Research Into NebuAd Finds Controversial And Potentially Illegal Tactics

from the not-looking-good dept

NebuAd is a company we’ve discussed before, that basically works with ISPs to use your clickstream data to send targeted ads. It’s quite similar to Phorm, which has received plenty of attention for its questionable behavior over in the UK. Now, some researchers have looked into the details of what NebuAd really does… and it’s not pretty:

NebuAd exploits normal browser and platform security behaviors by forging IP packets, allowing their own JavaScript code to be written into source code trusted by the Web browser. NebuAd and ISPs together cooperate in this attack against the intentions of the consumers, the designers of their software and the owners of the servers that they visit…. NebuAd breaks the rules of acceptable behavior on the Internet. It monitors what you do and see on the Internet, it breaks in and changes the contents of your private communications, it keeps track of what you’ve done, and if you even know that it’s happening, it is impossible to opt-out of it.”

Perhaps Charter Communications and other ISPs that have signed up for NebuAd should have researched things a little more thoroughly. Congress is already investigating the legality of something like NebuAd, and one assumes that a report like this may find its way to many of those politicians pretty quickly.

Filed Under: , , ,
Companies: nebuad

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Research Into NebuAd Finds Controversial And Potentially Illegal Tactics”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: It's better that way.

It is not that people like Mike are afraid of “the eeeeeeeeeeeeeevil government” as much as afraid of “the eeeeeeeeeeeeeevil government” it may become.

People like Mike are part of a growing number of individuals concerned that America has lost its way. They have no holding with a particular government party but they tend to all think that America should have a specific intent behind each of its laws, and recognize when that intent is not what will really happen when some laws are enacted.

More people would share these views. All it takes is the reading of a powerful document. Once you understand this document, and the intent of its creators, you will easily see how over the last three decades America has been rotting from within.

What is this document? The Constitution. The fact one would have to ask is unnerving. The fact that it is getting ignored when inconvient is incendiary.

Currently, war is coming. Not necessarily the one some would think. Be sure you are on the right side. The consequences of the wrong side winning will be more costly than you seem to know.

Ajax 4Hire (profile) says:

A real use would be to look for

traffic to a required trusted site like the Microsoft update site.
Once you are trusted, then force install your own PC control system along with the usual security updates. You can even disable the MS Windows security that prevents your operation.

Once you are in, you no longer need the ISP to inject, just force all user traffic thru your own DNS, oh the fun you could have.

Lawrence D'Oliveiro says:

Re: Man-in-the-middle attack

Once you are trusted, then force install your own PC control system along with the usual security updates.

Just a note that SSL is resistant to man-in-the-middle attacks. That is, provided that users check the security certificate for the site they’re looking at. If they don’t do that, then it makes it easier to spoof them.

Andrew D. Todd (user link) says:

What Is To Be Done

Of course you can switch off Java/JavaScript/Cookies/Flash, and only turn them on when you really do need them. Then turn them back off again. Nine times out of ten, when a website gets the “noscript” code in the HTTP header, it will decide to do things your way.

Obviously, webhosting companies don’t often pull the same kind of stuff that Charter and NebuAd do, because there are lots of webhosting companies, the barriers to entry are minimal, and in case of malfeasance, THEY ARE EASILY REPLACED. The game just isn’t worth the candle. The same would apply for a proxy client service with a Virtual Private Network connection across the ISP’s network. Apart from speed limitations, the old dial-up ISP system was a good idea. It separated the ownership of the wires from the management of traffic, and allowed the latter to be bona fide free enterprise. The CLEC system for DSL was a reasonable, if imperfect, evolution of this, until the FCC effectively abolished it. The moral is that one has to have a clear separation between things which are publicly owned and operated for the public good, versus private enterprise. There should not be intermediate cases, because they will tend to have people abusing their government-granted authority for their own private profit.

At the other end of the scale from small business, a postal carrier has about the best job one can get with a high-school diploma. Not only is the pay good, but there’s a good health plan, job security, a pension, etc. The mailman is not going to risk all that for some short-term stunt. The postal service is not the cheapest possible service, but it is a highly trustworthy one. Even in the case of government surveillance, the mailmen will probably be more intransigent than the major telecommunications providers. They will want to be assured that the next administration of the opposite party will not consider their actions as grounds for dismissal. They might very well regard it as a lesser ill to be unlawfully fired by George W. Bush, and eventually reinstated with back pay by Barrack Obama. By contrast, the typical midlevel Verizon or AT&T employee is liable to dismissal for “business considerations.” If the telephone lineman worked for Uncle Sam, he would have much the same mentality as a postal worker.

The monopolistic telecommunications companies seem to combine the worst of both worlds. They are neither accountable to the market, nor to the democratic process. Maybe it is time to nationalized the monopolistic telephone and cable television systems, and establish an open-access system, similar to what exists for parcel delivery. A private parcel carrier uses public roads, and is thus able to go everywhere without being a monopolist or near-monopolist. But there is also a public service, the Post Office. A private carrier can “split the difference” by carrying something across the country, then mailing it at a post office close to the destination, the typical system for delivery of magazines and mail-order catalogs. There is no great difficulty about applying the same system to telecommunications. The system might not be perfectly efficient from a manpower standpoint, but it would be efficient enough, bearing in mind the ongoing improvement in electronics.

another mike says:

wired has a write-up too

In their article, NebuAd responded that your profile is so anonymous that even they can’t link it to you, but if you do manage to opt-out they’ll be happy to delete your profile. Wha?! I thought they said they couldn’t link it to you.
Noscript and AddBlockPlus need to be updated for 3, and right quick.
So anyway, what do you do if you find your ISP is in bed with these crooks? My town gave Cox the cable monopoly, DSL isn’t really an option, and dial-up would just be too painful. They keep comparing the internet to a superhighway, it’s time to nationalize it and have the government deploy the infrastructure. ISPs can spring up like gas stations along the interstate.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...