An online advertising company has agreed to stop gathering sensitive data from millions of consumers and will cease its secret “history sniffing” activities, which revealed the websites users had visited in the past.
Epic purchases advertising space on websites and contracts with advertisers to place their advertisements on over 45,000 websites. Epic determines which advertisements to show by tracking the consumer’s online activities.
The FTC found that Epic not only tracked customers based on their visits to websites within Epic’s network, but it also used a program that allowed it to “sniff” browser history to determine which other websites consumers visited, including 54,000 domains outside Epic’s network. This information could be obtained only by using the secret history sniffing program. Once Epic obtained the browsing history, it assigned the user to an interest segment for targeting its advertising. The categories included “incontinence,” “arthritis,” “memory improvement,” and “pregnancy-fertility getting pregnant.”
“History sniffing circumvents the most common and widely known method consumers use to prevent online tracking: deleting cookies,” the FTC said in its complaint. “Deleting cookies does not prevent a website from querying a consumer’s browsing history. Consumers could only protect against history sniffing by deleting their browsing history and using private browsing mode, or, with regard to Epic’s history sniffing, opting out of receiving targeted advertisements from Epic.”
Epic and the FTC entered into a consent decree. The FTC is accepting public comments until January 7, 2013, after which time it will determine whether to make the decree final.