I've had an interesting few months talking with individuals at a number of ISPs, each of which has either already, or is in the process of, implementing NebuAD user-tracking technology (unfamiliar? Go here). There's a few things to note, one of which is that I'm noticing an even larger disconnect than usual between technicians (who think the system violates user trust) and executives (who are absolutely blinded by dollar signs) on this issue.

Obviously a disconnect between the MBAs and network operations is nothing new, but it's more pronounced with the development of new advertising opportunities. Many technicians absolutely hated the idea of ISPs using DNS redirection (ad delivery via page not found) to sell advertising, but their protests were ignored and the practice has almost become industry standard. Security and "clean 'net" functionality be damned.

Internal debates over whether to use NebuAD deep packet inspection hardware seems to be even more intense. One ISP employee tells me there's been internal infighting for most of this year over whether to launch NebuAD. An employee for a second ISP that's preparing a launch tells me that everyone at his CO thinks the idea is terrible, have said as much at meetings and directly to marketing, but have been ignored.

I think management here just sees it as money on the table. -Anonymous ISP employee

"I think management here just sees it as money on the table," says another ISP employee. "NebuAd has a pretty convincing sales pitch. They know how to make their product appeal to ISPs and have plenty of marketing material."

One employee tells me their employer stands to make at least $2.50 per month per user. For a small or debt-laden company (like say Charter) the offer is hard to ignore, even if they may be violating privacy laws and annoying customers.

According to the NebuAD sales pitch to ISPs, only about 1% of users opt-out of the system. That's probably no thanks to ISPs burying the fact they even use the system in fine print. When they do clearly announce it, it's been promoted as a "service enhancement." One ISP has gone so far as to suggest it's as good as getting faster speeds.

On top of the cash income, NebuAD tells ISPs they'll be provided with monthly metrics on the top sites visited, and even the number of times competitors' websites were visited. I'm told NebuAD is even able to build profiles of individual people using the same IP address (ex: users behind a NAT device). In short, the additional income and competitive intelligence gained easily over-rides any moral opposition to privacy implications.

"It looks like we're moving forward with the trial next month regardless of how I or any of my co-workers feel about it," says an employee at one ISP. "I've pretty much accepted that at this point, so it's not likely anything I'll walk out over."

I was amused to hear the employee is going to ensure they aren't tracked.

"We have two upstream links to the Internet and the NebuAd spybox will only be hooked up to one of them, so I know at least for my home connection I'll be setting a static route to use the non-poisoned link," they say. "I don't want to go anywhere near it." How's that for a candid vote of confidence?

One additional thing to note is that I'm told NebuAD is informing ISPs that they are working on a new opt-out system. As I've discussed, the current system uses cookies and only prevents targeted ad delivery, it doesn't stop your ISP from tracking and selling your browsing history. The new system, I'm told, will rely on IP address instead of cookies to opt-users out.

My guess? You can expect every ISP in the industry to be using NebuAD technology (or some variant) within the next two years. I expect some continued scuff ups started by privacy advocates and annoyed customers, but I imagine NebuAD and ISP lawyers will stay one step ahead of them. Online advertising is a $11 billion (and growing) business, and it's been fairly apparent that the FTC's priority is protecting revenue streams, not consumers.