business

As Internet advertising is targeted with increasing precision to meet consumers' presumed desires, the trick for advertisers is to sniff out people's interests and needs without riling their privacy defenses.

Silicon Valley startup NebuAd Inc. believes it has reached this balance with a new ad-serving system -- even though its system of peering inside Internet traffic might seem ominous.

NebuAd's system is designed to improve on websites' long-standing practice of dropping tiny tracking files known as cookies on visitors' computers. When those cookies indicate enough about a Web surfer's interests, related ads can be made to appear.

But the fact that you visited a site doesn't say as much about your interests as knowing what you did there and afterward. Did you read several articles or quit halfway through one? Did you leave the site to research the topic further on a search engine?

To glean those deeper insights, NebuAd installs equipment inside the facilities of participating Internet service providers (ISPs), which see everything their customers do online. NebuAd's boxes examine many of the sites people visit, what they do there and what they hunt for on search engines.

While some tracking mechanisms can ferret out an interest in travel or the outdoors, NebuAd says it can tell whether you are in the market for a trip to the south of France or snowboarding gear.

The company won't say how many carriers or advertisers it works with, though CEO Bob Dykes said Internet providers representing millions of customers run NebuAd's system to let it gather information. In return, they get a share of the revenue from advertising NebuAd places.

The only ISP known to be working with NebuAd is Monroe, La.-based CenturyTel Inc., which has 530,000 broadband subscribers scattered throughout the country.

Aspects of NebuAd's technique are already in play. For example, besides cookies, many online retailers deploy "clickstream analysis" tools that monitor what customers do on a given site -- what they browse, what they read, which items they put in their shopping carts but fail to buy.

Privacy issues

As a much wider-ranging eye in the sky, NebuAd could pique more worries about privacy. And its creators have taken steps to mitigate them.

Dykes pledges that his company never creates a database that could leak or be subpoenaed. It doesn't compile lists of sites that people have visited or what they did online.

Instead, its system works somewhat like a huge set of meters: one measuring interest in travel to the south of France, another tallying curiosity about snowboarding, and so on and on and on. Whenever you do something online that is thought to reveal heightened or diminished interest in a subject NebuAd tracks, the meter ticks up or down.

The system measures interest in at least 800 marketing categories, Dykes said. But it is blind to online behaviors that indicate bedroom proclivities or medical conditions, because NebuAd doesn't take sex-related ads or promotions for what Dykes calls "sensitive drugs."

NebuAd also doesn't read e-mails or postings on social networking sites.

Also, while NebuAd follows users closely enough to match ads to their interests, Dykes said the company doesn't keep identifying information on them as individual people, even a numeric Internet protocol address.

Once grabbed from an ISP's network, such details are fed into a cryptographic system known as a one-way hash, producing a string of code that supposedly cannot be reversed to identify a consumer. NebuAd's servers -- and snoops, presumably -- see only the hash codes.

"All they really have is [the equivalent of] a dot on a grid somewhere that says, 'It's time to get an ad to this dot,'" said Larry Ponemon, a privacy consultant who has advised NebuAd.

Opt-out option

If that does not reassure consumers, Dykes said NebuAd requires ISPs to ask their customers whether they want to opt out.

However, that could prove contentious. Pam Dixon, director of the World Privacy Forum, said NebuAd should instead use an opt-in mechanism -- automatically excluding anyone who doesn't sign up. She said even if a marketing profile is anonymous, someone might be able to tie it to an individual Web user, if its details were as richly detailed as NebuAd indicates.

"For this particular business model ... it's got to be opt-in, because people's expectation of privacy is that this isn't happening," Dixon said.

The degree to which this privacy equation has been managed will likely be key for NebuAd.

In the company's favor, its unusual approach to gathering data could deliver better insights than traditional cookie-based systems.

Cookie networks capture information more sporadically, which is one reason "behavioral targeting" accounts for just 3 percent of spending on online advertising in the United States, according to eMarketer, a research group.

NebuAd's system would be far less valuable, however, if not enough ISPs join the network. ISPs could get skittish if a privacy outcry erupted, justifiable or not.

However, Tom Soevyn, CEO of Focalex Inc., a marketing agency that places ads with NebuAd, said NebuAd's system appears more cost-effective than search engine marketing, partly because it puts ads on multiple kinds of sites.

"When I've run on some of the ad networks I've had horrible results," Soevyn said. While his tests with NebuAd are still in "early stages," he added, "it seems to be working pretty well. ... We'll keep our fingers crossed."