A week is a long time in internets. Last Friday we all felt like we were shouting at the bins about Phorm and its deals with BT, Virgin Media, and Carphone Warehouse. Now, you can't move for stories about data pimping and the massive change in people's relationship with their ISP Phorm represents, not to mention the new legal …
It's not your data
Look DVLA it's not your data, just because companies can make use of that data in a profitable way, doesn't mean you have the right to sell the data you are entrusted with. Saying it's for a good cause (parking controls) doesn't make it right.
Look BT, it's not your data, just because Phorm can make use of that data in a profitable way, doesn't mean you have the right to sell the data you are entrusted with. Saying it's for a good cause (phishing protection) doesn't make it right.
So let me try to understand this
As I read this, the ISP does everything. They make deductions from your browsing habits about your interests, they store these deductions and they put adverts into pages you view accordingly. In essence Phorm merely provides specific pages they are entitled to insert adverts into.
If that is true I am undecided.
Superfluous word here...
"being bombarded with the amount of irrelevant advertising"
I think the word irrelevant is irrelevant. I find advertising annoying, full stop. If I want something I'll go plug words into a search engine and browse the results. If I'm doing something else on the net then advertising is just noise. Yes I block ads, targetted or not.
I wonder what else the bits of kit being added to ISPs server rooms is capable of in terms of what it captures, saves and passes on (and to whom)?
About less advertising
Quote from page 4:
"Long term, we believe if you're opted-out the experience you're going to get is quite crappy because you're going to get bombarded with ads. Of course, the ISPs benefit too from the additional revenue. That's not evil."
And just HOW will that reduce the number of ads ?
We'll still have billions of "regular" untargetted ads on websites.
This means instead of the usual billion, we'll be getting billion+phorm.
Sorry but I'm not sold on this.
Furthermore and as Dave points out, it's not *irrelevant* advertising that upsets people, it's just advertising, simple.
I'm using adblock and noscript and I'm no where near to disabling them.
Thanks for answering El Reg's questions to clear things up guys, but even then I'm not sold.
I don't want advertising, period.
I know what I want to buy, when, where, and at what price.
I have a *very limited* list of trusted sites I'll do business with, and an *excessively large* (read: rest of the world) list of untrusted ones.
Thumb up icon because you guys went open to appease the public.
phorm opt outs
I must have missed the link. can someone point me in the direction of the opt out pages.
Petition at PM Gov UK
I haven't seen this mentioned here - there's a petition at the site http://petitions.pm.gov.uk/ispphorm/ which expresses the problems rather well.
Adverts are not going away
At least, not until a substantial number of people want to start paying for Internet content. How much would ElReg have to charge for access to its pages if it were unable to raise revenue by including ads on the pages? (And even then it's easy to block many of them.)
If you want to restrict your Internet browsing to sites where there are no adverts and all content is contributed for free, there's always Wikipedia :)
Doesn't add up
"We have the opportunity to significantly reduce the amount of advertising you see online by making it more relevant and more valuable. People are concerned that there's going to be more advertising. It's not more, it's less. It's demonstrably less."
"Long term, we believe if you're opted-out the experience you're going to get is quite crappy because you're going to get bombarded with ads"
Taken together with the assertion that opted-in people will get targeted ads, and opted-out people will get un-targeted ads in the same space, the two statements above can't both be true.
Let's assume for a moment that Ertegrul's right. Lots of advertisers take up Phorm ad placements, and find that they can reduce their number of ads as a result. Surely the opted-out people are going to also see less ads, it's just that theirs would be random? Unless sites are going to identify non-Phorm visitors and deliberately sprinkle extra ads on them... they wouldn't do that, would they..?
They talk crap
"They can't do that right now. The only thing they can do is disable all cookies, in which case the internet doesn't work, or go to each and every site that drops a cookie on them and say "don't do this". That's like trying to stop 15,000 leaks in the dam. You can't do it."
Yes you bloody well can. Set firefox to allow all cookies, but to only keep them until firefox is closed. The internet "works" perfectly well this way, and you're only tracked until firefox is closed. When you reopen, you're a whole new user to any website you happen to visit.
And of course you can easily set exceptions for sites where you do want to maintain a cookie beyond the life of the firefox session.
For my own protection...
I'm with Dave on this, I browse what I want to browse, my web browser is set up to block anything I don't want...so therefore anything other than what I tell the browser to go to or what I search through Google, Yahoo etc
Even Ads on El Reg's fine pages, if there is an advert that interests me, I'll make note of it and search for it later. I'm therefore worried that BT, through Phorm, are trying to tell me what I want. They can't even sell me a phoneline/ broadband package without c0cking that up!
The fact I have to opt out is stupid, this service wasn't something I requested and isn't something I want. I might as well take my ad-blocker off and click on every ad that pops up! I am pleased to report, though, that some of my less computer minded friends have been asking me how they can block it, so at least people are starting to show interest in the normal relams!
Even if we assume that the people behind Phorm are honest, not "these slimy people", offering a valuable service, etc then it keeps coming back to a couple of things I just can't see my way past.
If the service is so valuable, why is it not "fully opt in"? If the service is that valuable then people should be convinced enough to be forming queues already and I'm not seeing that happen.
Even if we assume good faith and honesty on the part of Phorm, again, surely the risk from their information gathering is always going to be greater than that from not gathering the data at all. A company that was truly worried about end user privacy wouldn't do anything to increase this risk.
They look at the webpage you visit and the search terms you use but won't know anything personal about you? Is that the logic they're using? Are they serious?
'largely eliminating personally identifiable information' !
'Largely'?! i.e. nearly all, most of, the majority of? That's a long long way from 'All personally indentifiable information.
The point is they're still looking at your data stream!
Paris - because they can't be acting that dumb surely?
Raises still more questions...
Spinfull... But it does actually clarify their position somewhat in terms of interception and opt-out and actually confirms my fears. The bottom line is consent, not whether we trust Phorm, but whether we consent to allow Phorm acces to our data. As a few commentators have pointed out, the DPA seems to give individuals rights to choose not to have our data processed (beyond what's necessary in providing the service). Great question Chris - it's NOT a privacy story per se, it's a question of informed consent and an extremely detailed question about system ownership at the interfaces, what is passed onto systems owned by a third party and whether the opt-out is effective. Another audit please - of the opt-out arrangements! But Chris - where were the questions on interception and RIPA? RIPA possibly requires consent of ALL parties to a transaction. Also the claim not to read form data still means one side of a transaction could be read because e.g. Facebook prints a message thread in clear. But as I said, the most worrying part is the fact that data is passing to a third party. We may trust Phorm, but once the precedent is set and rival companies enter the market, where do you draw the line? What safeguards are in place to make sure the people working on the software aren't up to mischeif? Malicious back doors, simple coding errors or unauthorised features beyond the scope of the consent. I DON'T LIKE IT AT ALL.
I call bullshit!
"Long term, we believe if you're opted-out the experience you're going to get is quite crappy because you're going to get bombarded with ads."
The way I understand it a site like the Guardian Online sticks one or more Phorm powered ad-spaces on a page, the ad in that ad-space is served from Phorm's servers. If you have the Phorm cookie you are served a 'tailored' ad in that ad space. If not you (I'd assume) get an ad tailored to the site rather than the user in that ad-space.
So how are we going to get bombarded by more ads if we turn the Phorm cookie off? Can the site in question sense the cookie is not there, re-format the page (or and serve more ads in more ad-spaces if you are not?
The only obvious way I can see this happening is if Phorm actively try to make the non-submissive user's experience 'crappy' by, for example, launching a whole load of pop-ups from code in the Phorm-driven ad-spaces trying to sell you any old crap (which can be quite lucrative in itself) along with the odd popup saying "this wouldn't happen if you did what you were told and enabled that cookie".
So that statement is either FUD or a protection-racket style threat, either way it's not a good indicator of a trustworthy company.
In any case I simply don't care how trustworthy Phorm SAY they are. I simply do not want anyone monitoring my browsing and would not sign-up for an ISP that allowed it. I would seriously consider boycotting sites that took advantage of such a system too. At least you can block/refuse doubleclick cookies - with this you have no choice; Phorm get to see all your browsing whether you like it or not - you just have to trust them not to abuse it and I'm damned if I will trust a company that does not offer a *complete* opt-out of such a system where no monitoring at all occurs if you opt-out.
On a final note..
"Our [non-executive] chairman is the former chairman of Microsoft UK [David Dornan]. There's nothing shady"
Ah, that's OK then because Microsoft are a paragon of transparent, open and fair business practices?
I'm sorry Phorm/BT/Virgin,
I do not see how you can suddenly decide to start reading the streams of data that you're not allowed to read, for any purpose.
This is disgusting!
The only even slightly palettable way to handle this is have, at an account level, an ON/OFF option. If that account connects from any computer, the option applies.
All this playing with cookies nonsense means an excuse to read the data due to "user error".
Requiring the cookie to turn this off means people will:
1) No longer be able to block cookies for safety as yours will be needed
2) When clearing any cookies that were required (happens sometimes) they may delete your "opt out" cookie. That would mean they're opted in again.
I'm up for contacting ofcom as often as needed until this is squashed... anyone else?
1) Even if you opt out your datastream interacts with the Phorm system. This, alone, is anough for me to oppose what is being planned. Opt out should mean fully out. Phorms comment that their system will degrade everyones browsing equally, regardless of whether they opt in or out, is not reassuring.
2) This isn't going to reduce the number of ads that I see because I already use ad-blocking technology that cuts out virtually all adverts. This is technology that I chose, that I control and that does not expose me to potential privacy breaches. I can even examine its source code if I wish. How can Phorms offering be better?
3) With ISPs desperate for revenue we all know that they are going to force this on us in the end. Sure, its all touchy-feely in the beginning but those who don't take the carrot will get the stick, probably in the form of higher prices or more restrictive ISP contracts.
4) The whole track of more relevant ads is laughable. There is no such thing as a relevant unsolicited advert. If I want to buy something then I can research products on my own. If I don't want to buy something then no amount of ramming adverts down my throat is going to change my mind. If websites need revenue then why don't they offer a no-ads/subscription option? Where available I take this option.
Chalk up another user who ignores advertising. Even when it gets past Adblock, which is rare, I mentally edit it out. I will never buy things from adverts in the same way I will never buy anything from people who cold call me. I want something, I'll look for it or ask someone to recommend somewhere to get it. Personal recommendation and reputation have vastly more weight than an online ad, targeted or otherwise.
The one thing I wanted to see in this interview, which there was a conspicuous lack of, was the legal standing of the process. First off, they do not have my permission to intercept my internet traffic (RIPA). Secondly, despite what they say, they *will* be processing personally identifiable data. Even if they throw it away as they claim, they still have to process it in order to decide what to throw away and thus fall foul of the DPA since they do not have my permission to process my personal data.
Any lawyers want to comment/find fault with my interpretation?
mo' money, mo' adverts
I certainly see a logic where a given financial return for a advertiser can be obtained by a fewer number of better placed adverts, but logic then follows that they would make even more profit by even more well targeted adverts. with a given volume of ads being sent to a potential customer per page there's clearly going to be contention for that volume, so surely that volume would creep back up, and a "responsible" level of advertising would be again dropped in favour of what level of user experience will be tolerated before they go elsewhere.
Leave it alone
I for one like the rich and diverse experience I get at the moment. The ads and links on websites are varied and I visit many pages I wouldn't normally go to.
If all the ads were about technology and sport I would lose that diversity - I already know I like these things and have bookmarks to my favourite sites all over the place.
I like the diversity of advertising, I like the different things I see. It adds to my experience and knowledge.
Clear of Phorm - I don't want you
DO NOT WANT!
1) opt-out via cookie is unacceptable. Some devices/programs I use that access port 80 don't have the ability to store cookies.
2) Even when opted-out, your browsing is mirrored to the profiler. This causes 2 problems in my eyes: (i) what's the point of an opt-out in the fist place? (I use Ad blocking plugins) and (ii) at the very least it's a transparent proxy, and that brings up a whole new set of problems we've only just got rid of.
I don't want it, don't need it and will take my ISP to court over section 11 of the DPA if it's implemented on my connection. I have sent that in writing via registered post to the data controller of my ISP.
"When you actually poll people and you say to them "what are the things that irritate you most about the internet?" they'll say two things: being bombarded with the amount of irrelevant advertising, and online dangers."
Being bombarded by Irrelevant advertising, now phorm want to do that with targeted ads?
"Long term, we believe if you're opted-out the experience you're going to get is quite crappy because you're going to get bombarded with ads. Of course, the ISPs benefit too from the additional revenue. That's not evil."
This seems like some kind of threat, I wonder if they are working on a secret system to inject crappy ads to all those who opt out?
I know this all sounds too paranoid but I go to great lengths to protect my privacy, blocking ads, blocking scripts and using my hosts file. I really do not want my habits monitored that closley. I would "Opt out" of my ISP (BT) but they recently offered me a promotion to reduce my monthly fee if i signed up for 12 months longer, no mention of Phorm in all this................
Call me paranoid but if I want to search for something I'll do just that, I dont need someone telling me what they think I want to see.
In or out -- does it make a difference?
"What happens is that the data is still mirrored to the profiler but the data digest is never made and the rest of the chain never occurs. It ought to be said that the profiler is operated by the ISP, not us."
So, does that mean that the data is collected anyway - whether you opt out or not and somehow the data fairies don't look at it, just turn the other way?
It sounds like they've set things up and are trying to say that they don't control it?
As the man says - it's all about money from advertising, the holy grail of lazy bastards who would pimp their grannies if the revenue stream was right.
MY data belongs to ME, my ISP has no right to sell it!
Royal Mail are not allowed to open my mail, analyse the contents and sell their conclusions; it's MY MAIL!
My telecom provider is not allowed to tap my phone-line, monitor my conversations and sell their conclusions; it's MY CONVERSATION!
My ISP should never be allowed to intercept my data, analyse the information and sell their conclusions; it's MY DATA!
These companies are paid for their services, to transport/transfer information on my behalf. The information itself BELONGS TO ME.
Flaw in the logic
The more links you have in a chain, the more attack vectors there are - this is one of the most simple things to comprehend, and Phorm's "team" seem unaware of it. Looking at it as simplistically as possible, you've now got 2 environments that your data flows through instead of 1 (phorm + ISP routing, rather than just the ISP's routing). Simple statistics means that this is less secure (attack chance(ISP) + attack chance(Phorm) CANNOT be less than attack chance(ISP)). They're either so stupid they can't understand this, or they're intentionally misinforming people - I'm not sure which of those possibilities worries me more.
We've also got the phorm environment in all ISPs (instead of the ISPs having different setups) which means the attack vector is now a standard one instead of ISP specific. Yes, it's a subtle distinction, but it's an important one. Someone finding a vuln in Phorm (especially if it's client side) could subvert every single ISP that is using it, rather than just the one.
They've happily admitted the data is flowing through their systems regardless of opt in / opt out... Which is so dodgy it's not true... If someone hacks phorm then even if you're opted out, your data is made available to them.
Lets put that last one into "real terms". If I send an email to my mother (EVEN if I've opted out) saying that I'm going to be away from home for a week, and asking her to feed the cats - this has gone through phorm. If I also place an ocado order, then my address has gone through phorm as well. Most webmail systems use https only for sign in, and ocado only uses https for sign in & payment - the rest goes through in clear text. Therefore my ISP has just given (without my permission) my address and my holiday plans to some random person that now knows when to raid my house. Thanks, ISP/Phorm, my insurance claim will be sent to you shortly.
The Internet is not free
It seems to me that "free" web services, such as Yahoo! and Google? groups are paid for by the people that don't block the adverts and actually respond to them so that the advertisers carry on paying for the adverts and therefore the "free" service. If blocking adverts was very easy (i.e. my mother could do it) or advertisers were stopped from advertising, no "free" services would exist any more. Is this what we want, a kind of BBC Internet with a licence fee?
I am a moderator on a charity's Yahoo! group (Freecycle) that simply would not exist if we had to pay for the service. I also use Google? Mail and subscribe to e-mail lists from other groups, all "free", so if the advertisers stopped putting their money where their mouth is I would have to personally pay for e-mail and subscriptions to my "clubs".
We are right to keep a close watch on the advertisers and their ilk but stopping them from doing their business would end us up in a different cyber-universe. Is that what we want, if it could be achieved?
This is layer 7 redirection, make no mistake, they get everything.
You only have Phorm's word that they discard personal info, the layer 7 redirection gives them everything.
If they discard it today, who's to say they don't change their minds down the road.
What happens when their kit is hacked and all the nice data is piped into a private IRC channel?
This is interception of everything that goes down your ADSL/Cable line. Only appears to be HTTP today, what about SMTP, all your personal correspondence and files transmitted as 7 or 8bit encoded text, just waiting to be parsed for what they call key words!
The Google diversion has some credence, but you have to visit them *directly* (or via a toolbar; you didn't install that did you...), type the words in the box and press a button.
Nothing to steal
They seem very relaxed about their security since they have nothing worth stealing, I take it they did not consider the possibility someone might use their wonderfull new spyware , er i mean adware system to spread malware to users ?
But then.. I guess thats what its designed for anyway.
RE: It's not your data
Too right. I could make a great deal of money with other peoples credit card details - sure as hell doesn't make it right to sell that information to me, or for me to make use of it.
Re BT not getting back to The Reg
Is there some way we can legally force an answer out of them?
There is something missing from that explanation.
If the channel selection is based on the data digest which is then discarded, its not much of a targeting system. The ads are effectively page specific. However, the design seems more able to build a profile from all the pages visited by a specific cookie, then whatever pages you're visiting you will get targetted ads. E.g. if you spend half and hour looking at "fast car" web sites and then check the weather. Are you going to get ads for umbrellas or cars? Then first thing the next morning when you check the guardian headlines (suicide bombs in palestine, iraq and afghanistan) are you going to get insurance ads or car ads?
They should tell us what is stored in the cookie.
re, the reduced ad thing. Sounds like marketing speak. If successful their system will be charging advertisers more per ad, since advertisers are getting fewer ads for their money, fewer ads will end up being displayed on sites affiliated with this system. Other websites affiliated with other ad networks will get more ads for the same money, so more ads for you. Question deflected without reference to absolute numbers of ads or how they will cope with an influx of advertisers if their system is succesful.
Government spying by proxy
First - "tell us which IP addresses accessed this paedophilia site"
Then - "tell us which IP addresses accessed this terror site"
And then finally, the real point of this..."tell us which IP addresses accessed mininova,com/thepiratebay.com"
I bet the RIAA can't wait!
It all comes down to trust.
They provide me with targeted adverts. So what, I block them.
They provide me with an anti phishing service. I already have one.
So for no benefit to me they ask me to trust that they don't store any of the data that passes through their servers. From what others have discovered about their activities in their previous incarnation I can see no good reason to do so.
So, they don't store data?
If Phorm don't store data, what is that cookie on my PC? They are using the largest storage area network on the planet.
DO NOT WANT
In negotiations currently with BT Retail to move away from their broadband network, this is not what I signed up for on the T&C's and the fact that they ran it without my consent is a disgusting abuse of their position of responsibility & trust. I am strongly considering legal action. (BT have stated to me that they have to revise their T&C's on the launch of Phorm's service)
It will be interesting to see if this ISP based Adware (since when was Adware ever a good thing?) takes off, I am more than happily sit with an ISP which allows the website or the websites chosen provider to deliver the adverts rather than allow my ISP to decide a portion of my online viewing.
again for the record: DO NOT WANT
There are some positive points here, more than I was expecting by far. But as far as I'm concerned if my web browser makes a request for www.google.com any packets related to that request should go direct to the destination, no information other than that required to route the packet correctly (Destination IP, ttl) should be read by ANY intervening party (even ISP web cache's included here). This should be the same principal used for ANY protocol. and ensures an open and free internet. If the ISP's can't afford to provide the service they are providing they should up their subscription fees, not sell data contained in packets they should not be looking at onto third parties.
It might just be web pages now, but what if they started reading POP3 traffic? even with the privacy guards they have in place, which do sound quite good, it would be a negligable task to redirect the first recieve a client makes, and deliver a targetted spam email.
If we start giving away our freedom on the web then other protocols would follow, it's only logical. This cannot be allowed to happen. The fact that a browser has to make two requests is very likely to slow down the end user experience. There shouldn't be a requirement to opt out with a cookie.
However, I applaud phorm for being open about this. I expect that I'll just end up one of a hardcore of users that feel this way and want to have nothing whatsoever to do with the service. For this reason I urge phorm to be open and disclose the following details;
Any IP address ranges associated with the phorm service, that users being tracked would normally connect to, either at phorm or at the ISP directly. with the view that this hardcore of users would like to block the service at our routers, not by using a cookie.
I'd also like to see a discussion on what / how the above would work (I'm assuming it would), and the advantages / disadvantages compared to doing it at the cookie level, published, on your site, so that less technical users can make an informed descision.
ok so assuming I've understood the interview correctly I'm less concerned about this issue than I was following the initial stories, assuming that it produces enough extra revenue to fund improvements in the service or cost savings to the consumer to actually justify it. The discussion on channels was interesting, specifically the lack of channels on adult or medical subjects. I would like to know whether the following questions could be answered:
would these channels possibly be added at a later date? The US seems to have a very big advertising budget for drugs so it would seem like a lucrative market to tap into. Are there any assurances on this, and would the ISP be obliged to inform their customers in any changes on the channel restrictions?
Who owns the servers involved in indexing my browsing? And who is responsible for updating or changing the software that runs on it? Can they be changed without my ISPs knowledge?
You say you have passed an audit by E&Y, that can only be for true for the current algorithm. Will any future algorithm also be audited?
No, No, No!
Like several others her, I use AdBlock and NoScript to virtually eliminate ads from all the web pages I visit. The 30-second skip button is the most worn button on my TiVo remote. As far as I am concerned there is no such thing as a relevant ad. IMHO the Internet actually makes advertising unnecessary. If I want to buy something, I can research it easily, so why bother looking at ads?
I agree with the other commenters, the ISPs and Phorm are seeking to make money out of information that they have no right to use. Otherss have articulated the arguments why so thee is no need to repeat them.
I suspect that the only way to stop this is by legislation making it illegal to sell personal information, even when anonymised. This has to apply to Government agencies as well, eg.g DVLA. This way we can kill off the whole junk paper mail/junk calls business in one go.
Tinternet is not free
I pay numerous businesses for the computer parts required to build and update my PCs. I pay my 'leccie bill to power the systems. I pay BT for a phone line JUST so I can have broadband (I use a mobile for all telephone calls). I pay my ISP for the broadband connection.
I PAY for MY stream of data, I pay for its delivery and subsequent storage - it's MINE, Aaaaaalllllll miiiiiiine (cue (wo)maniacal laughter).
I do not want to see adverts at all. I hate popups, I hate rollups, I hate scrollovers. I don't give a flying fig if they are targetted or not. I am trying to read what is on the page and I NEVER click the link - for that way phishing tales lie. I used to...
I used to leave long flaming emails on the "contact us" links regarding the fact that I actively avoid all companies and products that I see being heavily advertised, but naturally, to no avail. It's a bit like a Chinese meal though - very satisfying at the time but 10 minutes later you want to do it all over again.
What we have is a subconscious encouragment to perform the most dangerous Tinternet practice known to hu(wo)mankind - the act of trusting spurious claims and clicking on unknown links.
Icon - because I'd trust her with my nads before I'd trust 121media with a picture of them.
CW for Prez
"It's important to understand the distinction between actually recording stuff and concluding stuff ..."
So if I sneak into your room behind your back and read your diary, that's not an invasion of privacy -- unless I xerox it ?
WTF ??? (ergo the Stop Sign)
Good Job on this story Chris & El Reg !
Yes, I know he says the profiler is operated by BT but, according to the DPA, opt-out means:
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless—
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
Basically that means if the data is personal, it should not be processed withuot consent? IANAL but WE NEED ONE!!
Time for a peer-to-peer HTTP?
We've enough problems with the government spying on everything we do without this bunch of clowns adding to our paranoia.
Maybe it's time for an encrypted peer-to-peer HTTP protocol to be developed. At least that way the marketards (and governments) won't be able to use the data.
The good thing about HTTP is it's simple to block advertising and other crap. We need a campaign to educate the vast numbers of oiks into turning off all these adverts. Still, all the time they're running IE adverts are the least of their worries.
Paris as it can only be someone like her who could dream up such a scheme.
Surely the fact that we've opted out (or rather, chosen not to opt in) to receiving advertising ought to be of great benefit to the advertisers who don't have to pay to have their ads delivered to unreceptive victims. A bit like the mailing preference service where most companies are happy to take you off the list because it's cheaper for them if they know you're not going to be persuaded to buy something.
And the less scrupulous websites?
If I understand this, Phorm and the ISP claim they they aren't compromising personal data because they don't keep it. Instead they store it in a cookie on your browser, so you're keeping it.
So what's to stop some less scrupulous websites from tracking your IP address, etc. and the contents of your Phorm cookie, and using the data Phorm collect to build up a profile of you that *does* identify you?
I like the post office analogy. This is just like employing someone in the sorting office to open every letter, read the contents to see what you're talking about, and pop in a couple of advertising flyers that 'might be of interest' before reasealing the envelope and sending it on. Personal data may only reside in memory and never be stored, but how many people would tolerate it anyway? Doesn't interfering with the Royal Mail still carry a length jail sentence? What a pity BT aren't still "part of the Post Office'...
Hang on, not even in doubt, clearly illegal without consent.
So all our data is mirrored to the profiler - it is this data stream that is the security risk. It doesn't matter whether the profiler is operated by the ISP, or Phorm, or somebody else, that is OUR browsing data being streamed off elsewhere, and we have no means of preventing it, or auditing what is done to it, or by whom. This cannot be legal, this is a simple wiretap. All the stuff about advertising streams, targeting and non-storage is an irrelevant smokescreen in this context. Interestingly I would consider it to be the ISP that would be breaking the law here, not Phorm. Unless of course they obtain our consent, back to the opt-out v opt-in argument.
Great interview BTW, looks to me like they are desperately trying to hold their business model together in the face of mounting opposition. And as you say, just wait until the US public wakes up to this...
Full webpage data *apparently is* stored, despite the denials above.
From last night's Webwise chat with Kent:
[Archived here: http://www.badphorm.co.uk/page.php?10]
"MBurgess: Pages are not tagged (or modified), and the keyword analysis process is offline so it can't affect response times.
narcosis: If the keyword analysis process is offline then in order to scan for keywords would you not have to have a copy of webpage in order to analyze it offline ?
MBurgess: Yes, a mirrored copy is analyzed."
How long is the mirrored copy kept? How is it deleted? This isn't just headers - this is a full grab of all web traffic *before* it's profiled and categorised.
Many actually pay to see ads
Unless one has an uncapped service with truly unlimited downloads, one pays for every advert delivered. Each advert eats away at that monthly download allowance.
Just about every other valid point has been covered by the astute Register readership. Not much more I can say. What I will say is that as an untypical non-consumer ALL advertising to me is an irrelevant and pointless waste of web page space and bandwidth. I tend to purchase things I need rather than things I want. I learned a long time ago that things I merely want are discarded in a short space of time. No amount of advertising is going to illicit me to buy an iPhone, visit a gambling site, or jump on the latest fashion accessory bandwagon. I certainly will not have any marketeers telling me what I need to have to be someone. I am just not that shallow nor insecure.
As for cookies, these as are adverts and scripts easy to control, check out the Firefox addon cookie safe.
Happy ad, cookie and script free browsing to you all.
I don't trust Phorm. Why should I?
I pay my ISP. If they want to sell MY data they can contact me to try to work out a deal. However the picture is a giveaway. It is obviously the evil Catbert who is controlling Kent Ertergrul.
Paris whose ideas are much more sensible than Phorm's.
ISPs haven't been in touch because...
Phorm are the scapegoats. Yes we'll sign a deal with you but you're out there on your own to win over the great unwashed pizza-munching technorati masses.
Maybe this raises serious questions about what ISPs are already upto?:
At least the less-informed press have got their headlines right, if not a slight comical factual error about Simon Davies (for the followers of yesterdays Biased Breaking C_ news)
BT selling customers' browsing histories
(And google news have picked it up - great!)
Comparing Phorm with phone tapping
Could it be possible for your phone provider to listen in to your conversations and record the use of certain key words, so that when you hang up, a third party that sells something that you mentioned would automatically be connected? Could this be spun as a service by the telco if they promised you would never recieve any other cold calls?
Would it be legal? If so, can I patent it? If not, why are ISPs & Phorm allowed to do effectively the same thing?
Still intercepting the data...
So lets say that we trust them when they say they don't store personal information, which as stated above is still dubious with the 'largely eliminating personally identifiable information' reference, the fact is they are still intercepting your traffic, even if you opt out.
I am sure that someone has posted a snippet from RIPA that says that at least one party needs to agree for the traffic to be intercepted (it's in the comments somewhere). If you opt out and they still intercept the traffic surely that is against the users consent and in contracvention of RIPA? The fact that they say they are not processing that information is irrelevant?