ISP Embarq Monitors User Traffic

← Back to Stories (view on slashdot.org)

ISP Embarq Monitors User Traffic

Posted by Soulskill on Friday July 25, 2008 @11:57AM from the you-can-trust-us dept.

Deli Korkmaz writes "The Washington Post reports that Sprint-Nextel spin-off Embarq, currently the US's fourth largest DSL provider, monitored Internet activity on some 26,000 customers in Kansas using deep-packet inspection technology NebuAd in order to deliver targeted advertising to users' desktops. CNet provides coverage as well. The House of Representatives Committee on Energy and Commerce is investigating whether any privacy laws were broken. Users were informed of this test and invited to opt out only via Embarq's online Privacy Policy; a mere 15 subscribers did so."

5 of 106 comments (clear)

Min score:

Reason:

Sort:

Re:was it limited to inspection? by Ron_Fitzgerald · 2008-07-25 12:07 · Score: 4, Informative

It is exactly like Phorm. They monitor your surfing habits to identify your likes and feed the info to a partner website that is displaying an ad based on your habits.

--
~ Ron Fitzgerald
Re:was it limited to inspection? by Anonymous Coward · 2008-07-25 12:13 · Score: 5, Informative

Disclaimer: I am an Embarq employee.

It was used to better target the advertisements on MyEmbarq.com and on the DNS redirection pages for server not found. If there was any more past that, then the general work force was not aware of it. No modifying of pages or redirecting others' advertisements.

This system would only work if you used Embarq's DNS servers.
Tom Gerke by CauseWithoutARebel · 2008-07-25 12:47 · Score: 5, Informative

tom.gerke@embarq.com was the contact for the CEO back in March. I assume it is still legitimate...

--
Weird slashbug #455
Re:EXACTLY by Anonymous Coward · 2008-07-25 13:11 · Score: 5, Informative

Please be careful with the terminology.
Opt-out means that you're in and you have to opt-out to stop your membership/subscription/whatever.
Opt-in is what you want: it's your choice to subscribe/join/whatever, and if you don't, there is no membership/subscription/whatever.
For example: The do-not-call list is an opt-out scheme. Unless you take action and put your name on the list, they're allowed to call you. Most newsletters are opt-in: You only receive the newsletter if you subscribe. Spam is neither opt-in nor opt-out: You get spam without doing anything. If you try to opt-out, you get more spam.
Re:long past time for encryption by default by Antique+Geekmeister · 2008-07-25 22:49 · Score: 4, Informative

HTTPS presents a significant load on servers. It can easily demand 3 times the hardware and support to transfer a large, busy set of servers to HTTPS for all traffic. If it *didn't* present a noticeable load, it would be fairly useful as a normal encryption channel.
It's also awkward to proxy and manage the encryption securely, because HTTPS is very careful about checking hostnames and IP addresses to avoid people forging your site. This makes it more awkard for usrs, as their browsers complain about untrusted keys or the server owners have to invest in registering keys.