FTC penalizes ad network covertly spying on users

Share this article:

The Federal Trade Commission announced Wednesday that it has settled with a now-defunct online advertising company that used "history sniffing" technology to secretly monitor the browsing habits of users, and then serve them targeted ads.

New York-based Epic Marketplace, part of Epic Media Group, was accused of inserting cookies onto users' computers anytime they visited the company's ad network, which stretched across 45,000 websites, including a number of high-profile ones. The cookie was then used, against users' knowledge and in violation of Epic's stated privacy policy, to monitor their browsing habits, even when they left the Epic network.

Most alarming was that the cookies appeared to track users when they visited particularly sensitive sites, such as destinations that offer health information or financial help, only to be later targeted with ads for similar subjects.

"Epic included the history-sniffing code within advertisements it served to visitors on at least 24,000 web pages within the Epic Marketplace Network including, but not limited to, CNN.com, PapaJohns.com, RedCross.[org], and Orbitz.com," according to the FTC complaint (PDF). "The code allowed Epic to determine whether a consumer had visited any of over 54,000 domains. Among the domains that Epic 'sniffed' were pages relating to fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, and personal bankruptcy."

This deceptiveness, which lasted through August 2011, violated the FTC Act, but there was little any victim could do to prevent the privacy invasion, the consumer protection agency said.

"History sniffing circumvents the most common and widely known method consumers use to prevent online tracking: deleting cookies," the complaint said. "Deleting cookies does not prevent a website from querying a consumer's browsing history. Consumers could only protect against history sniffing by deleting their browsing history and using private browsing mode, or, with regard to Epic's history sniffing, opting out of receiving targeted advertisements from Epic."

The settlement bars Epic from further using history sniffing techniques and orders them to delete any data that was collected under such practices. Further, the settlement prohibits the company from making misrepresentations about its privacy and data handling.

It does not appear that Epic currently is in business, however. The company may have been rebranded as Kinetic Social. An email sent to that company was not immediately returned.

UPDATE: Kinetic Social, in a statement, said it is not affiliated with Epic. However, its current CEO, Don Mathis, as well as some other current staff, did work at Epic during the period of the history sniffing. Their involvement with those acts, however, were "nominal."

"The history sniffing controversy – which was well documented in the public sphere las year – was a function of a technology that was used by Connexus (a company that merged with Epic in 2010), prior to and subsequent to the creation of EMG," the statement said.

Share this article:

Sign up to our newsletters

More in News

Apple hit with privacy class-action over iPhone location service

Apple hit with privacy class-action over iPhone location ...

A woman claims she did not realize the company was using location services to track her and accuses the company of giving the data to third parties.

Attackers compromise Gizmodo Brazil

Trend Micro is investigating whether a vulnerability was used to compromise Gizmodo Brazil and a logistics firm hosted by the same ISP.

Paddy Power breach impacting 650K customers dates back to 2010

Nearly 650,000 Paddy Power customers who made an account prior to 2010 had data compromised in a breach.