ISPs may provide your mailing address to Web advertisers

[Dave Farber <dfarber () me com>]

Begin forwarded message:

> From: Lauren Weinstein <lauren () vortex com>
> Date: June 23, 2010 12:15:13 PM EDT
> To: dave () farber net
> Subject: ISPs may provide your mailing address to Web advertisers

> ISPs may provide your mailing address to Web advertisers
> "Coming Soon: Web Ads Tailored to Your ZIP+4"
> ( http://www.nnsquad.org/archives/nnsquad/msg03723.html )
>
>
> A new "Wired" article ( http://bit.ly/ayLTO7 ) discusses a service that
> would -- apparently without your direct permission -- feed your ZIP+4
> (9 digit) address code to Web advertisers.  The service raises a host
> of privacy issues that are either ignored or seemingly misrepresented
> by the quotes in the article:
>
> "Even federal regulators who scrutinize other ad firms over their
>  targeting practices are apparently okay with this, in part because the
>  zipcode is encoded and can only be ready [sic] by 'trusted third parties.'
>  That might reassure privacy advocates that personally identifying
>  information is not at risk here (unless you're the only person in your
>  nine-digit zipcode, which would only happen in an incredibly remote
>  region)."
>
> Wrong.  ZIP+4 frequently identifies individual addresses even in urban
> and suburban areas, especially for P.O. Boxes, multi-dwelling
> residential and office buildings, etc.  Once the ZIP+4 is in hand for
> such locations, reversing this to the actual full address (and often
> the associated name) is usually trivial given existing available
> databases.
>
> "The privacy folks in Washington love what we are doing," claims
>  Blacker, "because we never see any personally identifying information,
>  we don't track online usage like behavioral [advertising does], and we
>  only aggregate at the neighborhood level."
>
> Given that the "only aggregate at the neighborhood level" statement
> appears to be incorrect for many addresses as I understand the service
> at this point, I'd like to know which "Washington privacy folks"
> *love* what they're doing.
>
> "The system cuts ISPs in on the advertising game in a new way, without
>  them having to expend much effort. They can add Feeva tags to the HTTP
>  headers that already tell online advertisers a person's IP address,
>  referring URL, language and browser, and they can do it using the same
>  aggregation routers that already authenticate whether a given
>  subscriber is paid up and should be allowed to connect."
>
> This explanation would seem to suggest that this service depends on
> the active interception and header modification of unencrypted user
> HTTP Web traffic by ISPs via proxy servers, DPI, or other means.  This
> obviously opens up an entire additional level of serious concerns.
>
> --Lauren--
> Lauren Weinstein
> lauren () vortex com
> Tel: +1 (818) 225-2800
> http://www.pfir.org/lauren
> Co-Founder, PFIR
>   - People For Internet Responsibility - http://www.pfir.org
> Co-Founder, NNSquad
>   - Network Neutrality Squad - http://www.nnsquad.org
> Founder, GCTIP - Global Coalition 
>   for Transparent Internet Performance - http://www.gctip.org
> Founder, PRIVACY Forum - http://www.vortex.com
> Member, ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
> Twitter: https://twitter.com/laurenweinstein



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com