American "Phorm lookalike" NebuAd bites the dust

NebuAd, a US "behavioural advertising" company in the Phorm mode has come a cropper, writes Martyn Warwick.

A document quietly filed with a Californian court signals the demise of the company that, a year ago, was covertly tracking the web browsing habits of 10 per cent of the US population.

The company used its deep packet inspection technology inside various ISPs (more than 30 of them at one time) and its response to the deluge of complaints it received when it became generally known that the software was eavesdropping in secret on Internet subscribers was to say that its ISP "partners" always and specifically notified their customers before setting the spyware in action.

But little good it did in the end. The company foundered on the reefs of public disquiet and after the US Congress voiced serious concerns about NebuAd's methods. ISP's, worried about churn and possible class action lawsuits withdrew from "partnerships" with NebuAD, leaving it high and dry.

Lawyers acting for what's left of the company say it is to assign its remaining assets to creditors and is to "cease to exist as a going concern."

NebuAd collapsed because the company's claims that ISPs "always and invariably" explicitly notified customers that the web browsing proclivities were about to be monitored turned out to be untrue.

And, although the company did provide a cookie-based opt-out facility and claimed that all data was anonymised, the US Congress, via the House Subcommittee on Telecommunications and the Internet, questioned the legality of NebuAd's secret deep packet inspection technology and the probity of the company's top management.

The company's CEO, Bob Dykes was accused of "beating consumers" and "data-pimping". This was followed by an official "request" for all US ISPs to hold in abeyance any behavioural advertising systems they may have been using or intending to introduce.

Last August, NebuAd sacked many of its staff - an exercise described by management as "temporary adjustments in the headcount" - and insisted that it was business as usual. However, a few weeks later the company was forced to admit that it had "laid off all its officers and employees."

During last autumn, 15 people who had unwittingly been targets of NebuAd's covert surveillance went forward with a court case alleging wire-tapping, packet forgery and the hijacking of browsers.

It transpires that NebuAd had been "deliberately and actively" injecting fake packets into responses from websites to deliver cookies to users PCs. A practice lawyers for the group of disgruntled subscribers describes as "packet forgery" and "straightforward browser hijacking".

NebuAd also did itself no favours with the authorities by point blank refusing to talk about its technology, opt-out processes, how long its retained consumer data, how that data was manipulated, its privacy and confidentiality regimes (or lack of any such thing) and whether or not those snared by the company could access, change or delete their profiles.

Furthermore, NebuAd's only patent is for a system to forge packets and replace a website's banner ads with NubuAd's own.

The case continues over the battered corpse of NebuAd.