Multiple American ISPs are sharing customer data with outside firms that deal in so-called behavioral ad targeting, and according to one of these firms, the Silicon Valley-based NebuAd, roughly 10 per cent of all US web surfers are affected. These ad companies, which also include the Sonora, California-based Front Porch, won't …
el Reg - The mouse that roared
they say if America sneezes then the rest of the world catches a cold, well lets hope that the US and their zelous legal system is geared up to find a cure for what is already looking to be a greed virus infecting the central nervous system of the Internet.
Well done el Reg, keep up the good work!
A note to All ISP's
I bloody well pay you to carry my data and not to manipulate or meddle with it.
Image if it were a private phone conversation with my girlfriend in which we were planning sex in the evening and then all of a sudden a voice joins in and advertises condoms because this is the scenario you expect us do deal with if you bring in this Phorm type crap.
we shall fight on the seas and oceans,
we shall fight with growing confidence and growing strength in the air, we shall defend our Island, whatever the cost may be,
we shall fight on the beaches,
we shall fight on the landing grounds,
we shall fight in the fields and in the streets,
we shall fight in the hills;
we shall never surrender
Who the hell do these people think they are !
SSL Search engines
Can anyone tell me, are there any ssl search engines out there and would this stop the bitches getting my requests. Sure the search engine would be able to log the searches but would it stop this lot from targeting me. I mean if i got a case of the old itchi-nacka I wouldnt want my nine year child being presented with the best rub on solutions.
posted anonymously for obvious reasons, not that I'm paranoid, it's just the B*****s are out to get me, I'm sure him two desks over looked at me funny and her from accounts is talking about me, oh no their coming aaaarrrgh
The rise and fall of the WWW?
Didn't realise this was already up and running in the USA; stupid really there was bound to be more than just Phorm.
Does anyone have any technical information on how the NebuAd, FrontPorch, etc. systems operate? Do they, like Phorm, look at the contents of webpages?
As a webmaster/publisher I haven't been asked if what is published on my sites can be used by them. I would be interested to know how I can go about opting out of their system, or if necessary restricting/blocking their access to my sites.
Will the last one leaving the WWW please switch off the light.
P.S. Loved this bit on the Front Porch site - http://www.frontporch.com/html/redirection.html - if they had much more control you might as well just sit in front of the screen while they fed you what they wanted (like TV but just 1 channel).
There's one thing that's puzzling me in all this business...
Now, perhaps I'm unique in my use of this inter-thingy-wotsit but, when I go to the internet for browsing, my browser starts up with what I have set as my "homepage" and it has never been, nor ever will be, my ISPs "homepage". That being the case, how would I ever see that notice in order to be able to opt-out?? This is yet another reason why it MUST be OPT-IN ONLY!
Are there really that many people who have their ISPs "homepage" set in their browser. I never have any valid reason to go to my ISPs homepage - unless I want to check latest mobile/phone/services/prices or something - which are always notified in writing anyway if it's any changes to services I am already signed up for.
Perhaps my ISP isn't as big a scumbag as some of these others are?!? Although that could always change... Although there are still other issues - such as the 50 - 1 contention ratio!
PH because she's always confused ;-)
... by any other name!
Just stay clear of our data. Note the 'our'.
"With a one-way hash, we turn your IP address and other data into an anonymous profile, and we use that to see if you qualify for innocuous categories. We can track someone looking for a luxury car, not just a car - someone searching not just for travel but travel to the south of France or Las Vegas."
How the fuck is my earning power (which defines what sort of car I look for) "innocuous". I can't think of a more intrusive, private fact about me apart from my sexual orientation. My travel ambitions aren't much lower down the list.
These people just do not understand what identity is, what it feels like from inside one. They have no souls. I am neither exaggerating nor being metaphorical.
A minor correction
"...Phorm - the behavioral advertising firm..."
Interesting, I thought it was spelled "criminal, snooping douchebags".
a) The British Way: Write to your MP (or appropriate representitive in your respective countries). Wait 9 months for a reply. Find the issue wasn't raised. Take shafting in the rear, without lube.
b) The French Way: Take to the streets. Set fire to local exchanges. Demonstrate by the hundred and throw bricks through the windows of offices responsible for the outcry.
Can't do that, though. There are too many terrorists out there, and Maddy McCann hasn't been found, Princess Dianna WAS killed unlawfully, and Britney Spears is mentally incompetant. Plus, there's a new episode of Lost out this evening...
I can do better
I've been thinking about this targeted advertising thing - I reckon I can get higher correlations between people's browsing activities and the advertisements they receive without storing any personal information. I'll just display pr0n. We all know that the biggest use of the Internet is to display pr0n, so why not just make the advertising all the more targeted?
It's been building for ages
The entire concept that advertising on the internet should make people money has been entrenched for *years*. Ever since you got people selling the concept that ad's are a good thing online our rights to privacy have been erroded.
Up until now, it's been possible for a concientious, technically minded user to avoid them but now it's reached the point where even we can't keep our information secure.
As an interesting test, I blocked the most common root domains for advertising sites with my firewall. After just a week I had over 3,000 blocked connections logged and that's after a few hours surfing and most pages I visted had a clear "this site has been blocked" segment somewhere on them.
However, I can't see it ever ended, companies make money off joe public, the same people who keep spam going either by forwarding "joke" emails, or responding to viagria ad's. There's *always* going to be someone dumb enough to respond to an advertisment, just because it's there and unless we kill that behaviour it'll never get any better.
As an aside, I play on an MMORPG that's annouced it'll soon be included adverts in game. Unlike systems like Phorm, this has been well recieved because it included an up front statement about what it'll be harvesting and included a clear opt-out procedure that removed the textures from the game. I can live with this kind of advertising, in the same way I can tolerate a simple banner ad, because all it does is record that a unique view took place.
Why on earth doesn't...
an ISP stand up and say, pay us £50.00 pcm and we will guarantee that none of your usage is tracked, offer a secure proxy with unlimited up/down speeds?
it's what a sizable chunk of the market are interested in!
they could even refer to themselves as "Internet Service Providers" rather than the more popular modern offering of "Value Added Single Channel Advertising Stream Providers"
Pay me, not the ISP - but only if I consent to being stalked
Assume I opt-in (not gonna happen, but lets play the game)...
If my surfing habits, et all, are of value then I deserve to be compensated for allowing my actions to be monitored. Give me cash-back on my surfing.
ISP's can give me the option of free broadband with targeted stalkertising, or I pay for access and keep my privacy. I know what I would choose.
Most non-technical people understand that nothing is really free (as in beer), so this would highlight to the majority that *something* was not right.
FREE BROADBAND FOR YOU!
Sign up to this service, that doesn't do anything bad at all - really - it is for YOUR BENEFIT only, and makes your online experience better. Click OK to accept, and you will NO longer be CHARGEd for your BROADBAND access.
A normal response to this...
Darling fascist bully-boy,
Get out of my private details, you bastards.
May the seed of your loin be fruitful in the belly of your woman,
Because they already did something very similar by calling their service "Unlimited". People believed them, paid the £50, and used the "Unlimited" functionality to watch videos, download software and music, and play games. the problem is that with so many people (3%, apparently) using this "Unlimited" connection speed, other people were losing out and getting slow connections. Somewhere along the line, "Unlimited" became "Unlimited, apart from when you hit this LIMIT on how MUCH you can download, at which point we will LIMIT how FAST you can download. Oh, and you get to pay more for the privilage."
When that didn't work, they went with this advertising gamble. Their point of view is that the 3% who use it to capacity (read: those who know anything about computers) will kill their contracts, and the problem will solve itself. Those 3% will go elsewhere, the bandwidth defecit will disappear, and they can make money selling advertising data from the remaining 97%.
New anti-spyware business opportunity?
There's bound to be loads more of this new breed of spyware appearing. Probably the computer security companies who specialise in anti-spyware, etc. need to start looking at a new product for those who run web sites.
National laws might (I hope) protect end users from their own ISPs and there's always the option of switching ISP. But web site owners will inevitably have to cope with an international free-for-all as they have no real control over who accesses their data. The counter-measures against this sort of spying are bound to escalate into an arms race and require frequent updating. This sits rather well with the existing anti-spyware (and anti-virus/anti-spam/anti-adware) business model, so come on guys - get coding!
What I don't get
...is how they can target ads at you if it's all completely anonymous. How can you track someone if you don't know who they are (i.e. don't have some sort of identifier which at any point can be traced to a particular machine), let alone serve the poor buggers "relevant" ads based on their browsing history?
Sounds like someone is being economical with the vérité.
Any known ip addresses that can be blocked?
Safari does it?
In the Guardian today, it says that Safari, unlike other browsers, automatically blocks such ads. Is this true? If so, let's all get Macs!
Private data and public data is a matter of semantics (pun!).
That they "notify" and let you "opt-out" now may be not so later if it is indeed true now.
There is no happy middle in this stuff because once it is accepted then generally market forces eventually create a surveillance system out of a little innocent ad-ware.
If the ad-ware company and ISP are going to profit then it has to be private data and should be treated as such.
The underlying problem ...
Notionally, what Phorm & Co are proposing is logical and perhaps not really that bad in concept, no more so than supermarket loyalty cards tracking purchases made to tailor offers to customers ( though that doesn't seem to have materialised as planned ). Would email spam be quite as bad if it were actually something we were interested in ?
The problem is the opt-in choice and consent plus how the data is collected and then used.
Supermarket tracking avoidance is easy; don't use the loyalty cards and that works even if one were opted-in by default, if supermarkets did use credit card details for purchase tracking, pay cash or by cheque, likewise if (when?) credit card companies start tracking.
Notably loyalty card opt-in is coupled with reward, something Phorm & Co don't offer in any substantial form, although I can see ISP's offering two-tier usage, a discount for Phorm opt-in, in reality a surcharge-come-penalty if one won't.
I don't see the problem with getting targeted advertising - no different really to the non-targeted ads I ignore now - but I am concerned about what else Phorm and ISP's will be doing with the tracking data.
Tracking is likely to become a reality no matter what if there's money to be made and those doing the tracking will want to maximise profit from that. No matter what Phorm and ISP's promise it's near worthless and without legislative protection end-users will have none. Righteous indignation only goes so far in stopping its inevitable progress.
Unfortunately we live in societies and have governments which believe in a surveillance culture and tracking so, IMO, we have to face that fact, and the key is in getting a legislative framework in place to protect those users who do not want to opt-in and where "go somewhere else" is not a viable option. Let people opt-in ( as they will by the drove if loyalty cards are evidence ) but protect the rights and do not penalise those who do not wish to.
The fight is currently with the wrong people. Phorm or some other reincarnation will always be proposing to do this tracking - it's viable, it makes sense to those who see benefits in that, it's not evil per se. The issue is what government allows to be done with a 'couldn't give a toss for the citizens' attitude. Sadly, it could ultimately be another case of "resistance is futile" until the long-awaited revolution arrives.
Paris : 'cos I'd opt-in for a bit of that.
Its the content, stupid!
Companies like Virgin Media and Sky see 'broadband' as just another channel down which to stream their 'content'. And make no mistake by content they do not mean Battlestar Galactica or Lost. What they mean is advertising, which is where they make their money. Unfortunately in the UK nearly all the ISPs have been snaffled up into these multi-channel media companies, whose objective is not to enable us to participate in the 'Information Superhighway', but to be passive recipients of whatever junk companies will pay them to stream at us. Thus dirt cheap broadband joins 'free' mobile handsets as the primary means to ensnare us into their spied on, profiled, customer-unfriendly consumerverse.
Yes Safari blocks Phorm cookies
But you don't need a Mac to get it as there is Safari for windows too. But getting a Mac would be a good idea anyway.
How can you be anonymous if each profile is tied to an IP address? ISP's have logs of who gets what IP address. This database isn't anonymous at all except in the fact that your name won't be in the database itself. Instead, theres a unique identifier in the database, that can be tied to your name in a different database.
all right, enough is enough
IT is time that we all start using proxy's and SSL sites. fuck these guys and stay right the fuck away from my habits
Yeah, I've been trying Safari for windows for a few weeks, and it is a nice browser, although not without it's problems.
The bonus on it is that it's default setting is to only only cookies from sites you go to, not the 3rd party ones.
For example, if I went to thisisanexample.com (a site which makes use of googleanalytics ads) it will allow a cookie from thisisanexample.com but you won't get any cookies from google etc.
Ideally Firefox would introduce the same default settings (or at least the ability to change to those settings) as it is the better browser overall.
Well, the most ideal situation would be to beat Phorm into bancruptcy and send the message that our browsing histories are not for sale... Not now, not ever!
If they did this to the postal mail...
Everyone would be VERY upset. It might go like this:
Oh, we are from a nice company and are going to open your mail to see what you do. We will then send you ads based on what you send and receive. Oh, and we are going to open the packages from UPS and FedEx to see what you order, and target ads there as well. By the way, the price of a stamp is going up.
What needs to be done is classify ISPs as common carriers. They can't do anything with the contents of the stuff they send without a court order.
SSH tunneling services are available
When my ISP, Cavtel a/k/a Cavalier Telephone, "partnered"* with Google, I signed up for SSH tunneling to a proxy server. The service I use also provides disposable email addresses, all for a reasonable fee. Every packet my ISP sees, including POP3 and SMTP, is encrypted and uses nonstandard port numbers.
*Cavalier Telephone has apparently become too cheap to provide its own email servers and so sells out its customers to Gmail, AdSense, and all the rest of the crud. which goes with it.
I think everyone needs to calm down
I'm a web developer and I've studied up on the various processes used by these companies. So as someone with what I'd like to think of as more than a little knowledge on the internal workings of these targeting systems i can tell you a few thing about it.
Second, it's session based so when you disconnect (I know, hard to do with cable modems or DSL) the session info is thrown out.
From a "user" perspective, I'm already getting slapped silly with ads on the sites I visit and I just simply ignore them. I could care less if they are "tuned" by the fact that i just went to a motorbike site, I'm still going to ignore them. They claim they dont track anything that could "embarrass" you, who knows. What I do know is that is if I go looking for nudie pics of Paris Hilton one day (god only knows why) and the next day my wife gets served ads for porno vids because of that, I'll be a bit peeved.
When it comes right down to it there's really no difference between this and what you get at any internet cafe for free access.
Not enough is known about the difference between browsers. The suspicion is that the only reason Safari is on the "can't use" list is that it does not accept httpOnly cookies which means that a website can read the Phorm set cookie just by using a client side script.
For other browsers, the script that reads httpOnly cookies has to be server side. As the 'black box' strips out the cookie from the headers sent to the server, a server side script will never see it.
So, only browsers that enable the hiding of the phorged cookie can be used by the profiler.
As this Safari 'bug' is likely to be fixed in a new release, it make more sense to use a browser where you can set your own user agent and have better control over 3rd party content.
It does not matter what the marketers call these new advertising platforms, they are nothing more than spyware written by a rootkit hosted at the ISP.
Anyone who knows anything about deep packet inspection systems recommends that you don't use an ISP that uses this technology because it can do anything to your internet traffic and you will never know what has been added or what has been censored.
Thanks to El Reg for picking up on the US side of the profilers. I have been commenting about them for the last month and the silence returned left me wondering if I was in a sound proof room.
When the El Reg reporters start to catch up with how the profilers are working in Asia, maybe then the extent of the battle ahead will be more apparent. FrontPorch have been around for years - what were they doing in the early days?
Are all the players former rootkit / malware / spyware / adware merchants? If they are then we all have a very good idea of just how expensive and difficult it is to remove their spying off our systems.
When I was young my family went to a Shakespeare play. At one point someone in the audience shouted "MURDER!" very loudly. I asked Mum why, and she said they'd missed out or changed a line from the original script.
Let me leave it to the reader to percieve how my story applies to this article.
Safari - cookies - adblocking - doesn't solve the real problem.
There was a version of that Guardian/Charles Arthur/Phorm article on Tuesday which had comments, including a comment which explained in simple terms why the article was misleading because there's little point blocking cookies etc. http://blogs.guardian.co.uk/technology/2008/04/08/cambridge_expert_use_safari_to_evade_phorm.html
Cookies don't help, Safari doesn't help, adblockers don't help, if your concern is that Phorm and your ISP are still intercepting and processing and analysing and recording details of your private personal Internet traffic.
The fact is that all that happens with Phorm if you use safari, or otherwise "opt out" using cookies, is that you don't see the targeted ads.
But the targeted ads aren't the real issue anyway.
The real issue is the unlawful interception and processing of personal private data, and the cookies don't figure in that part of the Phorm business model, customer data is intercepted and processed whether they are opted in or opted out. Your only reliable "opt out" is to opt for an ISP that doesn't do deals with Phorm.
Please, if you hear anyone else spouting rubbish about cookie-blocking or ad-blocking being of any use in stopping Phorm processing your personal data, put them right.
Here are the relevant comments from that article (with their author's permission, and including their link back to El Reg :) ):
The cookies might disable the delivery of the adverts (there are other ways of doing that too) but users' traffic is still passing through (and being processed by) the Phorm-managed kit installed on the ISP's core network, which really ought to be a much greater concern (not that there's ever been any guarantee of privacy on the Internet, but there are *laws* about what can and can't legally be intercepted).
Let's look at a postal analogy, which perhaps may help.
The Royal Mail signs a deal with a 3rd party to deliver extra-targeted adverts to RM customers. The 3rd party has a machine in the sorting office which gets to open everybody's mail, and reads it, unless it's encrypted. The machine records details of the content of the mail, and uses that record to add "carefully selected targeted direct mail" when the postman delivers your post (targeted direct mail = your web adverts). The advertisers whose extra-carefully-targeted ads are being delivered get to pay for the service, obviously (these people initially included The Guardian, remember?).
The mail targeting service isn't described as such to the end user customer, it is described as an "enhanced privacy service", which the end user can opt out of, but by default you are opted in.
If you do choose to "opt out", your mail still passes through the subcontractors mail-opener-reader, and mail content details are still recorded. The only difference opting out makes is that you get a post-it note attached to your letterbox that says "standard junk-mail only" (post-it note = cookie) so you don't get the personally profiled adverts, just the default ones.
Taking the analogy a tiny bit further, the Royal Mail's Chief Technology Officer would have been involved in the running of an illegal mail-interception trial whose existence was repeatedly denied at the time, and after the trial the RM CTO leaves to go and be CTO at the company doing the interception. Some two years later the truth begins to emerge...
He's a good man.
Thursday 10 April 2008
Dear Paul Goodman,
I have read the revised ICO report on the ‘public versus Phorm invasive
technology’ argument and I am satisfied that the ICO have done a good
job in clarifying the ‘opt in’ option as being the only legal way to
move forward with this advert system however I have to express my
concerns regarding the planned trials of this system.
I think anyone would agree that such a system could be open to abuse so
surely some rules should be applied in the early stages. The real
danger is that Phorm/Bt may rig the trials in favour of themselves by
showing you limited interceptions and minimum adverts. These actions
will possibly make the system look like a good option to all concerned
but will this be consistent in the long term? My real fear is they will
step up the intrusions as the system progresses and our browsers may be
turned into bulging shopping trolleys forced on to us at our cost. I
say if Bt/Phorm cannot guarantee consistency of the trial model through
to the full working model then it must be prohibited.
I have to add that I am truly disgusted by the sheer amount of secrecy
involved in this Bt/Phorm venture and I cannot condone the huge level
of anger and disrespect aimed at our government by all parties in the
dispute. The net results of this only serves to frighten people off
using the internet therefore I would suggest the government play a more
direct role in assuring they are acting in a more protective mode on
behalf of all honest internet users.
Damn you brits
Keep phorm on your on shores
Where will it end?
I have Moblock and Peerguardian on all my boxes, I have Adblock plus and FlashBlocker on all my Firefox installs! I have spyware blockers on the Windows boxes. Now the ad blockers are too good for the bastards, they just won't leave me alone, they now want to collect the info direct from my "streams" as I surf. Occasionally I consider jacking my Internet connection in at home, if it wasn't for the need to catch up on the Reg and a connection to do my on call support for my work place. Perhaps a change of career might be in order, forest warden in the Outer Hebrides sounds awfully inviting right now?
Pay by the MB?
I wonder why an ISP hasn't come about that bills like other service companies do, based on usage. My electric and water bills vary every month depending upon how much i run the lights and shower.
Selling off users privacy to make up for a shoddy business model is unacceptable.
re: SSL Search engines
Scroogle scraper - https://ssl.scroogle.org
By all means get a mac but...
... although Safari lets you block pop-ups, restrict the source of cookies, and with Safariblock block the display of all ads, you can achieve exactly the same on a PC using Firefox with Adblock. And of course you can always run the (free) Windows version of Safari on a PC - download from www.apple.com/downloads.
Knew this was the way it was
Heck I had just set up a new account with Sprembarq and not 20 minutes after I got off the phone and the account was fully activated in their system I was getting spam. Not just any spam either, but spam that used my full name. I was livid to be sure.
Poor old website owners.
Why pay website owners who only get a fraction of the *eyes*, when you can pay these ad companies who get (virtually) all of the *eyes*. This is going to put alot of websites that rely on adverts out of business.
P.S. If the ISPs and ad companies are allowed to do this, why not ole' Bill. His browser really does get all of the eye. "IE 9, now with targeted and tracked browsing."
Heres a question...If someone opted in on one of these companies looks at my website and is fed an overlayed advertisement over my page, am I entitled to charge Phorm/whoever for that advertising over my page? Infact, if they overlay their advertising over one that I have put on the website, thus reducing the chance of a click payment, Can I send an invoice to Phorm asking for payment to advertise on my site?
RE: SSL Search engines, avoiding adds and privacy
@ Anonymous Coward Thursday 10th April 2008 12:45 GMT
Scroogle Scraper (SSL)
for direct searches, or use the instructions for customising the built in search boxes of various browsers on its home page here:
The easiest way to avoid wasting bandwidth on irritating ads is to modify the hosts file. This handy little utility (for windows) will do it all for you and its blacklists are customisable are updated regularly:
I haven't seen an ad in years through a combination of this and other anti-malware programs.
Now I have a question for all of you in the know out there. Is there a encryption tunnel out there for bypassing ISPs subject to the EU's police state Data Retention Directive such as that provided by a popular Swedish website, but that accepts payment through direct cash transfer rather than paying by credit card, which defeats the object of the exercise (and paypal need some kind of ID also)?
There are still good ISPs out there who will provide a premium service with no traffic management for a fair price rather than cutting the monthly price so low they have to resort to things like throttling and Phorm to stay in business. I'm with IDNet and I'm happy. I pay a bit more a month than I did with my old ISP but I get what I pay for.
The *real* privacy invasion: Hitwise
They buy your clickstream from most US, UK, and Australian ISPs already. The ISPs, apparently, *do* include information about your address. As a bonus, Hitwise is now owned by Experian, the credit reporting company. This means they can connect your online browsing activity with your offline financial activity. As best I can tell Hitwise's techniques are not obviously documented on the web; even their wikipedia page is bland corporate stuff.
Firstly, I'd like to ask The Register's crack team to do a full investigation of Hitwise, so we can start seeing what's really going on here.
Secondly, I'd like to say that there IS something you can do... TOR is a technology which allows your requests to be routed through other computers, and other requests to be routed through yours. Unfortunately, it's pretty slow right now... they need more relay nodes!
Posting anonymously because I work for a company that provides online advertising services...
Back to BBS?
To heck with it. I'll be heading back to "old" days now . . .
Too bad all this advert driven junk has taken over.
Mine is the one with the "take this net and shove it" membership card in the pocket.
The Emperor Has No Clothes
Leaning back and meditating on the why, I realized there's a Big Lie behind all this. To wit, that all this snooping on web browsing habits and nosing around, contrary to marketers' claims, doesn't do a damned thing to increase sales of ANYTHING.
To claim that targeted advertising online makes a difference is just a ploy by the marketers to suck more money out of the pockets of advertisers and thereby keep themselves in a job.
Disbelief? Did I just hear a snort of disbelief from one of the El Reg readers? Well just stop and consider: how many times have you bought something because of online advertising? About the only exception I can think of is Amazon's (and other sites') "other customers who bought this also bought X, Y, and Z" suggestions.
So in the end we have yet another confirmation that marketers are professional liars. Not only do they lie in the advertisements they create, they lie to their own customers about the efficacy of advertising.
Liars! Do your mothers know what you do for a living?
This has gone too far.
As a professional, I had absolutely no idea that any traffic monitoring was occurring in the US. 10% is a staggering number if true. I really am not sure if my own data has been sold now. Is there a list of these ISPs somewhere?
I know very well that the "there is no privacy issue" arguments being pushed are total non-sense. That is what makes this infuriating. Both the user, and don't forget the web site owners too, do have a reasonable expectation that the data between the browser and the web site is not being routinely sold to 3rd parties.
This is very analogous to AT&T monitoring our telephone calls and saying "don't worry we've removed identifying information".
Whether or not they claim it is personally identifiable is irrelevant.
1. It isn't always possible to remove identifying information. Even hashed data can point a finger. If they can disprove it was anyone else, it was obviously you.
2. My data is mine with or without identifying information. They claim the user is acknowledging their "services", I guess that's one thing. However I suspected many users are being duped into monitoring and are unaware.
3. Web site owners have their own rights. The users themselves may not have the right to have this traffic monitored even if approve. The monitoring and analyzing of copyrighted material directly leading to profit could breach US copyright law.
To expand on point 3 - if the user downloads GPL content (for example), then any permutations to that code must be published. In analyzing traffic the ad agencies must build a database to analyze the content and choose ads. The information contained in this DB are directly derived from the copyrighted material (if the content were to change, so would the database). The DB may add knowledge, but it is still an extension of the original work even if it's ultimate purpose has changed. Under the terms of the GPL, this information must be freely available thereby breaking the business model for selling the information.
Some readers may find me argument far fetched. I'd like to hear other opinions.
I think everyone just needs to calm down
All these companies claim that the monitoring is session based so anything gathered is thrown away when you disconnect from the ISP (Hard to do on DSL or cable modem). Besides just look at Google, they keep records of EVERYTHING you search on for around 18 months anyway.
I honestly don't care if the ads I already get are "tuned" so that they are related to what I am doing at the time, I ignore all the ads anyway so who cares if I get more bike ads after browsing motorbike sites. It's not going to make me see more than I already am, and maybe it might even be less. What will piss me off is if my wife gets ads for Hustler magazine after I was surfing for nudie pics (secretly of course). Of course they claim that they only track things that wont embarrass you.
Besides, just go to any Internet cafe and you'll get the same thing, it's how they pay for the "free" access.
Well this sucks
Glad to see Verizon isnt on that list so far from what I have seen. Though knowing the size of this bandwagon thats bound to change. Might have to give up my life on the net if this does actually take hold since I dont need my parents using my computer and seeing the sheep* :-P
*baaaaaaaaahhhhd joke but you get the idea
/mines the one with the white wool collar
After reading so many Phorm stories I finally decided to mention Hitwise, only to discover that someone in this thread has done the same - spooky timing :-)
I would like el Reg to start looking at companies like this as well as Phorm - I can't really see much difference between them - other than Phorm is looking to put hardware in the ISP and Hitwise just buys the data.
The company I used to work for used Hitwise, although I was never privy to the info; i do know that it was VERY revealing about people's browsing. And, as stated above, it is tied into Experian, so they can do profiling geographically, demographically and probably some other -ically's too.
Perhaps you could highlight this sort of thing as well as Phorm so we can browse without our data being looked at or sold
No such thing as a one-way hash of IP address
An IP address has fewer than 4 billion possible combinations. Taking regional data into account, you're probably left with a few hundred thousand combinations at best. It would only take a moment to generate a reverse lookup table. Collisions are highly unlikely. Claiming one-way hashing is a complete lie.
I would sue my ISP if they were intercepting and sharing my data.