Behavioral ad targeting is nothing new on the internet, and I easily recall it being offered in one form or another as far back as about 1999. In fact, 24/7 Real Media currently offers behavioral targeting through their ad network as just one case in point. So what’s new with this incarnation is the way in which NebuAd collects data to base the targeting upon. NebuAd’s innovative twist on behavior targeting is based upon monitoring individuals’ internet browsing habits through their ISP, essentially seeing all the sites and pages that a user visits.
Other online behavioral targeting models are likely based upon ad networks cookieing users on all the sites where the ad network runs ads. This may leave a lot to be desired, since users are likely visiting a great many sites outside of the ad network, leaving them a little in the dark as to what the users may be up to currently — if a user only visited one or two ad network sites, there could be insufficient context to really make any sort of behavioral assumptions. NebuAd’s data collection method may provide them with the ability to more accurately target ads for far more site visitors.
NebuAd has already partnered with a few ISPs like CenturyTel to get access to their subscribers’ surfing data. NebuAd uses a sort of network appliance hardware to sniff out the sites/pages that users are requesting through their ISP’s network operating centers.
The few weak links I see in NebuAd’s approach are (1) the sensitivity associated with online privacy, (2) their dependence upon persuading sufficient numbers of major ISPs to cooperate with them, and (3) users coming in from ISPs which are not data partners of NebuAd, making them harder to profile.
On the privacy issue, NebuAd claims they do not generate a database that could be leaked or subpoenaed, since they encrypt user-identifiable data like IP addresses in a one-way hash. It all sounds good, but as consumers we just have to trust them that this is all handled well, and it only takes one server to be misconfigured and IP data starts getting logged.
The subpoena bit is just PR-spin, too, since a government agency or lawyer can still hit them with a subpoena to fish for anything that might accidentally be there.
Just a few years ago, DoubleClick bought Abacus Direct, intending to mashup online browsing with offline purchase habits in order to enable greater behavioral targeting. There was such intense public outcry over privacy concerns that DoubleClick felt compelled to halt the integration of the Abacus data. So, it nearly doesn’t matter if NebuAd does safeguard privacy well enough — if people are creeped out by having ads appear which seem to know what they’re up to, they might lash out at the advertiser, the ad network, and maybe even their ISPs.
On the second issue, will NebuAd get enough ISPs to partner up with them? They’re apparently already partnered with a number of ISPs, thought they won’t say who. This makes one suspect that perhaps those ISPs could be keeping the behavioral profiling a secret from their subscribers — something that would appear to run against the NebuAd pro-privacy stance.
NebuAd says that they require ISPs to allow users to opt-out of the profiling, but ISPs frequently bury subscribers under reams of privacy terms and conditions fineprint to the point where few subscribers can actually figure out what’s done with their data.
Many users are browsing the internet from work or school, and I suspect that corporate and educational networking departments will be unlikely to participate by providing NebuAd with their users’ data. So, there could be a substantial number of users that NebuAd will be unable to profile and target.
Still, all things considered, NebuAd may have built a very compelling business proposition — they could be positioning themselves to eventually be acquired — they’d make a very attractive advertising component if coupled with various other targeting technologies like geotargeting, demographic targeting, keyword targeting, contextual advertising, etc.