News from the privacy wars: The Federal Trade Commission and Epic Marketing, an online ad network, have settled charges that Epic was secretly and illegally gathering information on the browsing history of Web users, a practice known as "history sniffing" or "history stealing."
And not just any kind of history. Epic was specifically looking for people who had visited websites searching for information on "fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, and personal bankruptcy." Epic divided these people up into "interest groups" and targeted advertisements to them. So if, for example, you Googled "impotence" and visited a few Web pages with relevant information, the next time you checked out CNN.com you might suddenly be assaulted by a slew of Viagra and Cialis advertisements.
Epic exploited one of the most basic attributes of traditional Web browsing -- the function that changes the color of a Web URL if you have already visited it -- to accomplish the sniffing. The strategy was simple, and sneaky. Epic created pages consisting solely of thousands of links to websites containing information on sensitive topics. But these link-only pages were invisible to users. If a person happened to visit a site in the Epic Marketing network, they would, without their knowledge, also be visiting these invisible pages. You would never know that your history was being tested, but in fractions of a second, Epic could see which links had been visited previously and store that information in a cookie that would facilitate future targeted advertising.
The FTC settlement boils down to Epic promising to never engage in history sniffing again and to get rid of all the data generated by sniffing. That's good news and we should applaud the FTC for protecting user privacy. And we should also applaud the researchers at the Center for Internet and Society at Stanford Law Center who discovered the sneaky technique in the summer of 2011.
But we should also be more on guard than ever, because what this incident tells us is that online advertisers place a premium on figuring out exactly what we'd probably desire to keep most secret from outside eyes, and they are willing to exploit any means necessary to get that information. For every new form of "history sniffing" that gets discovered and cracked down upon, how many are still under the radar? How many have yet to even be invented?