The Way BT Wanted to Push Phorm on Customers

Frank_Rizzo · 26 Jun 2008 at 20:44

Originally BT/Phorm wanted their system to be opt-out. Their business model was based on customer apathy in not choosing to opt-out of the system.

That all changed though when it was deemed illegal by the ICO.

BT and Phorm had to change the procedure to opt-in. But how could they ensure maximum take up?

I mean, this is after all an intrusive piece of kit wrapped up in the disguise of 'protecting your privacy'.

So what were they proposing to ask customers?

This:

Do you think the ordinary home user would understand the implications?

Would you be happy if on your shared home PC your younger brother, your gran, your cousin, your mate saw that message, thought it was harmless and then opened up your internet reading and writing to be copied and profiled?

Caged · 26 Jun 2008 at 22:01

No other links to anything more detailed?

Source?

Frank_Rizzo · 26 Jun 2008 at 22:15

This info was obtained in a huge binder of pages released under the Freedom of Information act.

You can read dozens of the pages here:

Bad Phorm

There is also a lengthy discussion going on at the cable forum.

The conclusions of the person who obtained the information is:

* ICO have comprehensively failed to understand Phorm, or demonstrate independent regulation
* ICO have not adequately investigated the trials of 2006, and particularly 2007
* ICO have not sought any technical data from BT during the investigation
* ICO have not sought independent industry expertise
* European Commissioners have similarly been fooled into believing Phorm, effectively mass communication interception, was some kind of privacy enhancing technology
* Simon Watkin of the Home Office has been engaged with Phorm for 'some time' prior to January 2008
* BT have tried to pull the wool over the Information Commissioners, paying lip service to requests for information

andyp · 26 Jun 2008 at 22:18

Ah.

Simon Watkin.

http://www.cl.cam.ac.uk/research/security/seminars/2003/2003-11-11.html

Makes sense.

Caged · 26 Jun 2008 at 22:26

I don't see the logic in it being a cookie-controlled service (well, I do, because they want the opportunity to ask you whenever you clear your cookies). Surely this means that at least once per session that cookie will be read by Phorm which will then decide whether or not to track you. It would be a lot more efficient if it was a setting in an account control panel somewhere, but then again that would go against the aim of tricking people into accepting the software.

Frank_Rizzo · 27 Jun 2008 at 09:10

Exactly. If this kind of stuff is to be thrust upon users then it has to be a switch at account level.

And never forget: Turning off Webwise will only turn off your 'enhanced phishing protection' and your 'less, but more relevant ads' feature.

Even though you turn off or opt-out of Webwise your data will still be intercepted and processed: you will still be profiled by Phorm.

The only true way to opt-out is to change your ISP.