[ NNSquad ] ISPs may provide your mailing address to Web advertisers

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] ISPs may provide your mailing address to Web advertisers

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] ISPs may provide your mailing address to Web advertisers
From: Lauren Weinstein <lauren@vortex.com>
Date: Wed, 23 Jun 2010 08:58:02 -0700

ISPs may provide your mailing address to Web advertisers
"Coming Soon: Web Ads Tailored to Your ZIP+4"

http://bit.ly/ayLTO7  (Wired)

This article discusses a service that would -- apparently without
your permission -- feed your ZIP+4 (9 digit) address code to Web
advertisers.  The service raises a host of privacy issues that are
either ignored or seemingly misrepresented by the quotes in the article:

 "Even federal regulators who scrutinize other ad firms over their
  targeting practices are apparently okay with this, in part because the
  zipcode is encoded and can only be ready [sic] by 'trusted third parties.'
  That might reassure privacy advocates that personally identifying
  information is not at risk here (unless you're the only person in your
  nine-digit zipcode, which would only happen in an incredibly remote
  region)."

Wrong.  ZIP+4 frequently identifies individual addresses even in urban
and suburban areas, especially for P.O. Boxes, multi-dwelling
residential and office buildings, etc.  Once the ZIP+4 is in hand for
such locations, reversing this to the actual full address (and often
the associated name) is usually trivial given existing available
databases.

 "The privacy folks in Washington love what we are doing," claims
  Blacker, "because we never see any personally identifying information,
  we don't track online usage like behavioral [advertising does], and we
  only aggregate at the neighborhood level."

Given that the "only aggregate at the neighborhood level" statement
appears to be incorrect for many addresses as I understand the service
at this point, I'd like to know which "Washington privacy folks"
*love* what they're doing.

   "The system cuts ISPs in on the advertising game in a new way, without
    them having to expend much effort. They can add Feeva tags to the HTTP
    headers that already tell online advertisers a person's IP address,
    referring URL, language and browser, and they can do it using the same
    aggregation routers that already authenticate whether a given
    subscriber is paid up and should be allowed to connect."

This explanation would seem to suggest that this service depends on
the active interception and header modification of unencrypted user
HTTP Web traffic by ISPs via proxy servers, DPI, or other means.  This
obviously opens up an entire additional level of serious concerns.

--Lauren--
NNSquad Moderator

Prev by Date: [ NNSquad ] re FCC will tame the Internet - or Kill It
Next by Date: [ NNSquad ] Summary judgment for YouTube/Google in Viacom lawsuit
Previous by thread: [ NNSquad ] re FCC will tame the Internet - or Kill It
Next by thread: [ NNSquad ] Summary judgment for YouTube/Google in Viacom lawsuit
Index(es):
- Date
- Thread