FTC penalizes ad network covertly spying on users

Share this article:

The Federal Trade Commission announced Wednesday that it has settled with a now-defunct online advertising company that used "history sniffing" technology to secretly monitor the browsing habits of users, and then serve them targeted ads.

New York-based Epic Marketplace, part of Epic Media Group, was accused of inserting cookies onto users' computers anytime they visited the company's ad network, which stretched across 45,000 websites, including a number of high-profile ones. The cookie was then used, against users' knowledge and in violation of Epic's stated privacy policy, to monitor their browsing habits, even when they left the Epic network.

Most alarming was that the cookies appeared to track users when they visited particularly sensitive sites, such as destinations that offer health information or financial help, only to be later targeted with ads for similar subjects.

"Epic included the history-sniffing code within advertisements it served to visitors on at least 24,000 web pages within the Epic Marketplace Network including, but not limited to, CNN.com, PapaJohns.com, RedCross.[org], and Orbitz.com," according to the FTC complaint (PDF). "The code allowed Epic to determine whether a consumer had visited any of over 54,000 domains. Among the domains that Epic 'sniffed' were pages relating to fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, and personal bankruptcy."

This deceptiveness, which lasted through August 2011, violated the FTC Act, but there was little any victim could do to prevent the privacy invasion, the consumer protection agency said.

"History sniffing circumvents the most common and widely known method consumers use to prevent online tracking: deleting cookies," the complaint said. "Deleting cookies does not prevent a website from querying a consumer's browsing history. Consumers could only protect against history sniffing by deleting their browsing history and using private browsing mode, or, with regard to Epic's history sniffing, opting out of receiving targeted advertisements from Epic."

The settlement bars Epic from further using history sniffing techniques and orders them to delete any data that was collected under such practices. Further, the settlement prohibits the company from making misrepresentations about its privacy and data handling.

It does not appear that Epic currently is in business, however. The company may have been rebranded as Kinetic Social. An email sent to that company was not immediately returned.

UPDATE: Kinetic Social, in a statement, said it is not affiliated with Epic. However, its current CEO, Don Mathis, as well as some other current staff, did work at Epic during the period of the history sniffing. Their involvement with those acts, however, were "nominal."

"The history sniffing controversy – which was well documented in the public sphere las year – was a function of a technology that was used by Connexus (a company that merged with Epic in 2010), prior to and subsequent to the creation of EMG," the statement said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.