The FTC has reached a settlement with Epic Marketplace, a large online ad network, related to what the FTC says is the company’s practice of sniffing users’ browser history for the purpose of serving them targeted ads related to a variety of sensitive topics. The settlement bars Epic from performing history sniffing and requires the company to destroy all of the data it’s collected from consumers up to this point through history sniffing.
The consent decree from the FTC is the latest in a series of actions from various agencies regarding the practice of history sniffing and tracking users across the Web. The FTC has been focusing on this practice in recent years, putting pressure on ad networks to change their practices and be clearer on their privacy policies and about what they collect.
This most recent action from the FTC doesn’t involve a fine, but simply bars Epic Marketplace from using history sniffing and from misrepresenting what it collects from consumers.
“Consumers searching the Internet shouldn’t have to worry about whether someone is going to go sniffing through the sensitive, personal details of their browsing history without their knowledge,” said FTC Chairman Jon Leibowitz. “This type of unscrupulous behavior undermines consumers’ confidence, and we won’t tolerate it.”
The FTC said that Epic Marketplace had said in its policy that it would only collect data from consumers while those users were on sites inside the company’s network of 45,000 sites. However, the commission alleged that Epic also was sniffing users’ browser histories in order to see what other sites users had visited.
“In its privacy policy, Epic claimed that it would collect information only about consumers’ visits to sites in its network. However, according to the FTC, Epic was employing history-sniffing technology that allowed it to collect data about sites outside its network that consumers had visited, including sites relating to personal health conditions and finances,” the FTC said in a statement.
“According to the FTC complaint, the history sniffing was deceptive and allowed Epic to determine whether a consumer had visited any of more than 54,000 domains, including pages relating to fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, and personal bankruptcy.”
History sniffing is a practice through which companies can check to see what Web pages users have visited, either by including code on a page that can determine how the browser displays a specific link or by gaining access to the user’s browser cache. Privacy researchers have found that, despite assurances from various ad companies and networks, history sniffing is still a fairly widespread practice, and one that many users have no idea is occurring. The sniffing goes on in the background and is invisible to users. In some cases, the practice relies on flaws or misconfigurations in users’ browsers to succeed.