FTC penalizes ad network covertly spying on users

Share this article:

The Federal Trade Commission announced Wednesday that it has settled with a now-defunct online advertising company that used "history sniffing" technology to secretly monitor the browsing habits of users, and then serve them targeted ads.

New York-based Epic Marketplace, part of Epic Media Group, was accused of inserting cookies onto users' computers anytime they visited the company's ad network, which stretched across 45,000 websites, including a number of high-profile ones. The cookie was then used, against users' knowledge and in violation of Epic's stated privacy policy, to monitor their browsing habits, even when they left the Epic network.

Most alarming was that the cookies appeared to track users when they visited particularly sensitive sites, such as destinations that offer health information or financial help, only to be later targeted with ads for similar subjects.

"Epic included the history-sniffing code within advertisements it served to visitors on at least 24,000 web pages within the Epic Marketplace Network including, but not limited to, CNN.com, PapaJohns.com, RedCross.[org], and Orbitz.com," according to the FTC complaint (PDF). "The code allowed Epic to determine whether a consumer had visited any of over 54,000 domains. Among the domains that Epic 'sniffed' were pages relating to fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, and personal bankruptcy."

This deceptiveness, which lasted through August 2011, violated the FTC Act, but there was little any victim could do to prevent the privacy invasion, the consumer protection agency said.

"History sniffing circumvents the most common and widely known method consumers use to prevent online tracking: deleting cookies," the complaint said. "Deleting cookies does not prevent a website from querying a consumer's browsing history. Consumers could only protect against history sniffing by deleting their browsing history and using private browsing mode, or, with regard to Epic's history sniffing, opting out of receiving targeted advertisements from Epic."

The settlement bars Epic from further using history sniffing techniques and orders them to delete any data that was collected under such practices. Further, the settlement prohibits the company from making misrepresentations about its privacy and data handling.

It does not appear that Epic currently is in business, however. The company may have been rebranded as Kinetic Social. An email sent to that company was not immediately returned.

UPDATE: Kinetic Social, in a statement, said it is not affiliated with Epic. However, its current CEO, Don Mathis, as well as some other current staff, did work at Epic during the period of the history sniffing. Their involvement with those acts, however, were "nominal."

"The history sniffing controversy – which was well documented in the public sphere las year – was a function of a technology that was used by Connexus (a company that merged with Epic in 2010), prior to and subsequent to the creation of EMG," the statement said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.