PhotoA federal class action demands that AOL stop intruding on millions of people's privacy by tracking their Web browsing and selling the information to third-party advertisers. Co-defendants ScanScout and Brightcove also are accused of overriding privacy controls on private citizens' computers to stalk them as they browse the Web.

In the suit, filed in U.S. District Court in Boston, Sandra Person Burns, of Hinds County, Mississippi, says that she and other Internet users are fed up with web sites and tracking companies watching every move they make and then bombarding them with “behaviorally targeted” ads for mortgage assistance, weight loss products and political candidates.

Tracking companies observe where consumers click, whether on a Website or in a commercial e-mail message. They track consumers from the moment of seeing but not clicking on a product ad to the consumers’ purchase of the product many days later, Burns charges.

“Many Tracking Companies claim their tracking and profiling is anonymous when, in fact, they merge consumer profiles with purchased profile data about the individual consumers’ online Web activities and offline shopping, as well as details about income, education, family status and number of children, type of vehicle driven, and location of residence and work,” she said.

The constant surveillance has created a huge market in consumer information, the suit notes.

Profiles for sale

“Consumer profiles are up for sale, affecting not only what product advertisement a consumer sees but also her credit card line for buying it, all based on inferences from where she browses on the Web or who her social network friends are,” Burns charges.

Burns was sufficiently upset by all of this that she tried to evade the trackers by turning off her browser's ability to take “cookies” – the small text files used by tracking companies – assuming she would be able to browse under the radar, so to speak.

But Burns was surprised to find that she was still receiving ads for products and services that she had examined in her online sessions.

“Defendants wanted to ensure they could track Plaintiff, regardless of her browser controls, so they simply worked around them. Defendants commandeered Plaintiff’s computer, repurposing its software and using her computer storage and her Internet connection to bypass her browser controls. Defendants created a shadow tracking system on her computer, effectively decommissioning the browser cookie controls she had explicitly set,” the suit alleges.

“Defendants did so repeatedly, for years, for a significant part of Plaintiff’s Web-browsing, and did likewise to millions of consumers, for years.”

Burns says the defendants worked their magic by repurposing the Adobe Flash software on her computer: “They used her Flash software for an unintended purpose—to create back-ups and substitutes for browser cookies, so they could track her in ways she could neither see or control.”

The suit charges that the companies violated the Electronic Communications Privacy Act (Wiretapping Act); the Computer Fraud and Abuse Act; the federal Video Privacy Protection Act; the Massachusetts Privacy Act; the Massachusetts Consumer Protection Act; and based on tort claims of Trespass to Chattel; and equitable claims of Unjust Enrichment.