RealTime IT News

NebuAd Halts ISP Tracking Model

Embattled startup NebuAd has confirmed its plans to shelve a controversial ad-targeting system that collects and analyzes people's Web-browsing activities gleaned from their ISPs.

The about-face follows a high-profile congressional inquiry into the privacy implications of the practice begun this summer, which has since seen many of NebuAd's ISP clients drop the service.

In an e-mail to InternetNews.com, NebuAd spokeswoman Janet McGraw wrote that "plans for wide spread deployment via the Internet service provider channel are delayed to allow time for Congress to spend additional time addressing the privacy issues and policies associated with online behavioral advertising."

McGraw added that NebuAd was pursuing other advertising formats as part of a multi-channel strategy, but declined to elaborate on the company's plans.

After a splashy PR campaign promoting the launch of its service, NebuAd has earned a reputation as a secretive company since the controversy began. Earlier this summer, NebuAd dropped its PR firm, the Horn Group, and took its communications efforts in-house.

Whatever direction it takes, NebuAd will move forward with a new leader. After emphatically defending his company's privacy practices at congressional hearings this summer, Bob Dykes stepped down as CEO earlier this week in favor of a position with electronic payment provider Verifone. Dykes will stay on as NebuAd's chairman. Kira Makagon, NebuAd's president, will step in as chief executive.

The apparent collapse of NebuAd's ad-targeting system revisits the question of how ISPs will insert themselves into the online advertising revenue stream. NebuAd billed its service as a solution to that challenge, and claimed that the data it collected was completely anonymous, and that algorithms automatically discarded Web activity that didn't fit into one of about 1,000 consumer categories. Dykes made a point of telling lawmakers that NebuAd didn't do business with pharmaceutical or financial services companies to ensure that its modeling system didn't collect sensitive information.

But NebuAd's model, which uses a technique known as deep-packet inspection to gain insights into Internet traffic became a lightning rod after security researcher Robert Topolski released a report calling NebuAd's tactic "browser hijacking," and comparing it to two well-known security exploits.

Critics compared the technique to a phone company listening in to people's calls, or the Post Office opening mail before delivering it.

One policy-reform group, the Center for Democracy and Technology, issued a legal analysis suggesting that the ISPs that deployed NebuAd's technology could run afoul of state and federal wiretapping laws.

Dykes maintained that serving more targeted ads improves a user's Internet experience, but the chief objection was the way that the system was structured. Ed Markey, the Massachusetts Democrat who chairs the House Subcommittee on Telecommunications and the Internet, browbeat Dykes for not setting up the system so that a person would have to proactively assert his willingness to share his browsing activity with NebuAd, rather than the opt-in model that the company has stuck with.

NebuAd requires all of its ISP partners to inform subscribers when it deploys the system, but some lawmakers were skeptical about effective the notification process was.

Markey has signaled his intention to introduce legislation in the next Congress that would require Internet companies to obtain explicit permission before running any kind of deep-packet inspection.