Free Press and Public Knowledge love to lob bombshells at ISPs. Free Press was a big backer of the FCC complaint against Comcast's traffic management system for dealing with P2P uploads, and the two groups have now issued a new report (PDF) that takes aim at a new ISP practice: selling user Internet data to advertisers. The report calls out NebuAd, which recently began a high-profile partnership with cable operator Charter, and it doesn't mince words. The NebuAd system "commandeers users' Web browsers," makes use of a "browser exploit," and operates "by using what is effectively a classic man-in-the-middle attack."

Robert Topolski, a technology consultant for both groups, prepared the report. Instead of taking a wide-ranging look at the NebuAd system or digging deep into potential illegal activity under the Wiretap Act, Topolski confines himself to looking at the system by which NebuAd gear places various tracking cookies on user machines.

NebuAd works its targeted advertising magic by partnering with ISPs and installing a box in their network. The box examines inbound and outbound traffic from all users, and it builds a highly-targeted profile for each Internet user by taking a look at the sites that people visit and the keywords displayed there. These profiles are then used by NebuAd to insert relevant advertising into web pages that have elected to use to the NebuAd network (NebuAd does not override ads displayed on sites that are not part of its advertising network).

To read the article, click here.