RealTime IT News

Privacy Concerns Raised Over Adbot Software

Developers of Internet-enabled advertising software defended themselves Thursday against accusations of creating "spyware" and violating the privacy of Internet users.

"We are completely onboard with privacy and would never do some of the things people are saying. That would be a huge violation of privacy and it's against the law," said Peter Fuller, director of communications for Aureate Media.

At issue is the automated ad-serving technology developed by market leaders Aureate and Conducent Technologies, whose software comes bundled with a growing number of freeware Windows utilities. Aureate's ad-banner technology is used by nearly 400 ad-supported software applications, including the popular CuteFTP utility. Conducent has deals with portal sites Lycos and Go2net, which distribute freeware applications including the popular PKzip file compression utility. It also has directly partnered with dozens of software developers.

In a nutshell, such adbot software pulls down banners from a server on the Internet, caches them on the user's hard disk, and then display them in a special window in the utility or application. What's got some users concerned, however, is the traffic going in the other direction, back up to the server.

According to a frequently-asked-questions list prepared by Conducent, the company assigns users a unique ID that helps the company track what ads he or she has seen and clicked on. Also sent back to the server is the IP network mask (but not the specific IP address) of the user's domain. But the company claims that it does not track what sites a user visits. Nor does it create a personally identifiable profile of the user's information.

"We don't do any of the things folks are concerned about at the moment -- tracking what they're using or seeing online. We don't have the capability to do that and that's not the data we stream back," said Bob Regular, director of marketing for Conducent.

According to Regular, the increased use of personal firewall software by end users has spawned many complaint calls to Conducent, which installs a program called tsadbot.exe on the user's hard disk. Information about the program is detailed in the software's click-wrap agreement, but many ignore the license information, and firewall alerts are often the first indication that their computer is communicating with an ad server in the background.

Concerns about Aureate's technology were fanned in recent days by a posting to a mailing list for lawyers by Dale Haag, a security expert with Net Defender, a security consulting firm in Seabrook, Texas. The posting accused Aureate of uploading four pages of user information back to the company, including a list of all installed software on the PC and any multimedia clips downloaded by the user.

Haag told InternetNews Thursday that his posting was based on preliminary investigations and was not intended for widespread publication.

Aureate's Fuller said the company's privacy practices are more progressive than many in the Internet advertising industry, including leaders DoubleClick (DCLK) and Engage.

"They are getting so much more information than we are and some don't even have an opt-out policy. We're opt-in, and even if you don't give us your information, the product is still free. It's a heck of a deal for consumers," Fuller said.

But Richard Smith, the Massachusetts-based software developer and privacy advocate, said he is troubled by the lack of disclosure by adbot companies like Conducent and Aureate, and by the always-on nature of their technology.