• by Wendy Davis , Staff Writer @wendyndavis, December 6, 2010

No sooner did Federal Trade Commission consumer protection chief David Vladeck condemn "history sniffing" -- or the practice of exploiting a browser vulnerability to surreptitiously discover which other Web sites users had visited -- than the site YouPorn was hit with a lawsuit about the practice.

In a complaint filed late last week in U.S. District Court in the Central District of California, two Orange County residents sued YouPorn's parent company, the Netherlands-based Midstream Media International, N.V., for allegedly "impermissibly accessing their browsing history" via vulnerabilities in their browsers.

They argue that YouPorn "hijacked" their computers in order to glean "valuable research data which could have been sold to marketing research firms."

This case marks the first known history-sniffing lawsuit, but it almost certainly won't be the last. A recent research paper from the University of California, San Diego, which exposed the practice, named 46 Web sites using history-sniffing technology -- though in at least some cases the technology reportedly was deployed by the third-party ad company Interclick without the publishers' knowledge.

The suit against YouPorn alleges that the site violated California state laws and the federal computer fraud and abuse act -- an anti-hacking statute dealing with gaining unauthorized access to another's computer.

But some legal experts doubt that history sniffing meets the technical requirements of the federal computer fraud statute. Seattle based cyberlaw expert Venkat Balasubramani says the case likely faces major hurdles -- including that the computer fraud statute requires plaintiffs to prove they suffered at least $5,000 worth of damage.

Other privacy lawsuits have alleged violations of the federal wiretap statute -- also an iffy proposition given the technical requirements of that law.

Still, given that a host of Web companies (including Google, Facebook, Adzilla, Netflix, Quantcast and Clearspring) have recently settled privacy lawsuits, plaintiffs' lawyers must think that these lawsuits are a good gamble.

Like other recent privacy lawsuits, the case against YouPorn also highlights that with or without new regulations, Web companies might need to take privacy more seriously when coming up with plans to monetize sites with ads.

--

Correction: The Nov. 24 Daily Online Examiner should have said that Kindsight plans to soon launch its new ad targeting service. The company currently is testing a security service with six Internet service providers, which it hasn't yet named.