Q&A with Charter VP: Your Web activity, logged and loaded
Charter Communications is planning to monitor its customers' Web surfing and then, anonymously, display relevant advertisements.
What the third-largest U.S. cable operator, headquartered in St. Louis, Mo., probably wasn't planning on was a privacy-fueled Internet backlash that began a few days ago after it began notifying customers of its intentions. For its part, Charter describes its behavioral profiling plans this way: "innovative new technology in the field of online advertising enables Charter to provide you with an enhanced online experience that is more customized to your interests and activities."
Ted Schremp, Charter's senior vice president of product management and strategy, who says there's a lot of 'misinformation' about his company's plans to monitor users' activity so appropriate ads can be displayed.
(Credit: Charter Communications)The disclosure led to a flurry of criticism, with Consumerist.com reprinting a letter from a Charter subscriber and speculation on DSLReports.com that existing Web advertisements would be intercepted and replaced by targeted ones. Slashdot called it "spying on" customers.
Missing were details about how Charter's system works, which we've tried to remedy with the following conversation that took place on Thursday with Ted Schremp, Charter's senior vice president of product management and strategy. Schremp confirmed that Charter is using technology from Redwood City, Calif.-based NebuAd--which is reminiscent of how British broadband providers have been working with Phorm, which uses deep packet inspection with "anonymized ISP data to deliver the right ad to the right person at the right time."
Now, there's nothing particularly novel about free Internet services that look at what you're doing and display relevant advertisements. Google.com and Gmail.com do just that. Nor is there anything novel about ad-supported Internet connectivity: Juno has offered this for years.
But, culturally speaking, Internet users have grown to expect broadband providers to provide mere pipes and not be involved in monitoring Web activity for advertising purposes. (There's also a difference between making monitoring a feature of the service from the beginning and adding it after you have millions of customers. Expectations have already been set.) So how to convince customers that monitoring is useful and sufficiently privacy-protective? How to handle requests to opt-out? Keep reading to see how Charter answers those questions.
Q: How does your "enhanced" Web browsing experience work?
We're sort of piloting the service in four markets. What's generated the activity is that we've proactively informed customers in these markets via letters. The trial hasn't actually started but it will shortly.
We're partnering with a third-party company called NebuAd. The system is designed to protect our customers' privacy. Their information is never shared with NebuAd. The way the system works is that it tracks URL information, again in an anonymous way, and uses it essentially to build a model that infers the customer's interests based on the URL visited. I can give you an example.
Q: Sure.
The easiest example is someone shopping for a car and visiting Honda.com, Toyota.com, Ford.com, Chevrolet.com. As our end user does that, the model becomes informed based on the notion that the end user may be shopping for a car. Let's say they go to a Web site that utilizes an ad network that NebuAd is part of. An ad may be served based on that model.
It doesn't sort of sit on top of advertising that's there. Most Internet advertising, as I'm sure you know, is served through ad networks (and NebuAd works with them).
Q: Do you know what ad networks it partners with?
That's a better question for NebuAd.
Q: Let's say NebuAd has a relationship with DoubleClick, and let's say CNN.com uses DoubleClick for advertising. If you visit car Web sites and then visit CNN.com, you're more likely to see a car ad as a result, right?
Yes. If you look at the transaction flow, if CNN has a relationship with DoubleClick, we, through this anonymous model, have provided information to NebuAd.
The ads that are already being served are being served on an informed basis. We're informing the model to an additional degree. There is a level of misinformation about how that works.
Q: There's been speculation that you're delivering additional ads through pop-ups or pop-unders or replacing existing ads. But you're not doing that, are you? Charter customers would see a more targeted ad instead of an existing generic ad.
What you said is correct. What's being said is incorrect. We're not serving additional ads. We're not replacing ads.
Q: Do you know how many sites are participating, how much of your customers' attention you can capture? How big is this?
My understanding is that NebuAd has partnered with ad companies that represent the majority of Internet advertising. The majority of Internet advertising is syndicated.
Q: What other ISPs are doing this, as far as you know?
We really don't know. We can really only speak to Charter.
Q: If you're conducting deep packet inspection, that means you know what data your customers are transferring. Are you going to look for evidence of copyright infringement, child pornography, and so on as well?
The enhanced advertising solution does not utilize deep packet inspection. It looks at URL level information only. That's another point of misinformation on the Net.
Q: You're saying that URL-level information is not deep packet?
Suffice it to say that we're using URL-level information only.
Q: Maybe this is a confusion over terminology. To obtain the domain name to route the packet, you need to look at only the headers through shallow packet inspection. Obtaining the URL means unpacking and understanding one more level, the Hypertext Transfer Protocol. Are you looking beyond the domain name to the URL, say ford.com/mustang and ford.com/focus?
The way the model's built is that they're trying to inform what's essentially a preconstructed model. We're looking at the complete URL. How often that URL-level information is utilized in the context of building a model, I don't know.
There are a number of categories, call them all sensitive in nature, that are clearly exempted from any (inspection) including items of a sexual nature, medical nature.
Q: If you're getting a new stream of revenue from NebuAd, does that mean lower prices for your customers?
As we've gone into these pilots, we've conducted a series of focus groups to help us understand from their perspective, does this technology add value to their Internet experience, talk through privacy concerns, and so on. What our customers have shared with us is that they understand the fact that advertising is part of the Internet model. To the extent that fuels the economics behind the Internet, they understand that. They appreciate the notion that ads that are being served are attuned to their interests or potential interests.
We view it the same way as offering faster Internet speeds. This is no different. It's about taking the latest technology and applying it as a way to be useful to our customers.
Q: One point of criticism has been the way your opt-out mechanism currently works. In the future, are you going to allow a customer to opt-out their entire household, without having to set a browser cookie for each user account on each computer?
The cookie-based opt-out was arrived at on the basis of our focus groups and the nature of the Internet household at this point. The majority of households are becoming multi-PC households. The users are a variety of folks, be it spouses, kids, etc. The way we've done it is very consistent with Internet use in the household. The notion of a cookie-based opt-out supports a variety of choices.
The intent of pilots and the intent of being very forthcoming with our customers is to let us fine-tune the deployment.
Q: Do you have any plans to fine-tune it and make any changes?
At this point it's very early. I think it's consistent with the way we've rolled out any other product.
Q: Can you disclose how much you expect to receive in terms of revenue?
We don't disclose the terms of our agreements or this sort of detail.
Q: If NebuAd gives you a box or boxes that you place on your network, these devices will have access to all of your customers' traffic. Have you independently verified that privacy protections are in place and the boxes act the way you think they will?
Absolutely. What we heard from customers is that No. 1, ensure that my privacy is being protected and give me an opt-out should I choose that path. When we picked a partner, that was (important). We're confident that all baseline privacy regulations are accommodated in the engineering of the solution.
Q: Though it's still going to be a box on your network. You're going to have to trust them to some extent to get the privacy safeguards right.
In any relationship there's always a level of trust. But there's also a level of rigor and selection and testing and we've applied that here.
Q: What reaction have you received from your customers?
It's still pretty early. As I said before, our objective from day one has been to be very proactive and forthcoming with the information. We've had some levels of calls and inquiries and so on, and it's mostly "Try to help me understand how my privacy is (protected) in the engineering of the solution."
Q: Is there anything else you'd like to add?
The key from our perspective is that we're very customer-oriented in everything we do. The privacy concerns and the ability of our customers to opt-out and the fact that we're talking today is indicative of that as well. We want to be very clear that they have a choice.
Declan McCullagh, CNET News' chief political correspondent, chronicles the intersection of politics and technology. He has covered politics, technology, and Washington, D.C., for more than a decade, which has turned him into an iconoclast and a skeptic of anyone who says, "We oughta have a new federal law against this." E-mail Declan.
I'm going to block their ads anyway, and if they continue to "monitor" and "model", I'd use another vendor.
high CPU ones! There IS such a thing as bad publicity! I know what I'm looking for when I
search and will target my OWN sites and products! Ads for sites I frequent are a necessary
evil for paying the freight. I do not need ''targeted'' ads for ANY reason. I do not need
another entity snooping on what I do! How long til NSA hooks into all the Packet Inspection
hardware...they already ARE!? What a blow for privacy and Freedom.
high CPU ones! There IS such a thing as bad publicity! I know what I'm looking for when I
search and will target my OWN sites and products! Ads for sites I frequent are a necessary
evil for paying the freight. I do not need ''targeted'' ads for ANY reason. I do not need
another entity snooping on what I do! How long til NSA hooks into all the Packet Inspection
hardware...they already ARE!? What a blow for privacy and Freedom.
There is no way in hell I want my ISP monitoring my web surfing. What part of "invasion of privacy" does this clown not understand?
a) Paying a 3rd party to provide a 256-bit encrypted proxy over port 80 for all of my requests.
b) Using vendors that provide encrypted connections nntp/pop3/SSL
c) Using the free anon-network
and also dumping all cookies on browser close may help. But these guys are tracking your movement by your account/IP address through their routers.. they don't just use cookies.
1. Why, when setting the cookie to opt-out, did Charter require us to fill in our name, address, account number, email address, etc. on a web form? Once for every browser, in each PC or laptop. Why on earth was all that information needed in order for the cookie to be set?
2. Does Charter (and its customer) realize that the cookie is only good for 12 months? According to my cookie file, the cookie that was set by connect.charter.com (cookie name "knanpro") expires exactly one year from the day it was set. Great opt-out, Charter. In a year we're all going to be seeing the ads again (if we're still subscribing).
The letter that was sent to us made it all sound so beneficial to me, like it was almost something I'd pay more money to get: "an enhanced online experience".... "innovative new technology". Charter, I'd actually pay for innovative new technology if it helped me more than it helped you. That letter did absolutely nothing but cover their legal butts. I laughed out loud when I read the BS in it. It's posted in its entirety on dslreports, go read it for a chuckle. "Focus group", bah. "Yes please, I want to see your targeted ads, it sounds great to me!"
I'm lucky to have other options, and I'm one long-time Charter customer who intends to follow through with my threat to cancel my Charter internet, phone, and HD cable TV if they don't back off on this plan. This CNET article did nothing to reassure me. Someone needs to ask them again, this time with some tougher questions than these softballs.
This is data collection and dissemination. This is clearly nothing more than a dominant communications company leveraging their customer base to increase profitability in the what should be the most secure of environments - their privacy. Stating that certain areas would be off-limit (sexual, medical) implies filtering, which further implies data-mining.
The question here isn't technical, but lawful and intrusive. When the company states that collecting data and using that to modify the browsing experience based on paths well traveled, this clearly implies a degradation in overall service parallel with Pay TV vs. standard cable, with sprinkles of invasive behavior thrown in for good measure.
As the interviewee stated, there's nothing new or fundamentally wrong with allowing a company to inspect and display advertising based on targeted key-words or the like, but this usually comes at the expense of the company offering (namely free) service. Suspecting a paying client base to not only pay full price for the pleasure of inviting increased marketing into their homes - and then making them swallow the idea its a service UPGRADE (again "We view it the same way as offering faster Internet speeds. This is no different") is beyond despicable and atrocious. It borders on criminal.
I would encourage each and every Charter member to abandon ship pronto, to seek their internet provider elsewhere. You may pay more and experience slower speeds, but please respect companies that respect your patronage, and not squeeze you further under the assumption they're doing you a favor. Absolutely shameful.
Answer to the clowns at Charter: adblockPLUS.
Ford posts 8 percent increase in European sales on strong demand for Focus, Fiesta
Quoted for truth. There's really nothing more to say.
You cleared up some important details, such as that web page ads won't be replaced, they will be served by the regular advertising network.
But you didn't pin down how they will not track access by children, how they will avoid medical tracking... is the latter actually in a contract that Charter subscribers can view? (No)
As for Shremp's stmt "The way the system works is that it tracks URL information, again in an anonymous way.", well, he said they will deliver targeted ads to each household machine. First, that's pseudo-anonymous. Ask exactly what information allows that to happen.
What happens if web surfing is done with cookies disabled? How are advertisers tracking a particular box (browser instance across machines) in a particular household? How do they even tell which person among multiple on one machine is that person if cookies are disabled, even if they login as different lusers? You know that information is not part of the HHTP stream. They are claiming to be able to discriminate that, right?
Charter's own web page states all sorts of reasons that may cause someone to lose their opt-out cookie, and that the luser must opt-out again and again and again as might be necessary. How does that qualify for the known definition of opt-out?
Declan, you're a security geek. You know that cookies should be wiped at some frequency for privacy reasons...why didn't you ask about it?
Ask Shremp whether it is technically possible (it is) for an entire household to opt-out without the need for a cookie, and why that is not offered.
Ask why boo-boo er Nebu won't up and decide to read mail traffic to see for example what SIGs (special interest groups) an account might be subscribed to, such as car or sports mailing lists, and then add this information to the web surfing being targeted. (How does Google make money off of POP delivery?)
Can this device conveniently be used as a government snooping device with an appropriate module add-on? What do the snoop devices look like on the diagram of one of Charter's networks (covering many subscribers)? I would imagine an ISP has many lines into and out of it. It's easier for me to picture redundant backbone connections, but what does the network topology look like incoming? Concentrators?
Ask Shremp for more answers.
I now proxy all my web/ftp connections via ssh proxy (check my IP, I'm coming at you from Sweden!), and will probably add mail soon too. Do your part and explain how this works...think Panix.com and Privoxy.
Hey, even Privoxy used just locally can bust a ton of ads. I guess that's why it used to be called AdBuster.
--
Harvey Mars
I'm not an RGU, I'm a customer. Until they start realizing that then they can go to heck. I wasn't going to use them for TV either. I have DirecTV for that. (and have been VERY happy with them.)
-
by AppleSuxLeo
May 20, 2008 1:36 AM PDT
- Moe , Larry , and Schremp !
-
Reply to this comment
-
Showing 1 of 2 pages (22 Comments)