Research Into NebuAd Finds Controversial And Potentially Illegal Tactics
from the not-looking-good dept
NebuAd is a company we've discussed before, that basically works with ISPs to use your clickstream data to send targeted ads. It's quite similar to Phorm, which has received plenty of attention for its questionable behavior over in the UK. Now, some researchers have looked into the details of what NebuAd really does... and it's not pretty:NebuAd exploits normal browser and platform security behaviors by forging IP packets, allowing their own JavaScript code to be written into source code trusted by the Web browser. NebuAd and ISPs together cooperate in this attack against the intentions of the consumers, the designers of their software and the owners of the servers that they visit.... NebuAd breaks the rules of acceptable behavior on the Internet. It monitors what you do and see on the Internet, it breaks in and changes the contents of your private communications, it keeps track of what you've done, and if you even know that it's happening, it is impossible to opt-out of it."Perhaps Charter Communications and other ISPs that have signed up for NebuAd should have researched things a little more thoroughly. Congress is already investigating the legality of something like NebuAd, and one assumes that a report like this may find its way to many of those politicians pretty quickly.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: clickstream tracking, isps, legality, spyware
Companies: nebuad
Reader Comments
Subscribe: RSS
View by: Time | Thread
It's better that way.
[ link to this | view in chronology ]
Re: It's better that way.
People like Mike are part of a growing number of individuals concerned that America has lost its way. They have no holding with a particular government party but they tend to all think that America should have a specific intent behind each of its laws, and recognize when that intent is not what will really happen when some laws are enacted.
More people would share these views. All it takes is the reading of a powerful document. Once you understand this document, and the intent of its creators, you will easily see how over the last three decades America has been rotting from within.
What is this document? The Constitution. The fact one would have to ask is unnerving. The fact that it is getting ignored when inconvient is incendiary.
Currently, war is coming. Not necessarily the one some would think. Be sure you are on the right side. The consequences of the wrong side winning will be more costly than you seem to know.
[ link to this | view in chronology ]
Privacy protections
[ link to this | view in chronology ]
Re: Privacy protections
[ link to this | view in chronology ]
Wiretapping + NebuAd = Prison Time
[ link to this | view in chronology ]
Freedom of Information
The reason the government likes private sector data collection is that the private sector doesn't receive FOI requests.
This is a very handy solution for them.
[ link to this | view in chronology ]
A real use would be to look for
Once you are trusted, then force install your own PC control system along with the usual security updates. You can even disable the MS Windows security that prevents your operation.
Once you are in, you no longer need the ISP to inject, just force all user traffic thru your own DNS, oh the fun you could have.
[ link to this | view in chronology ]
Re: Man-in-the-middle attack
Just a note that SSL is resistant to man-in-the-middle attacks. That is, provided that users check the security certificate for the site they're looking at. If they don't do that, then it makes it easier to spoof them.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Whaaaaaaaa?
This is stoooooooooopid!
[ link to this | view in chronology ]
What Is To Be Done
Obviously, webhosting companies don't often pull the same kind of stuff that Charter and NebuAd do, because there are lots of webhosting companies, the barriers to entry are minimal, and in case of malfeasance, THEY ARE EASILY REPLACED. The game just isn't worth the candle. The same would apply for a proxy client service with a Virtual Private Network connection across the ISP's network. Apart from speed limitations, the old dial-up ISP system was a good idea. It separated the ownership of the wires from the management of traffic, and allowed the latter to be bona fide free enterprise. The CLEC system for DSL was a reasonable, if imperfect, evolution of this, until the FCC effectively abolished it. The moral is that one has to have a clear separation between things which are publicly owned and operated for the public good, versus private enterprise. There should not be intermediate cases, because they will tend to have people abusing their government-granted authority for their own private profit.
At the other end of the scale from small business, a postal carrier has about the best job one can get with a high-school diploma. Not only is the pay good, but there's a good health plan, job security, a pension, etc. The mailman is not going to risk all that for some short-term stunt. The postal service is not the cheapest possible service, but it is a highly trustworthy one. Even in the case of government surveillance, the mailmen will probably be more intransigent than the major telecommunications providers. They will want to be assured that the next administration of the opposite party will not consider their actions as grounds for dismissal. They might very well regard it as a lesser ill to be unlawfully fired by George W. Bush, and eventually reinstated with back pay by Barrack Obama. By contrast, the typical midlevel Verizon or AT&T employee is liable to dismissal for "business considerations." If the telephone lineman worked for Uncle Sam, he would have much the same mentality as a postal worker.
The monopolistic telecommunications companies seem to combine the worst of both worlds. They are neither accountable to the market, nor to the democratic process. Maybe it is time to nationalized the monopolistic telephone and cable television systems, and establish an open-access system, similar to what exists for parcel delivery. A private parcel carrier uses public roads, and is thus able to go everywhere without being a monopolist or near-monopolist. But there is also a public service, the Post Office. A private carrier can "split the difference" by carrying something across the country, then mailing it at a post office close to the destination, the typical system for delivery of magazines and mail-order catalogs. There is no great difficulty about applying the same system to telecommunications. The system might not be perfectly efficient from a manpower standpoint, but it would be efficient enough, bearing in mind the ongoing improvement in electronics.
[ link to this | view in chronology ]
wired has a write-up too
Noscript and AddBlockPlus need to be updated for 3, and right quick.
So anyway, what do you do if you find your ISP is in bed with these crooks? My town gave Cox the cable monopoly, DSL isn't really an option, and dial-up would just be too painful. They keep comparing the internet to a superhighway, it's time to nationalize it and have the government deploy the infrastructure. ISPs can spring up like gas stations along the interstate.
[ link to this | view in chronology ]
Bresnan-NebuAd
Also check out this discussion on dslreports; http://www.dslreports.com/forum/remark,20258823?hilite=
[ link to this | view in chronology ]