dslreports logo

story category
Consumer Groups Dig Inside NebuAD Technology
And find a slew of controversial (if not illegal) tactics...
by Karl Bode 05:03PM Wednesday Jun 18 2008 Tipped by funchords See Profile
Consumer groups Free Press and Public Knowledge today issued a report (pdf) on NebuAD behavioral advertising technology. ISPs are paid to install a user tracking device that sits on the ISP network, and aids in the delivery of ads tailored to your browsing habits. Broadband Reports user Robb Topolski, who first discovered Comcast's upstream BitTorrent throttling, ran a series of tests and found the technology forges packets, violates IETF standards and more:
NebuAd exploits normal browser and platform security behaviors by forging IP packets, allowing their own JavaScript code to be written into source code trusted by the Web browser. NebuAd and ISPs together cooperate in this attack against the intentions of the consumers, the designers of their software and the owners of the servers that they visit.
So far all we've had is NebuAD promises that the technology plays fair and protects user privacy, though few have actually dug into how the technology works. There's mounting Congressional pressure to investigate the technology before it's inevitably launched by more than just the handful of carriers I'm currently aware of (WOW, Knology, Charter, Embarq, Broadstripe, Bresnan Communications, and CenturyTel).

(NebuAD) monitors what you do and see on the Internet, it breaks in and changes the contents of your private communications, it keeps track of what you've done, and if you even know that it's happening, it is impossible to opt-out of it.
Researcher Robb Topolski
Topolski suggests the technology takes a few pages out of the playbook of several controversial tactics, including browser hijacks, cross-site scripting (XSS) attacks, man in the middle attacks and more.

"NebuAd breaks the rules of acceptable behavior on the Internet," says Topolski. "It monitors what you do and see on the Internet, it breaks in and changes the contents of your private communications, it keeps track of what you've done, and if you even know that it's happening, it is impossible to opt-out of it."

"This report shows that NebuAd's Internet wiretapping is highly questionable," says Marvin Ammori, Free Press general counsel. "Phone and cable companies should press pause on NebuAd and any similar venture until consumers and members of Congress can address the serious concerns raised by this report."

"Once again, it shows that ISPs are putting themselves where they don't belong – inserting themselves between consumers and Web sites," says Gigi B. Sohn, president and co-founder of Public Knowledge. "Inserting unwanted information and advertising under false pretenses violates every concept of an open and free Internet."

56 comments .. click to read

Recommended comments

2 recommendations

I am always against any form of invasion of privacy.....

I want to ask you all to look back in time for a minute, just to get a clear perspective on some of what you folks have been saying, it may change what you think and what you say here. Understand I can't see very well with the glasses I am wearing, and I haven't had much sleep for a few days, I have cancer, but I still try to stay active, and care about the rights of everyone.

PLEASE READ this for your knowledge, IT DOES lead to the subject, and yes this subject is what inspired this piece.
I see many of you made comments and they show a lack of historical knowledge, and trust placed where it should not be placed.

So please read for your own sakes and see how you need to step back re-think before you accept some major company's comment.

In our nations history, we had a period where RailRoad companies began a BLACK LIST of steele mills, to generate a MONOPOLY, and they did very effective destruction to our nation financialy until, a President took over all the railroads and mills, and brought our economy back in line.

Then in the early 1900's Roosevelt gave the meat packers time and again the ability to police their own industry. Each time they failed killing thousands of people with ecoli.

Eventually he was forced to develop the USDA with empowerment to carry weapons arrest anyone, and shut down packing houses and farms for any thought of infection.

It worked fine until DEREGULATION came along then DEATH from hamburgers again. Apparently too many of you don't know the history behind REGULATIONS.

Laws for communications exist and cover every aspect of broadcasting and fit very well into INTERNET activity. So the claims of some to write new laws because there are none is a lame excuse at best.

We have learned that with our cars, if we remove the VOLTAGE REGULATOR, we fry the battery and generator (alternator for you people with plastic toy cars of today) and we can even burn up our wires and possibly the car too.

Well then more recently we see how George Bush DEREGULATED FUEL and what it caused. As many of you do not realize, fuel was REGULATED in the 1920's when it reached $5 per gallon. This was roughly 10 years after REGULATING MEAT.

It was in the 70's when oil companies tried a fuel embargo and bullshited their way into gouging at the pumps, and by the standing up for rights by the people, and investigations by some semi honest congress members, the prices fell to a compromise, but private stations who got back into the price wars to get customers were BLACK LISTED, but by now the congress members were getting PAID OFF. Hence the prices never dropped again like before the assault on our economy by the oil industry.

This time around NOBODY is standing up to the THEFT of our economy from FALSE PRETENSE, thus the PRICES JUST KEEP RISING.

Now for the RELATION TO THE NET, it worked for the meat packers a few years ago, even though they killed 5,000 the first year, and its been increasing every year since and we no longer hear about it in the news, and it worked for Airlines companies, then OIL COMPANIES, and in the last year phone companies have been setting up shop to run scams and slamming, and if their little shops get busted, nothing happens, all they do is say OH THERE WAS A BREAKDOWN IN COMMUNICATIONS SO IT WON'T HAPPEN AGAIN, BUT IT WILL TAKE SOME TIME TO STOP ALL OF IT FROM HAPPENING.

The Communications industry seems to have a lot of COMMUNICATIONS PROBLEMS when they do something wrong, and if you pay attention to persons who quit or get fired on or about those times, you hear some interesting details, and if you search you find the details must be accurate since the names are right, the places, the times, just far too many coincidental details.

NOW with that bit of understanding put before you, just how much do you think they will police themselves from SNOOPING IN, SPYING, or INVADING PRIVACY?

And by INVADING PRIVACY, which is todays common term, jerks will try to BEND it in the courts and say the CONSTITUTION DOES NOT GUARANTEE YOU PRIVACY.....

OHHH BUT WAIT I SAY; When the CONSTITUTION was written, they chose a term that COULD NOT BE TWISTED, diminished or in any way miss-interpreted. The term SERCURE is from MARITIME use and also for the plains and areas of high winds, meaning that something SECURE is not going to LEAK A DROP IN OR OUT, or the stuff WILL NOT BLOW AWAY, or WASH AWAY, and also that CONTENTS in the ships hold WILL NOT MOVE, WILL NOT BE BUDGED, IT IS LOCKED DOWN!! IT IS SECURE!! That is the term for "SECURE" in our Constitution, so NEVER LET A JUDGE TRY TO BOWL YOU DOWN ON THAT WORD....

The Same goes for AD Agencies, ISP's, Phone Companies, Banks, Military, EVERYTHING!

But who is able to POLICE THEMSELVES? Who can we trust without REGULATIONS?


History has proved it over and over again, If you think NEBUAD is not snooping, guess again. If you think they aren't slamming ADS on persons like me or you who PAY for non AD-IMPREGNATED USE, Your wrong again.....


Because you sit and talk and piddle around about little parts arguing "FOR THEM" in a very strange honey bee to the pollen sort of way.

If any of you have been around the computing world as long Gates, Jobs, or me, you would be doing what we do for our selves, and further more you might STAND UP AND FIGHT THE INVASIONS.... Unless of course, your a peeping tom, or disrespectful calloused individual making money off other peoples private information....


I have been around so long I watched it all form, from 2k home brew single lines of text on 9 inch monochrome screens of black and gray, then black and green, then black and orange, 4 color, 8 color and finally the amazing 16 colors wow those were the days, then all the way up to now, and I even got to play on the old KEYPUNCH mechanical systems back in the early 60's...

I have seen it all over the years. And more than anything, I do NOT approve of what I see today, and it all stems from the young people programming today! No track records of the evils inherent in communications, or industry as a whole.

An example, LINK PREFETCH, WHAT A CROCK... Sorry but I dumped that code as soon as it came out, I also ran tests and showed it to be the biggest bunch of PRIVACY THREATS EVER.

Instead of a person needing a good knowledge of java or perl and cgi to do some serious hacking over the net, it can all be done VIA SIMPLE LINK PREFETCH TAGS NOW by any html 101 authors who have an ability to read at 3rd grade level, and guess who is making use of it, millions more than before PREFETCH, because its too easy now. View the source and start following out some of the link tags in Mozilla, Microsoft, Mac, and .gov web sites, go on to the game sites, and links on ebay pages by users, guess whats getting hidden on your computers.

This last example is very revealing, go to opec.org, drop down to their archives and follow out the basket prices for agiven day, compare them to stock market records, see for once that oil never passed $100 per barrel till April this year, AND if China can slant drill oil off our coast and produce the first tanker full in less than a month why does our country sit back and listen to some Canadian company like Shell or BP say it takes 10 years before a well even begins to be dug.......... It only takes a few days to get a drilling rig started if its assembled, tow it into place and start drilling...

Likewise NebuAD is that drilling rig, and it is already floated into place... and like China, what make any of you think for one minute they aren't snooping???


PS. Proxies are slow, and we used to avoid them, like looking through a door peep hole out to the street as opposed to walking out there (AOL), but now our newer forms of proxies for privacy are a different but still slow, yet the majority are frauds... Be careful, inspect, detect, and reject the bad the ugly and the excessive...