An online advertising firm called NebuAd that pays ISPs to let it eavesdrop on web users doesn't just passively record traffic, but actively injects fake packets into responses from other websites in order to deliver cookies to users, according to a technical report released by the advocacy groups Free Press and Public Knowledge on Wednesday.
The report from the open net advocacy groups describes the system as a "browser hijack," comparing it with two classic hacker attacks.
NebuAd first drew widespread attention after Charter Communications, the nation's fourth largest ISP, announced it would try out the company's technology, promising that users would love having more targeted ads served to them. That announcement brought unwanted media and congressional attention to NebuAd, which had already installed monitoring boxes inside the network of at least one smaller ISP, WOW.
NebuAd has conceded that its boxes peer deep into internet packets to pull out URLs and search terms in order to classify each user's interests. That profile is then used deliver tailored ads on various partner websites.
<sni>