"I didn't switch on this service. Why do I have to switch it off?"

"Because BT's shareholders love money. They love it so much, that they would even sell your private data to gain money. Money is so important to them, that they think it is worth increasing the risk of compromisation of the network, increase the cost of said risk, violate your right to privacy, and lie to you. That is how great BT's commitment to money is. Please note that, at no time will you, the consumer, benefit from BT's increased revenue. If you find that you have in some way benefitted, please contact BT Customer Disservice so that your account can be downgraded. Please allow 4-6 weeks for someone to someone to help you."

</sarcasm>

"BT is beginning a trial of Phorm's ad targeting technology with 10,000 consumers this month, under a changed privacy policy."

Somehow I think this isnt the first trial, contrary to popular belief.

Isn't the answer simply to tell those who WANT to opt-in that they need to simply configure their browsers to use a proxy and then the phorm spyware can simply run against that proxy?

They never thought that the customers mightn't like this idea. Even worse, they appear to have built the system without a thought as to how traffic can by-pass Phorm's systems.

Dumb, dumb, dumb.

Speaking of which, this did make me laugh: http://www.badphorm.co.uk/e107_plugins/forum/forum_viewtopic.php?667

"Phorm closed the day down 31 per cent"

Isn't it wonderful what a bit of rude journalism can do to a sleasy business plan?

We the undersigned petition the Prime Minister to Stop ISP's from breaching customers privacy via advertising technologies.

Deadline to sign up by: 04 March 2009 – Signatures: 2,641

http://petitions.pm.gov.uk/ispphorm/

---

35% down - :-D

Joy!

---

<rant on>

Phcukoff Phorm!... Phcukoff Phorm!... Phcukoff Phorm!... ESADMFB's

<rant off>

There is a petition here - 2600+ have already:

http://petitions.pm.gov.uk/ispphorm/

You accidentally added a </sarcasm> tag....

The bird, because trying to reason with ISP's is like feeding tomato ketchup to a sleeping vulture.... messy and fruitless! :)

I'm actually marginally impressed with their reaction to their punters. Over the last few days, I've been looking at alternative providers to the one I have with CPW, even though this one is free (I have my landline with them). I would have been prepared to leave a decent enough* free service with CPW and pay for another one purely because of this Phorm stupidity.

Based on this, I'll delay making a decision. If CPW make their arrangements with Phorm on a purely opt-in basis, and they **guarantee** that none of my data will be piped **anywhere**, anonymous or not, then I'll stay where I am. Obviously I won't be "opting in" to Phorm's malware...

*yes, yes, I know, everyone hates CPW Broadband. But it's free, it's a reasonable speed (I average 5MB/s) and the download limit (40GB/month IIRC) is more than generous enough for my needs, especially when compared to comparable offerings from Sky / Orange etc which limit to 2GB/month.

.....what kind of idiot buys stock in a unproven dotcom, with a shady probably-illegal business plan, who are former spyware pushers, who aren't earning any money at all until the system goes live?

I don't know much about the stock market, but i do like the look of the *plummeting* line on that stock page.

Thanks El Reg!

I have nothing to fear, as I can never connect to the internet anyway.

Me:

"You are losing me as a customer if you go ahead with implementing Phorm's

data-mining package. A system like this should be opt-in." - Jared Earle, Geek

Reply:

"Please be assured that no decision has been made in terms of how we could

implement this technology. " - Neil Berkett, Chief Executive Officer, Virgin Media

But the battle is far from over. There is still more to do to show Phorm up for the slime that it is, get these ISPs to recognise that and drop Phorm completely.

Nice to see that informed customers (which we generally are here) can speak up, make a noise and make a difference to dipshit companies looking to screw customers. Oh dear, the share price has taken a bit of a dive. Can't think why.

The word is starting to spread.

Never thought I'd say this about CPW but they've actually listened to their customers and responded positively to them. Smart move, that.

Now if CPW can implement a system which prevents customers' data being passed to Phorm, why can't BT and VM?

Still waiting for a response from VIrgin Media, btw.

Smile because this is, I hope, the start of things swinging our way, Phorm being exposed for the crock that it is and being dumped well and truly. And because the share price dropping cheers me up.

I got a call from BT about 4 or 5 days before the shit hit the fan telling me they are reducing my costs by £2.00 per month if I sign up to another 12 month contract..............

well done Carphone Warehouse:

"By making the service opt-in, we feel the onus remains firmly with Phorm to make the service useful and compelling enough that subscribers will choose to join it. If it fails to do this, it will itself fail."

The first time I have EVER seen common sense by any major company!

The Virgin Media logo is missing from the Webwise front page. Wonder if something's happened...?

I contacted both of my banks, Barclays (personal) and the Co-op (business).

The Co-op got back to me the same day saying that as HTTPS traffic can't be monitored then as far as they're concerned their system is safe. They did say I should push BT for a definitive answer on what ports would be profiled as BT weren't very clear that it would only be port 80.

Barclays took until today to get back to me (from Sat 2nd March) with an apology for the delay, they said the delay was because they needed to consult with BT. Apparently BT has reassured Barclays that HTTPS won't be profiled and BT is satisfied with the situation. They did have a comment that confused me slightly though:

"Whilst this information gathering will not affect your Online Banking service in any way, there could be an increase in marketing related pop-ups which you may need to take action to prevent."

This confused me in a way as I thought I'd get the same number of ads but "targeted". I hope they're not planning on an additional advertising thingy where the Phorm servers in BT's datacentres send additional pop-up adverts. Even they couldn't be that suicidal...

People **do not want to be advertised at**. It doesn't matter if it's targeted or not. Do people watch TV just to catch the latest ads? No, they bugger off to the kitchen to make a cuppa while that ads are on because that way they're not wasting their time.

Honestly, I'm seriously considering having "I Am Not A Target Market" tatooed under my forehead. Right underneath uk.gov's barcode.

I'm sure Paris will opt-in though - she thinks the BT Broadband ads are a genuine soap.

If you think the PR story on the BBC News website contains factual inaccuracies (and you may spot one or two!) you can complain about it here http://news.bbc.co.uk/newswatch/ukfs/hi/newsid_3950000/newsid_3955200/3955259.stm

1) If you have savings, investments (like a pension) or an ISA, then YOU are a shareholder of large companies like BT since you savings are invested in the stock market mostly and mostly in blue chip companies that reliably make money.

2) Remeber CPW and the big brother advertising with all the racist stuff going on... well i would be surprised if they are not a bit more savvy about public opionion after that one!

... phuck Phorm and BT and Virgin. CPW has never had my custom so i dont feel i can be so nasty to them.

When reading the patent application. Everything Phorm and the PR people say is so much spin it is unbelevable.

The bottom line Is Phorm is messing with web pages, and storing peronal data.

EL REG Please use your power to investigate the Patent application. It says so much more then the PR people.

Just some scary stuff from the patent application

28. The system of claim 27, where the context reading software includes a script, and where the ISP is configured to embed the script into the web page.

(What they Are embeding Script into webpages) They say they are not.!!!

30. The system of claim 28, where the script is configured to cause at least a portion of the browsing information to be stored locally on a computing device running the browser.

(so they are storing browsing info) Even though it is on my PC it is still being stored without my consent..

32. The system of claim 30, where the script is configured to cause at least a portion of the browsing information to be stored remotely at the advertising server system.

(OH and I see you ARE storing my peronal information on your advertising Server) Why do you say publicly you do not do this.

So if they can and do insert Java script into the web pages, then it is likely that they can and will do pop ups.

I don't know how cheap *your* privacy is but mine is not in the GBP2 per month range. GBP2 may get you a minute when I'm feeling charitable.

Privacy is like virginity - once it's gone you'll never get it back

Paris - well work it out guys :)

"Computeractive has asked Phorm for an interview, which was initially granted but then called off. Since then the company has not responded to our requests to talk to us about the technology and address reader's privacy fears."

oh and

"Now the ICO has requested details of the technology and the deal from Phorm and the ISPs involved – BT, Virgin Media and Carphone Warehouse."

Moved to Zen from Virgin .They are saying it won't be used on their network. Virign told me they had no phorm involvement, which is great considering it's not true.

I noticed that the last article they did, changed dramatically from when it was first posted - this wasn't advertised by the BBC though ;)

This time I am saving snapshots here are the most dramatic changes so far :

NEW

"Campaigner Simon Davies was asked to assess its privacy measures as part of the work he does for privacy start-up 80/20.

He believed the system "advances the whole sector of protecting personal information by two or three steps", although he was not sure that the public was ready to buy into behavioural advertising. "

OLD

Head of Privacy International Simon Davies was invited to assess its privacy measures and he believed the system "advances the whole sector of protecting personal information by two or three steps", although he was not sure that the public was ready to buy into behavioural advertising.

NEW

Kent Ertegrul, chief executive of Phorm, told the BBC News website that he was confused about why the issue of opt-in versus opt-out was causing so much controversy.

"There is no way of not knowing that this is switched on. There is a clear choice offered to consumers and I am surprised that there has been so many questions about this. I find it a bit bizarre," he said.

For him the service is a win win for consumers.

"Having advertising behind it allows for better, cheaper broadband," he said.

OLD

>No Mention - Phorm's PR must have been straight on the phone to their friends at the BBC

Also The BBC say 1,000 signed the petition - actually its 2,700+

No link to the petition but links to Phorm's PR!

No mention that even if you opt out of Virgin or BT's scheme your information still hits the profiler! They just promise not to look!!!

That is the reason the CFW(TalkTalk) are changing their system to opt in and segregating the opt out user - so they don't get intercepted by any of Phorm's kit!

How could the BBC miss this?

Just occurred to me that I haven't seen any details of a source code audit by any government.

Just to check there are no back doors.

e.g. What if MP's/Judges/Police Officers where opted in...

If Phorm was comprised the cracker would know their browsing habits and could blackmail them.

hmmm...

http://www.thisismoney.co.uk/investing-and-markets/article.html?in_article_id=430955&in_page_id=3

"The development team for the new software was recruited from Moscow's elite Lebedev Institute of Precision Mechanics and Computer Engineering, a vital part of of the Cold War spying effort and still a centre for developing Russia's 'national security' computer systems."

Oh well thats ok then :)

http://www.badphorm.co.uk/news.php?item.18.1k has a link to the advice given by Simon Watkin of the Home Office in January regarding targeted advertising, although he stresses that the courts remain the final arbitrators of the act (RIPA). At the risk of summarising a summary, it basically says targeted advertising as described by Phorm (though not named explicitly) is probably legal if the ISP customer explicitly consents. More worrying is that it may also be lawful if the ISP can show that it is " being provided in connection with the telecommunication service provided by the ISP in the same way as the provision of services that examine e-mails for the purposes of filtering or blocking spam or filtering web pages to provide a specifically tailored content service". It gives an example of an ISP screening out religiously offensive material (do they do that?). This looks like a loophole, clearly not what the act intended but could conceivably stand up in court with the right PR.

Yes, it looks like he bought into the idea that selecting ads for you is an 'essential service'!

So it is not stretching the point too far to say that the Home Office gave this a green light in January, subject to it being tested in court.

The chairman of the company whose advertising model has caused a storm answers your questions

* Charles Arthur ,

* guardian.co.uk,

* Tuesday March 11 2008

http://www.guardian.co.uk/technology/audio/2008/mar/11/charles.arthur.phorm

Charles has done his research, well done that man :)

Going to listen to it again - I'm sure Ertugrul sidestepped the "opted out users info is still passed to the profiler" question...

Far be it for me to tell the illustrious El Reg hacks how to do their jobs, but it looks to me like there are two breaking stories here: one is 'Phorm are spyware scumbags after all' as per this story; and the other is 'ISPs courted by lots of other data pimps' based on the information supplied by the original (anonymous) poster:

"Phorm was late into the UK market. They really are just 'one of the many' who have also been trying to get into the UK market.

Here are some other behaviour target suppliers for you to get excited about - if your ISP is not looking at Phorm, they could well be looking at the competition.

The USA and Canadian ISPs have been signed up to this crowd for months, with daily installations.

NebuAd

Phorm

FrontPorch

Project Rialto

Adzilla

I hope other readers here can add to the list."

One that I found most intriguing was Project Rialto which describes itself as "a stealth company" and has job ads for software engineers with "focus on high-speed packet analysis", and some of the others which appear to have patents pending for essentially the same design as Phorm (I wonder how many of the buyers of Phorm stock know about that?)

Paris who allegedly knows about forking..

Based on the Home Office advice mentioned above, it would seem that if the ISP can position this as primarily an anti-phishing service, with the 'added bonus' of targeted advertising, it could be legal under RIPA. This in the same way as, for example, the ISP already scans all of your mail to screen out spam and viruses.

So that explains why the whole Webwise PR is around the 'safer experience'; not just for the benefit of 'poor dumb customers'.

Clearly they would rather have some sort of opt-out mechanism as a sop, preferably one that doesn't work too well, but they probably figure they are OK without it.

And the fact that the HO casually describes the ISP screening out 'unsuitable' material from web pages says a lot about how it values individual freedom, ie not at all.

So the best way to oppose this is probably to scare the ISPs with potentially disgruntled customers and their potential liability for the content of hosted sites.

So the Home Office is going to let Phorm's software intercept 9million UK citizens Internet and they aren't insisting on a source code audit by GCHQ?

Also any code changes would need re licensing, any mechanism in place for this?

...huge yellow slab like somethings, huge as office blocks, silent as birds, which hung in the air exactly the same way that Phorm's stock doesn't.

The problem with an educated population is that it asks questions; really pertinent questions; questions to which an answer is either extremely damaging to admit to OR which is just a downright lie to state. Phorm (and lets not forget Virgin and BT) chose to lie; CPW decided that discretion was the better part of valour and are already scraping back some semblence of credibility. The solution, of course, is to phuk up the education system some more so that nobody has sufficient common sense to see these [grrrrrr better not type that phrase] for what they really are.

In the El Reg article, Ari Schwartz, chief operating officer of the Centre for Democracy and Technology (CDT), is quoted as saying:

>>

Schwartz said: "When we first met with Phorm they actually told us they had all of the ISPs on board." He believes the reception ad targeting based on users' browsing habits will get Stateside is dependent on how it is rolled out. "Simply clicking 'OK' on the first sign up screen is not good enough because we know people don't read those things."

"There are precedents where the FTC has ruled that's an unfair practice."

>>

For those who may only have read the original article - still in Google's cache -

http://64.233.183.104/search?q=cache:G43IReSQBYIJ:www.clickz.com/showPage.html%3Fpage%3D3628633+phorm+%2Bnebuad&hl=en

there is now an update at the bottom of the page

http://www.clickz.com/showPage.html?page=3628633

which indicates that NebuAd are claiming to "track Internet usage of millions of U.S. users, or about 10 percent of the U.S. online audience". As they are only one of the many players in this market, how many American internet users are now benefiting from this system without noticing the wording in the T&C provided by their ISP? - every supplier of the profiler whose website I have looked at makes the ISP responsible for updating their T&C and Privacy Statements and getting customer consent.

I have not seen one USA poster here mention that this is even common stream in America. People I have contacted in the USA about this have never heard about any of it: one uses ad networks to monetise his sites, so he should be within a group of people who are aware of the benefits from the website publisher's point of view, the other is the head of an internet marketeers organisation that has many members across various internet marketing fields, and there again no knowledge about any ISP involvement.

Perhaps the CDT will start to investigate how this is being sold for those the other side of the pond? Wake up America.

How is it that so many articles about Phorm, NebuAd, et al are just being updated with the real facts rather than a whole new article being written. Anyone reading the original Clikz article would not get very excited about 10,000 - 30,000 users being on the system. But, 10% of internet users and more profilers being installed daily? - now there is a story worth investigating.

Another point I find interesting is that, in the US model, 10,000 - 30,000 users represents one installation of the profiling equipment and BT is about to roll it out to 10,000 users. Perhaps the slow responses form VM and CPW are more down to waiting for reports from their cost accountants on the minimum number of subscribers that make the profiler profitable. BT already have the profiler installed(?) so rolling out the system will only serve to offset the costs of installing the profiler/s.

Paris - because the questions are growing faster than the answers.