The company says that all of the information it collects from users' Internet service providers is anonymous, but the reality is that it's not hard to figure out people's identities with enough clickstream data. Just ask user 4417749, Thelma Arnold, who was profiled in The New York Times in 2006 just three days after AOL released search queries for 650,000 "anonymous" users.
But it likely won't just be privacy gurus gunning for NebuAd. Web publishers are almost certain to object to the technology. A new report by Free Press and Public Knowledge accuses the company of essentially hijacking people's browsers and inserting packets into the data stream that ultimately cause the browsers to load scripts from NebuAd.
NebuAd denies that it changes any publisher code. The company's defense is that its technology is no different from any other ad network's. "All ad networks use a small piece of code that is temporary and operates only within the security framework of the browser to invoke the placement of ad network cookies. The code NebuAd uses is no different, and is clearly demarcated outside of and does not modify any publisher code," the company stated.
But there is at least one significant difference. Other ad networks tend to have relationships with publishers that allow those networks to collect information about visitors. While NebuAd has deals to serve ads on particular publishers' sites, the company can collect information from any publisher -- regardless of whether that publisher consents.
Such a platform seems certain to rile publishers like Google, who could see the value of their traffic plummet. Consider, marketers who want to reach Google users searching for, say, flat-screen TVs, would no longer have to purchase search ads to do so; instead, marketers would be able to reach those users after they have navigated away from a search engine and to another site that has no relationship with Google.
Here, privacy advocates argue that Internet service providers should refrain from passing along information to companies like NebuAd unless users explicitly consent. NebuAd currently allows users to opt out of targeting, but will operate by default if consumers take no action.
Moving to an opt-in system may well assuage some of the most obvious privacy concerns of ISP-based targeting. On the other hand, that's not likely to do much to settle a possible battle between NebuAd and publishers.