Phorm get Virgin Media, BT and TalkTalk

[Frank_Rizzo]

Dist, no disrespect but you obviously haven't read the relevant info and have chosen to take an anti anti-phorm stance.

The Register has a good piece on how the technology works here:

http://www.theregister.co.uk/2008/02/29/phorm_documents/

It has pictures if you don't want to read all the words but suffice to say what phorm is doing is, underhand, questionable, fishy and plain wrong.

 

[Frank_Rizzo]

I'm no fan of the government e-petitions facility as there are just too many crazy petitions out there and the government just do what they want regardless of the number of respondents.

But this one is worth signing up to if only to get the publicity bandwagon rolling:

http://petitions.pm.gov.uk/ispphorm/

 

[Dave85]

Signed for the publicity it will hopefully generate.

 

[xyphic]

El Reg now has a bit more about it -- an interview with some high-ups at Phorm, which explains a bit more about how it works.

As far as I can make out, your HTTP stream is not simply redirected to Phorm's servers in China or wherever. That's just the FUD talking.

The initial processing is done at the ISP -- this is the bit that takes the stream and harvests it for keywords (and supposedly removes all personal info). What's sent on to Phorm is a URL, your random number and the top 10 keywords from the page you're viewing. Phorm's servers then do some classification and send back the relevant ad to the ISP.

So theoretically Phorm don't get a hold of any information that can identify you. I'd like to know to what lengths VM (or BT or whoever) will go to to ensure that the data sent to Phorm is clean. Obviously the software / hardware that does the processing/anonymisation will be provided by Phorm. Will they allow the ISP access to the source code to ensure that there's nothing lurking? Doubt it. At some point, your IP address and the random number can be matched -- we're told that this is not retained. Can the ISP guarantee that? If Phorm provide the equipment and take it away, are they guaranteed to not be able to mine any data from it?

I'm worried that the ISPs are just out to make a quick buck here and that they won't do their utmost to ensure user anonymity. If this *does* go ahead, I'd like to see the ISPs being legally required to do everything in their power to guarantee user privacy. That means if you opt out, nothing goes out of the ISP to Phorm. If there is a breach in privacy, the ISP is responsible. No passing the buck.

 

[Rainmaker]

If this *does* go ahead, I'd like to see the ISPs being legally required to do everything in their power to guarantee user privacy. That means if you opt out, nothing goes out of the ISP to Phorm. If there is a breach in privacy, the ISP is responsible. No passing the buck.

That's exactly what The Data Protection Act requires anyway. As was discussed on the original thread, a letter revoking any implied or express consent to share ANY data with any third party (or even different group within the company) should stop this at source. We're still waiting on the ICO to confirm this is applicable in this case (it should be).

Frankly, no matter what, any ISP willing to use these tactics and sign up with adware companies is out in my book. I'd not touch them with someone else's barge pole.

 

[Frank_Rizzo]

So theoretically Phorm don't get a hold of any information that can identify you

But they do. The contents of every page you read is processed by them.

Visit your myspace page? It has your myspace id right? That can be used to identify you.

There are plenty of other ways of personally identifiying you if the software is tuned, or a rogue employee, hacker gets their hands on the data.

Now BT and phorm will reply with ready made spiel about how 'no data is stored', 'it has been audited' and quotes the head of Privacy International.

How can you trust their weasel words?

Let me give you one further piece of evidence why they can not be trusted:

To counteract the bad press and postings in messageboards Phorm have hired PR agencies to register on messageboards and reply to the criticism.

Now you may think: "fair, enough". They have the right to reply, defend themselves and put their point across.

Fine. But how sly is it for those PR people to register with names such as PhormUKtechteam.

Creating an account with Phorm and Tech in it implies that the person you are conversing with will explain how the system works. But when that is totally false and the 'tech' person is nothing more than a spin doctor.......


PhormUKtechteam
Sun Mar 09 2008, 09:36AM
------------------------------
Hi all
Firstly, @ Huw - I work for the UK PR agency for Phorm - as has been disclosed many times prior.

 

[mrk]

They dont send you them via email they just decide which banner to display based on your past history

So is it not a simple case of adblockng the banner sources and job = done ?

I'm sure some other form of scripting could bypass this or by using alterntive DNS servers such as OpenDNS !

 

[edgedemon]

Im completely against this but was under the impression that blocking cookies from oix.net disabled it?

 

[Frank_Rizzo]

blocking cookies (not necessarily from oix) will only stop you getting the ads on Phorm affiliated sites.

Your data will still be processed. You just won't get the ads.

The only way out of this is for the software to be re-written and to be opt-on only or to change to a non Phorm ISP.

 

[GUIClaw]

From reading one of the reg's articles, it seems that the web request goes through phorms servers first? Does this mean it will slow down all web requests, and will it only do http requests or will it scan our ssl pages too?

 

[Frank_Rizzo]

As for using opendns there is still a bit of FUD about this but the way I see it is:

The processing is done on BT premises - it is not forced off to a new domain so using opendns or adding a host entry to block phorm dns is not going to work.

Their kit is in the ISP system. As I say, the only way around this is for them to re-write the software and to only process data for those who specifically ask for it (on an account basis not cookie), or to change to a non Phorm ISP.

 

[Frank_Rizzo]

It won't scan SSL pages but it has to know that a page is SSL in the first place!

This is another FUD. It's the same with the line on credit cards

"we check for a sequence of three or more numbers or for the @ symbol so that we do not process credit card and bank details or email addresses"

That implies that they read it but then discard it.

 

[Frank_Rizzo]

Just as with previous budgets - the devil is in the detail and not headline news...

There is now more information about the Phorm system as gleaned from the patent application. Here's a summary of what's been found and posted by politicalpenguin and others:

http://www.politicalpenguin.org.uk/blog/p,295/

------


"Furthermore, though the present disclosure discusses HTTP traffic in many examples, it will be appreciated that other types of protocols and traffic may be employed in connection with the targeted advertising system and method described herein."

So https? icq, p2p .....

"Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed"

All your reading belong to us.

"Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client"

ditto

"As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."


The spinmeisters have categorically denied that IP address, url data, anything other than keywords will be scanned and recorded.

Whilst this may well be true of the current 'Webwise' system the patent clearly shows that the potential is there for serious breaches of your rights.

Don't sit there and wait for this to happen.

* Sign the petition.

* Switch to a non Phorm ISP and tell your current ISP why you are changing.

* Write to your MP

* Tell your friends and family

http://petitions.pm.gov.uk/ispphorm/

 

[Shin Gouki]

http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html

 

[edgedemon]

ICO contacted
Virgin Media Contacted
E-petition signed
Tor downloaded and installed

Urge everyone to do the same, things like this just aren't on.

 

[m4cc45]

I started another thread in GD so I apologise about that one without noticing this.

I get what the ISP get's out of it (lots of cash) but I don't get what the user get's out of it other than annoyance, a worse service (ads use bandwidth) potentially if you leave a browser open this could affect gaming (pings, etc.) and the list goes on.

I read the topics on the BBC and they admitted to being an adware company in the past so whats made them suddenly so reputable.

M.

 

[Frank_Rizzo]

The users get a pointless anti-phising warning system and quoting the spinmeisters 'less ads'.

The truth is that there is no benefit to the end user, lots of money for the ISPs and lots of money for Phorm and their investors.

Now there is nothing wrong with making money but there is everything wrong morally and legally with the way they want to do this.

If you are concerned about your privacy (even if you have nothing to hide like the rest of us) then please do something about this right now.

* Sign the petition.

* Switch to a non Phorm ISP and tell your current ISP why you are changing.

* Write to your MP

* Tell your friends and family

 

[Dist]

I started another thread in GD so I apologise about that one without noticing this.

I get what the ISP get's out of it (lots of cash) but I don't get what the user get's out of it other than annoyance, a worse service (ads use bandwidth) potentially if you leave a browser open this could affect gaming (pings, etc.) and the list goes on.

I read the topics on the BBC and they admitted to being an adware company in the past so whats made them suddenly so reputable.

M.

ads use bandwidth? lol, unless you are on 56k, the bandwidth is insignificant. Also, how can it be a worse service? All its doing is replacing ads that you will already see RIGHT NOW, with customized ads tailored to your surfing habits. So if you dont go to any sites with ads right now, then you wont be getting ads in the future.

So, what do the ISPs get? lots of cash, what does the customer get? at the cost of privacy, they get ad banners aimed at subjects they are interested in. It wont effect gaming pings any more then if you leave a browser open right now on a website with ad banners.

 

[Frank_Rizzo]

Dist needs to play catch up.

Please read the threads and view the diagrams at The Register.

The webwise system has the potential for slowing down users internet performance due to the way data has to be read, copied, processed, users status checked and then web activity commenced. This is an overhead.

Not only that but an ex-employee of Phorm has also stated that

"the ISP can decide to throttle the service to any customer who chooses to opt out of the service".

If you are happy for all your browsing information to copied, stored, processed and discarded then that's fine. But understand that this extra piece of kit in the works has the potential to slow down your internet experience and in the case of those who opt out slow it down significantly.

 

[Dist]

Im going to wait for some hard proof about the slow down. Because so far i have seen a TON of information about phorm, the majority of which is just speculation, or information which contradicts other information. If people who opt out get slowed down, then i will will have a problem. If people who opt in get slowed down, well i dont realy care about those people as that wont bother me.