NebuAd
NebuAd was an American online advertising company based in Redwood City, California, with offices in New York and London and was funded by the investment companies Sierra Ventures and Menlo Ventures.[2] It was one of several companies which originally developed behavioral targeting advertising systems, and sought deals with ISPs to enable them to analyse customer's websurfing habits in order to provide them with more relevant, micro-targeted advertising.[3] Phorm was a similar company operating out of Europe. Adzilla and Project Rialto also appear to be developing similar systems.
Privately held Company | |
Industry | Online advertising |
Founded | 2006 |
Defunct | 2009 |
Headquarters | California, United States |
Key people | Robert Dykes, Chairman, founder. Kira Makagon Chief Executive Officer and co-founder.[1] |
At one point, NebuAd had signed up more than 30 customers, mostly Internet access providers,[4] its agreements with providers covered 10 percent of the broadband users in America.[5] Due to fallout following public and Congressional concern, NebuAd's largest ISP customers pulled out. NebuAd closed for business in the UK in August 2008, followed by the US in May 2009.[6] NebuAd UK Ltd was dissolved in February 2010.[7]
Overview
NebuAd's platform comprised three main parts: hardware, hosted within an ISP, capable of inserting content into pages, an off-site server complex to analyse and categorise the contents of users' Internet communications, and relationships with advertising networks willing to present NebuAd's targeted advertising.[8]
The system consisted of hardware device installed within an ISP client network. Each device was capable of monitoring up to 50,000 users.[9] Users could "opt-out" of NebuAd’s information collection and targeted ads,[10] but there was no way for users to prevent ISPs from sending the data to NebuAd in the first place.[11][12]
Since ISPs route customers' traffic, it is an important vantage point from which to monitor all traffic to-and-from a consumer using Deep packet inspection (DPI). By analysing the traffic, NebuAd reported it gained more information about a customers' particular interests, than less intrusive methods.[13] NebuAd's privacy policy claimed they "specifically not store or use any information relating to confidential medical information, racial or ethnic origins, religious beliefs, or sexuality, which are tied to personally identifiable information ('sensitive personal information')."[10] It also advises, "The information we collect is stored and processed on NebuAd's servers in the United States. As a result, that information may be subject to access requests by governments, courts or law enforcement."
At least 2 customers of a middle America ISP, WOW! noticed unexpected cookies appearing for sites such as nebuad.adjuggler.com, after using Google, which were being read and written, but when WOW's support department was contacted, WOW initially denied responsibility for the activity.[14] After noticing problems with Google loading slowly, and the creation of these non-Google cookies, one customer spent hours trying to disinfect his machine, as he incorrectly thought it had been infected with spyware, but, when this proved ineffective, he resorted to reinstalling his machine's OS from scratch, only to discover the problem did not go away.[14]
On July 9, 2008 WOW suspended the use of NebuAd services to its subscribers.
According to NebuAd's sales, less than 1% of users opt-out. One ISP expected to earn at least $2.50 per month for each user.[15]
NebuAd bought impressions from ad networks including Valueclick.[16]
NebuAd argued that behavioral targeting enriches the Internet on several fronts. Firstly, website owners are offered an improved click-through rate (CTR), which could increase profits, or reduce the amount of page-space dedicated to advertising. Owners of previously thought ad-unfriendly websites were offered a chance to make money not on the subject matter of their website, but on the interests of their visitors.
Advertisers were offered better targeted adverts, hence reducing the "scattergun approach" (publishing as many ads as possible, in the hope of catching a client) and users were offered more relevant adverts.
ISPs were paid for allowing NebuAd access to their network on a per-user per-active profile basis.
NebuAd used data such as Web search terms, page views, page and ad clicks, time spent on specific sites, zip code, browser info and connection speed to categorise a user's interests.[17] NebuAd did not have access to user identification information from the ISP, but may have been able to discover this through traffic monitoring (for example, email traffic may tie an email address to an ip address). Bob Dykes, the NebuAd CEO claimed in 2008; "We have 800 [consumer interest segments] today and we're expanding that to multiple thousands".[18]
Controversies
Generally, NebuAd provided an additional revenue to network operators, which may maintain or lower consumers' Internet access bills. Critics of DPI and targeted advertising believe the raw content of their internet communications are entrusted to the ISP for handling without being inspected, or modified, nor for sale.[19] Privacy advocates criticize the lack of disclosure[20] which some ISPs provided, prior to partnering with NebuAd, was a weak opt-out method,[12] the lack of oversight over what any third-party company does with the contents of Internet communications,[21] its conflicts with United States wiretap laws,[12][15] and the company's refusal to name its partner ISPs.
Consumer notification
In February 2008, one American cable operator, Wide Open West (WOW) started rolling out NebuAd. The roll-out was completed in the first week of March 2008. WOW updated its terms and conditions to include a mention of NebuAd,[22] and in some cases informed customers of the terms having been updated. However, customers were not explicitly notified about NebuAd until later, sometime after the third week of March 2008.[14]
In response to an inquiry from members of the United States House of Representatives Telecommunications Subcommittee about its pilot test of NebuAd's services,[23] Embarq said it had notified consumers by revising its privacy policy 2 weeks prior to sending its users' data streams to NebuAd.[24]
A Knology user in Knoxville, Tennessee reported she was not notified her Internet use was being monitored.[25]
In May 2008, Charter Communications announced it planned to monitor websites visited by its customers via a partnership with NebuAd.[26][27] But after customers voiced their concerns, Charter changed its mind in June.[28]
Friction between ISP staff and management
Plans to implement NebuAd did not agree with some ISP's employees, including one employee was planned to re-route his traffic to avoid NebuAd's Deep Packet Inspection hardware, altogether.[15]
Opt out vs. opt in
Members of US Congress, Ed Markey, chairman of the House Subcommittee on Telecommunications and the Internet, and Joe Barton, a ranking member of the House Committee on Energy and Commerce, have argued that such services must be opt-in only to comply with the provisions laid down by Section 631 of the US Communications Act, and they wrote to Charter to request them to suspend the test: "We respectfully request that you do not move forward on Charter Communications' proposed venture with NebuAd until we have an opportunity to discuss with you issues raised by this proposed venture."[29]
A writer for Wired News questioned whether Charter users could really opt out of being monitored or if they were able to opt out only of receiving targeted ads.[12] The same writer has asked if it would breach anti-wiretapping laws.[12]
An engineer who examined the system confirmed there was no way to opt out of NebuAd's monitoring.[30] All inbound and outbound information was intercepted and sent to NebuAd's offsite server to be processed. Even if a user had opted out of the service, it did not prevent the ISP from sending the data to NebuAd.
Use of packet forgery and browser exploits
A report by Robert M. Topolski, chief technology consultant of the Free Press and Public Knowledge, showed NebuAd's devices created cookies on end-users machines by injecting a specious packet into the end of the data stream returned in response to some web page requests submitted to search engines, including Google and Yahoo. The content of this specious packet, which would be added to the end of the web page when it is rendered by the end-user's browser, contained HTML script tags which cause the browser to request Javascript from http://a.faireagle.com.[31]
Superimposing or adding advertising to webpages
Critics were concerned that NebuAd superimposed its own advertising over the ads of other advertisers, or placing additional advertising to a page. These concerns originated o the NebuAd's "Fair Eagle" operation, patent application data which mentioned such inventions, and a loose relationship to Claria Corporation whose products and history suggest such tactics, as well as by the following:
In 2007 it was reported that Redmoon, a Texas-based ISP was using a NebuAd technology to inject Redmoon's own advertising into pages visited by its users.[32] The "Fair Eagle" advertisement hardware, provided by NebuAd, inserted additional advertising alongside the content of web pages. The ads featured a window with the "Fair Eagle" title bar. The injected ads stopped appearing toward the end of June, 2007.[33]
Relationship with Claria Corporation
Some senior staff members of NebuAd had worked previously at a (now defunct) ad company, named Claria Corporation (formerly, the Gator Corporation), which was well known for ad software known as Gator.[34] Both Claria and NebuAd were located in Redwood City, California.[34] The June 2006 creation[35] of nebuad.com coincides with timing of Claria's decision to shut down[36] the Gator service. NebuAd repeatedly denied any corporate connection to Claria, describing its hiring of Claria employees as a result of that company shedding employees in a tight market for experienced advertising sales staff in the Valley.[34]
ISP partners
ISPs that tried out or deployed or prepared to deploy Nebuad included the following:
|
|
The following ISPs are listed in legal documents[45] related to the class action notice (see below) as having deployed NebuAd hardware:
- AllCities
- Annapolis Wireless Internet
- AzulStar, Inc.
- Bresnan Communications, LLC
- Cable One, Inc.
- Casco Communications/Peak Internet
- Cavalier Broadband, LLC
- CenturyTel, Inc.; CenturyTel Broadband
- Services, LLC; CenturyTel Service Group, LLC
- CMS Internet LLC
- Eastern Oregon Network, Inc.
- Education Networks of America (ENA)
- Embarq Management Co.; United Telephone
- Co. of Eastern Kansas
- Fire2Wire
- Galaxy Internet Services
- Grande Communications
- High Speed Data Inc.
- 20/20 Communications
- iBahn General Holdings
- Knology, Inc.
- Mesa Networks, Inc.
- Millennium Digital Media Systems/Broadstripe
- Network Evolution, Inc.
- Nexicom Inc.
- Ricochet Networks, Inc.
- Rochester Telephone Company, Inc.
- Softcom Internet Communications
- United Online/NetZero
- Unplugged Cities
- WideOpenWest Finance, LLC (WOW)
All ISPs ended or suspended their relationship with NebuAd.
- Charter Communications suspended its plans[46] to test NebuAd following scrutiny from lawmakers and privacy groups.[47]
- An Embarq[46] spokesperson told the Associated Press that it ended its trial with NebuAd, and has not decided whether to move forward[48] with Behavioral Targeting advertising "either through NebuAd or with any other vendor".[49]
- CenturyTel, one of the earliest known ISPs to test NebuAd,[4] notified customers in late May 2008 that it was deploying the hardware,[50] only to pull out of the deal alongside of Charter a month later.[51]
- Bresnan Communications used the NebuAd technology.[52] Following the announcements by Charter, Embarq, and CenturyTel that they would no longer use NebuAd on their networks, Bresnan told a blogger that their NebuAd trial had ended and they would comply with whatever regulatory model emerges from the current debate.[53]
- Web cache evidence indicated that Blackfoot Telecommunications Group, Inc. of Missoula, Montana appeared to have tried NebuAd between March and May 2008.[54] Blackfoot's Mary Worden later explained, "Blackfoot tested NebuAd on its internal corporate network, with employees only and not with its customers, in March 2008, but had similar concerns to those raised by consumer groups and elected not to launch the service."[54]
- Nexicom, serving Central Ontario and the Kawarthas, Canada, notified users via its Privacy Policy page that it was using NebuAd as of April 23, 2008.[55] Following a question to users on a public forum, Nexicom's Paul Stewart replied, "Nexicom was investigating using the NebuAd service. The software was never implemented at any time as there were concerns on several levels regarding privacy issues. References to NebuAd in Nexicom's Privacy Policy has been removed."[56]
- Wide Open West (WOW) completed suspension of NebuAd services on July 9.[14][46] In a response to customer inquiries, WOW indicated, "With Congress in active review of online behavioral advertising, WOW! Internet- Cable- Phone is suspending its deployment of NebuAd services to our subscribers at this time. We believe that all parties are best served by a thoughtful and thorough review of this emerging advertising model, and we welcome the opportunity for that discussion to take place."[57]
- Knology[37][58] reported to the United States House Committee on Energy and Commerce that it discontinued a trial of NebuAd in all markets as of July 14, 2008.[59]
- Unbeknownst to its users, Cable One conducted NebuAd tests on 14,000 customers in Alabama for six months beginning in November 2007.[60] As of August 2008, Cable One had decided against using the technology "commercially" on its systems[61] but in September said it was waiting for "clear rules and boundaries".[62]
Closure
NebuAd was closed down in the UK in August 2008 and in the US in May 2009.[6]
Class-action lawsuit
A proposed settlement for a class-action lawsuit against NebuAd was underway in October 2011.[45] All subscribers to the ISPs listed above between January 1, 2007 and July 1, 2008 were to be considered mandatory class members and so did not have to opt in and could not choose to opt out. Under the terms of the proposed settlement, NebuAd would create a settlement fund of approximately $2,410,000, to be used for administration of the settlement, covering legal fees, an incentive award of $5,000 to the individual who brought the complaint, providing up to $1000 for other named representatives, with most of the money going to support non-profits providing consumer education and privacy research.
References
- "NebuAd CEO quits". The Register. 2008-09-03. Retrieved 2008-09-04.
- "Management & Investors". Archived from the original on 2008-05-02. Retrieved 2008-04-26.
- "American ISPs already sharing data with outside ad firms". The Register. 2008-04-10. Retrieved 2008-04-18.
- White, Bobby (2007-12-06). "Watching What You See on the Web". The Wall Street Journal. Retrieved 2008-05-21.
- Whoriskey, Peter (2008-04-04). "Every Click You Make". washingtonpost. Retrieved 2008-05-14.
- "Case Closed: NebuAd Shuts Down". MediaPost. 2009-06-18. Archived from the original on 2010-11-08. Retrieved 2010-08-06.
- ""UK Companies House website
- "Juniper Networks partners with NebuAd to enable ISPs to participate in online advertising revenues on the web". juniperamspmarketing.com. Archived from the original on 2008-07-13. Retrieved 2008-06-28.
- Hansell, Saul (2008-04-07). "NebuAd Observes 'Useful, but Innocuous' Web Browsing". The New York Times. Archived from the original on 2008-04-11. Retrieved 2008-04-18.
- "NebuAd / Privacy". Archived from the original on 2008-06-11. Retrieved 2008-06-28.
- Singel, Ryan (2008-05-16). "Congressmen Ask Charter to Freeze Web Profiling Plan". Threat Level from Wired.com.
- Single, Ryan (2008-05-16). "Can Charter Broadband Customers Really Opt-Out of Spying? Maybe Not". Wired. Retrieved 2008-05-17.
- "Robert Dykes (CEO) presenting NebuAd at OnMediaNYC-01/28/2008". vator.tv. 2008-02-18. Retrieved 2008-07-03.
- "Data pimping catches ISP on the hop". The Register. 2008-04-22. Retrieved 2008-04-23.
- Bode, Karl (2008-05-28). "Infighting At ISPs Over Using NebuAD". Broadband Reports.
- "Questions for Bob Dykes, NebuAd CEO". clickz. 2008-01-03. Archived from the original on 2008-04-19. Retrieved 2008-05-14.
- "Charter Cable to Spy on its Broadband Users to Serve Targeted Ads via NebuAd". Digital Destiny. 2008-05-14. Archived from the original on 2008-05-17. Retrieved 2008-05-14.
- "ISPs Collect User Data for Behavioral Ad Targeting". ClickZ. 2008-01-03. Archived from the original on 2008-06-12. Retrieved 2008-05-14.
- "CDT Urges Stronger Guidelines for Behavioral Advertising". 2008-06-12. Archived from the original on September 5, 2008. Retrieved 2008-06-19.
- "Wide Open West Using NebuAD Users don't get much of a heads up..." 2008-03-11.
- "ISP Data Collection — Congress Investigation Urged (NebuAd-CDT Press Release)". 2008-06-06. Retrieved 2008-06-20.
- "WOW Terms and Conditions". Archived from the original on 2008-04-14. Retrieved 2008-04-30.
- Anderson, Nate (2008-07-15). "Congress goes after NebuAd... again". ArsTechnica.com.
- "Customers Shoulda Read the Privacy Policy, Says Embarq". MarketingVOX: The Voice of Online Marketing. Archived from the original on 2011-07-14. Retrieved 2008-07-23.
- Topolski, Robb (2008-07-21). "Ready — Fire — Aim: NebuAd and Charter Shellacked -- Right Idea, Wrong Targets". Public Knowledge Policy Blog. Archived from the original on 2008-08-04.
- Hansell, Saul (2008-05-14). "Charter Will Monitor Customers' Web Surfing to Target Ads". The New York Times. Retrieved 2010-05-20.
- http://www.theinquirer.net/gb/inquirer/news/2008/05/14/charter-track-users-replace
- The Associated Press (June 25, 2008). "Charter Won't Track Customers' Web Use". via The New York Times Company. Retrieved 2008-06-29.
- Metz, Cade (2008-05-16). "US Congress questions legality of Phorm and the Phormettes". The Register. Retrieved 2008-05-17.
- Anderson, Nate (2008-07-23). "Embarq: Don't all users read our 5,000 word privacy policy?". ArsTechnica.com.
He points out that the system is essentially a massive bridge running Fedora, and that NebuAd advises ISPs to install it inline in their networks in such a way that all web traffic passes through it... opted out or not. As the engineer explains, "When we asked them about an opt-out method for our customers, they didn't have one. And unless they alter the architecture of their system drastically, they won't ever have one. Their system is a bridge, so you would need some sort of magical layer-two switching device upstream that switched frames from users that have opted out around the NebuAd appliance. How would you build a device like this without profiling your users in the first place to determine who had opted out? It's not like there is an opt-out bit you can flip in the header of an Ethernet frame." Therefore, while the data actually created and stored by NebuAd or Embarq might end up being totally anonymous and innocuous, everyone's data is still pumped into a third-party box.
- Topolski, Robert (2008-06-18). "NebuAd and Partner ISPs: Wiretapping, Forgery and Browser Hijacking" (PDF). Free Press. Archived from the original (PDF) on 2008-09-19. Retrieved 2008-06-19.
- "Real Evil: ISP Inserted Advertising". Techcrunch. 2007-06-23. Retrieved 2008-04-26.
- "benanderson.net-Fair Eagle taking over the world? ISPs being compromised or just cheap?". 2007-06-22. Archived from the original on 2007-10-21. Retrieved 2008-06-19.
- "NebuAd looks to 'spyware' firm for recruits". The Register. 2008-06-20. Retrieved 2008-06-20.
- http://whois.domaintools.com/nebuad.com
- Keizer, Gregg. "Claria Abandons Adware". TechWeb Technology News. Archived from the original on 2007-01-05.
Claria will exit out of the adware business by the end of the second quarter of 2006.
- "Broadstripe Now Selling User Browsing History, Joins growing list of NebuAD customers". BroadbandReports.com. 2008-05-14. Retrieved 2008-06-25.
- "Broadstripe High Speed Internet Online Privacy Policy". Archived from the original on 2008-02-24. Retrieved 2008-05-14.
- "OnlyInternet.Net uses NebuAd for Behavioral Targeting". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26.
- "One More ISP to add to the list of ISPs". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26.
- "And Even One More ISP to add to NebuAds Harem". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26.
- "Metro Provider Privacy Policy". Archived from the original on 2008-05-07.
- "RTC on Line aka Rochester Telephone Company sells to NebuAd". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26.
- "20/20 Communications and NebuAd". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26.
- "of Pendency of Class Action and Proposed Settlement in the U.S. District Court, Northern District Of California — Valentine, et al. v. NebuAd, Inc., No. 3:08-cv-05113 (TEH)(EMC)" (PDF). Archived (PDF) from the original on May 25, 2014. Retrieved 2011-10-24.
- Hansell, Saul (2008-05-14). "Charter Will Monitor Customers' Web Surfing to Target Ads". The New York Times. Archived from the original on 2013-01-04. Retrieved 2008-05-14.
- Bode, Karl (2008-06-24). "Charter User Monitoring Plans Suspended - 'Enhanced user experience' apparently not so enhanced..." BroadbandReports.com. Retrieved 2008-06-25.
- "ISP Behavioral Targeting Versus You". 2008-09-26.
- Svensson, Peter (2008-06-25). "ISPs still considering tracking Web use". Salon.com. Retrieved 2008-06-25.
- "CenturyTel and NebuAd". BroadbandReports.com. 2008-05-28. Retrieved 2008-06-27.
- "CenturyTel Drops NebuAd". BroadbandReports.com. 2008-06-27. Retrieved 2008-06-27.
- "Bresnan actively intercepting ALL packets". Retrieved 2008-06-18.
- "Bresnan — Internet Privacy Update". John Linko (Blog). 2008-07-01. Retrieved 2008-07-01.
- "Blackfoot Telecommunications Group, Inc. Missoula MT Nebuad". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-30.
- "Nexicom Privacy Policy". Retrieved 2008-07-02.
Beginning April 23rd, we will partner with a third party to deliver or facilitate delivery of advertisements to our users while they are surfing on the web. These advertisements will be based on those users' anonymous surfing behavior while they are online. This anonymous information will not include those users' name, email address, telephone number, or any other personally identifiable information. By opting out you will continue to receive advertisements as normal; except these advertisements will be less relevant and less useful to you. If you would like to opt out, click here. (links to http://www.nebuad.com/privacy/optout.php page)
- "Nexicom is using Nebuad". Canadian Broadband Forum on BroadbandReports.com. 2008-07-03.
- prack (2008-07-03). "WOW! Suspension of Nebuad Services". DSLReports.com Forums — US Cable Support — W.O.W.
- "Knology Customer Service Agreement" (PDF). Archived from the original (PDF) on 2008-07-03. Retrieved 2008-07-21.
9. Third Party Advertisers. Knology will partner with a third party to deliver or facilitate delivery of advertisements to our users while they are surfing the web. These advertisements will be based on those users' anonymous surfing behavior while they are online. This anonymous information will not include those users' name, email address, telephone number, or any other personally identifiable information. By opting out, You will continue to receive advertisements as normal; except these advertisements will be less relevant and less useful to you. If You would like to opt out, go to: http://nebuad.com/privacy/optout.php
- Johnson, Rodger; CEO and Chairman of the Board, Knology, Inc. (2008-08-08). "RE: Internet Advertising Inquiry" (PDF). Committee on Energy and Commerce — US House of Representatives. Archived from the original (PDF) on 2008-08-29. Retrieved 2008-08-11.CS1 maint: multiple names: authors list (link)
- Jesdanun, Anick (August 31, 2008). "6 Internet providers disclose Web tracking for ads". Associated Press via Google. Retrieved 2008-09-01.
- Ji, Philip P. "Letter, from Responses to August 1, 2008 Letters to Network Operators Regarding Data Collection Practices" (PDF). Committee on Energy and Commerce, U.S. House of Representatives. Archived from the original (PDF via Google HTML) on August 29, 2008. Retrieved 2008-09-01.
- Jesdanun, Anick (September 1, 2008). "Ad targeting based on ISP tracking now in doubt". Associated Press via Google. Archived from the original on September 4, 2008. Retrieved 2008-09-01.