Phorm, the advertising company that wants to pay your ISP to hand over information on which websites you visit, has convinced the UK's three largest providers to trust it, but regulators and the rest of the industry are less impressed. Phorm's deals already mean it has already snagged more than ten million streams of UK users' …
I wouldn't mind at all...
...if Orange decided to sell my browsing data for cash, as long as I get the money.
About £17.99 a month ought to cover it.
More relevant internet?
I've already got something to make the internet safer and more relevant - it's called privoxy and it simply blocks the ads.
So much easier than writing spyware....
...we'll just buy the info from your ISP instead!
Here's how it works...
I am in the process of dropping Virgin Media right now.
I will not take up a service contract with anybody who sells my personal information (identifiable or otherwise) to an advertising firm, or any other third party without my EXPRESSED, WRITTEN, INFORMED consent. Adding a clause to your T's&C's doesn't count, as Virgin are finding right now.
I'd rather not have the internet.
After having just had my mobile number sold off to a Premium Text company that sent me a Service message that got me a free ringtone that I neither asked for or wanted (N95 8GB + PC),
I am 100% sure I don't want my browsing habits sold on
Back to Zen for me then
I cant believe how low these bastages will go to make a few extra pence. I pay VM a nice wedge of cash for their top cable broadband package and now they are selling my browsing habits and pushing ads at me.... Greedy fuppers can kiss my ass
If any of the tech savvy readers of El Reg could post ideas about how us not so tech savvy persons can protect our PCs against this sort of thing then I'm sure we would be grateful.
Paris - as I'm sure she'd be grateful too.
I should certainly hope that everyone uses a proper browser with an up to date ad blocker ..... but the issue here is that some poxy company you have never heard of or trust is getting information about what you do on the internet from the twits you pay to be on the internet in the first place .....
First poster is correct
It is me the data is all about, not the provider. Provider has no moral right to sell the details of my habits. Additionally, unless the process is strictly opt-in, I believe it severely contradicts the legal rights to privacy - at least common sense would suggest so.
Doesn't add up...
How can you have targeted advertising towards anonymised users?
Re: Here's how it works...
And presumably you ticked the "please do not sell my details to third parties" box when you signed up...
Why is this sort of behaviour not covered by that little checkbox?
Just wait until Gordon Brown gets his head round this...
... and soon enough, anyone who attempts to circumvent the monitoring of their internet activity by Phorm is obviously a TERRORIST or a PAEDOPHILE and should be locked up indefinitely without trial...
It wouldn't surprise me if Phorm has some covert link to GCHQ.
The fascist surveillence state is continuing to get its tentacles into everyone...
Easy to ruin their little plan..
Boycotting the spyware infested ISPs is one way to do it but what happens if they all join up to this sort of scheme or someone bungs UK.gov.com enough 'donations' to make this sort of thing mandatory.
One little script constantly downloading (but not rendering) random web pages should be enough to make the collected data worthless and the increased traffic would piss the ISPs off too.
All we'd need is enough people running it.
I still havn't quite worked out waht they are collecting...
Is it annoymised data of xxxbroadband customers (eg a million people visited el reg) or what each user looks at (userxxx visted uberpornstash.com).
Forgive me I am know nothing of networks but why wouldn't a simple proxy work as all the isp sees is what you ask them to fetch not what you ask the proxy to fetch???
"How can you have targeted advertising towards anonymised users?"
Simple, it targets your IP address without ever bothering to find out who you actually are. So the adverts it sends back to a certain IP is in line with the WWW requests it receives from it.
Oh no ...
Oh, great, my porn browsing days are over. If I surf a lot of porn sites, my kids who share the same IP will be hit with loads of porno ads! (Thank-G I've got them all using Firefox with ad-block.)
If they have nothing to hide....
...why are they hiding so much?
Let the migration to Zen and PlusNet begin...
It's Friday ...
... so if you've got a little free time you'll find the Cable forum thread has lots of relevant info on this - http://www.cableforum.co.uk/board/12/33628733-virgin-media-ad-deal-updated-see.html
OK, it's a 20 page thread, so maybe a "little free time" could be considered and understatement.
@ Aristotle ... and @ Steve - the preferred solutions seem to be using Tor (http://www.torproject.org/overview.html.en) which you can dl bundled with Privoxy, or JAP (http://anon.inf.tu-dresden.de/index_en.html)
@ AC "Easy to ruin their little plan ..." - covered in the above thread by switching to Firefox and using TracmNeNot - http://mrl.nyu.edu/~dhowe/TrackMeNot/
Re: Andy Turner
That's all very well if everybody had static IPs but then that would not be anonymous and it's useless targeting dynamic IPs, you'd just get ads targetted at previous users.
"Simple, it targets your IP address without ever bothering to find out who you actually are. So the adverts it sends back to a certain IP is in line with the WWW requests it receives from it."
Hang on though, aren't IP addresses dynamically assigned by the ISP? So if browsing habits are only stored against the IP wouldn't that mean that I end up being served up ads based on the browsing habits of everone who has been assigned that IP in the past?
How safe is this???
A lot of people use the internet to do banking as getting to the actual bank to see a live person is nigh near impossible due to thier opening hours and your conflicting work schedule.
Can they guarantee that with this setup that your bank details are not going to become public domain? If you through your own fault like accessing www.BIGBOOBIES.com get infected with a trojan that highjacks your bank details it is your own fault. But if this highjack happens due to them selling off your info to a third party you should be able to bend them over the proverbial.
Then again they are big business and Gordon does love fresh cream.
Time to go Zen...
I used to be with Plusnet but left after their incredible email problems lead to spammers hacking in and nicking all our webmail email addresses (on my own bloody domain too - still getting several hundred spams a day on it).
Plus the only reason I went BT was that it was free as an "employee benefit" - now that I've been outsourced from BT (sorry - a compulsory-unless-you-want-to-work-in-Ipswitch "voluntary leaver" as BT HR prefer it) then I have nothing to keep me there apart from the couple of quid a month cheaper it is than Zen.
Zen are always marked well on ispreview.co.uk too.
Glad I'm with Zen already
Your average user isn't going to have a clue about this sort of thing anyway. As long as they get their "free" broadband most probably won't care.
Completely lost the plot
Notice how advertisers - even the ISPs now - always talk about adverts as if they are part of the "Internet experience", rather than an annoying but necessary distraction to the experience, which is what they are? They're victims, in a sense, of a sort of cultish mentality that surrounds advertising; they have the same delusion that a Jehovah's Witness has when he goes doorstepping, that they're doing you a favour.
Anything that starts out as a good way to support business - counting your profits, making sure contracts can't be misinterpreted, telling others about your product - eventually balloons into a monster (accountancy, contract law, advertising) that spends 80% of the time serving itself and only serves actual enterprise by accident.
This needs to be communicated to non-techies
This has got my back up, I am truly horrified about it.
Are people up for trying to stir up a boycotting campaign?
If non-techies understood what this company was doing, they would probably be equally shocked.
You can't just amend a click-through licence to allow this.
Ready to quit Tiscali if need be
I just wrote to Tiscali stating that IF they join this cr*p I had better be given an Opt In option.
It will make no difference but it made me feel better.
Luckily I have learnt that you should NEVER use ISP provided email, hosting or any service they provide. I can jump ship quickly if they do sign up to this abuse of my privacy.
PHORM really stands for...
... Parliamentary House Of Regulated Monitoring.
Thank you for the info on TracmNeNot - INSTALLED, configured and running.
Off to look at Tor. Privoxy & JAP as it is something I have been considering but never had a true use for up to now.
@If they have nothing to hide....
>> ...why are they hiding so much?
Pure irony. Perhaps your posting name is a good starting point for discussion?
It's actually quite simple. If I search for toys or games with my kids, I don't want to be bombarded with ads for 5 years after the event.
Similarly, if I was to decide to buy my wife some alluring lingerie I wouldn't want to receive ads for rubberised buzzing items.
Heaven forbid the two streams should become confused, and I had to explain to my five year old that it isn't a wobbling laser gun, and, no he can't have one.
"That's all very well if everybody had static IPs but then that would not be anonymous and it's useless targeting dynamic IPs, you'd just get ads targetted at previous users."
I'm pretty sure that they have thought of this, it would not make sense that they would constantly have to redo all their data mining every time a subscriber got his IP changed.... Simplest thing would be the ISP's giving everyone static IP's, but there are bound to be "grey area" methods of keeping people on dynamic IP's while legally being able to pass info to third parties.....
Do YOU trust VM/CW/BT not to sell you down the river to make a quick few quid?
Phorm r taking the phiss.
Phorm can just go Phuck themselves.
We all know it'll lead to targetted advertising, lots probably, which is why they've garnered the backing from ISPs they already have - revenue. Makes me glad I'm with Bulldog/Pipex.
If I hear about these Phuck heads convincing Pipex, I'll be off too.
The chancing cnuts.
@Andy Turner and Chris W
The 'anonomisation' of IP addresses refers to the intention (yes, intention, not fact) that the ISPs and Phorm will not deliberately produce a dataset that states 'Andy Turner has been looking at leather underwear websites' (as a hypothetical example).
On the automated injection servers, website requests from the IP address associated with your account will be injected with ads for leather underwear and associated items. They will also produce statistics (for future planning) which say things like 'only 2% of customers look at leather underwear sites, and then only on Friday evening'.
This is all perfectly reasonable from a perspective of running and planning the business. See the final paragraph however.
Even if you are on dial-up and get a dynamic IP address, the ISP associates that IP address with your account. Do a DNS lookup on your IP address and you'll find something like 'customer-xyz-townname-region-node.ISP.com'. This record is maintained (with time and date stamps) associated with yoru unique account number, so the ISP can provide it to the 'authorities' if they want to track 'criminal activities'.
I'm on cable broadband and my router (on 24/7) has kept my IP lease active and constant for over a year now on the same IP address. It doesn't matter, the ISP knows who has had which IP address at what time and date.
So, your web surfing activities are associated with your account id and the targeted ads are sent to whatever IP address is assigned to you at the time. Which is why your kids may get ads for 'adult entertainment' or sports cars or whatever. Also if 'the authorities' ever make it illegal to be in possession of leather underwear, they will know who to go looking for.
@Steven 'with nothing to hide'
The 'they' I was referring to was not we poor consumers, it was 'they' - Phorm, BT, VM, etc.
Phorm deliberately obscure their business and technical infrastructure
BT boast about Webwise without mentioning that all your downloaded pages are sent to Phorm
Virgin Media claims no decision has been made, despite the press release on Phorm website
Phorm boasts about E&Y approving their approach but if you read the E&Y report it is so full of caveats as to be worthless
Their OIX ads are served from servers in China
So 'they' feel it necessary to hide - why if everything is legit?
Be very clear about this - the targeted advertising should be no more of an irritant than it is now. The real issue is that every web page you retrieve will be associated with you and every word on it - text, forums, webmail, searches, names, addresses, phone numbers, will be available to them do do with whatever they wish.
Re. frank denton
That wouldn't work either as it relies on the account id being provided and this should be anonimised. Once you are unable to identify a particular user then you cannot target them.
The price of progress...
Although the internet has grown exponetially since I first started using it in 1995 I read articles like this and wonder that the web really was a much better place to be ten years ago than it is now.
Sure there's more content, broadband video & radio streaming content abounds & stuff but it's arguable that the web has suffered in other ways not only as the corporates have moved in, but also as politicians now feel the need to exert more and more control over what people can do online.
One of the key attractions of internet use remains the freedom to browse independantly, freely, privately without anyone looking over your shoulder or trying to censor, analyse or channel. The recent reaction of MrSpace users to that company's attempt to tamper with that axiom and use personal information to generate marketing income should serve as a warning to ISPs in this case.
If people start to believe that the the Government, foreign governments, advertising agencies and uncle Tom-cobbly are all inspecting thier usage, then the future not only for the internet, but freedom of thought is going to be pretty bleak.
I believe Pipex is now owned by Tiscali.
Re: Are people up for trying to stir up a boycotting campaign?
How long till ...
Someone with the cash and inclination sues their ISP for intercepting and altering their data ? For this system to work, the network must force all web traffic to go through a transparent proxy which then alters the pages to insert the ads. The mere interception of the traffic has to be on dodgy legal grounds, modifying the pages even more so.
Mind you, it brings in another defense to various charges - "No Mr BPI representative, I didn't download that tune, it must have been some malware accidentally inserted into my web pages by my ISP !"
Up to you if you trust them but...
I've just been to Phorms sebsite www.phorm.com, and it looks like some opt in scheme. They say you can turn the features on and off through webwise.com.
Just a thought - Dynamic IPs on their own might not permanently identify you, but your ISP also has access to the MAC address of your modem/router.
Don't forget, this is not some disassociated company out on the 'net doing the data collecting - this is your directly connected ISP, which makes it so much worse because as well as your technical connection data - they also have your personal subscription data (name, address, age, phone number, credit card number).
If they log the right set of connection data, they can very easily re-associate you and your browsing history with each subsequent IP address ... granted its a lot of data, but they're dealing with a lot of money from the advertising revenue.
i bet its harder to avoid them than you think...
ok, so the story focuses on the big 6 and everyone says theyll just go to the small names to be safe... trouble is a lot of the small names aere just sticking their name over services bought from the big 6 so they still get your private data either way
looks like its time to break out aircrack again, - who cares what data they collect when its not your name on the bill ;)
I'm not sure how they are doing this but I'm pretty sure that putting a proxy inline to monitor all your traffic wouldn't be viable, the sheer volume of broadband traffic for the possible payoff in ad revenue would destroy the business case before it got off the ground.
Other possibilities are that they are doing some kind of port spanning (think wire tap) of all traffic to some big servers that store & mine all this information offline but that would still be very expensive.
My guess is that they are using information from DNS, (For the non geeks: when you type www.cheesecake.com into a browser firstly your computer asks the ISP what the address of the site is (a very small amount of data) and then you connect to that site and download the huge volume of data)
If they were logging these DNS lookups that would tell you which user (IP address but they can map that back to an account) Requested what site and at what time. This is quite a lot of valuable information without having to add massive amounts of hardware.
So the simple answer is not to use your ISP's DNS (If thats how they are doing it) I recommend opendns (http://opendns.org) its often faster and has some nice value added features all for free.
Note: opendns make their money by feeding you through their link to google for search rather than direct but I'm far happier to trust them than most ISP's.
let the move to Zen and PlusNet begin ...
PlusNet is BT (since a year or so ago).
How it might work
Let's assume that the term "anonymising techniques" simply means that PHORM will not get neither a name nor address but simply an id provided by your ISP, hopefully not your account id although that would save them some trouble thinking of a different one. This does not strictly speaking give anonymity as there is still a way to link you and your browsing habits but ISPs and their ilk have always been liberal with the English language especially with the word unlimited.
So PHORM has the browsing preferences of id XYZ, when you are online your ISP requests adverts for id XYZ from PHORM. In order for you to see these adverts your ISP has to inject them into the web pages that you are downloading. This brings up a second point of do you really want advertising of any sort from your ISP given that you are paying them for their service already?
Re: Up to you if you trust them
"They say you can turn the features on and off through webwise.com."
HTF can you turn something off if they don't know who you are?
Spam and identity theft
PHORM may only be getting URLs with some sort of anonymous user ID number, but it's not going to be hard to identify somebody if you have a list of full URLs they visit, since lots of sites include your id number, if not usernames or email addresses, in stupidly long URLs, e.g. with GET requests.
At the very least if they can find out I'm clicking on links like Yahoo's http://mrd.mail.yahoo.com/compose?Toemail@example.com then they're rapidly going to have a long list of email addresses to spam, and if they can figure out my email address too they can make the spam look like it's from me. This is a paradise for the unscrupulous.
Ad Blocker, No Script etc.
It's all very well running Ad Blocker and No Script, this means you might not see their adverts.
But, they still get to collect all your browsing data!
Target What ?
What's wrong with existing advertising ? It seems to work fine when used with a modicum of sense.
I've actually visited some of the sponsors of this site because their product and/or service offerings were what I was here to learn about and research anyway -- I don't know, maybe "relevant" is the operative word.
That's targeted advertising ... hawk software and hardware on an IT related site ... hawk leather under-roos on spanky-vision sites ...
How pretentious and self-absorbed are these 'data miners' to presume that they can gleen a clue what I'm likely to purchase by looking at my browsing history ? I already have a "hot chick" at home. Any advertiser thinking they can sell me another one based upon my surfing proclivities is absolutely out of their minds.
So if I spend a week researching vacation spots and Googling "Aruba Nude Beaches" ... then hit Travelocity ... I'm assuming their data mining experts will kick in the next week with advertisements for burn cream and debt-counseling services as well as STD Clinics near my anonymised location ?
How many yellow thongs do these people think I need ? It's a pointless, profitless intrusion into my privacy and yellow-thong proclivities based upon some marketing brainiac's assumption that he/she can predict my future purchases based upon my browsing history ? WTF logic is that ? Even dumber are the companies that think this stuff actually works in the first place.
Yeppers, this is truly creepy and upsetting. I'll be watching for this state-side for sure ... First, I didn't get my Geoffery b-day card, now this ... what a week !
Paris = If my internet activity influences what I see on my screen, I would rather have a semi-retarded blonde shoved in my face than a thumb-up my arse, a penguin, dead vulture, etc. -- where's the "Hot black chick in yellow thong on Aruban beach" icon anyway ?
- Product round-up Too 4K-ing expensive? Five full HD laptops for work and play
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- 'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
- You stupid BRICK! PCs running Avast AV can't handle Windows fixes