Claim ads hijack browsers
Last modified on Thursday, 19 June 2008 20:52
Two Washington, D.C.-based organizations focused on digital rights are targeting NebuAd Inc., a behavioral advertising vendor that the organizations claim spies on Internet users, hijacks browsers and uses ‘man-in-the-middle attacks.’
A report was issued by the digital rights groups, Public Knowledge and Free Press, who have enlisted the help of Congress to investigate the allegations.
NebuAd Inc. is a service used by Charter Communications Inc., WideOpenWest Holdings LLC and several other Internet service providers. The report claims that NebuAd uses packet forgery, modifies the content of TCP/IP packets and loads subscribers' computers with unwanted cookies.
The report’s author, Robert Topolski, who is the main technology consultant for the two groups, said, "NebuAd exploits several forms of 'attack' on users' and applications' security. These practices -- committed upon users with the paid-for cooperation of ISPs -- violate several fundamental expectations of Internet privacy, security and standards-based interoperability."
Topolski also claims that NebuAd violates standards established by the Internet Engineering Task force, standards that "created today's Internet, where the network operators transmit packets between end users without inspecting or interfering with them." Topolski compared NebuAd's practices to browser hijacking, cross-site scripting and other forms of computer attacks, and said that NebuAd is engaged in "…eavesdropping on the content of Web messages as they were being sent and received."
Topolski’s report also claims that he tested a connection on WideOpenWest in late May and early June and discovered that NebuAd's service injected a new script into his browser session, pre-loaded identifying cookies onto his machine and monitored his browsing.
Neither Charter Communications nor NebuAd responded to requests for comment on Topolski’s report. Charter, a cable TV and Internet provider, announced last month that it planned to use NebuAd to roll out a targeted advertising program that would track users' Web activity in order to deliver "relevant" ads. This announcement by Charter, the fourth largest cable operator in the U.S., lit the fire for a call to action by several privacy and consumer groups.
Two U.S. House of Representatives members of the Energy and Commerce Committee have written Charter and asked them to delay their advertising rollout plan until they can discuss it with them. Both Congressmen raised concerns in the communication that “Any collection of cable subscribers' personal data without their consent raises substantial questions about whether it is legal under the Communications Act.”