NebuAd

NebuAd was an American online advertising company based in Redwood City, California, with offices in New York and London and was funded by the investment companies Sierra Ventures and Menlo Ventures. It was one of several companies which originally developed behavioral targeting advertising systems, and sought deals with ISPs to enable them to analyse customer's websurfing habits in order to provide them with more relevant, micro-targeted advertising. Phorm was a similar company operating out of Europe. Adzilla and Project Rialto also appear to be developing similar systems.

At one point, NebuAd had signed up more than 30 customers, mostly Internet access providers, its agreements with providers covered 10 percent of the broadband users in America. Due to fallout following public and Congressional concern, NebuAd's largest ISP customers pulled out. NebuAd closed for business in the UK in August 2008, followed by the US in May 2009. NebuAd UK Ltd was dissolved in February 2010.

Overview
NebuAd's platform comprised three main parts: hardware, hosted within an ISP, capable of inserting content into pages, an off-site server complex to analyse and categorise the contents of users' Internet communications, and relationships with advertising networks willing to present NebuAd's targeted advertising.

The system consisted of hardware device installed within an ISP client network. Each device was capable of monitoring up to 50,000 users. Users could "opt-out" of NebuAd's information collection and targeted ads, but there was no way for users to prevent ISPs from sending the data to NebuAd in the first place.

Since ISPs route customers' traffic, it is an important vantage point from which to monitor all traffic to-and-from a consumer using Deep packet inspection (DPI). By analysing the traffic, NebuAd reported it gained more information about a customer's particular interests, than less intrusive methods. NebuAd's privacy policy claimed they "specifically not store or use any information relating to confidential medical information, racial or ethnic origins, religious beliefs, or sexuality, which are tied to personally identifiable information ('sensitive personal information')." It also advises, "The information we collect is stored and processed on NebuAd's servers in the United States. As a result, that information may be subject to access requests by governments, courts or law enforcement."

At least 2 customers of a middle America ISP, WOW! noticed unexpected cookies appearing for sites such as nebuad.adjuggler.com, after using Google, which were being read and written, but when WOW's support department was contacted, WOW initially denied responsibility for the activity. After noticing problems with Google loading slowly, and the creation of these non-Google cookies, one customer spent hours trying to disinfect his machine, as he incorrectly thought it had been infected with spyware, but, when this proved ineffective, he resorted to reinstalling his machine's OS from scratch, only to discover the problem did not go away.

On July 9, 2008, WOW suspended the use of NebuAd services to its subscribers.

According to NebuAd's sales, less than 1% of users opt-out. One ISP expected to earn at least $2.50 per month for each user.

NebuAd bought impressions from ad networks including Valueclick.

NebuAd argued that behavioral targeting enriches the Internet on several fronts. Firstly, website owners are offered an improved click-through rate (CTR), which could increase profits, or reduce the amount of page-space dedicated to advertising. Owners of previously thought ad-unfriendly websites were offered a chance to make money not on the subject matter of their website, but on the interests of their visitors.

Advertisers were offered better targeted adverts, hence reducing the "scattergun approach" (publishing as many ads as possible, in the hope of catching a client) and users were offered more relevant adverts.

ISPs were paid for allowing NebuAd access to their network on a per-user per-active profile basis.

NebuAd used data such as Web search terms, page views, page and ad clicks, time spent on specific sites, zip code, browser info and connection speed to categorise a user's interests. NebuAd did not have access to user identification information from the ISP, but may have been able to discover this through traffic monitoring (for example, email traffic may tie an email address to an ip address). Bob Dykes, the NebuAd CEO claimed in 2008; "We have 800 [consumer interest segments] today and we're expanding that to multiple thousands".

Controversies
Generally, NebuAd provided an additional revenue to network operators, which may maintain or lower consumers' Internet access bills. Critics of DPI and targeted advertising believe the raw content of their internet communications are entrusted to the ISP for handling without being inspected, or modified, nor for sale. Privacy advocates criticize the lack of disclosure which some ISPs provided, prior to partnering with NebuAd, was a weak opt-out method, the lack of oversight over what any third-party company does with the contents of Internet communications, its conflicts with United States wiretap laws, and the company's refusal to name its partner ISPs.

Consumer notification
In February 2008, one American cable operator, Wide Open West (WOW) started rolling out NebuAd. The roll-out was completed in the first week of March 2008. WOW updated its terms and conditions to include a mention of NebuAd, and in some cases informed customers of the terms having been updated. However, customers were not explicitly notified about NebuAd until later, sometime after the third week of March 2008.

In response to an inquiry from members of the United States House of Representatives Telecommunications Subcommittee about its pilot test of NebuAd's services, Embarq said it had notified consumers by revising its privacy policy 2 weeks prior to sending its users' data streams to NebuAd.

A Knology user in Knoxville, Tennessee reported she was not notified her Internet use was being monitored.

In May 2008, Charter Communications announced it planned to monitor websites visited by its customers via a partnership with NebuAd. But after customers voiced their concerns, Charter changed its mind in June.

Friction between ISP staff and management
Plans to implement NebuAd did not agree with some ISP's employees, including one employee was planned to re-route his traffic to avoid NebuAd's Deep Packet Inspection hardware, altogether.

Opt out vs. opt in
Members of US Congress, Ed Markey, chairman of the House Subcommittee on Telecommunications and the Internet, and Joe Barton, a ranking member of the House Committee on Energy and Commerce, have argued that such services must be opt-in only to comply with the provisions laid down by Section 631 of the US Communications Act, and they wrote to Charter to request them to suspend the test: "We respectfully request that you do not move forward on Charter Communications' proposed venture with NebuAd until we have an opportunity to discuss with you issues raised by this proposed venture."

A writer for Wired News questioned whether Charter users could really opt out of being monitored or if they were able to opt out only of receiving targeted ads. The same writer has asked if it would breach anti-wiretapping laws.

An engineer who examined the system confirmed there was no way to opt out of NebuAd's monitoring. All inbound and outbound information was intercepted and sent to NebuAd's offsite server to be processed. Even if a user had opted out of the service, it did not prevent the ISP from sending the data to NebuAd.

Use of packet forgery and browser exploits
A report by Robert M. Topolski, chief technology consultant of the Free Press and Public Knowledge, showed NebuAd's devices created cookies on end-users machines by injecting a specious packet into the end of the data stream returned in response to some web page requests submitted to search engines, including Google and Yahoo. The content of this specious packet, which would be added to the end of the web page when it is rendered by the end-user's browser, contained HTML script tags which cause the browser to request Javascript from ____.

Superimposing or adding advertising to webpages
Critics were concerned that NebuAd superimposed its own advertising over the ads of other advertisers, or placing additional advertising to a page. These concerns originated o the NebuAd's "Fair Eagle" operation, patent application data which mentioned such inventions, and a loose relationship to Claria Corporation whose products and history suggest such tactics, as well as by the following:

In 2007 it was reported that Redmoon, a Texas-based ISP was using a NebuAd technology to inject Redmoon's own advertising into pages visited by its users. The "Fair Eagle" advertisement hardware, provided by NebuAd, inserted additional advertising alongside the content of web pages. The ads featured a window with the "Fair Eagle" title bar. The injected ads stopped appearing toward the end of June, 2007.

Relationship with Claria Corporation
Some senior staff members of NebuAd had worked previously at a (now defunct) ad company, named Claria Corporation (formerly, the Gator Corporation), which was well known for ad software known as Gator. Both Claria and NebuAd were located in Redwood City, California. The June 2006 creation of nebuad.com coincides with timing of Claria's decision to shut down the Gator service. NebuAd repeatedly denied any corporate connection to Claria, describing its hiring of Claria employees as a result of that company shedding employees in a tight market for experienced advertising sales staff in the Valley.

ISP partners
ISPs that tried out or deployed or prepared to deploy Nebuad included the following:


 * Broadstripe (formerly and formally Millennium Digital Media),
 * Decaturnet Internet Services,
 * Eastern Oregon Net, Inc. (EONI),
 * High Speed Networks -E50 (HSNe50),
 * Metro Provider,
 * OnlyInternet.Net,
 * Progressive Internet Services (Jayco.Net),
 * RTC on Line (Rochester Telephone Company, Indiana),
 * 20/20 Communications (2020comm.net)

The following ISPs are listed in legal documents related to the class action notice (see below) as having deployed NebuAd hardware:


 * AllCities
 * Annapolis Wireless Internet
 * AzulStar, Inc.
 * Bresnan Communications, LLC
 * Cable One, Inc.
 * Casco Communications/Peak Internet
 * Cavalier Broadband, LLC
 * CenturyTel, Inc.; CenturyTel Broadband
 * Services, LLC; CenturyTel Service Group, LLC
 * CMS Internet LLC
 * Eastern Oregon Network, Inc.
 * Education Networks of America (ENA)
 * Embarq Management Co.; United Telephone
 * Co. of Eastern Kansas
 * Fire2Wire
 * Galaxy Internet Services
 * Grande Communications
 * High Speed Data Inc.
 * 20/20 Communications
 * iBahn General Holdings
 * Knology, Inc.
 * Mesa Networks, Inc.
 * Millennium Digital Media Systems/Broadstripe
 * Network Evolution, Inc.
 * Nexicom Inc.
 * Ricochet Networks, Inc.
 * Rochester Telephone Company, Inc.
 * Softcom Internet Communications
 * United Online/NetZero
 * Unplugged Cities
 * WideOpenWest Finance, LLC (WOW)

All ISPs ended or suspended their relationship with NebuAd.
 * Charter Communications suspended its plans to test NebuAd following scrutiny from lawmakers and privacy groups.
 * An Embarq spokesperson told the Associated Press that it ended its trial with NebuAd, and has not decided whether to move forward with Behavioral Targeting advertising "either through NebuAd or with any other vendor".
 * CenturyTel, one of the earliest known ISPs to test NebuAd, notified customers in late May 2008 that it was deploying the hardware, only to pull out of the deal alongside of Charter a month later.
 * Bresnan Communications used the NebuAd technology. Following the announcements by Charter, Embarq, and CenturyTel that they would no longer use NebuAd on their networks, Bresnan told a blogger that their NebuAd trial had ended and they would comply with whatever regulatory model emerges from the current debate.
 * Web cache evidence indicated that Blackfoot Telecommunications Group, Inc. of Missoula, Montana appeared to have tried NebuAd between March and May 2008. Blackfoot's Mary Worden later explained, "Blackfoot tested NebuAd on its internal corporate network, with employees only and not with its customers, in March 2008, but had similar concerns to those raised by consumer groups and elected not to launch the service."
 * Nexicom, serving Central Ontario and the Kawarthas, Canada, notified users via its Privacy Policy page that it was using NebuAd as of April 23, 2008. Following a question to users on a public forum, Nexicom's Paul Stewart replied, "Nexicom was investigating using the NebuAd service. The software was never implemented at any time as there were concerns on several levels regarding privacy issues. References to NebuAd in Nexicom's Privacy Policy has been removed."
 * Wide Open West (WOW) completed suspension of NebuAd services on July 9. In a response to customer inquiries, WOW indicated, "With Congress in active review of online behavioral advertising, WOW! Internet- Cable- Phone is suspending its deployment of NebuAd services to our subscribers at this time.  We believe that all parties are best served by a thoughtful and thorough review of this emerging advertising model, and we welcome the opportunity for that discussion to take place."
 * Knology reported to the United States House Committee on Energy and Commerce that it discontinued a trial of NebuAd in all markets as of July 14, 2008.
 * Unbeknownst to its users, Cable One conducted NebuAd tests on 14,000 customers in Alabama for six months beginning in November 2007. As of August 2008, Cable One had decided against using the technology "commercially" on its systems but in September said it was waiting for "clear rules and boundaries".

Closure
NebuAd was closed down in the UK in August 2008 and in the US in May 2009.

Class-action lawsuit
A proposed settlement for a class-action lawsuit against NebuAd was underway in October 2011. All subscribers to the ISPs listed above between January 1, 2007, and July 1, 2008, were to be considered mandatory class members and so did not have to opt in and could not choose to opt out. Under the terms of the proposed settlement, NebuAd would create a settlement fund of approximately $2,410,000, to be used for administration of the settlement, covering legal fees, an incentive award of $5,000 to the individual who brought the complaint, providing up to $1000 for other named representatives, with most of the money going to support non-profits providing consumer education and privacy research.