Online ads get very particular
As Internet advertising is increasingly precisely targeted to meet consumers' presumed desires, the trick for advertisers is to sniff out people's interests and needs without riling their privacy defenses.
Silicon Valley startup NebuAd Inc. believes it has reached this balance with a new ad-serving system -- even though its system of peering inside Internet traffic might seem ominous.
NebuAd's system is designed to improve on Web sites' long-standing practice of dropping tiny tracking files known as cookies on visitors' computers. When those cookies indicate enough about a Web surfer's interests, related ads can be made to appear.
But the fact that you visited a site doesn't say as much about your interests as knowing what you did there and afterward. Did you read several articles or quit halfway through one? Did you leave the site to research the topic further on a search engine?
To glean those deeper insights, NebuAd installs equipment inside the facilities of Internet service providers (ISPs), which see everything their customers do online. NebuAd's boxes examine many of the sites people visit, what they do there and what they hunt for on search engines.
While some tracking mechanisms can ferret out an interest in travel or the outdoors, NebuAd says it can tell whether you are in the market for a trip to the south of France or snowboarding gear.
The company won't say how many carriers or advertisers it works with, though CEO Bob Dykes said Internet providers representing millions of customers run NebuAd's system to let it gather information. In return, they get a share of the revenue from advertising NebuAd places.
The only ISP known to be working with NebuAd is Monroe, La.-based CenturyTel Inc., which has 530,000 broadband subscribers scattered throughout the country.
Dykes pledges his company never creates a database that could leak or be subpoenaed. It doesn't compile lists of sites that people have visited or what they did online.
While NebuAd follows users closely enough to match ads to their interests, Dykes said the company doesn't keep identifying information on them as individual people, even a numeric Internet Protocol address.
Once information is grabbed from an ISP's network, such details are fed into a cryptographic system known as a one-way hash, producing a string of code that supposedly cannot be reversed to identify a consumer. NebuAd's servers -- and snoops, presumably -- see only the hash codes.
"All they really have is (the equivalent of) a dot on a grid somewhere that says, 'It's time to get an ad to this dot,' " said Larry Ponemon, a privacy consultant who has advised NebuAd.
As a much wider-ranging eye in the sky, NebuAd could pique more worries about privacy. And its creators have taken steps to mitigate them.
To reassure computer users, Dykes said NebuAd requires ISPs to ask their customers whether they want to opt out.
However, that could prove contentious. Pam Dixon, director of the World Privacy Forum, said NebuAd should instead use an opt-in mechanism -- automatically excluding anyone who doesn't sign up. She said even if a marketing profile is anonymous, someone might be able to tie it to an individual Web user, if its details were as richly detailed as NebuAd indicates.
"For this particular business model … it's got to be opt-in, because people's expectation of privacy is that this isn't happening," Dixon said.