• E-mail this page
• |  Print this page
• | 
• | 
• | 

An ISP Should Carry Bits--And Nothing More

Companies like Google, Microsoft, and Yahoo, plus the "Web 2.0" sites, get all the attention when it comes to the excitement of Internet opportunity. That's made Internet service providers jealous, and they've been looking for ways to tap into the financial bonanza flowing through their wires. Unfortunately, many of those ways invade user's privacy and break essential rules of the Internet.

ISPs are in the business of delivering bits. One of the Internet's essential rules is that the devices in the "cloud" -- hardware such as packet routers -- should not change the contents of the bits they're asked to deliver. The devices at the endpoints of a connection -- PCs, Web servers, DNS servers, and the like -- are responsible for determining what goes into the data packets. But there's no glory in hauling bits; it's as boring as transporting electricity or natural gas.

The latest "great idea" from ISPs comes courtesy of NebuAd, a company that is well-stocked with former employees of Claria. You may remember the company from its infamous Gator form-filling product. (I certainly won't forget them; my PC Pitstop company was sued by Claria in 2003, but Gator eventually dropped the suit.) Claria's supposedly consensual software installations took a nosedive when XP Service Pack 2 shipped; it's probably not a coincidence that Claria dropped its IPO plans the same month that XP SP2 came out. Claria eventually gave up and stopped distributing its adware in 2006.

Installing software on the user's system proved to be a fatal dilemma for Claria, especially since the user had very little incentive to install it and even more reason to remove it when they realized what it did. NebuAd avoids this problem by colluding with ISPs to track user activity. Together they can tap into the user's entire Web browsing experience across multiple Web sites. They do this by injecting HTML and JavaScript into pages, changing the content so that it looks like it is being delivered by the Web site the user is visiting. In security parlance, this is called a "man-in-the-middle attack" and it's a very bad thing.

In response to these complaints, NebuAd says that the company doesn't collect personally identifiable information. This is the same reply that all the adware and spyware companies gave as well, and it rings hollow. First, it doesn't address the deception of injecting content into another site's Web page. Second, privacy is more than just knowing someone's name; grabbing a person and ripping off their clothes is invading someone's privacy, whether you know their name or not.

« Palm Centro Gets Unlocked | Main | Data Domain Adds Retention Enforcement - Deduplication, It's Not Just For Backup Anymore »