Get Ready to Expose Yourself: Deep Packet Inspection is Back

According to the Wall Street Journal, profiling methods for Internet users are coming back and are more intrusive than ever. Advertisers may begin to use a technology known as “deep packet inspection,” which reads and analyzes the raw packets of your personal data that travel across the internet.

These packets contain all of your online activity – not just your web browsing – and therefore can be more dangerous than “cookies”.  With the information they gather online, advertisers target ads directly to you based on your online history. Have you ever felt like all the advertisements on sites were for services you have used or would use? Well they often are, and with deep packet inspection, they will be even more specific! The use of this technology gives advertisers the ability to show you ads based on extremely detailed information. It is so specific that they could theoretically tell if you are online for work or for fun, though they don’t necessarily distinguish on this trait when serving up ads. They can also tell the difference between your usage style and that of your spouse or kids. Thanks to the WSJ for this simple graphic of how deep packet inspection can work:

Currently two U.S. companies, Kindsight Inc. and Phorm Inc. are looking to pitch deep packet inspection to Internet Service Providers (ISPs – the corporations that control your internet access) as a way to let them profit from the online ad market. These companies are currently defending the privacy and security of this process by stating that the ISPs don’t share any identity information, read email or collect information from sensitive sites. And yet, they are inspecting your data at the most basic level and selling your preferences to advertisers.

This method has been tried before in both England and the U.S., but it didn’t last long because of a huge privacy backlash. The companies in question did not tell internet users they were using this technology and this led to class-action lawsuits . The re-vamped way of using deep packet inspection will ensure that users opt-in knowingly (bravo – this is a step in the right direction), and they will offer an attractive incentive to do so. Kindsight will offer those opting in a free security service that includes a certain amount of Identity Theft Protection. It’s a bit ironic that they will be offering a service that helps you protect your identity in one way and is busy aggregating your identity in another. Whether you consider this to be exploitation (indirectly, they are selling your identity and preferences to advertisers) or good business (they give you a chance to pay for the service and not share this private information) is up to you. It reminds me a bit of Sherlock Holmes strategy of hiding valuables in plain sight. Either way, the average consumer will choose the free software over paying for the service, because we are all addicted to free Internet payola and the convenience of the scalable type of security they are offering..

Protected or not, the technology is out there that gives companies the ability to watch your every move online. And pretty soon, you can expect data aggregators like Kindsight and Phorm to successfully bribe you into sharing all of your surfing habits.

John Sileo speaks around the world on identity theft, privacy, social networking exposure, cyber crime, social engineering and other forms of information theft. His clients include the Department of Defense, Blue Cross, FDIC, Pfizer and hundreds of organizations of all sizes. Contact him directly on 800.258.8076.