Interesting People mailing list archives
ISPs may provide your mailing address to Web advertisers
From: Dave Farber <dfarber () me com>
Date: Wed, 23 Jun 2010 12:36:04 -0400
Begin forwarded message:
From: Lauren Weinstein <lauren () vortex com> Date: June 23, 2010 12:15:13 PM EDT To: dave () farber net Subject: ISPs may provide your mailing address to Web advertisers
ISPs may provide your mailing address to Web advertisers "Coming Soon: Web Ads Tailored to Your ZIP+4" ( http://www.nnsquad.org/archives/nnsquad/msg03723.html ) A new "Wired" article ( http://bit.ly/ayLTO7 ) discusses a service that would -- apparently without your direct permission -- feed your ZIP+4 (9 digit) address code to Web advertisers. The service raises a host of privacy issues that are either ignored or seemingly misrepresented by the quotes in the article: "Even federal regulators who scrutinize other ad firms over their targeting practices are apparently okay with this, in part because the zipcode is encoded and can only be ready [sic] by 'trusted third parties.' That might reassure privacy advocates that personally identifying information is not at risk here (unless you're the only person in your nine-digit zipcode, which would only happen in an incredibly remote region)." Wrong. ZIP+4 frequently identifies individual addresses even in urban and suburban areas, especially for P.O. Boxes, multi-dwelling residential and office buildings, etc. Once the ZIP+4 is in hand for such locations, reversing this to the actual full address (and often the associated name) is usually trivial given existing available databases. "The privacy folks in Washington love what we are doing," claims Blacker, "because we never see any personally identifying information, we don't track online usage like behavioral [advertising does], and we only aggregate at the neighborhood level." Given that the "only aggregate at the neighborhood level" statement appears to be incorrect for many addresses as I understand the service at this point, I'd like to know which "Washington privacy folks" *love* what they're doing. "The system cuts ISPs in on the advertising game in a new way, without them having to expend much effort. They can add Feeva tags to the HTTP headers that already tell online advertisers a person's IP address, referring URL, language and browser, and they can do it using the same aggregation routers that already authenticate whether a given subscriber is paid up and should be allowed to connect." This explanation would seem to suggest that this service depends on the active interception and header modification of unencrypted user HTTP Web traffic by ISPs via proxy servers, DPI, or other means. This obviously opens up an entire additional level of serious concerns. --Lauren-- Lauren Weinstein lauren () vortex com Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, NNSquad - Network Neutrality Squad - http://www.nnsquad.org Founder, GCTIP - Global Coalition for Transparent Internet Performance - http://www.gctip.org Founder, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Twitter: https://twitter.com/laurenweinstein
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- ISPs may provide your mailing address to Web advertisers Dave Farber (Jun 23)