Last month Charter Communications, an internet service provider (ISP), announced that it will share it's customers web browsing data with NebuAd, to show ads based on customer’s web browsing behavior. NebuAd has developed a product know as “deep-packet inspection boxes” for ISP to track user behavior online and then serve ads based on these behaviors.
Since announcement, Charter Communications have come under pressure from privacy advocates and Congress. According to an article in Mediapost, Charter Communications has now delayed its plans to start sharing information with NebuAd.
I wrote a blog post on NebuAd when I first heard about it. In that post I talked about the privacy issues that ISP based BT raises.There has been a lot of concern regarding privacy of user when it comes to Behavioral Targeting. ISP based BT raises this concern to even a higher level.
I wrote: "This kind of technology is beyond simply using anonymous tracking. ISP do have a lot more information than just the browsing behavior. They have name, location, age, social security number (SSN). They know what time users login to their machine, when is the internet being used, what kind of sites are visited at what times, which sites provided information before a user made a purchase etc. etc. This is far more information than companies like Revenue Science or Tacoda has."
In response to my post I got the following response from NebuAd:
"Below are a couple of quick points from NebuAd’s CEO Bob Dykes to explain and clarify some of the information.
There is no information shard between NebuAd and the ISPs - the only involvement between the two is the agreement that lets NebuAd place the appliance in the ISPs network. To further ensure privacy, NebuAd does not collect the websites visited and map those back to the specific user. Instead it converts, via an appliance located in the ISPs network, the key user identifiers, such as IP addresses, to a one way random number so that the central servers see this and not the original identifier.
NebuAd works by listing categories (e.g. “Cars – SUV – Lexus”) and noting if random number goes to a site, or perform a search, that is related to the category. If yes, then it notes that interest mapped to the random number, but do not map the URL’s visited, just the interest. This is why, since it doesn’t even have the info on sites visited, there's no mechanism to map the random number to specific URLs
Since NebuAd and the partner ISPs do not exchange data, the ISPs do not see the categories each random number visits, and NebuAd does not receive specific customer information, so there is no way for either NebuAd or the ISPs to match specific customer information with even the categories of information associated with the randomized numbers. NebuAd also does not retain the raw data mapped back to the anonymous user profiles."
However, Free Press conducted an investigation of NebuAd technology and tracking and concluded
“that NebuAd’s advertising hardware monitors, intercepts and modifies the contents of Internet packets using Transmission
Control Protocol on Internet Protocol (TCP/IP). In doing so, NebuAd commandeers users’ Web browsers and collects uniquely identifying tracking cookies to facilitate its advertising model. Apparently, neither the consumers nor the affected Web sites have actual knowledge of NebuAd’s interceptions and modifications.
NebuAd exploits several forms of “attack” on users’ and applications’ security, the use of which has always generated considerable controversy and user condemnation, including browser hijacking, cross-site scripting and man-in-the-middle attacks. These practices -- committed upon users with the paid-for cooperation of ISPs -- violate several fundamental expectations of Internet privacy, security and standards-based interoperability. Moreover, NebuAd violates the Internet Engineering Task Force (IETF) standards that created today’s Internet where the network operators transmit packets between end users without inspecting or interfering with them. For example, the TCP protocol would normally not accept code from a source that is a third party from the client-server connection. NebuAd engages in packet forgery to trick a user’s computer into accepting data and Web page changes from a third party like NebuAd."
In March, three British ISPs got into a similar controversy and now NebuAd.
Is this the death of ISP based behavioral targeting before it even got started?
We will have to wait and see. For now, it looks like that for ISP based behavioral targeting to live it will have to prove that it is not doing anything sinister. I have said time and again that BT companies should ask explicit permission from user i.e. they should ask them to opt-in instead of automatically opting them in.
What do you think?
--------------------------------------------------------------------------------
Looking to fill your Web Analytics or Online Marketing position?
Try WebAnalytics360 Job Board
New Positions
1. Director, Web/E-Commerce Analytics at World Wrestling Entertainment, INC (Stamford, Connecticut)
2. Sr. Web Analytics Manager at NY Times Company (New York, New York)
--------------------------------------------------------------------------------
Showing posts with label NebuAd. Show all posts
Showing posts with label NebuAd. Show all posts
Thursday, June 19, 2008
Tuesday, May 20, 2008
Charter Communications and Behavioral Targeting
Charter communications, an internet service provider (ISP), announced this week that it will share it's customers web browsing data with NebuAd, to show ads based on customer’s web browsing behavior.
(Note: I wrote about the ISP based behavioral targeting, NebuAd and privacy issues related to ISP based behavioral targeting in my previous blog posts).
Charter communication sent a letter to its subscribers in Fort Worth, Texas, San Luis Obispo, California, Oxford, Massachusetts and Newtown, Connecticut telling them it will collect their web surfing data and use to show ads related to their interests. Charter said it will start testing the system within 30 days and will make a decision whether to introduce it to its 2.8 million Internet customers a few months after that.
One big issue I see with Charter’s Behavioral Targeting is that they are automatically opting in the users. Even though they have sent the letters to customers how many their customers will actually read those letters?
As I have written in past, companies need to build trust with consumers, show them the value in behavioral targeting and then use an opt-in system. Charter is clearly taking the route that other companies have taken which, in my opion, will raise huge privacy concerns.
If anybody who doesn’t want to be tracked will need to explicitly opt-out of the system by providing their name, address etc. The opt-out uses a cookie, so if a consumer deletes a cookie or buys a new computer or uses a computer other than the one which has cookie then he/she will be automatically tracked. What I did not understand was, why do consumers need to provide their name, address etc to opt-out if it is just relying on a cookie. Can anybody from Charter please clarify this?
In march, I wrote about British Telco, coming under fire for engaging in Behavioral Targeting; let’s see what kind of repercussion we see with Charter communication.
(Note: I wrote about the ISP based behavioral targeting, NebuAd and privacy issues related to ISP based behavioral targeting in my previous blog posts).
Charter communication sent a letter to its subscribers in Fort Worth, Texas, San Luis Obispo, California, Oxford, Massachusetts and Newtown, Connecticut telling them it will collect their web surfing data and use to show ads related to their interests. Charter said it will start testing the system within 30 days and will make a decision whether to introduce it to its 2.8 million Internet customers a few months after that.
One big issue I see with Charter’s Behavioral Targeting is that they are automatically opting in the users. Even though they have sent the letters to customers how many their customers will actually read those letters?
As I have written in past, companies need to build trust with consumers, show them the value in behavioral targeting and then use an opt-in system. Charter is clearly taking the route that other companies have taken which, in my opion, will raise huge privacy concerns.
If anybody who doesn’t want to be tracked will need to explicitly opt-out of the system by providing their name, address etc. The opt-out uses a cookie, so if a consumer deletes a cookie or buys a new computer or uses a computer other than the one which has cookie then he/she will be automatically tracked. What I did not understand was, why do consumers need to provide their name, address etc to opt-out if it is just relying on a cookie. Can anybody from Charter please clarify this?
In march, I wrote about British Telco, coming under fire for engaging in Behavioral Targeting; let’s see what kind of repercussion we see with Charter communication.
Wednesday, December 19, 2007
NebuAd’s response to my blog post Part II
In response to my post on ISP based Behavioral Targeting, I got 2 response from NebuAd, one of them was posted at http://webanalysis.blogspot.com/2007/12/nebuads-response-to-my-blog-postin.html. The latest response is for one of the issue that was not answered in previous response:
The ISPs are completely passive in NebuAd’s model. In addition, there is no pop under, and the ads NebuAd sells to do not take over the publisher’s inventory. More specifically, NebuAd's technology does not include any type of overlays that affect publisher content or ad inventory without their knowledge.
Consumers do not see any more ads than they would otherwise see, and they are standard ad types, such as banners ads displayed only where you would expect to see them. The use of pop-ups and pop unders remains a publisher decision. With NebuAd’s solution, the ISP role is completely passive. They merely allow NebuAd’s equipment to reside on their network and are not involved in the advertising process. No data is shared between the ISP’s data systems and NebuAd’s data systems
NebuAd purchases online display inventory from publishers, mainly through leading ad networks. Targeted advertising that the consumer sees is placed there on the ad inventory that the publishers regularly sell to ad networks. These ad networks work with NebuAd to identify and deliver the right ad for the right user, allowing for the publisher to get a higher price from the advertisers who want the targeting. NebuAd’s revenue is generated by advertising sales during this process – the ISPs do not sell any of the advertising.
The ISPs are completely passive in NebuAd’s model. In addition, there is no pop under, and the ads NebuAd sells to do not take over the publisher’s inventory. More specifically, NebuAd's technology does not include any type of overlays that affect publisher content or ad inventory without their knowledge.
Consumers do not see any more ads than they would otherwise see, and they are standard ad types, such as banners ads displayed only where you would expect to see them. The use of pop-ups and pop unders remains a publisher decision. With NebuAd’s solution, the ISP role is completely passive. They merely allow NebuAd’s equipment to reside on their network and are not involved in the advertising process. No data is shared between the ISP’s data systems and NebuAd’s data systems
NebuAd purchases online display inventory from publishers, mainly through leading ad networks. Targeted advertising that the consumer sees is placed there on the ad inventory that the publishers regularly sell to ad networks. These ad networks work with NebuAd to identify and deliver the right ad for the right user, allowing for the publisher to get a higher price from the advertisers who want the targeting. NebuAd’s revenue is generated by advertising sales during this process – the ISPs do not sell any of the advertising.
Monday, December 17, 2007
NebuAd’s response to my blog post
In response to my post on ISP based Behavioral Targeting, I got the following response from NebuAd:
Below are a couple of quick points from NebuAd’s CEO Bob Dykes to explain and clarify some of the information.
There is no information shard between NebuAd and the ISPs - the only involvement between the two is the agreement that lets NebuAd place the appliance in the ISPs network. To further ensure privacy, NebuAd does not collect the websites visited and map those back to the specific user. Instead it converts, via an appliance located in the ISPs network, the key user identifiers, such as IP addresses, to a one way random number so that the central servers see this and not the original identifier.
NebuAd works by listing categories (e.g. “Cars – SUV – Lexus”) and noting if random number goes to a site, or perform a search, that is related to the category. If yes, then it notes that interest mapped to the random number, but do not map the URL’s visited, just the interest. This is why, since it doesn’t even have the info on sites visited, there's no mechanism to map the random number to specific URLs
Since NebuAd and the partner ISPs do not exchange data, the ISPs do not see the categories each random number visits, and NebuAd does not receive specific customer information, so there is no way for either NebuAd or the ISPs to match specific customer information with even the categories of information associated with the randomized numbers. NebuAd also does not retain the raw data mapped back to the anonymous user profiles.
They have not yet provided any response to the following point that I made in my previous post:
It is also not clear to me if the ISPs will work with individual publishers or networks and provide behavioral data to power their ads on publishers inventory or if they will override publishers inventory with their own ads (which will probably cause sudden death of ISP based targeting) or if they will do popups (pop under) creating new inventory. NebuAd does however have a service for publishers where publishers can use their services on their own inventory; however I am not clear how ISPs plan to use it.
Below are a couple of quick points from NebuAd’s CEO Bob Dykes to explain and clarify some of the information.
There is no information shard between NebuAd and the ISPs - the only involvement between the two is the agreement that lets NebuAd place the appliance in the ISPs network. To further ensure privacy, NebuAd does not collect the websites visited and map those back to the specific user. Instead it converts, via an appliance located in the ISPs network, the key user identifiers, such as IP addresses, to a one way random number so that the central servers see this and not the original identifier.
NebuAd works by listing categories (e.g. “Cars – SUV – Lexus”) and noting if random number goes to a site, or perform a search, that is related to the category. If yes, then it notes that interest mapped to the random number, but do not map the URL’s visited, just the interest. This is why, since it doesn’t even have the info on sites visited, there's no mechanism to map the random number to specific URLs
Since NebuAd and the partner ISPs do not exchange data, the ISPs do not see the categories each random number visits, and NebuAd does not receive specific customer information, so there is no way for either NebuAd or the ISPs to match specific customer information with even the categories of information associated with the randomized numbers. NebuAd also does not retain the raw data mapped back to the anonymous user profiles.
They have not yet provided any response to the following point that I made in my previous post:
It is also not clear to me if the ISPs will work with individual publishers or networks and provide behavioral data to power their ads on publishers inventory or if they will override publishers inventory with their own ads (which will probably cause sudden death of ISP based targeting) or if they will do popups (pop under) creating new inventory. NebuAd does however have a service for publishers where publishers can use their services on their own inventory; however I am not clear how ISPs plan to use it.
Sunday, December 09, 2007
ISP based Behavioral Targeting
In an articles titled Watching What You See on the Web Wall Street Journal talks about ISP (Internet Service Provider) based behavioral targeting.
ISP based behavioral targeting idea has been kicked around for some time and NebuAd is one of the first company that made a product know as “deep-packet inspection boxes” for ISP to track user behavior online and then serve ads based on these behaviors.
This kind of targeting enables ISP’s to be a player in growing behavioral targeting market and generate a new stream of revenue.
This kind of technology is beyond simply using anonymous tracking. ISP do have a lot more information than just the browsing behavior. They have name, location, age, social security number (SSN). They know what time users login to their machine, when is the internet being used, what kind of sites are visited at what times, which sites provided information before a user made a purchase etc etc. This is far more information than companies like Revenue Science or Tacoda has and obviously can provide better targeting than Revenue Science or Tacoda can do.
However this also raises far more privacy concerns than companies like Revenue Science and Tacoda raise.
According to the article
The technology does raise privacy issues. The Internet-service providers often know other information about consumers, such as their names, locations and age and income ranges, which can be very valuable to potential advertisers, especially when combined with Web browsing habits. "Some of these [Internet equipment] guys are traveling in dangerous territory," says Emily Riley, an advertising analyst with Jupiter Research. "Should one company have all of that data in one place? It's a little troubling."
Other than user privacy there is another huge issue that this article did not talk about. In a network like Revenue Science or Tacoda publishers and advertisers (data providers) have to opt-in to participate. If a publisher/advertiser does not want to enable advertisers to use their data then they simply do not participate in the network. Advertisers can also choose to just use their site’s data to be used to only power their own advertisements. E.g Delta airlines can choose to participate in a retargeting campaign on a network like Revenue Science. They can retarget all the users who viewed fares to a particular destination but left the site without buying the ticket. To do so they will allow the network to collect information on all those users whom they want to target and then only allow the network to use those behaviors (users) to target their ads only. Alaska airlines cannot use Revenue Science and target their ads based on the behaviors on Delta airlines network. This is an explicit agreement between the publisher/advertiser and network.
However in case of ISP based targeting; data providers (publishers, advertisers and other sites) don’t have to opt in. They are opted in by default. Using the example above, a user’s behavior on Delta airlines site (and also information about who clicked on Delta’s ads across internet) is captured without Delta Airlines explicit approval. Now, ISP’s can use that information to power Alaska airlines advertisement and drive all those users, who could have purchased their tickets from Delta, to Alaska airlines. I am sure Delta won’t be happy about it. This applies to every single site on internet, they do not have an option their data will be used and in most cases to power competitors ads, this is a huge deal. I think it is, what do you think? I am sure there will be advertiser backlash too with this kind of technology.
It is also not clear to me if the ISPs will work with individual publishers or networks and provide behavioral data to power their ads on publishers inventory or if they will override publishers inventory with their own ads (which will probably cause sudden death of ISP based targeting) or if they will do popups (pop under) creating new inventory. NebuAd does however have a service for publishers where publishers can use their services on their own inventory, however I am not clear how ISPs plan to use it.
As I predicted earlier this year Behavioral Targeting has become a very common term among marketers. To cash in on this phenomenon a lot of new technologies and companies are springing up, I expect this trend to continue in 2008, we will see more innovation in coming month. Mobile and TV behavioral targeting is next in line too.
Questions/Comments?
ISP based behavioral targeting idea has been kicked around for some time and NebuAd is one of the first company that made a product know as “deep-packet inspection boxes” for ISP to track user behavior online and then serve ads based on these behaviors.
This kind of targeting enables ISP’s to be a player in growing behavioral targeting market and generate a new stream of revenue.
This kind of technology is beyond simply using anonymous tracking. ISP do have a lot more information than just the browsing behavior. They have name, location, age, social security number (SSN). They know what time users login to their machine, when is the internet being used, what kind of sites are visited at what times, which sites provided information before a user made a purchase etc etc. This is far more information than companies like Revenue Science or Tacoda has and obviously can provide better targeting than Revenue Science or Tacoda can do.
However this also raises far more privacy concerns than companies like Revenue Science and Tacoda raise.
According to the article
The technology does raise privacy issues. The Internet-service providers often know other information about consumers, such as their names, locations and age and income ranges, which can be very valuable to potential advertisers, especially when combined with Web browsing habits. "Some of these [Internet equipment] guys are traveling in dangerous territory," says Emily Riley, an advertising analyst with Jupiter Research. "Should one company have all of that data in one place? It's a little troubling."
Other than user privacy there is another huge issue that this article did not talk about. In a network like Revenue Science or Tacoda publishers and advertisers (data providers) have to opt-in to participate. If a publisher/advertiser does not want to enable advertisers to use their data then they simply do not participate in the network. Advertisers can also choose to just use their site’s data to be used to only power their own advertisements. E.g Delta airlines can choose to participate in a retargeting campaign on a network like Revenue Science. They can retarget all the users who viewed fares to a particular destination but left the site without buying the ticket. To do so they will allow the network to collect information on all those users whom they want to target and then only allow the network to use those behaviors (users) to target their ads only. Alaska airlines cannot use Revenue Science and target their ads based on the behaviors on Delta airlines network. This is an explicit agreement between the publisher/advertiser and network.
However in case of ISP based targeting; data providers (publishers, advertisers and other sites) don’t have to opt in. They are opted in by default. Using the example above, a user’s behavior on Delta airlines site (and also information about who clicked on Delta’s ads across internet) is captured without Delta Airlines explicit approval. Now, ISP’s can use that information to power Alaska airlines advertisement and drive all those users, who could have purchased their tickets from Delta, to Alaska airlines. I am sure Delta won’t be happy about it. This applies to every single site on internet, they do not have an option their data will be used and in most cases to power competitors ads, this is a huge deal. I think it is, what do you think? I am sure there will be advertiser backlash too with this kind of technology.
It is also not clear to me if the ISPs will work with individual publishers or networks and provide behavioral data to power their ads on publishers inventory or if they will override publishers inventory with their own ads (which will probably cause sudden death of ISP based targeting) or if they will do popups (pop under) creating new inventory. NebuAd does however have a service for publishers where publishers can use their services on their own inventory, however I am not clear how ISPs plan to use it.
As I predicted earlier this year Behavioral Targeting has become a very common term among marketers. To cash in on this phenomenon a lot of new technologies and companies are springing up, I expect this trend to continue in 2008, we will see more innovation in coming month. Mobile and TV behavioral targeting is next in line too.
Questions/Comments?
Subscribe to:
Posts (Atom)