Groups: Ad Firm Used by ISPs Spies on Users

— -- A targeted advertising vendor being used by several U.S. broadband providers hijacks browsers, spies on users and employs man-in-the-middle attacks, according to a report released Wednesday by two advocacy groups.

NebuAd, a behavioral advertising vendor being used by Charter Communications, WideOpenWest and other Internet service providers, uses also packet forgery, modifies the content of TCP/IP packets and loads subscribers' computers with unwanted cookies, according to the report, released by Public Knowledge and Free Press, two Washington, D.C., groups focused on digital rights.

"NebuAd exploits several forms of 'attack' on users' and applications' security," wrote report author Robert Topolski, chief technology consultant for the two groups. "These practices -- committed upon users with the paid-for cooperation of ISPs -- violate several fundamental expectations of Internet privacy, security and standards-based interoperability."

NebuAd violates Internet Engineering Task Force standards that "created today's Internet where the network operators transmit packets between end users without inspecting or interfering with them," Topolski added.

Representatives of Charter Communications and NebuAd didn't immediately respond to requests for comment on the Topolski report. Charter, in late May, issued a statement saying it was working with concerned lawmakers to address concerns about the targeted ad service.

"Charter takes the responsibility of protecting its customers' information seriously," the company said in a May statement. "We look forward to maintaining an open communication with policymakers to alleviate any concerns."

Charter Communications, a cable television and Internet provider based in St. Louis, announced in May that it was planning to use NebuAd to roll out a targeted ad program that would track users' Web activity in order to deliver "relevant" ads. That announcement by Charter, the fourth largest cable operator in the U.S., sparked calls for an investigation by several privacy and consumer groups.

Two members of the U.S. House of Representatives Energy and Commerce Committee, Representatives Ed Markey, a Massachusetts Democrat, and Joe Barton, a Texas Republican, wrote to Charter in mid-May, asking the company to delay rollout of the plan until they could have a discussion about the proposal.

Any collection of cable subscribers' personal data without their consent "raises substantial questions" about whether it is legal under the Communications Act, the two congressmen wrote.

Topolski, in his report, says he tested a connection on WideOpenWest in late May and early June. NebuAd's service injected new script into his browser session, preloaded identifying cookies on his machine, and monitored his browsing, he wrote.

Topolski compared NebuAd's methods to browser hijacking, cross-site scripting and other forms of computer attacks. NebuAd is engaged in "eavesdropping on the content of Web messages as they were being sent and received," he wrote.

"This report shows that NebuAd's Internet wiretapping is highly questionable," Marvin Ammori, Free Press general counsel, said in a statement. "Phone and cable companies should press pause on NebuAd and any similar venture until consumers and members of Congress can address the serious concerns raised by this report."