NebuAd


NebuAd was an American online advertising company based in Redwood City, California, with offices in New York and London and was funded by the investment companies Sierra Ventures and Menlo Ventures.
It was one of several companies which originally developed behavioral targeting advertising systems, and sought deals with ISPs to enable them to analyse customer's websurfing habits in order to provide them with more relevant, micro-targeted advertising. Phorm was a similar company operating out of Europe. Adzilla and Project Rialto also appear to be developing similar systems.
At one point, NebuAd had signed up more than 30 customers, mostly Internet access providers, its agreements with providers covered 10 percent of the broadband users in America. Due to fallout following public and Congressional concern, NebuAd's largest ISP customers pulled out. NebuAd closed for business in the UK in August 2008, followed by the US in May 2009. NebuAd UK Ltd was dissolved in February 2010.

Overview

NebuAd's platform comprised three main parts: hardware, hosted within an ISP, capable of inserting content into pages, an off-site server complex to analyse and categorise the contents of users' Internet communications, and relationships with advertising networks willing to present NebuAd's targeted advertising.
The system consisted of hardware device installed within an ISP client network. Each device was capable of monitoring up to 50,000 users. Users could "opt-out" of NebuAd’s information collection and targeted ads, but there was no way for users to prevent ISPs from sending the data to NebuAd in the first place.
Since ISPs route customers' traffic, it is an important vantage point from which to monitor all traffic to-and-from a consumer using Deep packet inspection. By analysing the traffic, NebuAd reported it gained more information about a customers' particular interests, than less intrusive methods. NebuAd's privacy policy claimed they "specifically not store or use any information relating to confidential medical information, racial or ethnic origins, religious beliefs, or sexuality, which are tied to personally identifiable information." It also advises, "The information we collect is stored and processed on NebuAd's servers in the United States. As a result, that information may be subject to access requests by governments, courts or law enforcement."
At least 2 customers of a middle America ISP, WOW! noticed unexpected cookies appearing for sites such as nebuad.adjuggler.com, after using Google, which were being read and written, but when WOW's support department was contacted, WOW initially denied responsibility for the activity. After noticing problems with Google loading slowly, and the creation of these non-Google cookies, one customer spent hours trying to disinfect his machine, as he incorrectly thought it had been infected with spyware, but, when this proved ineffective, he resorted to reinstalling his machine's OS from scratch, only to discover the problem did not go away.
On July 9, 2008 WOW suspended the use of NebuAd services to its subscribers.
According to NebuAd's sales, less than 1% of users opt-out. One ISP expected to earn at least $2.50 per month for each user.
NebuAd bought impressions from ad networks including Valueclick.
NebuAd argued that behavioral targeting enriches the Internet on several fronts. Firstly, website owners are offered an improved click-through rate, which could increase profits, or reduce the amount of page-space dedicated to advertising. Owners of previously thought ad-unfriendly websites were offered a chance to make money not on the subject matter of their website, but on the interests of their visitors.
Advertisers were offered better targeted adverts, hence reducing the "scattergun approach" and users were offered more relevant adverts.
ISPs were paid for allowing NebuAd access to their network on a per-user per-active profile basis.
NebuAd used data such as Web search terms, page views, page and ad clicks, time spent on specific sites, zip code, browser info and connection speed to categorise a user's interests. NebuAd did not have access to user identification information from the ISP, but may have been able to discover this through traffic monitoring. Bob Dykes, the NebuAd CEO claimed in 2008; "We have 800 today and we're expanding that to multiple thousands".

Controversies

Generally, NebuAd provided an additional revenue to network operators, which may maintain or lower consumers' Internet access bills. Critics of DPI and targeted advertising believe the raw content of their internet communications are entrusted to the ISP for handling without being inspected, or modified, nor for sale. Privacy advocates criticize the lack of disclosure which some ISPs provided, prior to partnering with NebuAd, was a weak opt-out method, the lack of oversight over what any third-party company does with the contents of Internet communications, its conflicts with United States wiretap laws, and the company's refusal to name its partner ISPs.

Consumer notification

In February 2008, one American cable operator, Wide Open West started rolling out NebuAd. The roll-out was completed in the first week of March 2008. WOW updated its terms and conditions to include a mention of NebuAd, and in some cases informed customers of the terms having been updated. However, customers were not explicitly notified about NebuAd until later, sometime after the third week of March 2008.
In response to an inquiry from members of the United States House of Representatives Telecommunications Subcommittee about its pilot test of NebuAd's services, Embarq said it had notified consumers by revising its privacy policy 2 weeks prior to sending its users' data streams to NebuAd.
A Knology user in Knoxville, Tennessee reported she was not notified her Internet use was being monitored.
In May 2008, Charter Communications announced it planned to monitor websites visited by its customers via a partnership with NebuAd. But after customers voiced their concerns, Charter changed its mind in June.

Friction between ISP staff and management

Plans to implement NebuAd did not agree with some ISP's employees, including one employee was planned to re-route his traffic to avoid NebuAd's Deep Packet Inspection hardware, altogether.

Opt out vs. opt in

Members of US Congress, Ed Markey, chairman of the House Subcommittee on Telecommunications and the Internet, and Joe Barton, a ranking member of the House Committee on Energy and Commerce, have argued that such services must be opt-in only to comply with the provisions laid down by Section 631 of the US Communications Act, and they wrote to Charter to request them to suspend the test: "We respectfully request that you do not move forward on Charter Communications' proposed venture with NebuAd until we have an opportunity to discuss with you issues raised by this proposed venture."
A writer for Wired News questioned whether Charter users could really opt out of being monitored or if they were able to opt out only of receiving targeted ads. The same writer has asked if it would breach anti-wiretapping laws.
An engineer who examined the system confirmed there was no way to opt out of NebuAd's monitoring. All inbound and outbound information was intercepted and sent to NebuAd's offsite server to be processed. Even if a user had opted out of the service, it did not prevent the ISP from sending the data to NebuAd.

Use of packet forgery and browser exploits

A report by Robert M. Topolski, chief technology consultant of the Free Press and Public Knowledge, showed NebuAd's devices created cookies on end-users machines by injecting a specious packet into the end of the data stream returned in response to some web page requests submitted to search engines, including Google and Yahoo. The content of this specious packet, which would be added to the end of the web page when it is rendered by the end-user's browser, contained HTML script tags which cause the browser to request Javascript from http://a.faireagle.com.

Superimposing or adding advertising to webpages

Critics were concerned that NebuAd superimposed its own advertising over the ads of other advertisers, or placing additional advertising to a page. These concerns originated o the NebuAd's "Fair Eagle" operation, patent application data which mentioned such inventions, and a loose relationship to Claria Corporation whose products and history suggest such tactics, as well as by the following:
In 2007 it was reported that Redmoon, a Texas-based ISP was using a NebuAd technology to inject Redmoon's own advertising into pages visited by its users. The "Fair Eagle" advertisement hardware, provided by NebuAd, inserted additional advertising alongside the content of web pages. The ads featured a window with the "Fair Eagle" title bar. The injected ads stopped appearing toward the end of June, 2007.

Relationship with Claria Corporation

Some senior staff members of NebuAd had worked previously at a ad company, named Claria Corporation, which was well known for ad software known as Gator. Both Claria and NebuAd were located in Redwood City, California. The June 2006 creation of nebuad.com coincides with timing of Claria's decision to shut down the Gator service. NebuAd repeatedly denied any corporate connection to Claria, describing its hiring of Claria employees as a result of that company shedding employees in a tight market for experienced advertising sales staff in the Valley.

ISP partners

ISPs that tried out or deployed or prepared to deploy Nebuad included the following:
The following ISPs are listed in legal documents
related to the class action notice as having deployed NebuAd hardware:
All ISPs ended or suspended their relationship with NebuAd.
NebuAd was closed down in the UK in August 2008 and in the US in May 2009.

Class-action lawsuit

A proposed settlement for a class-action lawsuit against NebuAd was underway in October 2011. All subscribers to the ISPs listed above between January 1, 2007 and July 1, 2008 were to be considered mandatory class members and so did not have to opt in and could not choose to opt out. Under the terms of the proposed settlement, NebuAd would create a settlement fund of approximately $2,410,000, to be used for administration of the settlement, covering legal fees, an incentive award of $5,000 to the individual who brought the complaint, providing up to $1000 for other named representatives, with most of the money going to support non-profits providing consumer education and privacy research.