back to article Researcher: NebuAd forges Google data packets

The man who caught Comcast blocking BitTorrents has now turned his attention to NebuAd, the Phorm-like behavioral ad targeting service that's tracking net surfers from inside multiple American ISPs. In a new report (PDF) released under the aegis of consumer watchdogs Free Press and Public Knowledge, Robb Topolski accuses …


This topic is closed for new posts.
  1. Man Outraged

    So what's the difference between 2 half-baked workarounds..

    Okay, Phorm we know gets outright sneaky and forges cookies directly in other people's domains, as pointed out by the good Richard Clayton.

    So are we saying here that NebuAd does not do this outright, but instead inserts JavaScript which references a domain owned by NebuAd in order to get some "linkage" between the Unique User ID (UUID) and the stream?

    Very interesting stuff, but all this shenanigans should be stopped now before we knacker the whole WWW.

    An ISP just CAN'T go fiddling around with packets like this. What about proprietary applications which use HTTP but don't expect extra JavaScript injected (or cookies, in the case of Phorm).


  2. Solomon Grundy

    Website, Service Opt Out, and Mailing Address

    Is their site usually so crappy? It's just a single column of text with browser default text rendering, and no graphics - I hope they paid a lot for it.

    I opted out of their service on this page:

    As a side note their site also says that they will respond to any written complaint received at the following address:


    c/o NebuAd Inc.

    901 Marshall Street

    Second Floor

    Redwood City, CA 94063-2026

    Which also means that any electronic communications sent to will be disregarded - assuming the address is even monitored.

    Everyone should write them and let them know that their opt-out policy is 100% moose dick and needs to be fixed.

  3. Anonymous Coward
    Thumb Up

    Make Yourself Heard

    Join the protest on the 16th July at the BT AGM, the Barbican, London.

    Let BT know that we do not want Phorm!

  4. Anonymous Coward
    Paris Hilton

    These snooping companies ...

    ... seem intent on upsetting Google don't they?

    Posters at Cable Forum are running a sweepstake on when BT will start their Phorm trials. No cash prizes.

    Paris, because I've got a tip she could have a bob on.

  5. Anonymous Coward
    Thumb Down

    WOW! is ...

    ... in the Chicago area, I believe.

    I remember seeing some ads fhem - glad I didn't go past the "looking" stage.

    Comcast is also heavy here. Lots of evil lurks the city.

  6. Ken Hagan Gold badge
    Thumb Down

    ...except that it redirects immediately to the insecure version. I can imagine why. I don't suppose encrypting every web search would reduce Google's power bill at all, but if ISPs are going to launch man-in-the-middle attacks against their own customers, the whole web if probably going to have to move in this direction.

  7. Chris C


    "Transparency and consumer privacy protection are core to our business" ... "It is corporate policy not to publicly discuss partnership relationships."

    Seems mighty transparent to me.

  8. Anonymous Coward

    Soylent Green

    Some ISPs seem to be determined to treat their subscribers like Soylent Green, don't they? Grind them up into tiny little bits and sell them on to the highest bidder...

    Here's a wake-up call to ISPs: your business is selling access to subscribers, not selling subscribers to advertisers. Remember what the 'S' in 'ISP' stands for? Remember who your customers are, or go the way of AOL...

  9. Anonymous Coward
    Paris Hilton

    BT execs - get out of your ivory towers and smell the coffee

    You stand a good chance of going to jail also.

    Only a half-baked madman with a loaded gun to his head should trust a spyware merchants privacy policy. I hope the American ISP's involved get taken to the cleaners!

    Google sue their A***s off!

    121Media aka Phorm wrote rootkits and spyware. They are UK's equivalent to NebuAd in terms of what they are trying to achieve. They are in UK ISP buildings NOW installing their spying interception equipment. They also will intercept all data being searched for in Google. They don't just leave cookies but they physically intercept all your data stream whether opted in or opted out according to recent diagrammatic analysis. If you opt out you TRUST them to ignore your browsing.

    How BT ever got into bed with this outfit is beyond me. If everybody wants to stay web-wise I suggest they stay well clear of BT.Phorms WebWise and complain bitterly about the invasion of your privacy to your MP's.

    Paris, Because she likes to optin, optout, optin, optout ......

  10. Anonymous Coward

    opt-out perhaps,but is that just not seeing the Ads, we need the facts.

    "NebuAd does provide ISP subscribers with an opt-out. But we're not alone in saying the service should be opt-in only. ®"

    lets be clear on this, they may provide an opt-out perhaps, but is that just not seeing the Ads, we need the facts.

    is any part of your datastream or that of your visited websites datastream still passing though these interception devices at any time you are told you are opted-out?

    are they still collecting,collating, processing, and finally after all that anonymiseing any part of said data while opted-out.....

    it need stating in an official mannor so we can use it in court later when ElReg investigative reporters discover the truth of the matter.

    lets face it ,we are not going to get investigative reporting from the BBC or CNN on this unlawful interception for profit practice are we.

  11. Robb Topolski

    @Solomon Grundy - Why Their Site is Sucky

    Their site is sucky because you are blocking their domain. You probably have some kind of ad-blocking software installed. Therefore their images, css, js, and etc. can't do anything.

    Good job you!!

  12. Anonymous Coward

    Vodafone 3g ??

    I have found additional javascript code in my pages when viewing them over 3g with a vodafone dongle.

    The reason they do this is all part of the aggressive caching 3g uses, but if you are working on a website it is virtually impossible until you block this chunk of JS.

    ISPs messing with packets is already here and they already don't care.

  13. stranger on the road

    license agreement?

    one of the problems we are facing today is that companies can and do hide their practice behind the license agreement. Perhaps the law should restrict how much companies can put in the license agreement to only what the customer is expecting from the company, and anything else should be stated clearly outside the license agreement.

    Example: An ISP provide you with internet access. That is what the customer understand, and that should be the limit of the agreement. Anything else like "selling your data to a 3rd party who will analyies your web behavior and server ads to you", shouldn't be part of the license agreement but should be legally required to be placed in the "features" list.

    This should also apply to software companies that bundle 3rd party ad serving software that act "outside" their products (including toolbars). The default installation must legally be forced to show those options and by default have the tick boxes un-ticked.

  14. John Robson Silver badge
    Black Helicopters

    Hmm - I see a secure tunnel to a hosting facility being used soon...

    At least I trust them as a service provider, they explicitly firewall 6667, and officially disapprove of IRC servers.

    That's it. Other than that it's a raw IP connection.

  15. seatrotter

    Only if...

    ...we had laws that when a company is caught lying and actively misleading consumers, should be penalyzed to bankruptcy. Plus, penalyze also the management of such companies.

  16. Anonymous Coward
    Thumb Down

    @jeremy re Vodafone are they also using a Mobile Phorm?

    "Vodafone 3g ??

    By jeremyPosted Tuesday 24th June 2008 06:38 GMT I have found additional javascript code in my pages when viewing them over 3g with a vodafone dongle.

    The reason they do this is all part of the aggressive caching 3g uses, but if you are working on a website it is virtually impossible until you block this chunk of JS.

    ISPs messing with packets is already here and they already don't care.


    i do wonder though, is it also possibl ethat vodafone have also started trialing some Phorm like DPI on their networks juat as Orange use right now to intercept your mobile users datastreams ?.

    remember this

    "Targeted advertising is all the rage these days, but the ways in which the necessary data is gathered is still the subject of hot debate. Xiam makes great play of its ability to profile users just by watching what they do without requiring configuration, and Orange UK apparently "supplies Xiam with data including billing information, mobile browsing logs and purchase history".

    Orange assured us that the "browsing logs" only refers to on-portal usage (within Orange World), and "billing information" relates to purchases made from the operator. However, Portal Relevance Manager Jim Small is quoted as saying that 2008 will be the year when the service is "rolled out fully into all download content areas and beyond into browsing content in third-party off portal services".

    We asked Orange if it was serious about this, but met with silence. Xiam has the technology to do it, but is understandably coy about what information its customers are using to profile subscribers, as it is the network operator's decision what to collect.


  17. C Blackmore

    We need a new browser...

    ...that carries out the packet sniffing, and can't run Javascript, for a start, then.

    Then we need ISPs that just do internet with no trickery. I would buy shares in one like that!

  18. TMS9900


    So what would happen if you wanted to run SOAP over HTTP? Or .Net remoting? Presumably it would barf because the bloody ISP has inserted some JavaScript?

    Great. :-(

  19. popper
    Thumb Up

    @C Blackmore We need a new browser...

    "We need a new browser...

    By C BlackmorePosted Tuesday 24th June 2008 16:02 GMT ...that carries out the packet sniffing, and can't run Javascript, for a start, then.

    Then we need ISPs that just do internet with no trickery. I would buy shares in one like that!"

    no you dont, all you need is the ability to write Rebol scripts and use this as your base working example.

    post it in here and the CF threads to be sure people see it if you manage to make it work for any browser cache.

    if oyu cna be bothered, you can also make a nice GUI for it , eather stand alone or in a browser, but stand alone is better as it can run on more OS platforms that the browser plugin right now.

    if you really want to get fancy, you could also include a multicast tunnel for all DPI intercepted users world wide to share their blocked URLs lists and many more things

    you need to translate this into english but kkep the rebol scripts intact OC

    theres everything you might need if your already a script coder, its super small portable and free for personal use (most of all its writen by the creator of AmigaOS carl S, so you know its good)

    so go and do your part,sit down and write it and release these new end user tools to help fight this evolveing mess.

    you might even enjoy it and have some FUN....

  20. James Hess

    re: SOAP/XML

    There is still HTTPS and IPSec.

    The HTTP over IP standard should be deprecated due to the quite visible fact that

    there are some very large untrustworthy ISPs.

    In favor of port 443 HTTP over SSL, or HTTP over IPsec (with the ip authentication header), which can actually still provide practical assurances that the data arrives unmodified, or doesn't arrive at all,

    in spite of the new issue that has arised with use of HTTP on the internet.

    Yes, it turns out that not all the evil crackers are wearing black hats or committing their mischief by exploiting bugs in software to gain access.

    Why do all that, when the undercover black hats can conveniently pay an upstream provider for surreptitious access to all your data streams?

    Unbridled sniffing with no repurcussions, so long as the source of the data

    is adequately obfuscated before it's sold overseas to the highest bidder....

  21. C Blackmore


    Thanks, I had forgotten about Rebol. I do so miss my Amigas, almost as much as my Nascom 2. Must get back into programming...

  22. Art Hawkes

    Be warned

    I recently moved to a new ISP largely over the Phorm debacle. Out of the blue and some six weeks after I moved, I received a demand from a debt recovery agent appointed by my former ISP. No prior request by telephone, email or plain old mail. I do not dispute that, if I was being charged in arrears, I may have an amount outstanding from the period of my last payment up to the final cancellation point. How do I check without an invoice? The matter is now with a solicitor but the amount claimed is so small compared with potential legal fees perhaps I should cut my losses and pay. Plus, I don't want to get into the position where the debt recovery agent can add huge weekly charges for 'late payment'. They are totally unregulated thanks to government non-intervention. In addition, it could impact on my credit history. I have omitted the name of the ISP for fairly obvious reasons.

This topic is closed for new posts.

Other stories you might like