back to article Phorm launches data pimping fight back

A week is a long time in internets. Last Friday we all felt like we were shouting at the bins about Phorm and its deals with BT, Virgin Media, and Carphone Warehouse. Now, you can't move for stories about data pimping and the massive change in people's relationship with their ISP Phorm represents, not to mention the new legal …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Coat

    Fluff piece

    This was a nice fluff piece.... Phorm controlled the conversation and used it to spin away.

    Where were the hard hitting legal and technical questions I expect from El Reg?

    Before I give some of my thoughts on how the technical side of it might work, let me just say that I believe that this system is (or should be) illegal as it is clearly interception not needed for the transmission of the data. Especially due to the fact that there is no way to get even implied consent from everyone who might use a connection.

    However if I were to be implementing this system:

    I would "copy" all of the http traffic - strip it back to the data stream (ie remove all the packet headers, IP addresses etc) and pass only the data stream onto the profiler. This could be done using transparent proxying but it would be better to use the advanced features available on most modern high end carrier grade routers used by the likes of BT and Virgin. Many high end routers can do this without any noticible hit on performance.

    The profiler would then work on data streams meaning it does not ever need to save copies of any traffic to disk. The profiler would start a new thread for each new stream from the router, which would first check for the opt out cookie and if not found it would massage the stream in memory, spit out the 10 keywords for matching channels with the users cookie and then terminate. In this way, the profiling is not done inline (ie not on the live connection - just on a real time mirror of the connection)

    Using this implementation I don't see any easy way to distinguish between connections coming from those who want to opt-in and those who want to opt-out. About the easiest would be to give all those opting out a static ip in a specific range and then filter the traffic based on that. But as many ISP's charge extra for a static IP, they probably don't want to do that.

    Using the cookie idea means you get to distinguish between different users on the same connection (at least where they use different computers or logins - shared logins or the same user using different browsers will look the same) meaning you can better target the ads. However it also means that you can only opt-out using a cookie too. And having it be opt-in using a cookie would not work as too many users would delete the cookie by mistake and end up opted out.

    Overall I'd say their claims of the privacy of the scheme are fairly accurate (thats not to say it can't be maliciously subverted - just that as they claim it "probably" doesn't record any personal information). The design is actually quite brilliant - apart from the fact that it is quite possibly illegal. Consider young children not related to the subscriber using the connection... no court would recognise implied consent in this situation.

    Of course if Phorm are shrewd (I see no reason to believe they're not), they will they will be providing the profiler and the channel information to the ISP and just buying cookie to channel mappings from the ISP. They won't be do any interceptions or processing of personal information, the ISP's will. The ISP's could claim they are not selling identifiable information, but it doesn't solve the problem of the interception. And it is the ISP's that are left with the problem of sorting out the legality.

  2. Zap
    Stop

    Phorm must be stopped - Where is the IC when you need him.

    Why does he keep referring to Google, when I go to Google I know that they are recording whatever I type into their site. However, Google can't see every site I visit and my browsing is confidential or at least I would like it to be. I may be accessing my bank, booking a flight, watching a you tube video or something stronger. What right do they have to profile me I never authorised it and I never agreed to it.

    So the opt out is not an opt out as it still processes your data, why does this matter well the answer is in the interview.

    He says his systems are located within the ISP, the systems use pagefiles ((Windows) or page partitions (Linux) these are not secure. So a tech within the ISP can copy those and write a simple program to contruct data from it, with enough analysis the tech can marry information to individuals. Also chances are that the tech has access to the ISP customer database servers and can identify personal information.

    If you think this is unlikely, think again.

    A tech at a major telecom company stole my the debit card details of my wife 3 times, each time we re-registered the card they took it again. The worse thing is that the company found out about it and sacked the guy but did not report it to the Police.

    This is typical because there is a lack of confidence that comes with such admissions.

    Phorm needs to be stopped now, it is a MAJOR abuse of privacy by both the ISP and Phorm.

  3. dijital
    Thumb Down

    Online Ads

    I cannot understand ad companies. At what point will they realise that people not only do not want advertising, but also that many simply ignore it irregardless of content. Phorm claims to be offering a service to people but as far as I can see it's simply another way for them to advertise (and an intrusive and potentially insecure way at that!).

    If companies want to attract more customers online they need to make it easier for people to find them. If I'm looking for a product, the last place I will look is in a site's advert boxes. I'll do use a search or ask a friend for a recommendation, companies should try and take advantage of these methods rather than spoiling people's browsing with and endless stream of adverts.

Page:

This topic is closed for new posts.

Other stories you might like