back to article NebuAd plays cat and mouse with data pimping opt-out

Though Phorm-like behavioral ad targeter NebuAd has vowed to replace its cookie-based opt-out mechanism with an opt-out that's less crumbly, it appears that neither opt-out would completely opt you out. NebuAd tracks the online search and browsing activity of net surfers using deep packet inspection hardware installed inside …


This topic is closed for new posts.
  1. Anonymous Coward

    OMG and Juniper Too?

    What on earth is Juniper networks doing in bed with this lot? And who is going to trust Juniper's firewall services now? This really is gamekeeper turned poacher. They deserve to go down the toilet when nebuad, phorm and the whole sorry lot of these spyware scum finally get flushed away.

  2. adnim

    Cards meet table

    Well, as far as I am concerned ANY entity dealing with the general public that does not wholly and truthfully divulge what its modus operandi is, is being deceitful and covert and as such, should not be trusted.

    If an entity does not explicitly set forth its function and purpose, and does not clearly expose those actions which allow it to achieve that function and purpose, in plain language that can easily be understood, in wording that is not open to misinterpretation or ambiguity, are hiding something that they are ashamed of or embarrassed about. Or they are hiding something that is just plain illegal, or immoral.

    I am cynical, I am very mistrusting of large organisations. But it is not paranoia, life experience has taught me they really are trying to screw me over.

  3. Eddie Johnson
    Black Helicopters

    Its clearly time to encrypt all traffic

    I don't trust any of these companies for more than 3 days after any agreement is signed, you can opt out all you want, they always just change there T&C's and somehow everyone who was out is suddenly back in again.

    This crap is just one more push toward 100% encrypted traffic over the wire.

    I've always used Scroogle to keep my searches confidential from Google but a while back, after reading all this crap, I switched to Scroogle's SSL encrypted interface so noone at the ISP level can spy.

    Check out if you don't accept the "all your searches are belong to us" party line from your ISP.

    Helo. Because just because you're being paranoid doesn't mean they aren't watching you.

  4. Abdul Koroma

    The Ideal Solution:

    The ISPs will never come clean on this behavioural ad targeting no matter how congress would want them to do. I think the ideal solution here is to have a new business model wherein the consumer owns the last mile and is free to connect to any service provider he or she wishes at a neighborhood, carrier-neutral interconnect facility, according to this article by a leading expert: Improving Internet Transparency(

  5. Anonymous Coward
    Anonymous Coward

    What did you expect?

    A lot of these targeted advert DPI companies seem to have either some internal staff links to, or history in, spyware, adware, rootkits and / or hidden domains so they could not be found easily for their sins and subsequently held responsible.

    Remember those 50 page EULA's that hid all manner of cr*p you were letting yourself into if you pressed the OK / Agree button to install some of their scumware. How many PC's have had to be reformatted to be rid of the cr*p.

    Is it any wonder some hide behind words now.

    Gater, 121Media are all household names to the anti virus / spyware companies.

    Where are some of the people who worked / owned those companies right now? Do the research yourself and you may get a surprise.

    These type of organisations are the pits in my eyes. Most seem economical with the truth when questioned and it seems there is little of it to me.

    I personally wouldn't trust any of these 're-badged' organisations with any of my data.

  6. Luther Blissett


    There is smoke in the mirrors, and mirrors in the smoke. NebuAd sure looks like Phorm. Phorm sure looks like NebuAd. Maybe the mirrors are parallel, a fact concealed by the smoke. One mirror is called USA, the other is called UK. It is time to call time on Sgt Pepper's ghost and peak behind the simulacra.

    Who's the common puppeteer behind all this?

  7. Anonymous Coward
    Anonymous Coward


    It's kinda hard to see how the customer could own the last mile, as it's likely just one copper pair in a much larger cable. Here in the UK, some of the ISP independence is created by BT Openreach owning the last mile and making the connectivity available to service providers on a carrier-neutral basis. Of course, in a lot of exchanges the only carrier available is BT Wholesale, but BT Wholesale then have to provide broadband backhaul to ISPs on an ISP-neutral basis.

    In this context, one comment in Andrew Orlowski's piece today amazed me. Apparently some academic 'policy advisor on regulation' has suggested that Phorm & the like are a necessary evil to help fund better network infrastructure. I sincerely hope he isn't advising Ofcom, as he seems to have no clue. Any revenue from Phorm to BT as an ISP (if the Phormicators go ahead) would go to BT Retail, and BT would break a ton of regulations if any of that revenue went to Wholesale to 'fund a better network' other than via the normal purchase of Wholesale services.

  8. Anonymous Coward

    A leopard doesn't change its spots

    They tried to stop their spy software getting found on your computer. Now they're trying to stop their spy hardware getting found on your ISP's network.

    Same story.

  9. Kanhef

    The sad thing is

    how desirable the goal of targeted advertising is, and yet how vigorously we fight it. Wouldn't it be nice to only see ads for products you might actually buy? Unfortunately, I don't see any way to do that without requiring some personal information (for example, age and gender in order to only serve performance-enhancing-pill ads to men over 50), and the methods proposed for gathering that information have proved unacceptable. Maybe have a big checklist of possible interests; there's no need to provide any information (opt-out by default), but the more you do, the more likely you are to see ads for things you like.

    Speaking of Mr. Orlowski, why can we never comment on any of his articles?

  10. Mark


    >Wouldn't it be nice to only see ads for products you might actually buy?

    I doubt I'm alone in that I don't ever buy through internet advertising. Ever. Too many years of ever more intrusive, flashing, popping up, singing, dancing rubbish being pushed into my face and I flatly refuse to see any net advert as good, whether or not I want the product. There is a limit to how pushy, intrusive and deceptive advertising can be without simply antagonising users, and that line was crossed a very long time ago. If that's the only way to get this so-called free content, I can live without it - the stuff plastered with the very worst advertising isn't worth it in any case.

    So ad block plus or similar stays installed until the unlikely future when sanity returns.

  11. Gordon Pryra

    @Eddie Johnson - may as well send it all in clear text

    There is zero point to encrypting your data. Your keys are happily going through the same DPI boxs anyway. (for SSL anyway, and for most, thats their online banking etc)

  12. Anonymous Coward
    Anonymous Coward

    An ad-free future!

    > Wouldn't it be nice to only see ads for products you might actually buy?

    Wouldn't it be even nicer to just not see ads?

    "But lots of websites are funded by ads!"

    If a website needs money then it can charge for its content instead. Sites that consistently offer useful content will blossom. Sites that offer a ton of shit will wither and die, and good riddance. What a beautiful Arcadia that sort of WWW would be!

    So, pay tiny sums to the people who actually provide the content in order to get what you want when you want it, or expose the entirety of your internet activity to ex-spyware companies who smile a big smile and say "Trust me!", in order to get free content and a ton of lurid adverts for crap that you almost-certainly neither need nor want?

  13. Eddie Johnson

    @Gordon Pryra

    Do you understand how encryption and especially public key encryption work? The days of needing a backchannel for key exchange are long gone. The key I encrypt with doesn't allow an intermediary to decrypt.

    Despite that, its always just a matter of being difficult. If my packets take more energy to scan than yours they will scan yours for years before they get around to me. The processing power to decrypt all the traffic flowing through their boxes is exponentially higher and breaks the cost/benefit model.

    Its like a pack of hikers running from a bear. I don't have to be faster/smarter than the bear, I only have to be faster/smarter than *you*.

  14. pctechxp

    of course it leaves the network

    as it would be rather resource intensive for the DPI hardware to sort the traffic wouldn't it?

    The ultimate opt out is this, migrate your connections to phorm/nebuad free ISPs, that way, the phorm/nebuad supporting ones will go under, they will soon learn whose boss.

  15. Anonymous Coward
    Anonymous Coward

    ah, calm down.....

    This will not go away, best learn to live with it, like death and taxes.

    - Cisco has now started including DPI capabilities in their routers.

    - Google has been collecting statisics on your browsing for years.

    - You drive down the freeway and a camera snaps you at 90 MPH and you get a letter in the mail with your fine.

    - Your bank sells your loan to another and they sell your info to bulk mailers.

    - Safeway uses your "rewards card" to gather marketing statistics and people use the cards happily.

    It's all a matter of degrees. I hate online ads yet I work for an online ad company, go figure. Also please don't group all these DPI companies together, some are seriously trying to do it in a way that benefits everyone. At least one of the DPI companies we deal with is trying to make the users opinion count.

  16. Anonymous Coward
    Anonymous Coward

    re: ah, calm down.....

    There is no inevitability to most of what you mention; there is, in most cases, a choice. If DPI catches on with ISPs, there will be no choice.

    > - Google has been collecting statisics on your browsing for years.

    So don't use Google and block their cookies on 3rd party sites. Easy enough - certainly easier than moving ISPs

    > - You drive down the freeway and a camera snaps you at 90 MPH and you get a letter in the mail with your fine.

    The simple choice would be not to break the law. In any case I see a difference between law enforcement (although whether it's right is another matter) and exploitation for commercial gain.

    > - Your bank sells your loan to another and they sell your info to bulk mailers.

    No they don't. In the UK at least, you can opt ut from having your details passed on. I do, every time.

    > - Safeway uses your "rewards card" to gather marketing statistics and people use the cards happily.

    Again, choice. You don't require a card to enter the shop, so make the choice, pay cash and accept the loss of spurious benefits.

    As to DPI companies operating in a way that "benefits everyone"; in none of the recent DPI examples has the customer benefitted - unless you accept targetted advertising to be a benefit, and there are many many people who don't accept that to be the case. The number rises rapidly when you explain it to the remainder.

    Those in the industry are doing a marvellous job of convincing themselves that they're performing a really useful public service. The arguments look a lot less convincing when paraded outside the narcissistic goldfish bowl of the DPI/marketing industry.

    One day I'm sure the marketing industry will be viewed in the same way as those who pimped 'miracle cures' a hundred years ago. As scum.

  17. Anonymous Coward

    I think Nebuad's opt-out could be vulnerable to Cross-site request forgery!

    Meaning if I am right, that any website you visit might be able to opt you back in without your permission.

    The Nebuad Opt-in webpage uses script tags to fetch the opt-in cookies:-

    <script language="JavaScript" src=""></script>

    <script language="JavaScript" src=""></script>

    If an evil website included the same tags, I suspect it would cause Nebuad Opt-in cookies to be set on your PC.

    I also suspect including a couple of image links :-

    <img src=" >

    <img src=">

    would work just as well to opt you in too. In which case someone posting an opt-in url as an "image" in a forum post would opt Nebuad user back in too.

    Of course it doesn't matter if you are not with a Nebuad ISP.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022