NebuAd

From Wikipedia, the free encyclopedia
Jump to: navigation, search
NebuAd, Inc.
Former type Privately held Company
Industry Online advertising
Founded 2006
Defunct 2009
Headquarters California, USA
Key people Robert Dykes, Chairman, founder. Kira Makagon Chief Executive Officer and co-founder.[1]
Website www.NebuAd.com

NebuAd was an American online advertising company based in Redwood City, California, with offices in New York and London and was funded by the investment companies Sierra Ventures and Menlo Ventures.[2] It was one of several companies developing behavioral targeting advertising systems, seeking deals with ISPs to enable them to analyse customer's websurfing habits in order to provide them with more relevant, micro-targeted advertising.[3] Phorm is a similar company operating out of Europe. Adzilla and Project Rialto also appear to be developing similar systems.

At one point, NebuAd had signed up more than 30 customers, mostly Internet access providers,[4] its agreements with providers covering 10 percent of the broadband users in America.[5] Due to fallout following public and Congressional concern, NebuAd's largest ISP customers have all pulled out. NebuAd closed for business in the UK in August 2008, followed by the US in May 2009.[6] NebuAd UK Ltd was dissolved in February 2010.[7]

Overview of the service[edit]

NebuAd's solution has three main parts: Hardware hosted within the ISP that is capable of inserting content into pages, an off-site server complex to analyze and categorize the contents of users' Internet communications, and relationships with advertising networks willing to present NebuAd's targeted advertising.[8]

The System works by installing a hardware device inside an ISP network. Each device can monitor up to 50,000 users.[9] Users can "opt-out" of NebuAd’s information collection and targeted ads,[10] but there is no way for users to prevent ISPs from sending the data to NebuAd in the first place.[11][12]

Because ISPs route all of their customers' traffic, it is a perfect vantage point from which to monitor all the traffic to and from a consumer using Deep packet inspection (DPI). By analyzing this traffic, NebuAd says it gains more information about customers' particular interests than less intrusive methods can provide.[13] NebuAd's privacy policy says that they will "specifically not store or use any information relating to confidential medical information, racial or ethnic origins, religious beliefs, or sexuality which are tied to personally identifiable information ('sensitive personal information')."[10] It also advises, "The information we collect is stored and processed on NebuAd's servers in the United States. As a result, that information may be subject to access requests by governments, courts or law enforcement."

At least two customers of a Middle America ISP known as WOW! noticed that when they used Google, unexpected cookies for sites such as nebuad.adjuggler.com were being read and written, but when they contacted WOW's support department, WOW initially denied that it was responsible for this activity.[14] One customer spent hours trying to disinfect his machine as he wrongly believed that it had been infected with spyware after noticing problems with Google loading slowly and the creation of these non-Google cookies, eventually resorted to reinstalling his machine from scratch, only to discover the problem had not gone away.[14]

On July 9, 2008 WOW! suspended the use of Nebuad services to its subscribers.

According to Nebuad's sales, less than 1% of users opt-out. One ISP expects to earn at least $2.50 per month for each user.[15]

Nebuad buy impressions from ad networks including Valueclick.[16]

NebuAd argues that behavioral targeting enriches the Internet on several fronts. Firstly, website owners are offered an improved click-through rate (CTR), which could increase profits or reduce the amount of page-space dedicated to advertising. Owners of previously thought ad-unfriendly websites are offered a chance to make money not on the subject matter of their website but on the interests of their visitors.

Advertisers are offered better targeted adverts, hence reducing the "scattergun approach" (publish as many ads as possible in the hope of catching a client) and users are offered more relevant adverts: Just because one visits the financial pages of a newspaper does not mean all they are interested in is financial product and books on investing.

ISPs were paid for allowing NebuAd access to their network on a per-user per-active profile basis.

Nebuad uses data such as Web search terms, page views, page and ad clicks, time spent on specific sites, zip code, browser info and connection speed to categorise its user's interests.[17] Nebuad does not have access to user identification information from the ISP, but may be able to discover this through traffic monitoring (for example, email traffic may tie an email address to an ip address). Bob Dykes, NebuAd CEO claims "We have 800 [consumer interest segments] today and we're expanding that to multiple thousands".[18]

Controversies[edit]

Generally, NebuAd provided an additional income stream to network operators, which may maintain or lower consumers' Internet access bills. Better targeted advertising also leads to more relevant and personalized online advertising. Critics believe that the raw content of their internet communications are entrusted to the ISP for handling without being inspected or modified, not for sale.[19] Privacy advocates criticize the lack of disclosure[20] that some ISPs provided prior to using NebuAd, a weak opt-out method,[12] the lack of oversight over what any third-party company does with the contents of Internet communications,[21] its conflicts with United States wiretap laws,[12][15] and the company's refusal to name its partner ISPs.

Consumer Notification[edit]

A large American cable operator, WOW! (WideOpenWest) started rolling out Nebuad in February 2008, the roll out was completed in the first week of March 2008. WOW updated its terms and conditions to include a mention of Nebuad,[22] and in some cases informed customers that the terms had been updated. Customers were not explicitly notified about NebuAd until later, sometime after the third week of March 2008.[14]

In response to an inquiry from members of the United States House of Representatives Telecommunications Subcommittee about its pilot test of NebuAd's services,[23] Embarq said that it notified consumers by revising its privacy policy two weeks prior to sending its users' data streams to NebuAd.[24]

A Knology user in Knoxville, Tennessee reports that she also was not notified that she was being monitored.[25]

In May 2008, Charter Communications announced that it planned to monitor websites visited by its customers via a partnership with NebuAd.[26][27] But after customers voiced their concerns, Charter changed its mind in June.[28]

Friction between ISP Staff and Management[edit]

Plans to implement NebuAd had not gone down well with some ISP's employees, and one employee was planning to re-route his traffic to avoid NebuAd's Deep Packet Inspection hardware.[15]

Opt-Out vs. Opt-In[edit]

Members of US Congress, Ed Markey, chairman of the House Subcommittee on Telecommunications and the Internet, and Joe Barton, a ranking member of the House Committee on Energy and Commerce, have argued that such services must be opt-in only to comply with the provisions laid down by Section 631 of the US Communications Act, and have written to Charter requesting they suspend the test "We respectfully request that you do not move forward on Charter Communications' proposed venture with NebuAd until we have an opportunity to discuss with you issues raised by this proposed venture".[29]

A writer for Wired News has questioned whether Charter users can really opt-out of being monitored, or if they will only be able to opt-out of receiving targeted ads.[12] The same writer has asked if it would breach anti-wiretapping laws.[12]

An engineer who has examined the system confirms there is no way to Opt-Out of the monitoring.[30] All of the inbound and outbound information is intercepted and sent to NebuAd's offsite server to be processed. Even if a user has opted out of the service, it does not prevent the ISP from sending the data to NebuAd.

Use of Packet Forgery and Browser Exploits[edit]

A report by Robert M. Topolski, chief technology consultant of the Free Press and Public Knowledge, shows that NebuAd's devices create cookies on end-users machines by injecting a specious packet into the end of the data stream returned in response to some web page requests submitted to major search engines Google and Yahoo. The content of this specious packet, which will be added to the end of the web page when it is rendered by the end-user's browser, contains HTML Script tags which cause the browser to request Javascript from http://a.faireagle.com.[31]

Superimposing or Adding Advertising to Web Pages[edit]

Critics are concerned that NebuAd superimposes its own advertising over the ads of other advertisers, or places additional advertising to page. These concerns can be traced to the company's "Fair Eagle" operation, patent application data that mention such inventions, and a loose relationship to Claria Corporation whose products and history suggest such tactics, and by the following:

In 2007 it was reported that Redmoon, a Texas based ISP was using a NebuAd technology to inject Redmoon's own advertising into pages visited by its users.[32] The "Fair Eagle" advertisement hardware, provided by NebuAd, inserted additional advertising alongside the content of web pages. The ads featured a window with the "Fair Eagle" title bar. The injected ads stopped appearing toward the end of June, 2007.[33]

Relationship with Claria Corporation[edit]

Some senior staff members of NebuAd used to work at ad company Claria Corporation (formerly, the Gator Corporation), famous for ad software known as Gator.[34] Both Claria and NebuAd are located in Redwood City, California.[34] The June 2006 creation[35] of nebuad.com coincides with timing of Claria's decision to shut down[36] the Gator service. NebuAd has repeatedly denied any corporate connection to Claria, describing its hiring of Claria employees as a result of that company shedding employees in a tight market for experienced advertising sales staff in the Valley.[34]

NebuAd's ISP Partners[edit]

ISPs which trialled or deployed or prepared to deploy Nebuad included:

The following ISPs are listed in legal documents[44] related to the class action notice (see below) as having deployed NebuAd hardware:

  • AllCities
  • Annapolis Wireless Internet
  • AzulStar, Inc.
  • Bresnan Communications, LLC
  • Cable One, Inc.
  • Casco Communications/Peak Internet
  • Cavalier Broadband, LLC
  • CenturyTel, Inc.; CenturyTel Broadband
  • Services, LLC; CenturyTel Service Group, LLC
  • CMS Internet LLC
  • Eastern Oregon Network, Inc.
  • Education Networks of America (ENA)
  • Embarq Management Co.; United Telephone
  • Co. of Eastern Kansas
  • Fire2Wire
  • Galaxy Internet Services
  • Grande Communications
  • High Speed Data Inc.
  • 20/20 Communications
  • iBahn General Holdings
  • Knology, Inc.
  • Mesa Networks, Inc.
  • Millennium Digital Media Systems/Broadstripe
  • Network Evolution, Inc.
  • Nexicom Inc.
  • Ricochet Networks, Inc.
  • Rochester Telephone Company, Inc.
  • Softcom Internet Communications
  • United Online/NetZero
  • Unplugged Cities
  • WideOpenWest Finance, LLC (WOW)

All ISPs have ended or suspended their relationship with NebuAd.

  • Charter Communications suspended its plans[45] to test NebuAd following scrutiny from lawmakers and privacy groups.[46]
  • An Embarq[45] spokesperson told the Associated Press that it ended its trial with NebuAd, and has not decided whether to move forward[47] with Behavioral Targeting advertising "either through NebuAd or with any other vendor".[48]
  • CenturyTel, one of the earliest known ISPs to test NebuAd,[4] notified customers in late May 2008 that it was deploying the hardware,[49] only to pull out of the deal alongside of Charter a month later.[50]
  • Bresnan Communications used the NebuAd technology.[51] Following the announcements by Charter, Embarq, and CenturyTel that they would no longer use NebuAd on their networks, Bresnan told a blogger that their NebuAd trial had ended and they would comply with whatever regulatory model emerges from the current debate.[52]
  • Web cache evidence indicated that Blackfoot Telecommunications Group, Inc. of Missoula, Montana appeared to have tried NebuAd between March and May 2008.[53] Blackfoot's Mary Worden later explained, "Blackfoot tested NebuAd on its internal corporate network, with employees only and not with its customers, in March 2008, but had similar concerns to those raised by consumer groups and elected not to launch the service."[53]
  • Nexicom, serving Central Ontario and the Kawarthas, Canada, notified users via its Privacy Policy page that it was using NebuAd as of April 23, 2008.[54] Following a question to users on a public forum, Nexicom's Paul Stewart replied, "Nexicom was investigating using the NebuAd service. The software was never implemented at any time as there were concerns on several levels regarding privacy issues. References to NebuAd in Nexicom's Privacy Policy has been removed."[55]
  • WOW![14][45] (WideOpenWest) completed suspension of NebuAd services on July 9. In a response to customer inquiries, WOW! indicated, "With Congress in active review of online behavioral advertising, WOW! Internet- Cable- Phone is suspending its deployment of NebuAd services to our subscribers at this time. We believe that all parties are best served by a thoughtful and thorough review of this emerging advertising model, and we welcome the opportunity for that discussion to take place."[56]
  • Knology[37][57] reported to the United States House Committee on Energy and Commerce that it discontinued a trial of NebuAd in all markets as of July 14, 2008.[58]
  • Unbeknownst to its users, Cable One conducted NebuAd tests on 14,000 customers in Alabama for six months beginning in November 2007.[59] As of August 2008, Cable One had decided against using the technology "commercially" on its systems[60] but in September said it was waiting for "clear rules and boundaries".[61]

The End of NebuAd[edit]

NebuAd was closed down in the UK in August 2008 and in the US in May 2009.[6] Ex-employees moved to work within a variety of other online advertising and technology companies, including VeriFone, PubMatic, Plaxo, Red Aril, AdChemy, Zscaler, Crescendo Networks, and TeleNav.

Class action lawsuit[edit]

A proposed settlement for a class-action lawsuit against NebuAd was underway in October, 2011.[44] All subscribers to the ISPs listed above during the period of January 1, 2007 and July 1, 2008 are to be considered mandatory class members, they do not have to opt in and may not choose to opt out. Under the terms of the proposed settlement NebuAd would create a settlement fund of approximately $2,410,000. This would be used for administration of the settlement, covering legal fees, an incentive award of $5,000 to the individual who brought the complaint, providing up to $1000 for other named representatives, with most of the money going to support non-profits providing consumer education and privacy research.

References[edit]

  1. ^ "NebuAd CEO quits". The Register. 2008-09-03. Retrieved 2008-09-04. 
  2. ^ "Management & Investors". Retrieved 2008-04-26. 
  3. ^ "American ISPs already sharing data with outside ad firms". The Register. 2008-04-10. Retrieved 2008-04-18. 
  4. ^ a b White, Bobby (2007-12-06). "Watching What You See on the Web". The Wall Street Journal. Retrieved 2008-05-21. 
  5. ^ Whoriskey, Peter (2008-04-04). "Every Click You Make". washingtonpost. Retrieved 2008-05-14. 
  6. ^ a b "Case Closed: NebuAd Shuts Down". MediaPost. 2009-06-18. 
  7. ^ "[1]"UK Companies House website
  8. ^ "Juniper Networks partners with NebuAd to enable ISPs to participate in online advertising revenues on the web". juniperamspmarketing.com. Archived from the original on 2008-07-13. Retrieved 2008-06-28. 
  9. ^ Hansell, Saul (2008-04-07). "NebuAd Observes ‘Useful, but Innocuous’ Web Browsing". The New York Times. Retrieved 2008-04-18. 
  10. ^ a b "NebuAd / Privacy". Retrieved 2008-06-28. 
  11. ^ Singel, Ryan (2008-05-16). "Congressmen Ask Charter to Freeze Web Profiling Plan". Threat Level from Wired.com. 
  12. ^ a b c d e Single, Ryan (2008-05-16). "Can Charter Broadband Customers Really Opt-Out of Spying? Maybe Not". Wired. Retrieved 2008-05-17. 
  13. ^ "Robert Dykes (CEO) presenting NebuAd at OnMediaNYC-01/28/2008". vator.tv. 2008-02-18. Retrieved 2008-07-03. 
  14. ^ a b c d "Data pimping catches ISP on the hop". The Register. 2008-04-22. Retrieved 2008-04-23. 
  15. ^ a b c Bode, Karl (2008-05-28). "Infighting At ISPs Over Using NebuAD". Broadband Reports. 
  16. ^ a b "Questions for Bob Dykes, NebuAd CEO". clickz. 2008-01-03. Retrieved 2008-05-14. 
  17. ^ "Charter Cable to Spy on its Broadband Users to Serve Targeted Ads via NebuAd". Digital Destiny. 2008-05-14. Retrieved 2008-05-14. 
  18. ^ "ISPs Collect User Data for Behavioral Ad Targeting". ClickZ. 2008-01-03. Retrieved 2008-05-14. 
  19. ^ "CDT Urges Stronger Guidelines for Behavioral Advertising". 2008-06-12. Retrieved 2008-06-19. [dead link]
  20. ^ "Wide Open West Using NebuAD Users don't get much of a heads up...". 2008-03-11. 
  21. ^ "ISP Data Collection — Congress Investigation Urged (NebuAd-CDT Press Release)". 2008-06-06. Retrieved 2008-06-20. 
  22. ^ "WOW Terms and Conditions". Retrieved 2008-04-30. 
  23. ^ Anderson, Nate (2008-07-15). "Congress goes after NebuAd... again". ars technica. 
  24. ^ "Customers Shoulda Read the Privacy Policy, Says Embarq". MarketingVOX: The Voice of Online Marketing. Retrieved 2008-07-23. 
  25. ^ Topolski, Robb (2008-07-21). "Ready — Fire — Aim: NebuAd and Charter Shellacked -- Right Idea, Wrong Targets". Public Knowledge Policy Blog. 
  26. ^ Hansell, Saul (2008-05-14). "Charter Will Monitor Customers' Web Surfing to Target Ads". The New York Times. Retrieved 2010-05-20. 
  27. ^ http://www.theinquirer.net/gb/inquirer/news/2008/05/14/charter-track-users-replace
  28. ^ The Associated Press (June 25, 2008). "Charter Won’t Track Customers’ Web Use". via The New York Times Company. Retrieved 2008-06-29. 
  29. ^ Metz, Cade (2008-05-16). "US Congress questions legality of Phorm and the Phormettes". The Register. Retrieved 2008-05-17. 
  30. ^ Anderson, Nate (2008-07-23). "Embarq: Don't all users read our 5,000 word privacy policy?". ars technica. "He points out that the system is essentially a massive bridge running Fedora, and that NebuAd advises ISPs to install it inline in their networks in such a way that all web traffic passes through it...opted out or not. As the engineer explains, "When we asked them about an opt-out method for our customers, they didn't have one. And unless they alter the architecture of their system drastically, they won't ever have one. Their system is a bridge, so you would need some sort of magical layer-two switching device upstream that switched frames from users that have opted out around the NebuAd appliance. How would you build a device like this without profiling your users in the first place to determine who had opted out? It's not like there is an opt-out bit you can flip in the header of an Ethernet frame." So while the data actually created and stored by NebuAd or Embarq may end up being totally anonymous and innocuous, everyone's data is still pumped into a third-party box." 
  31. ^ Topolski, Robert (2008-06-18). "NebuAd and Partner ISPs: Wiretapping, Forgery and Browser Hijacking" (PDF). Free Press. Retrieved 2008-06-19. 
  32. ^ "Real Evil: ISP Inserted Advertising". Techcrunch. 2007-06-23. Retrieved 2008-04-26. 
  33. ^ "benanderson.net-Fair Eagle taking over the world? ISPs being compromised or just cheap?". 2007-06-22. Retrieved 2008-06-19. 
  34. ^ a b c "NebuAd looks to 'spyware' firm for recruits". The Register. 2008-06-20. Retrieved 2008-06-20. 
  35. ^ http://whois.domaintools.com/nebuad.com
  36. ^ Keizer, Gregg. "Claria Abandons Adware". TechWeb Technology News. "Claria will exit out of the adware business by the end of the second quarter of 2006." 
  37. ^ a b "Broadstripe Now Selling User Browsing History, Joins growing list of NebuAD customers". BroadbandReports.com. 2008-05-14. Retrieved 2008-06-25. 
  38. ^ "Broadstripe High Speed Internet Online Privacy Policy". Archived from the original on 2008-02-24. Retrieved 2008-05-14. 
  39. ^ a b c "OnlyInternet.Net uses NebuAd for Behavioral Targeting". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26. 
  40. ^ "One More ISP to add to the list of ISPs". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26. 
  41. ^ "And Even One More ISP to add to NebuAds Harem". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26. 
  42. ^ "RTC on Line aka Rochester Telephone Company sells to NebuAd". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26. 
  43. ^ "20/20 Communications and NebuAd". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-26. 
  44. ^ a b "of Pendency of Class Action and Proposed Settlement in the U.S. District Court, Northern District Of California — Valentine, et al. v. NebuAd, Inc., No. 3:08-cv-05113 (TEH)(EMC).". Retrieved 2011-10-24. 
  45. ^ a b c Hansell, Saul (2008-05-14). "Charter Will Monitor Customers’ Web Surfing to Target Ads". The New York Times. Retrieved 2008-05-14. 
  46. ^ Bode, Karl (2008-06-24). "Charter User Monitoring Plans Suspended - 'Enhanced user experience' apparently not so enhanced....". BroadbandReports.com. Retrieved 2008-06-25. 
  47. ^ "ISP Behavioral Targeting Versus You". 2008-09-26. 
  48. ^ Svensson, Peter (2008-06-25). "ISPs still considering tracking Web use". Salon.com. Retrieved 2008-06-25. 
  49. ^ "CenturyTel and NebuAd". BroadbandReports.com. 2008-05-28. Retrieved 2008-06-27. 
  50. ^ "CenturyTel Drops NebuAd". BroadbandReports.com. 2008-06-27. Retrieved 2008-06-27. 
  51. ^ "Bresnan actively intercepting ALL packets". Retrieved 2008-06-18. 
  52. ^ "Bresnan — Internet Privacy Update". John Linko (Blog). 2008-07-01. Retrieved 2008-07-01. 
  53. ^ a b "Blackfoot Telecommunications Group, Inc. Missoula MT Nebuad". BroadbandReports.com. 2008-06-26. Retrieved 2008-06-30. 
  54. ^ "Nexicom Privacy Policy". Retrieved 2008-07-02. "Beginning April 23rd, we will partner with a third party to deliver or facilitate delivery of advertisements to our users while they are surfing on the web. These advertisements will be based on those users' anonymous surfing behavior while they are online. This anonymous information will not include those users' name, email address, telephone number, or any other personally identifiable information. By opting out you will continue to receive advertisements as normal; except these advertisements will be less relevant and less useful to you. If you would like to opt out, click here. (links to http://www.nebuad.com/privacy/optout.php page)" 
  55. ^ "Nexicom is using Nebuad". Canadian Broadband Forum on BroadbandReports.com. 2008-07-03. 
  56. ^ prack (2008-07-03). "WOW! Suspension of Nebuad Services". DSLReports.com Forums — US Cable Support — W.O.W. 
  57. ^ "Knology Customer Service Agreement" (PDF). Retrieved 2008-07-21. "9. Third Party Advertisers. Knology will partner with a third party to deliver or facilitate delivery of advertisements to our users while they are surfing the web. These advertisements will be based on those users' anonymous surfing behavior while they are online. This anonymous information will not include those users' name, email address, telephone number, or any other personally identifiable information. By opting out, You will continue to receive advertisements as normal; except these advertisements will be less relevant and less useful to you. If You would like to opt out, go to: http://nebuad.com/privacy/optout.php" 
  58. ^ Johnson, Rodger; CEO and Chairman of the Board, Knology, Inc. (2008-08-08). "RE: Internet Advertising Inquiry" (PDF). Committee on Energy and Commerce — US House of Representatives. Retrieved 2008-08-11. 
  59. ^ Jesdanun, Anick (August 31, 2008). "6 Internet providers disclose Web tracking for ads". Associated Press via Google. Retrieved 2008-09-01. [dead link]
  60. ^ Ji, Philip P. "Letter, from Responses to August 1, 2008 Letters to Network Operators Regarding Data Collection Practices" (PDF via Google HTML). Committee on Energy and Commerce, U.S. House of Representatives. Retrieved 2008-09-01. 
  61. ^ Jesdanun, Anick (September 1, 2008). "Ad targeting based on ISP tracking now in doubt". Associated Press via Google. Retrieved 2008-09-01. [dead link]

External links[edit]