(Updated, to include precise amount of funding, and reporting about privacy controls NebuAd has implemented not included in the first version of this story)

nebuadlogo.gifNebuAd, a controversial advertising firm, emerged from secrecy today to announce it has received $20.5 million in a second round of financing.

Its “targeted” advertising technology is likely to add fuel to the debate about privacy. The service can be used by your Internet service provider to get an unprecedented look at the types of Web sites you visit. While it will bring smiles to the faces of marketers, it may enrage people worried their privacy is already non-existent on the Web.

Targeted advertising usually relies on “cookies” that a Web site places on your browser when you visit it. The cookies can afterwards track which individual pages the visitor accessed. Cookies have a number of limitations, not least their inability to see what a user has done away from that particular website. Technology developed by Redwood City, Calif.’s NebuAd  a different technique called “deep packet inspection,” which can be likened to poking through all the mail that arrives at or leaves your house to get an idea of who you correspond with, and what you tell them. NebuAd offers its packet inspection software to internet service providers, the services you use to access the internet. NebuAd then turns around and provides the traffic information to advertising networks.

Surfers visiting pages with ads from NebuAd-affiliated networks will find the ads more likely to be meaningful to them; a user researching electric cars, for instance, might be less likely to see an ad for an SUV, and more likely to see one for a Prius.

NebuAd’s CEO, Bob Dykes, claims that such targeted advertising is superior to even the best offered today by companies like Tacoda, which collect cookies from all the webpages that connect to a particular ad network. Tacoda was acquired in July by AOL for a reported $300 million. NebuAd’s technology will collect more information than Tacoda’s cookies do. The more targeted the advertising, the more money can be generated — up to dozens of times what an untargeted method might be worth. Under NebuAd’s system, all stand to take a cut of the enlarged pie.

The funding was led by Sierra Ventures. Menlo Ventures, which provided the company’s first $11 million round of funding in May, also participated. Founded in early 2006, NebuAd has about 90 employees.

In an interview with VentureBeat, NebuAd’s Dykes said the company has taken measures to avoid collecting information users are uncomfortable with. For instance, any traffic going to or from websites with pornography or information on illegal acts would be filtered out. NebuAd’s data is also collected in a way that it can’t be used by anyone to identify individual users, even if it fell into the wrong hands, he said. As data about an individual’s Internet behavior flows NebuAd’s appliance, the individual is represented merely as a hash number, he said. It doesn’t know the individual’s name, because it hasn’t asked for it from the ISP.

Privacy advocates, who have long decried even the tracking performed by cookies, aren’t happy with closer scrutiny of surfer’s habits — but are apparently consoled by NebuAd’s promises to keep the information anonymous. Scott Bradner, a technology security officer at Harvard backtracked on an original critique in Network World, in which he called the approach “disgusting.” He now says NebuAd is acting responsibly.

ISPs are also required to mail or email documents to their users asking for permission to track their surfing habits, Dykes said. There is more than one way of going about getting agreements, however, and our concern is if ISPs prefer to simply bury a clause in the inevitable legal agreements that accompany every modern service.

Finally, users will be able to permanently opt-out through a separate NebuAd service called Fair Eagle, assuming they know of its existence. NebuAd, in response, says its opt-out option is obvious enough; it is stated on its Web site.

NebuAd isn’t alone in attempting to pull packet information from ISPs, although it has taken the most funding so far. Vancouver-based Adzilla uses the same techniques, and has so far signed up eight ISPs, according to its homepage. NebuAd, which is scheduled to have its official launch in November, has been testing on several ISPs, but wouldn’t tell us how many.

Now that the deep packet inspection cat is out of the bag, it isn’t likely to climb back in, despite the objections of onlookers. Owners of websites and ISPs will find the technology well-nigh irresistible, if it delivers on its promises of valuable, always-targeted advertising. Advanced tracking also holds promise for ad-supported internet access, which has not yet successfully implemented.

For more information about targeted advertising and ad networks, visit this VentureBeat post, written by contributor Jeremy Liew.