Once upon a time ISPs just transported packets of information from place to place without looking at them other than to find out where they should go. Of course that could not last. Now a company is selling ISPs a device designed to spy on customer traffic, track preferences and insert specially selected ads during Web surfing.

Start-up NebuAd seems to be trying to put all ISP-related, bad network-behavior into a single box. It is trying to sell a device that, according to its Web page, will “analyze and act on consumer behavior” in order to develop a “keen insight into a consumer’s dynamic, Web-wide behavior.” Basically, the device spies on traffic to try to determine the “demographics, geography, life style and interests” of individual customers (see the Web site for NebuAd’s Fair Eagle division). The box then inserts ads into the data stream the customer is receiving back from a Web site. This is done without the knowledge or permission of the customer or the Web site owner. Predictably, just like the data brokers who sell your every secret to the lowest bidder, NebuAd tries to claim that this is in the best interest of the consumer. Also note that the company could be subpoenaed for any spying it might have done on traffic to or from your IP address.

My reaction on reading about this device was one of disgust — it’s as if one were to take the entire swamp of bad things an ISP could do and boil it down to get concentrated slime. NebuAd does claim it doesn’t collect or use any personally identifiable information (see its privacy policy). But, based on such experiences as AOL’s data release (thanks for nothing, AOL), if one collects the kind of information NebuAd seems to be, it is easy to figure out whom you are looking at in far too many cases. In addition, even if the company might not be collecting personally identifiable information today, it is hard to trust that a company offering such an invasive product would not hesitate to change its tune if it thought there was a buck in it somewhere. It may give a hint to the company’s mind-set if you understand that “nebu” is the Egyptian hieroglyph for gold.

Some of this is far from a new idea. The idea of developing technology to enable ISPs to insert or replace ads surreptitiously when their customers surf the Web came up in the IETF more than six years ago. The Internet Architecture Board carefully considered the policy and architectural aspects of the idea and published RFC 3238, “Architectural and Policy Considerations for Open Pluggable Edge Services.” This document, among many other things, said that any deployment of such technology must be enabled only if the user or the Web site operator agreed. NebuAd is ignoring that guidance.