Compliance Management, Privacy

FTC penalizes ad network covertly spying on users

The Federal Trade Commission announced Wednesday that it has settled with a now-defunct online advertising company that used "history sniffing" technology to secretly monitor the browsing habits of users, and then serve them targeted ads.

New York-based Epic Marketplace, part of Epic Media Group, was accused of inserting cookies onto users' computers anytime they visited the company's ad network, which stretched across 45,000 websites, including a number of high-profile ones. The cookie was then used, against users' knowledge and in violation of Epic's stated privacy policy, to monitor their browsing habits, even when they left the Epic network.

Most alarming was that the cookies appeared to track users when they visited particularly sensitive sites, such as destinations that offer health information or financial help, only to be later targeted with ads for similar subjects.

"Epic included the history-sniffing code within advertisements it served to visitors on at least 24,000 web pages within the Epic Marketplace Network including, but not limited to, CNN.com, PapaJohns.com, RedCross.[org], and Orbitz.com," according to the FTC complaint (PDF). "The code allowed Epic to determine whether a consumer had visited any of over 54,000 domains. Among the domains that Epic 'sniffed' were pages relating to fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, and personal bankruptcy."

This deceptiveness, which lasted through August 2011, violated the FTC Act, but there was little any victim could do to prevent the privacy invasion, the consumer protection agency said.

"History sniffing circumvents the most common and widely known method consumers use to prevent online tracking: deleting cookies," the complaint said. "Deleting cookies does not prevent a website from querying a consumer's browsing history. Consumers could only protect against history sniffing by deleting their browsing history and using private browsing mode, or, with regard to Epic's history sniffing, opting out of receiving targeted advertisements from Epic."

The settlement bars Epic from further using history sniffing techniques and orders them to delete any data that was collected under such practices. Further, the settlement prohibits the company from making misrepresentations about its privacy and data handling.

It does not appear that Epic currently is in business, however. The company may have been rebranded as Kinetic Social. An email sent to that company was not immediately returned.

UPDATE: Kinetic Social, in a statement, said it is not affiliated with Epic. However, its current CEO, Don Mathis, as well as some other current staff, did work at Epic during the period of the history sniffing. Their involvement with those acts, however, were "nominal."

"The history sniffing controversy – which was well documented in the public sphere las year – was a function of a technology that was used by Connexus (a company that merged with Epic in 2010), prior to and subsequent to the creation of EMG," the statement said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.