"NebuAd's practices resemble several forms of 'attacks' on users that have generated considerable controversy and user condemnation," states the report, issued by net neutrality groups Free Press and Public Knowledge. The report says that NebuAd alters the code on publishers' Web sites in order to track consumers.
The study was prepared in advance of an upcoming U.S. Senate hearing about privacy and online advertising called by Byron Dorgan (D-N.D.). That hearing, originally slated for this week, is now scheduled for early next month.
NebuAd partners with Internet service providers to serve ads to broadband users based on the Web pages they visit. The platform has alarmed privacy advocates, who view it as highly intrusive because Internet service providers know every Web site that users visit and all of their search queries. Older behavioral targeting companies, by contrast, usually only know when Web users visit particular sites within a network.
Charter Communications recently said it was going to start testing NebuAd's behavioral targeting platform. That announcement spurred two Congress members, Reps. Ed Markey (D-Mass.) and Joe Barton (R-Texas) to intervene. Last month, they asked the St. Louis-based Charter to delay its plans pending an investigation.
Charter, which provides broadband service to 2.8 million subscribers, was previously scheduled to start testing its system by June 15, but has not yet done so. The company attributes the delay to technological issues.
Charter is the biggest company to sign on with NebuAd, but isn't the only one. Another Internet service providers working with NebuAd is Denver-based WOW (previously called Wide Open West). For the report, software tester Robert Topolski examined the computer of a WOW subscriber.
NebuAd said in a statement Wednesday that it was "disappointed with the misleading characterization" of its company in the report. NebuAd stated that its technology is no different from that of other ad networks. "Similar to most ad networks, we place cookies on users' machines ... All ad networks use a small piece of code that is temporary and operates only within the security framework of the browser to invoke the placement of ad network cookies. The code NebuAd uses is no different, and is clearly demarcated outside of and does not modify any publisher code."
NebuAd says that its data collection practices are anonymous, in that it doesn't gather names or addresses. The company also says that users can opt-out of its targeting.
But the new report criticized NebuAd for not giving users enough power over the opt-out process. "The NebuAd device ensures that a Web browser is always preloaded with cookies providing unique identifying codes," the report states. "Regardless of whether the end user changes computers, browsers or purposefully and frequently erases cookies, the device reloads the subscriber's uniquely identifying cookies to allow the targeted advertising to continue."
NebuAd responded Wednesday that consumers can decide to forego receiving targeted ads at any time. "Such choice is provided in both robust advanced notice and on an ongoing basis," the company stated.
Free Press general counsel Marvin Ammori said that NebuAd and Internet service providers should postpone ad-serving plans pending a more complete investigation. "We should press pause and look into what's going on," he said. "We need a better understanding of what ISPs are doing with this technology, how this technology could be used in the future, and how consumers are potentially harmed."