If you listened to episode 149 of Security Now Twit Podcast, you know, like me, that some companies are preparing to launch a new ad metrics measurement system that’s quite the cause for privacy worries.
Notable companies such as Nebuad and Adzilla want to implement new Internet behavior measurement systems via ISPs (Internet Service Providers). They want to put their hardware in between you and your ISP and analyse every traffic you do (except encrypted traffic & pornographic sites) to establish “anonymous” usage paterns associated with your IP address.
They would then use that data to better serve ads which are relevant to your liking, no matter what the site you’re on. The problem is, unlike Google Adsense, which only scans in-page content to create ad relevance, Nebuad and company’s solution is pretty privacy invasive.
The major problem with that solution stems from the fact you can’t touch it. Nothing you can set on your computer will prevent data from being gathered, since it is gathered at the ISP level. The only way is to use encryption throughout your network, which is more than complicated to set up for the average user.
Privacy with a lack of protection
Personally, I wouldn’t mind having my Internet usage monitored so that I have better, more relevant ads. I actually enjoy watching ads which aren’t totally out of the blue, there’s some discoverable products in there.
So the problem isn’t on whether to do profiling or not, in the same manner, I have nothing against the principle behind 3rd party cookies, as long as they can help me have a better experience. The problem stems from how close to potentially private information can this get.
Being so close, even worse than 3rd party cookies, to all your information makes it very easy for private data to leak out. Just by gathering web page visit information, you’re name or even phone number could easily get out. At least, that’s what many people including myself tend to believe, and it makes sense.
So if Adzilla takes good care of that information and purges it correctly, things are ok, as they are with 3rd party cookies. But considering the massive amount of information that will be gathered, I doubt confidence in the company’s ability to keep your privacy intact will do any real help to leakage problems.
Technical problems
One other very important thing to mention is the IP address problem. More than anything, households use broadband Internet connections that make use of a router to split an IP address (make a subnet out of it). And not only that, most of those connections actually have renewable IP addresses which get changed daily (as is the case with Videotron, here in Canada).
So not only does this mean that to keep track of your statistics the right way, Nebuad and company will have to use some other sort of tracking methods more tied to your individual identity, in example, your name associated with your ISP, households that possess multiple computers on a router will have their metrics completely mixed up. So you might as well end up looking at ads targeted at your Internet-centric adolescent than yourself.
Not in Canada, almost
Fortunatly for some, unfortunatly for others not living there, Industry Canada has regulations in place for ISP. It states that any private information gathering (excepting legal cases like criminal tracking of course) from any client must be agreed upon by the user.
This means that people living in Canada will surely know if their service provider decides to do any data gathering with Nebuad or such. But it isn’t impossible, and the regulations certainly don’t obligate optin-only manners.
In other words, there’s no telling this “agreement” could find itself inside one of those long user agreements nobody reads. And uppon refusal of the agreement, there’s no telling if the ISP will give you the choice to go without Adzilla profiling, in which case we can only hope for at least one local ISP to be available without any sort of usage profiling.
Conclusion
There’s not much else to say, although you can start reading agreements more thoroughly, hope that this method of profiling doesn’t work (as it hasn’t really been proven yet) or start an anti-nebuad-adzilla group in Facebook (lol).
Here’s to the free web!
Edit: Some may have heard of even worse Phorm, they may not be that bad afterall, but it sill generates more concerns than Nebuad. http://www.phorm.com/about/introducing/phorm_priv_rev4.html
