A U.S. company is testing a consumer security service that is subsidized by behavioral advertising, taking a new tact compared to similar companies that ran into show-stopping privacy issues.
The company, called Kindsight, has developed an intrusion protection system (IPS) that is installed at an Internet service providers’ premises. It monitors Internet traffic coming from a home user’s PC and looks for indicators that the PC may be infected with malicious software.
Corporations often use intrusion protection systems, but the technology hasn’t been applied in too many instances to home users. Kindsight’s IPS looks for activity such as protocol traffic linked to botnets or backdoor connections, said Kevin McNamee, the company’s security architect.
To detect exploits and malware, Kindsight has partnered with security companies to get information on new threats and also has an in-house research lab. McNamee said the IPS uses a modified Snort technology, a system of rules that can be imported that tells the system what is bad traffic.
If a PC is infected, Kindsight alerts customers and directs them to a self-service portal with instructions on how to clean the machine. A user can download a temporary client to their PC that will scan the PC and remove malware, McNamee said.
Kindsight has two revenue models for its service. ISP subscribers can buy the service outright, paying around US$3.95 per month, said Mike Gassewitz, Kindsight’s CEO.
Customers can also choose to get the service free, as long as they consent to having their Internet traffic be examined and that targeted behavioral ads will be served to them.
Targeted advertising based on a person’s browsing behavior is commonly used with varying levels of privacy protections. Many websites and advertising networks see behavioral ads as crucial to monetizing the Internet.
The targeting methods vary widely, ranging from Google’s perusing of Gmail content to Facebook’s examination of what people “like” to third-party tracking tools such as cookies, small data files contained within a person’s browser that can be analyzed by advertising networks or Web sites.
Gassewitz said Kindsight has developed a targeted advertising system that offers a high level of privacy for users. First, Kindsight has developed a clear advisory where users can opt-in to the service. Some trackers will allow people to opt-out, but will initially automatically opt a user in.
Kindsight has also chosen not to use cookies due to negative perceptions. Security programs can often remove cookies, which reduces the ability to track users, Gassewitz said.
If a person opts in, Kindsight looks at the searches conducted and websites visited. Rather than storing information such as that in a cookie, the company creates what it calls a “character,” which Gassewitz calls his company’s “secret sauce.” The character is a summary of a series of scores based on the person’s browsing behavior.
If a person visits a website that has partnered with Kindsight or the ISP, ads will be served based on matches to that character. The characters do not retain personally identifiable information and no information on the person’s browsing activity is stored by Kindsight.
Perhaps most important is that those characters are also not shared with the partner websites or advertisers. Kindsight creates its own business relationships with advertisers and publishers, which trust Kindsight to serve the relevant advertisement.
“Our job is to select the right ad for the right set of eyeballs based on the character,” Gassewitz said.
Under the business arrangement with ISPs, Kindsight shares the subscription revenue for those who pay for the service as well as the advertising revenue.
ISPs are notably reticent about deploying such technology since there have been notable failures due to effects on privacy. The U.K. telecommunications company BT has been harshly criticized for undertaking a secret trial in 2006 and 2007 of the Webwise system from a company called Phorm, which used a cookie-based system to monitor people’s Web browsing.
Phorm assigns a random number to Web users, then associates their browsing with a category of user that advertisers would pay to target. Critics have contended that it’s theoretically possible with the right access to link the bits of data stored in the cookie to a real person.
The U.K.’s Crown Prosecution Service is still mulling whether to prosecute BT over the secret trial. The Phorm blowback continued in September when the European Commission sued the U.K. for failing to comply with E.U. rules on interception of communications.
A competitor of Phorm called NebuAd, based in the U.S., withdrew from the market after ISP partners decided not to move ahead with the company’s behavioral advertising system.
Gassewitz concedes that Phorm “didn’t do us any favors.” But his company’s approach is getting a warmer reception. At least six trials have taken place with ISPs in the U.S., Canada and continental Europe. The ISP partners haven’t been made public.
Market surveys would indicate Kindsight may have traction with consumers: 70 percent of people said they would opt-in, with 15 percent saying they would pay a subscription fee for the service, Gassewitz said.
“The demand is there,” he said.