Fluff piece
This was a nice fluff piece.... Phorm controlled the conversation and used it to spin away.
Where were the hard hitting legal and technical questions I expect from El Reg?
Before I give some of my thoughts on how the technical side of it might work, let me just say that I believe that this system is (or should be) illegal as it is clearly interception not needed for the transmission of the data. Especially due to the fact that there is no way to get even implied consent from everyone who might use a connection.
However if I were to be implementing this system:
I would "copy" all of the http traffic - strip it back to the data stream (ie remove all the packet headers, IP addresses etc) and pass only the data stream onto the profiler. This could be done using transparent proxying but it would be better to use the advanced features available on most modern high end carrier grade routers used by the likes of BT and Virgin. Many high end routers can do this without any noticible hit on performance.
The profiler would then work on data streams meaning it does not ever need to save copies of any traffic to disk. The profiler would start a new thread for each new stream from the router, which would first check for the opt out cookie and if not found it would massage the stream in memory, spit out the 10 keywords for matching channels with the users cookie and then terminate. In this way, the profiling is not done inline (ie not on the live connection - just on a real time mirror of the connection)
Using this implementation I don't see any easy way to distinguish between connections coming from those who want to opt-in and those who want to opt-out. About the easiest would be to give all those opting out a static ip in a specific range and then filter the traffic based on that. But as many ISP's charge extra for a static IP, they probably don't want to do that.
Using the cookie idea means you get to distinguish between different users on the same connection (at least where they use different computers or logins - shared logins or the same user using different browsers will look the same) meaning you can better target the ads. However it also means that you can only opt-out using a cookie too. And having it be opt-in using a cookie would not work as too many users would delete the cookie by mistake and end up opted out.
Overall I'd say their claims of the privacy of the scheme are fairly accurate (thats not to say it can't be maliciously subverted - just that as they claim it "probably" doesn't record any personal information). The design is actually quite brilliant - apart from the fact that it is quite possibly illegal. Consider young children not related to the subscriber using the connection... no court would recognise implied consent in this situation.
Of course if Phorm are shrewd (I see no reason to believe they're not), they will they will be providing the profiler and the channel information to the ISP and just buying cookie to channel mappings from the ISP. They won't be do any interceptions or processing of personal information, the ISP's will. The ISP's could claim they are not selling identifiable information, but it doesn't solve the problem of the interception. And it is the ISP's that are left with the problem of sorting out the legality.