISP partners, alleging wiretapping, packet forgery, and browser hijacking.

Filed Monday in a California federal court, the class action accuses NebuAd and its partners of violating the US Electronic Communications Privacy Act, the US Computer Fraud and Abuse Act, California’s Invasion of Privacy Act, and California’s Computer Crime Law. And that's just a start.

Using deep packet inspection, NebuAd's ISP-level hardware tracks a web surfer's search and browsing activity and shuttles it to various advertising networks, where it's used to target ads. If you search for, say, French vacations, you'll soon see ads for French vacations.

By the late spring, NebuAd had deployed its hardware inside several mid-sized American ISPs. The Silicon Valley outfit claimed these partners explicitly notified customers before turning the system on, but this wasn't always this case. NebuAd did provide a cookie-based opt-out and claimed to anonymize all user data with a one-way hash, but the law may require an opt-in.

In mid-May, after weeks of press coverage, Congress publicly questioned the legality of ISP-level ad targeting, and lawmakers eventually asked all American ISPs to put their data pimping plans on hold. By August, NebuAd had downsized its workforce, and in September, after Congressman Ed Markey accused him "beating consumers," CEO Bob Dykes declined to go down with the ship.

Monday's lawsuit names NebuAd, its Fair Eagle subsidiary, and six ISPs: Bresnan Communications, Cable One, CenturyTel, Embarq, Knology, and WOW (formerly WideOpenWest).

"The collection of data by the NebuAd device was wholesale and all-encompassing," the suit reads. "Like a vacuum cleaner, everything passing through the pipe of the consumer's internet connection was sucked up, copied, and forwarded to the California processing center.

"Regardless of any representations to the contrary - all data - whether sensitive, financial, personal, private, complete with all identifying information, and all personally identifying information, was recorded and transmitted to the California NebuAd facility."

The suit goes on to question whether user data was actually anonymized and claims that even if it was anonymized, it was done so too late. "Any alleged anonymization of subscriber’s identity during any phases after the point of initial interception of the online communication," the suit continues, "did not 'anonymize' the intentional initial interception of online communication."

The complaint, which seeks class action status, also cites research from net crusader Robb Topolski in alleging packet forgery and browser hijacking. ®

Top three mobile application threats

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.