I don't think we're reading the full story here. I don't think a third party can override a website's advertising or place advertising on someone else's website at all.

MyNewPC: Are you meaning in a technical/technological sense, or a legal sense?

Technically, it's trivial. See the story a few months ago:

[arstechnica.com...]

about Rogers, a Canadian ISP, that inserted its own messages into websites.

It's trivial to detect the patterns of most banner ads, excise them and then replace them with the ISP's own ads.

Whether it's legally possible -- that's the trillion dollar question.

[edited by: GeorgeK at 10:03 pm (utc) on May 13, 2008]

Legally

All you gotta do is have 'em download your toolbar, and you can do what you want. They'll have agreed to the terms and conditions without even reading them, anyway.

I think it will only take a few large sites blocking all of Charter's traffic to remind them that this "optimization" is not in their interests. When half of their customers start calling (all at the same time) telling Charter they can't access Google or Yahoo or something of that nature, Charter will quickly remove this "feature".

I am a bit surprised that a company headed by Paul Allen (co-founder of Microsoft) is doing a thing that dumb.

This isn't an issue of Charter's customers doing what Charter wants them to do (via a download or any other means). The issue here is defacing a third party website.

loudspeaker is right on the mark.

I think it's not OK as it is -basically- copyright infringement.

They are being paid (by the user) for transmission of a page that has been requested by the user by entering a URL into the browser, or by clicking a link.

Upon the user's request, they go and fetch the page, which is delivered by the original server(s) on the purpose to actually be transmitted "as is" to the user.

Now, IF the network operator retrieves a page and ALTERS it by removing code from the page and inserting some own code snippets, THEY are modifying the page and thus provide a page to the user that can be seen as a "stolen" or "scraped" version of the original page.

If they do this to generate money, they are in deep *$%§ as this is basically copyright infringement. If they do this on pages registered with the U.S. copyright office, they can pay as much as $150,000 per individual page. Uh-oh.

I wonder if they are planning on running interstitial ads. That way they don't deface the website, just run ads prior to each page loading.

If so, that would really suck for website owners. Visitors will think it's the site owner doing it.

The UK-version is called 'phorm' and according to some influential groups, may be illegal [webmasterworld.com]. There have been a few discussions of these systems, in particular phorm itself, e.g. Phorm Tracking Is Drawing Criticism [webmasterworld.com].

TechCrunch sounded the alarm on this issue last year:

[techcrunch.com...]

when a small ISP in Texas apparently implemented the NebuAD system.

I guess we'll need to wait and see an actual implementation with a big ISP like Charter to see the technicals of exactly what is being done, to see if countermeasures are necessary. The potential of what *can* be done with this technology is scary, though.

If it's a form of another beacon/cookie, at the ISP level, the threat isn't as large as if it's whole replacement of ads. I would think that the marginal benefits of yet another beacon/cookie are minimal, given that entities like Google have their AdSense code on so many large sites, and also have data from Google Analytics and DoubleClick. The failure of Facebook and MySpace to monetize their sites well given all that they know about their users would tend to support this minimal value of the extra data.

It can become like a Trojan horse, to start off with an ISP-level beacon, and then later do more advanced things that hurt publishers, ala Gator (before they got sued) -- some of the NebuAD executives apparently came from Gator/Claria. Especially in countries that might not have the same copyright laws as the USA/Canada. An ISP in China or India or Africa might not face the same legal hurdles to replace ads as an American ISP.

[edited by: GeorgeK at 5:40 pm (utc) on May 14, 2008]

Fair use allows for minor modifications of all copyrighted works – whether commercial or educational. They will argue they are making a minor commentary to the published work. In addition, we have precedence with pop-up ads.

Courts have found that a toolbar can block certain code from firing – altering the work slightly different from the publisher’s initial design.

If this goes to court, I’d argue how this code adjustment significantly changes the market value of the original work. There is no set limit to how much you can copy in the realm of fair use, but they do consider, in commercial cases especially, the financial affects of so-called ‘fair’ use actions.

Apparently most of the lawsuits against Gator were settled out of court, e.g.

[query.nytimes.com...]

Unfortunately, this means that the lawsuits didn't lead to a strong judicial precedent to define exactly where the boundaries are on this kind of system.

Weird, the first time I read the headline I thought it said:

"ISPs to shoot themselves in own feet"

Good article about Nebuad's product, GeorgeK.

Every single web site owner is affected by NebuAD’s technology: whether a site is running ads or not makes no difference... It is important to note that these ads are NOT pop-ups, and this is not a free internet service; the ads are served as if they were part of the page, to paying internet customers who are NOT made aware that these ads have been inserted by their ISP.

What we need is a list of netblocks used by the ISPs doing this.
Give the users from those netblocks an alternate page that explains they cannot access the content and should switch ISPs/complain at their ISP.

If we do it enough (we're not makign money from their customers anyway) the customer will get annoying enough to get the ISP to stop, or go out of business (either is good if they're this greedy).

"deep packet inspection" technologies

Is there any reason why I, as a user, would want my ISP to even possess such technology?

What we need is a list of netblocks used by the ISPs doing this.

Yup, the threat of a massive boycott by webmasters would be necessary. I remember the uproar from webmasters against Microsoft's plans to insert their "intelligent" tags on web sites stopped them in their tracks.

I imagine that a lawyer wrote their privacy policy:

[nebuad.com...]

NebuAd delivers its services without collecting and using personally identifiable information such as the following:

(emphasis added) Notice the use of the word "and" instead of "or" in that sentence. That means it would be fine to collect the info, as long as at the same time they don't use it. Or, it would also be fine to use that info, as long as at the same time they don't collect it (i.e. store it). Even better, one can collect AND use the the info, as long as it's not to deliver its services! :)

This could inadvertently make the case for a wider adoption of ad-blockers by visitors, hurting publishers in that regard.

But in the end we as publishers may need to charge visitors for the privilege to use our sites.

My thoughts exactly swa66, I said that when I first read the article about the ISP in Texas inserting ads. I'll be denying access to any of my sites from a ISP that palces ads on my pages.

It also brings up other issues such as broken layouts...

Originally this was developed for ISPs to send messages to users on web pages.

For instance if someone had a package where they can only do X amount of data transfer every month and they were almost at their limit the ISP could put an image at the top of every web page saying...

"warning you have X amount of data transfer left on your account"

When they first announced this ability it was under the guise of communicating to customers... those of us more skeptical knew they would find a revenue stream for it's use VIA ads.

It already happens with XBOX-360, My son and I downloaded some new songs for Guitar Hero III and low and behold on the stage for those downloaded songs there was an ad for our ISP, At first I thought.. wow they have an ad for Shaw on here. Then I thought.. wait a sec Shaw doesn't do hard advertising through games like this... then I realized that the game has a way of letting this happen and Shaw used it. My final thought was... that is dumb, they are already my ISP, I don't need to be shown their logo while I play. It will only serve to annoy a current customer more then get new ones.

Hopefully enough noise will be made about this and it will end. Packet sniffing in any form IMO should be illegal.

[edited by: Demaestro at 7:02 pm (utc) on May 14, 2008]

NebuAD will share the behavioral tracking results with third-party advertising networks like DoubleClick.

DoubleClick = Google, who may be participating.

First I thought this thread was started 42 days too late;)

Indeed, a shot in the knee.
The problem is: How would you find out, if your ISP did so randomly?

BTW, a simple solution to make sure your content isn't being tampered with is to just run your sites in SSL.

Sure it'll slow the server down a tad, but if they actually intercept and bust into SSL streams, imagine the outcry that'll happen over making banking and ecommerce insecure.

So using SSL is the final weapon against this IMO, everyone got their certificates installed? :)

the ads are served as if they were part of the page, to paying internet customers who are NOT made aware that these ads have been inserted by their ISP.

The problem isn't the users. They might bark or cancel their subscription. The problem is with webmasters whose content is being tampered with. Thus I suggest to proceed as follows:

Step 1: Register all your content with the U.S. copyright office. (If already registered, skip step 1)

Step 2: Check your logfiles for requests coming from Charter

Step 3: Sue Charter for copyright infringement, start with $150,000 per pageview

Step 4: Goto step 2

Well, either we will all be rich, or we won't have to remember the name "Charter" for much longer.

incrediBILL: Unfortunately I don't think all advertising networks even fully support SSL. e.g. see AdSense:

[google.com...]

Although you may place the AdSense ad code on a page using Secure Socket Layers, we do not currently offer an https version of the AdSense ad code at this time. Therefore, you may see a message asking for confirmation to load all items on the page when placing the AdSense ad code on secure https pages.

This is illegal in two ways:

First, as zett said, this is copyright infringement. It's important to note that Fair Use only applies if the modifier is not making money off of the work. If they're displaying ads, it's reasonable to assume that they are making money.

Second, if they are swapping out existing ads for their own, they are invalidating third-party contracts of which they are not a part. I don't recall the exact wording for the law, but this is basically tempting someone to exit from their contractual obligation, which is illegal.

Edit:
Except in this case, it's not tempting, it's more like "forcing"

[edited by: npwsol at 7:35 pm (utc) on May 14, 2008]

Unfortunately I don't think all advertising networks even fully support SSL.

Not yet, but they will if enough publishers scream they want it in order to protect themselves from Charter, etc.

Besides, if you're a premium publisher, meaning you embed the ads server side, you can already use SSL, not a problem.

<mod hat off>

we won't have to remember the name "Charter" for much longer.

Perhaps, but the general concept is much bigger than an individual company. In the UK, every major ISP is considering this type of system, which would cover the overwhelming majority of the online population in the UK.

As it is at the moment, it's "opt out" (i.e. as an internet user, you want to see these ads unless you ask not to be included by jumping through a few (as yet undefined) hoops).

Phorm are even marketing the idea as being a great plan for online privacy:

Creating two revolutions: in online advertising and in privacy

Apparently, this type of advertising sets "a new, higher standard on privacy and anonymity". Exactly how a new, unavoidable database of your surfing habits improves privacy is unclear.

Read and judge for yourself at the Phorm website [phorm.com].

Previously, they targeted this as an anti-phishing benefit, but they seem to have discarded that angle fairly recently.

This will be implemented because the mainstream webmaster community has to date not raised any objection.

</mod hat off>