Article 43

 

Saturday, June 28, 2008

The Mother of All Privacy Battles Part 7

We know that it’s the same user over and over again. ...
We see every site you go to, and what you did on those sites.  ...
We know you’re going to Vegas. ...
We not only know which of our ads you clicked on,
we know every other ad you’ve clicked on!
- Robert Dykes (CEO) PRESENTING NEBUAD at ONMEDIA NYC 1/28/2008.

An Open Response To NebuAd

By Rob Topolski
June 24, 4008

Dear NebuAd,

In YOUR STATEMENT regarding my RECENT REPORT, “NebuAd and Partner ISPs: Wiretapping, Forgery and Browser Hijacking” you state the following:

“Transparency and consumer-privacy protection are core to our business. Reasonable review of materials that have been made available online would have educated the organization that NebuAd requires its ISP partners to provide robust notice to their subscribers prior to deployment of the service.”

For the record, I would like to make it clear that:

· NebuAd’s claims of transparency are hollow. Your company WILL NOT REVEAL THE NAMES OF ISPS THAT USE YOUR SERVICE, NOR WILL YOU REVEAL THE ADVERTISING NETWORKS where your targeted ads may appear, NOR DO YOU REVEAL HOW MICRO-TARGETED YOUR SERVICE GETS.

· NebuAd’s claims of privacy are dubious, since we don’t know who your ad partners are, we also don’t know who we are trusting with the very specific information that you are sharing about us.  We do know that YOUR MANAGEMENT RANKS ARE HEAVY WITH FORMER EMPLOYEES OF CLARIA (EX GATOR ), A COMPANY OFTEN LINKED TO SPYWARE. Your site does CLAIM THAT YOUR PRIVACY PRACTICES WERE REVIEWED by the PONEMON INSTITUTE, with a September 2007 “Privacy Review of NebuAd, Inc.’s Behavioral Advertising Solution” report that cannot be located on Ask, Google, Yahoo, or on Ponemon’s own site.

· NebuAd’s claim that I did not review the website is false.  Naturally, I completely reviewed all of the materials on your website prior to authoring the report. I also reviewed other data and PUBLIC STATEMENTS BY YOUR CEO.

· NebuAd’s claim of robust notification doesn’t work. While you say that your ISP partners must provide robust notice robustly notify its customers prior to deploying NebuAd, the CUSTOMERS REMAIN UNINFORMED.  I observe that most ISPs that you are known to work with only QUIETLY ALTERED THEIR TERMS OF SERVICE or Technical Support files prior to going online with NebuAd.  Most CUSTOMERS ARE SURPRISED TO LEARN that everything they see and do on the Web was already being sold to you by their ISP.

“All ad networks use a small piece of code that is temporary and operates only within the security framework of the browser to invoke the placement of ad network cookies. The code NebuAd uses is no different, and is clearly demarcated outside of and does not modify any publisher code.”

This, too, requires a response.

· As mentioned in my REPORT, NebuAd injects its cookies by forging TCP packets using a hardware device in the middle of the network.  This is not something that all ad networks do.

· As detailed in my REPORT, NebuAd’s code is appended to the web page code, in an extra packet that appears to come from servers owned by Google or Yahoo (not NebuAd).  This is why you can claim any demarcation. However, there is no demarcation between the publishers code and your injected code that indicates that the code is not from the publisher and that NebuAd is the source of the injected script.  The packet is a forgery and the reason is obvious—if the injected packet would properly identify its source in the IP header, the customer’s computer would properly ignore it. This is by intentional design, and is why I characterize NebuAd’s programming as usurping the intentions of the application and operating system designers.

Having read this response, I expect that you will stop misinforming the public about my report.  This matter deserves debate, not disinformation.

Sincerely,

/s/
Robert M. Topolski
Chief Technology Consultant
FREE PRESS and PUBLIC KNOWLEDGE

SOURCE

Posted by Elvis on 06/28/08 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 1 of 1 pages

Statistics

Total page hits 9519612
Page rendered in 0.7035 seconds
40 queries executed
Debug mode is off
Total Entries: 3206
Total Comments: 337
Most Recent Entry: 11/21/2019 10:21 am
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 12
Total anonymous users: 0
The most visitors ever was 114 on 10/26/2017 04:23 am


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

We can hardly call a beggar an obstacle to generosity. - Dalai Lama

Search


Advanced Search

Sections

Calendar

December 2019
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Must Read

Most recent entries

RSS Feeds

Today's News

ARS Technica

External Links

Elvis Picks

BLS Pages

Favorites

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights