back to article BT's 'illegal' 2007 Phorm trial profiled tens of thousands

BT's covert trial of Phorm's ISP adware technology in summer 2007 involved tracking many thousands more customers without their knowledge than previously reported, it's emerged. Erroneous reports earlier this month suggested that a total of 36,000 broadband lines had been eavesdropped upon during the two trials. The Register …

COMMENTS

This topic is closed for new posts.
  1. dervheid
    Alert

    If they feel...

    they have to ask this time, what's changed?

    (Apart from the fact that the cat's out of the bag!)

    If they broke the law when they carried out these previous 'trials', then a judicial application of three nails with a hammer should be applied to BT at least.

    (Is there ANY investigation running/pending on this, or are the "authorities" turning a blind eye? Time to ACT, OFCOM!)

    Damn, I'm glad they're not my ISP.

  2. Anonymous Coward
    Thumb Down

    Ahhh the old "Opt-In"

    Which will go along the lines of.

    Send email to BT Email address 90% proberbly don't use.

    e-mail will say "We are trialing a great new...wonderful...benifit...exciting....blah blah blah....If you don't wish to take part, please reply to this email, otherwise we will presume you want to opt in"

    90% don't read email (or never reply to unknown senders) and therefore "Opt-in" by default.....

  3. John Edwards
    Paris Hilton

    BT and Phorm

    Either BT carried out a criminal act or they did not. If they did, I require the CPS whose wages I pay to prosecute them. If the issue is in doubt then let us have a court determine this. As Vince Cable famously remarked; "The Prime Minister has gone from Stalin to Mr Bean in a fortnight", but even Mr Bean must be able to see this is an important issue which would be relatively easy to clarify.

    Paris, of course, because this is perfectly clear to her.

  4. Anonymous Coward
    Coat

    A new definition of small!

    Well at least I know how to respond to BT next time they whine about my bandwidth use, I'll just say it is quite small really. They when they argue I'll point out I'm merely using their definition of small and surely they can't complain about such a small amount of traffic, it barely affects anyone......

    Mine's the one with broadband access...!

  5. Mark
    Flame

    Law on Opt-In/Opt-Out?

    Is there actually any law on what opt-in or opt-out actually mean and what is required/allowed as notification in either case? As far as I am concerned Opt-In should mean I am considered not to be in unless I specifically request to be, Opt-Out should mean in unless specifically requesting not to be in. No response should never be considered implicit approval for an opt-in, since if no response implies you are included I would think that makes the process by definition opt-out!

    Seems that Phorm and BT need to learn exactly what Opt-in and Opt-out actually mean in English as opposed to PRinglish!

  6. Trevor Watt
    Stop

    EXPLICIT opt-in

    BT and Phorm have been told that any op-in must be EXPLICIT, in other words they can not opt-you in without you confirming that you agree to be opted in.

    Not answering an email or BT putting it into revised T&Cs is not an explicit opt-in.

  7. Anonymous Coward
    Anonymous Coward

    Wholesale?

    So, were BT Wholesale customers affected?

    Most small ISP's just resell BT Broadband wholesale packages, which presumably go through mostly BT kit?

  8. Anonymous Coward
    Anonymous Coward

    disgraceful

    Potentially a minimum of 108,000 criminal violations of RIPA and what does our government do? Nothing. Labour ex-minister Patricia Hewitt sits on BTs board. Nothing will be done. Apparently BT and Phorm have a government license to ignore UK and European laws.

    Move along. Nothing to see here.

  9. Eponymous Cowherd
    Unhappy

    @ Stu Reeves

    Ofcom say Phorm should be an explicit opt-in. This means that BT *should* have phorm *off* unless they receive an explicit communication from a customer saying they want Phorm *on*.

    Sending an eMail saying we will switch it on unless we hear from you is still an opt-out.

    Of course, whether BT will abide by Ofcom's ruling and whether Ofcom has the balls to make Phorm / BT do a real opt-out is another matter.

    As to how BT describe Phorm to get customers to opt-in, well, that's another issue relating to Ofcoms testicular dimensions. IMHO they *should* be forced to describe exactly what Phorm will be doing, top of page. We all know, however, that it will be buried in the small print that nobody reads.

    What is needed is more publicity so that the general public hear about Phorm and reject it. Its all very well the knowledgeable few rejecting it and pissing off to other ISPs, but as the majority of BT and Virgin broadband users are clueless with regards to technical issues and will swallow BT's "Webwise will protect you" bullshit it is, unfortunately, likely that BT and Phorm will get away with it.

    Trouble is the mainstream media, and their readers, are more interested in which celebrity is getting into which other celebrity's knickers than with an issue that could result in all of their web activity being spied upon by a notorious spyware pusher.

  10. Anonymous Coward
    Alert

    RIPA

    It seems that RIPA can be used by just about anyone to spy on anyone - look at the example of local councils spying on families to make sure their children live in the correct school zone. Hell, if you look in your next box of honeypuffs you'll probably find a note giving you permission to spy under RIPA.

    BT are probably confident that they haven't infringed the law because as a major supplier to the UK government and defence agencies they have probably been given carte blanche to spy on anyone. It would explain why they are so smug.

    We need a new icon for Phorm

  11. Slaine
    Boffin

    Service with a "Crocodile" Smile

    As I now understand it, not only was an illegal data mining operation in place during the summer of 2007, conducted by BT on behalf of Phorm, who then went on to reward a certain individual from high up in BT with a position in Phorm; not onlydid the two companies then embark upon a liteny of misinformation to try and smoke-screen this illegal inteception on countless (and the correct word literally is *countless* now) consumers without their consent; not only is this scam reliant on using up a subscribers bandwidth (least we forget that there are still people out there who operate on a pay-as-you-go or a capped allowance) in order to broadcast profiled advertising; not only... BUT also there appears now to have been a deliberate attempt by the instigators and protagonists of this nasty little debarkle to deliberately decieve and otherwise bear a false witness when they were questioned by the regulating authority... they twist and turn like a twisty turny thing and in conclusion I find myself admitting that, given what has already come to light, 121media really wasn't THAT bad. What we see here is the ultimate and logical endpoint of the privatisation of what I used to refer to as the "telephone service"... Someone PLEASE put this abomination out of its misery, and use the prisons for what they were built for.

  12. NickR
    Pirate

    Customer care at its worst

    BT are doing a great job of gaining customer confidence - NOT !

    Skull and cross bones... because Pirates also dig holes :D

  13. Blasmeme
    Paris Hilton

    Permission

    Ok, if they have to ask permission next time for a trial run, presumably those who have been following this story will refuse to take part. The problem is how many actually know about all of this. My wife asked me what I was reading the other day and I told her about all the stuff that was going on with Phorm and their trial. That was the first she heard of it and she was rightly shocked. No one in her office even knew it existed.

    I have this horrible feeling that, as on-the-ball as all of the reg readers are, we make up a pretty small group compared to everyone who has a net connection to the big 3. If enough people opt-out, then their service to ISPs becomes worthless, but I don't anticipate enough people doing that without some kind of major headlines in all the national press. I just can't see this stuff on the front page of the Sun and the Daily Mail or any national newspaper really. Even on the big news websites, unless your looking for this story, it doesn't jump out at you. I used to do user support for BT and a few of the other main ones. I have a pretty good idea of what their main customer base is like and they are not a group that will change ISPs over this. Especially if their connection is 'free'. The only way to stop it is if it's deemed illegal. If the opt-out they have isn't cookie based they good for us as our web traffic will not be processed. But that also means it's totally legal and they will stick it in the T/C. If that happens Phorm will win by the force of customer indifference.

    Paris because I suspect she's quite an average sample.

  14. Anonymous Coward
    Anonymous Coward

    oh what a tangled web..

    "We asked a Phorm spokesman why it doesn't believe people have the right to know how likely it is they were part of a secret test. "We're just not going to disclose that," he said. "They were BT customers and you have to ask BT about that.""

    Er, hello, the correct answer to the question "was someone the trial?" is that phorm don't know. phorm don't know because they only have anonymized data from BT, no?

  15. Ian

    Exchange level?

    "Documents seen by The Register suggest that Phorm tests were performed at exchange level."

    Does that mean even if you don't subscribe to BT's ISP yet use their telephone exchange to access another ISP you could've been hit?

  16. Anonymous Coward
    Stop

    costs?

    What I'm wondering is whether OFCOM will take action against BT for this? If they do, then surely it will be a fine, which will then be passed onto customers (possibly even telephone users without a computer). This country is going backwards.

    Also, so many non IT people I have told about this seem not to care until I put the thought in their minds that if Phorm dont tell everyone the truth in every interview how do we know they dont collect credit card information?

  17. dervheid
    Joke

    The next move...

    will be to pre-empt any "Spying" headlines in the tabloids by attempting to promote the 'look, if you're not doing anything that you shouldn't be / are ashamed of / want your wife/husband/partner to find out about / illegal, then what's your problem? / what have YOU got to hide?' type line.

    Now THAT'S the kind of storyline that the rabid lunatics that run some of our tabloids LOVE!!

    (Hope I'm not tempting fate here!)

  18. tony
    Unhappy

    @ Blasmeme

    Absolutely right, reg readers etc are a very small minority, 95%+ of BT users will get the email, offering to opt in to 'Free Online Security' and will give the go-ahead, most people don't/won't understand the pandora's box they are opening by allowing the equipment into the exchange, and what it could be used for in a few years time as paranoia tightens its grip on the country.

  19. Anonymous Coward
    Anonymous Coward

    @John Edwards (et al)

    I agree there should be a court case to settle this, but I think it unlikely the CPS will take it on. Ideally on of the larger city civil law firms should take on representation of a single, or group of, identifiable BT customers who have had their traffic intercepted. That would provide standing for a civil action which I believe would ultimately have a greater effect on the companies. Assuming the customers won (which looks likely) and were awarded even a small package of compensation it would open the door to all other incepted customers to clamour for the same compensation.

  20. Peter Leech Silver badge

    @ Ian

    It could do, depending on how they did it. However, I would say its unlikely.

    Most people use BT copper for the last mile, if they were doing it this way I doubt that Phorm would have bothered with getting anybody other than BT.

  21. Paul

    @ tony& AC

    Wow... Slow down a second...

    I dont agree with Phorm, but taking credit card info and abuse for spying on us? Thats a bit far, and VERY tabloid. Calm down, and stop trying to frightne people. As I said I dont want phorm, and am not happy about it, but I dont think they are going to start stealing my bank infomation.

  22. The Other Steve
    Pirate

    It's worse than that, he's dead Jim

    @Stu Reeves

    "Which will go along the lines of.

    Send email to BT Email address 90% proberbly don't use.

    ...

    90% don't read email (or never reply to unknown senders) and therefore "Opt-in" by default....."

    Nope, this is not how they plan to do it. Not at all. From the BT 'Webwise' (Phorm) FAQ :

    "The trial invitation will be presented through a special web page that will appear the first time those customers start a web-browsing session after BT Webwise becomes available. At this point, those customers invited can choose to click YES, NO or Find More to get more information"

    http://webwise.bt.com/webwise/help.html

    So in fact they plan to offer the 'choice' (e.g of having your traffic illegally intercepted with or without paid ad support ) by hijacking your browser session (via a 307 Redirect, I would guess, given the technical detail we've seen so far), and presumably this is the only page you will see until you select one option or the other, a choice which will (still) be recorded and enforced by cookies, because poor widdle BT haven't been able to develop a non cookie opt out 'solution' yet.

    I wouldn't care to guess what's on the "Find More" page, but I'll bet there _isn't_ an option to search Google for Phorm.

    Informed consent, my hairy ass.

    And isn't hijacking my browser a prima facie violation of CMA S1(1) ? Or even S3(2) ? Even if you _are_ my ISP.

  23. Guy Herbert
    Flame

    Ipso facto

    "BT has claimed that it has no way of telling which of its customers it Phorm profiled" -

    Isn't that in itself potentially illegal, because it has no way of fulfilling a data-subject access request?

  24. Mike Brown

    does this mean.......

    that phorm actually know who the people were?

    "We asked a Phorm spokesman why it doesn't believe people have the right to know how likely it is they were part of a secret test. "We're just not going to disclose that," he said. "They were BT customers and you have to ask BT about that.""

    it souids to me that they "could" disclose the names, but there not going to. I thought this process was ment phorm didnt know who these people were? this sounds worse and worse.....

  25. Anonymous Coward
    Stop

    OPT IN / OPT OUT not the issue

    In previous reports it appeared that PHORM/BT would have access to all communications over the circuits in question, so the whole opt in/opt out question is really foolish.

    This is SO simple, it should be illegal. Those who have allowed this to take place, get as far as it has, should be jailed. SIMPLE

    Of course, money talks and power listen, then it seems takes some of the money.

  26. Anonymous Coward
    Happy

    Use your MP

    Write to your MP and ask a very simple question. Why has no criminal investigation started against BT?

    Lots of MPs asking that question of the government should get things moving.

  27. Dan
    Stop

    Forget opt-in, opt-out anyway..

    I don't trust BT enough (or any ISP for that matter) to make the opt-in option a legitimate one. Don't give them the chance and opt-out anyway just to be safe..

    http://www.dephormation.org.uk/

  28. h

    Who was in the trial ?

    So if Phorm and BT don't know who was in the trial. How do they know if the trial was a success.

    You only do a trial to get results !

  29. 3x2

    Whats that I hear?

    The silence from the DPP is deafening. Not even an investigation? Strong words? A frown? What exactly does it take to shock these clowns into action?

    I must try this defence if I'm caught robbing a bank....

    "Well the money my client took was only a tiny proportion of the banks total assets"

    Burglary?...

    "Well as your Honour will concede, the number of houses my client burgled is statistically insignificant when compared to the total number of homes in the UK"

    It can't wait for Tax season.- I'm pulling "an Emma" too.

  30. Dimitris Andrakakis
    Unhappy

    @Paul

    I'm not flame-baiting here, but how do you know that they won't ?

    Ok, so it may not be their official policy, but they cannot assure me that one of their employees will not "backup" some data --and sell them to the credit card black market ?

    Even perfectly legitimate businesses have similar problems. I would assume the worst for Phorm and the like.

  31. Matthew Hepburn

    Interceptions

    @ Paul

    Surely however, if the following conditions are true:

    1) Phorm deep packet inspects EVERY packet you send/receive.

    2) Phorm lie through front/back teeth / arse / every other orifice.

    3) Some ppl, myself included use internet banking.

    4) Every packet during my internet banking session will be intercepted by Phorm

    Do points 2 + 4 scare you at all? Cos they certainly do me!! Glad BT isnt my ISP, or id be offski already.

    How can you have even a facade of trust in a company that can and does only lie??

  32. Alan Parsons
    Linux

    Firefox plugin for 307 redirects

    I know people keep asking about ff plugins to generate random traffic etc, but can we have one to warn on 307 redirects? Just a pop up box along the lines of "The request you made is being redirected. If you see an unusual volume of these messages your ISP may have signed up to a data pimping solution like phorm.", with an OK/Cancel Request button?

    I don't use BT for anything other than the last mile, but I really want to know (and so would my very anti-phorm ISP) automagically if they put one of these boxes in the exchange!

    I guess I could just browse using wget :)

  33. dervheid
    Pirate

    @ You only do a trial to get results !

    No.

    You CAN do a trial to SEE IF ANYONE NOTICES!

  34. Anonymous Coward
    Flame

    BTwholesale - *probably* safe, for now

    There are technical reasons why it's unlikely that any ISP outside BT Retail was affected by the Phorm trials to date. In brief, Phorm's "service" works best (is simplest to implement) when it has access to customer's traffic in "pure IP" format. Currently if your ISP is a customer of BTwholesale (which is most of them), your traffic is in PPPoA format once it leaves your router, and doesn't get back into "pure IP" format till it reaches your ISP's datacentre. So for now it's not easy for Phorm to get their dirty mitts on your data even if your ISP is a BTwholesale customer (it's not impossible either, but...).

    This may change once BT's much overhyped 21CN comes into place - your traffic will go into "pure IP" pretty much once it hits the exchange, but the 21CN implementation details are as yet unclear, and the details are important at times like this.

    One exception to this "you're probably safe" is the subset of Plusnet customers who chose to use BT Retail's connectivity after Plusnet became part of BT Retail; afaik they have also been offered an informed choice to move back to Plusnet's Phorm-free "classic" (BTwholesale) network.

    All that being said, the same DSL->BTwholesale->ISP architecture means that the tale that the earlier trial was "exchange based" is either a gross oversimplification (possible) or a downright mis-statement (probable?).

  35. Peter White
    Pirate

    @who was in the trail

    BT and Phorm will not care about who was in the trial, the trials purpose was to prove the technology works, I.E. can they build a profile, does the profiler work, was there any complains of speed issues and could they inject the adverts

    as to who the guinea pigs were, they don't care, all that mattered was proving the technology worked

  36. Steve Renouf
    Thumb Down

    ISPs front webpage

    Who ever goes to their ISPs front page?

    I can't remember the last time I had occasion to do that.. So how would I even see the opt-in/opt-out info? They would have to enclose it with the monthly bill in the post, requesting that I go to page........ if if I want to opt-in - otherwise it should be NOT opted-in by default.

  37. Peter White
    Pirate

    help wanted for webmasters

    can we also have some code we can put in web pages that checks for a phorm opt-in cookie, that those none programmers can use to serve up a page that says "we do not supply pages to users who have opted into phorm" in big red letters

    that should be interesting

  38. Jonathan

    BT obviously have something to hide.

    Why else would they lie and not offer detail on Phorm? If they were proud of their association with Phorm, they would be upfront and honest.

    I also think they do know exactly how many people were affected in the test, but dont want to disclose the information because they can see a lawsuit from a mile away. I mean, being a trial, they need to collect data on how Phorm works.

    Can someone make a Freedom of Information Request for this?

  39. Darren Winter
    Stop

    Someone who'll reply at BT

    I fired off an email to BT about what they'd been doing, planned to do etc and was gratified to receive a reply from a young lady detailed to respond to such requests. I'm posting the email address here so those of us that are worried about Phorm can ask questions and get replies from BT. Maybe they'll take notice of the volume of mail, assuming enough of us get in touch (hin, hint). Send your emailed questions to Emma Sanderson at:

    emma.sanderson@bt.com

  40. Blasmeme
    Coat

    Sorry, we lost the disks.....

    Today the national advertising company Phorm has reported the loss of 2 disk containing the non-anonymised details of over 250,000 internet users.

    'Two disks containing the internet browsing habits information of some of our client ISPs were lost in the post. Due to a server malfunction, the details had not yet been anonymised and were being sent to a third party facility to be prcocessed. The disks apparently never arrived. While we don't normally store any of the data, in order to maintain the service level agreements with our clients, it was necessary to store and send the data to a third party. Phorm takes this loss of data very seriously and we are putting processes in place to make sure that this cannot happen again. We would like to assure our clients that it is unlikely that the information will be used by criminals for any unlawful purpose.'

    You know it will happen.

  41. Spleen

    Opt-in/opt-out

    It will probably come in a letter in the post. Which no-one will read. In the six months I've been with BT I have thrown away at least two thick letters with BT's logo on the front because it was too soon for it to be a bill so I knew it would be a glossy leaflet trying to sell me some more crap. Honestly, that sort of behaviour wouldn't be acceptable in a sane society. Imagine if you went into the corner shop, bought a sandwich and a packet of crisps, and ten seconds later one of the staff chased you down the street trying to get you to buy a chocolate bar.

    But I digress, however they do it they'll find some way of getting us to opt-in that will be anything but "Do you want us to inspect all your data and give you targeted advertising, y/n?" Phorm's attitude to opt-in resembles a date rapist mentality. "They all want it really - look at how they go around wearing unsecured connections - and everyone knows when they say 'opt-in' they mean 'opt-out'."

  42. Barbara Moore
    Stop

    @ Ian Re: Exchange level?

    >>

    "Documents seen by The Register suggest that Phorm tests were performed at exchange level."

    Does that mean even if you don't subscribe to BT's ISP yet use their telephone exchange to access another ISP you could've been hit?

    >>

    Everything not cable is at the BT exchange, even those who now have their line rental direct from TalkTalk or any of the many other line resellers.

    The way it works is that the connection between your 'last mile' wire cable and the rest of the telecoms system is that it either goes through BT or through a reseller.

    For these purposes, even BT Retail is a reseller (of BT Wholesale).

    I think, based on the fact that the equipment does a physical connect to various reseller systems, anyone not with BT Retail can be confident that they were not part of the trials.

    If anyone can find different, that will be a VERY BIG can of worms.

  43. Hans

    Yes - USE YOUR MP

    Forget Ofcom on this, they are a toothless tiger and have long, long, long been known to be in the pockets of BT. How the hell do you think BT have been able to get away with all their past misdemeanours time after time?

    What we need is a straight prosecution of BT on 108,000 charges of illegal interception of communications contrary to the The Regulation of Investigatory Powers Act 2000

    Section 1(1) of RIPA, makes it an offence to intercept, without lawful authority, a communication transmitted by means of a public postal or telecommunication system. (In other words, you need to get a warrant to intercept.)

    Proceedings for the offence of unlawful interception, which is punishable by up to two years imprisonment, require the consent of the DPP.

    Section 5 (2) of RIPA, provides that the Secretary of State shall not issue an intercept warrant unless he believes that the warrant is necessary on one of the grounds set out in section 5 (3) - these include the prevention and detection of serious crime - and that the conduct authorised must be proportionate to what is sought to be achieved by it.

    So Yes, (as what he wrote above) <quote> "Write to your MP and ask a very simple question. Why has no criminal investigation started against BT?"

    Write to your MP, your MEP and why not the KGB, CIA, NSA, FBI, or even HRH if you think it will help.

    look here:

    http://www.theyworkforyou.com/mp/

  44. Anonymous Coward
    Stop

    BT/PHORM 2007 Trial

    In your article you state "The Register suggest that Phorm tests were performed at exchange level" and you mention the Weston-super-Mare, but I have proof (ie the cookie) that I was in the 2007 illegal trials and I am across the other side of the county in Kent, so it cannot have been limited to one exchange.

  45. Anonymous Coward
    Flame

    Who searches for Phorm when offered Webwise?

    I did some searches for Webwise - there are lots of results. Mainly courses that help people learn how to use the web wisely. The message is failing and Phorm must be laughing all the way to the bank.

    It is time to start using "Webwise" in blogs and postings so that when someone is presented with the Webwise option and decides to do some searching to see what is actually being offered, they find more than just the webwise.bt.com site.

    Google loves new news: so get posting this week and when the trail does start there will be loads of information on Webwise available. People need to know that IF they are presented with the Webwise info page when they first log in that their computer has already been hijacked.

    The only solution to stopping this thing is if everyone presented with the webwise page starts contacting BT support about why their data stream is being intercepted by a site they did not request popping up into their browser.

  46. HeavyLight
    Thumb Up

    @ Peter White

    Pete, the wonderful guy who wrote the Dephormation FF extension, has put up a demonstration Phorm Speed Trap that you might find interesting.

    It's only a work-in-progress until he gets some live data to work on...

    http://www.dephormation.org.uk/server/speed_trap/normal/index.html

  47. Anonymous Coward
    Happy

    @ Blasmeme

    I agree. Someone should inform as many people as possible, One good way is via email. You know the type.

    Have you been wired tapped by BT. read below and pass it on to your friends.

    That should do it.

  48. Anonymous Coward
    Anonymous Coward

    I emailed my MP about the lack of a criminal investigation...

    ...Got a rather boilerplate reply :-

    [QUOTE]

    Thank you for your email, Mr Denham has forwarded your concerns to the

    minister for response and will contact you as soon as he receives the reply.

    Yours sincerely

    Mrs C Storrar

    Caseworker

    JOHN DENHAM MP

    SOUTHAMPTON ITCHEN

    [/QUOTE]

    I'll let you know if anything happens...

  49. The Other Steve

    @Steve Renouf

    "Who ever goes to their ISPs front page?"

    Well, lot's of people, as it happens, but that's not the point.

    It won't be on BT's 'web portal', it will simply be the first page that an 'invited user' sees even if they have google or some other search engine set as your bookmark.

    Huge difference. This is much nastier.

  50. Anonymous Coward
    Flame

    Liars

    'BT has claimed that it has no way of telling which of its customers it Phorm profiled and served targeted advertising to.'

    Clearly bollocks.

    BT must have had some way of identifying users who were unwitting subjects of these trials. Suppose BT customers started complaining about the service, (okay, started complaining the service was worse than usual), BT would have needed to know if these problems were down to Phorm technology or to some unrelated issue, otherwise their engineers couldn't have solved the problem and they'd have no way of making comparison with un-Phormed users.

    My DP request is with BT right now asking if I was part of their trial. I look forward to their response; especially if they say they've no idea whether I was press-gang-banged into their trials.

  51. Omer Ozen
    Go

    Re:Interceptions

    @Matthew Hepburn

    Matthew,

    If your session with the online bank is unencrypted, you have bigger worries than Phorm capturing your data.

  52. Anonymous Coward
    Anonymous Coward

    @ Matthew Hepburn

    Unless you're using a very naive bank (in which case I have some friends in Nigeria who would love to meet you), all your bank transactions will be encrypted with https. Phorm can look at the packets all it likes, but it will only see garbage.

  53. Dangermouse

    @BT/PHORM 2007 Trial - AC

    If you can prove that you were in the 2007 trial, then why for goodnesses sake have you not gone to the Police and complained that you were unlawfully intercepted by BT under RIPA? I know I would if I could.

    If we cannot get at Webwise/Phorm through Ofcom, the ICO or our MP's, then the Police should be the next step.

  54. Dave Ashton
    Happy

    I love

    that 'they're going to ask'.

    Dear Valued, and dare I say it, attractive customer.

    We at BT care about you, hell we like you. We're going to make life easier and do something about those pesky advertisments you keep getting on web pages, dont you just hate them? We do. We have a shiny brand new system to try and make it better - its very complicated and sophisticated, dont worry yourselves over this, that's what we'll do for you! We would like you to choose from the following options.

    1. Do nothing to your endless parade of inane adverts, you will possibly see more of them and they simply will not stop.

    2. Enhance, simplify, beautify and focus your internet experience, making it more pleasurable, more sexy, and dare we say it, attractive.

    Ignore this bit office use only. Very technical. Dont bother reading this, ofcom say we have to include this, meanies!!

    fdah768r73hjkfda00dffdafdaf8da757fd8a6fd8afhhk68btusesasystemcalledphormandwill readeverypageyoueverbrowsefromnowonandpotentiallyrevealdamaginginformationtootherusersonyourcomputer ortheinternetandultimatelybenefitnooneexceptadvertisers79799333

    (oh and nice hair by the way)

  55. Anonymous Coward
    Black Helicopters

    @nickj

    Nail, head.

    Phorm should have said "we have no idea who was on the trial, we have no way of possibly knowing that, and never will"

  56. The Other Steve

    @Exchange speculation

    It seems that BT are using the word "exchange" here to mean "internet exchange", e.g. a RAS. (Remote Access Server). This is the place where PPPoA connections get together, party, and get turned back into the IP form that we all know and love.

    Each RAS potentially serves millions of BT customers, as an indicator of just how many, there are only 11 RASs in the entire UK.

    See here for more : http://www.kitz.co.uk/adsl/equip2.htm

    The RAS involved in the 2007 trial seems likely to have been Kingston RAS given the geographic locations of the various people who know they were part of it. Here's a list of the actual exchanges that feed their PPPoA into Kingston RAS :

    http://bbs.adslguide.org.uk/showflat.php?Cat=&Board=announcements&Number=708635&page=1&view=collapsed&sb=5&o=0&fpart=

    Leastaways, that's what I've heard. A quick google will turn up all the various threads across the intartubes that have discussed this in some depth.

  57. John

    Crafty Phorm!

    Wow, haven't Phorm played their cards well.

    The entire discussion is now centred around whether "it" should be Opt-in or Opt-out.

    Whatever happened to the discussion about whether "it" should be allowed at all.

  58. Anonymous Coward
    Anonymous Coward

    Stop Paying

    Hit them where it hurts.... in the pocket...

    Refuse to pay any more subscriptions until BT (and the others) remove Phorm from their networks.

  59. The Other Steve
    Flame

    @The Other Steve

    "lot's of people,"

    Apols, seem to have broken out into a bad case of greengrocer's apostrophe there, yuck!

  60. James Pickett
    Stop

    Spin

    "BT says it's going to ask this time"

    Why's that then? After all, it was perfectly legal before - apparently...

  61. Absolute Cynic
    Thumb Down

    How do they know?

    "The trial invitation will be presented through a special web page that will appear the first time those customers start a web-browsing session after BT Webwise becomes available. At this point, those customers invited can choose to click YES, NO or Find More to get more information"

    http://webwise.bt.com/webwise/help.html

    - how do they know it's the first time the customer starts a session? From a cookie? But I have disabled cookies. Does this mean I will be hassled every time I go online?

  62. Anonymous Coward
    Black Helicopters

    Webwise - BT, VM, BBC

    The BBC have been using the term Webwise for several years now. There is obviously much scope for confusion, deliberate do we think?

  63. James Pickett
    Stop

    Spin (2)

    "lawyers told them the trials were legal, but won't say why"

    Just like the Attorney General and the Iraq War, then. Not a very encouraging precedent!

  64. David
    Black Helicopters

    @ I emailed my MP about the lack of a criminal investigation...

    I wouldn't hold your breath, the government isn't going to do anything, they WANT phorm like access so they can track down child molesters/terrorists/people who aren't going to vote labour, and if a private company brings it in then Herr Brown can say "look, it wasn't me being a Stalinist control phreak, it was these naughty people, we just used the information they'd already collected". The ONLY way to stop this dead is a mass exodus from BT/Virgin, don't threaten to do it IF they bring in phorm, actually do it now, just for even contemplating to treat you like an exploitable resource to earn them more £££'s. hat's the only message these pimp's 'n' whores understand.

    Helicopter, coz not even Orwell could see this shit coming

  65. Dave Bell
    Paris Hilton

    What should a website tell users?

    _If_ a Phorm-scan can be reliably detected, as against the possibility of a legal intercept, what should a web-page tell users?

    There's plenty of email with lengthy "you're not allowed to read this" warnings that comes out of businesses, but does that mean anything.

    If somebody puts up an explicit denial of permission to intercept a communication, can it be enforced?

    Ofcom has already shown itself to be so toothless--it is clearly an unlimited toothlessness--that it sucks bigger time than Paris Hilton.

    My website, from my ISP, is little more than a convenient place to make odd files available. I don't think going to https is an option, and you can bet that BT doesn't make it available on their freebie webpages.

    And the sort of misleading text which might wreck Phorm's schemes is the same sort of drivel that used to be used to lure Google searches. Are we going to be dragged down to that level?

  66. Anonymous Coward
    Anonymous Coward

    @By Peter White

    I have been thinking something similar, although as a contractor i cannot see many clients liking that on their site.

    However, as soon as this all goes a little further and the rest of us can see what phorm / BT are doing, then i certainly plan to write code to attempt to access the BT / Phorm data. This will contravene any contract with an advertiser as they often just give you JS code to put in your page to call their code which then allows them to control which ads are displayed and tracked etc. Detecting phorm type data or phorm related ads may be easy enough, but you wont be able to not serve them without breaking your contract to serve any ads.

  67. James Pickett
    Stop

    Opting out

    BT seems to think that opting-in is the same as not opting out!

    From the webwise site:

    "This standard opt-out method does depend on a cookie remaining on your machine indicating that you have opted out. If you delete your cookies regularly, you will have to opt-out again each time you start a browsing session."

  68. Colin Weldon
    Stop

    re @Exchange speculation

    I have just checked and my exchange (Leysdown) is not on the Kingston RAS, but strangely I moved just over 2 years ago from Ashford in Kent, which is. So it cannot have been limited to one RAS.

    Colin

  69. Eponymous Cowherd
    Thumb Up

    I see Phorm's share price......

    Is continuing to dive. Hit a low of 1450p today from a high of 3505p on Feb 25.

    I make it that Phorm has lost £284M in value since Feb 25th.

  70. Anonymous Coward
    Anonymous Coward

    Legal twist question

    Can we tap BT now on suspicion of breaking the law? AFAIK we're one up on Poole council because there is at least actual evidence instead of just a suspicion.

    I just don't know who to hand the job to. C&W? Urgh..

  71. dervheid
    Pirate

    Surely it's simple?

    Did BT obtain a warrant permitting them to intercept the telecommunications of the 'subjects'?

    Answer is yes; then it was legal.

    Answer is no; then it was ILLEGAL.

    The opt in/out issue needs to be put aside for now. The main issue is, that if BT behaved as per "Answer is no" above, they broke the law.

    BT have admitted conducting these 'tests' so that REALLY is the only question.

  72. Peter White

    @jeremy

    i want the code for my own website, i am a contractor like yourself, i have no advertising on my site and would like it as a quick check for phorm as i am currently a bt customer (though not for long when the t's and c's change)

    i would then view the webstats for my site to see how many hits i get on the phorm page and the ip's that hit it to see how far this sh!t is spreading

  73. The Other Steve

    @Colin Weldon

    Bear in mind I have no idea how current that list is, or if it's changed since 2007, and I suspect (anyone confirm ?) that the RAS you are connected to possibly changes from time to time. I used to get my connection through the Bletchley RAS, but now it's via Edinburgh, and yet I'm still on the same exchange.

    I don't know at what point the change took place, because I only noticed when doing a traceroute a while back.

    The only thing that I can think of that has actually changed is that I upgraded from 2MB to "up to" 10MB, I have no idea if this would have made a difference. If you were affected it's definitely worth a google of the various threads (" BT Phorm Kingston RAS" should do the trick) that cover this speculation in depth (well, at length, anyway) if you haven't already, obviously.

    All that said, I wouldn't be in the least surprised if BT were simply lying. I mean hell, why start telling the truth at this late juncture ?

  74. Anonymous Coward
    Anonymous Coward

    Phorm Tomorrow

    Phorm are holding a public consultation tommorrw see 80/20 think website

    all are welcome... K*nt will be there...

  75. Wayland Sothcott
    Black Helicopters

    @Blasmeme

    Ditto what David said. The Government WANT PHORM to succeed. It will make their silly paedophile registering email addresses thing work. It will be that the police know the paedos ISP and login and so have a feed from Phorm.

    We know about this but the vast majority won't know for 5 or 10 years. Mass action will be very difficult. Frankly you could blow down three world trade centre towers with C4 and blame it on a two of hi-jacked planes.

    For pretty much all of this sort of thing we rely on smart people in authority to act on information from other smart people. We don't expect the general public to have a clue. If the people with the authority to do something about this, Ofcom or the Police decide to let it go then I can't see what we can do.

    I did the Girl Friend test on this. I said that BT and Phorm had this thing called WebWise that spies on all your Internet Traffic and injects targeted adverts into the webpages. She said Oh that's a good idea, I would like that.

    I also said that Chinese secret police in blue tracksuits had snatched the torch from one of the official torch bearers and ordered the San Francisco police to arrest her. She says, oh wow that's bad!

    You see, targeted advertising simply does not make much of a blip on the radar compared to other black 'copter stuff that's happening.

  76. James Pickett
    Happy

    Phorm's share price

    Delicious-looking graph here:

    http://www.iii.co.uk/investment/detail?code=cotn:PHRM.L&display=summary&it=le

    El Reg gets a mention in the comments, too...

  77. Eponymous Cowherd
    Alert

    Re: help wanted for webmasters.

    The problem is that you won't be aware of Phorm at a website, all Phorm cookies are stripped by the Phorm cuckoo server before you see them.

    (I think cuckoo server is a good name as it describes the way it pretends to be your site by way of setting cookies that look like they come from you)

    The only method I have seen of detecting Phorm is for *your* site to take a leaf out of Phorm's book and set a fake cookie that looks like the one Phorm sets for your site. If you cannot retrieve that cookie then either that visitor has all cookies disabled or they are Phormed. You can easily check to see if they have all cookies disabled by trying to set a cookie that Phorm won't try to delete.

    If you can't set a Phorm-alike cookie but can set another then, in all likelyhood, that visitor (and your website) is being spied upon by Phorm and can (should, IMHO) be blocked.

  78. Anonymous Coward
    Thumb Down

    They don't care!

    Opt in, opt out, they'll roll it out anyway because it will make them money when people don't realise it's happening, or they're offered some sugar-coated version of the truth.

    What makes you think the MP cares? Theym don't work for you, they work for the Government. Elected by the public or not, as soon as they're in office they're under the thumb.

    It's all bullshit.

  79. Alex
    Black Helicopters

    The Blast Radius

    the Swindon 01793 exchange was Phormed last summer, at the same time as WSM and Hull, given the "blast radius" I'd say that the Phorm Phowered Sphy-a-thon was injected in to the Kingston RAS.

    Now I wonder how many subscribers were intercepted?

    But given that BT are pleading ignorance to the actual number of illegal interceptions I think you'll find the only option is to accept the WORST CASE SCENARIO and that ALL KINGSTON RAS subscribers were at best prone to the attempted illegal interception.

    Anyone know how many people Kingston RAS serves?

    ...well there's your number of effected users!

    I guess you should ask how many ISP's share the Kingston RAS or if "the way traffic is managed by BT" could have led to non BT subscribers falling foul of this parasitic interception?

    BT Retail are indeed served as clients of BT wholesale, some clients are a little more equal than others, some clients have their fingers a little deeper in the exchanges than your average LLU Clients.

    Perhaps this is could be a lever for the government to get back some ownership of BT, by decapitating BT Retail from its BT Wholesale/Openreach organs and transplanting the Data Interception Officer's department in to deal with what goes in and out of the network.

    It could even be called "The Ministry of Truth", after all there is going to be a CTO looking for a new role soon, I hear he's had experience within this kind of role before!

  80. This post has been deleted by its author

  81. Eponymous Cowherd
    Thumb Up

    Re: Phorm's share price.

    Did you spot the obvious Phorm plant on their forum. He describes himself as an 'investor' but then gives himself away by talking about Phorm in the first person.

  82. dervheid
    Happy

    Funnily enough...

    BT shares seem to 'dip' at around the same point as phorm shares nosedived!

    Wonder why?

  83. Mr Jolly
    Thumb Up

    A really simple way of detecting Phorm infected clients from the server?

    According to Richard Clayton's analysis of the Phorm kit, when Phorm intercepts the cookie coming from the server it'll tamper with it and insert it's own webwise string containing your webwise UID. (Points 20 - 22)

    All you should have to do, is set your own webwise value within your cookie - if phorm have replaced it with their own & then stripped it out, your webwise value won't be there and you can be pretty sure you've got a phorm infected client browsing your site. (Point 25)

  84. James Batch

    DPA Query

    I have just read this document here http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/subject_access_-_guide_for_data_subjects.pdf

    Here is my question, if Phorm are holding data relating to myself, I should under the DPA, be able to request access to this data? However if the system is fully anonymous Phorm cannot produce the data.

    Would this not breach the DPA?

  85. dervheid
    Happy

    @ Phorm 'plant' on forum

    Or they could just be a genuine investor shit scared about the amount he/she are loosing/about to loose when phorm (hopefully) go tits up!

    Serves the phucker right though. Either they knew what phorm were up to (deserve to loose their shirt) or they invested without finding out/caring what they did (speculators, even worse scum/parasites).

    SELL. SELL. SELL.

  86. Neil Charles

    Has anybody thought...?

    As a group of customers, BT probably wouldn't mind losing Reg readers. It would be a much more profitable business model if their customer base didn't know what Bittorrent was and only used the web to send an email or two...

    Threatening to leave isn't going to help unless you find a way to take the masses with you.

  87. dervheid

    Try the CPS.

    After all, it's their job!

    enquiries@cps.gsi.gov.uk

  88. dervheid
    Thumb Down

    Not their job

    after all, it would seem!

    "Thank you for your email. I note your concerns that a criminal offence may have been committed.

    The Crown Prosecution Service (CPS) and the police are separate authorities. The CPS is responsible for reviewing and, where appropriate, prosecuting most criminal cases in England and Wales following an investigation by the police. The CPS is also responsible for providing legal advice to the police about cases, although we cannot provide legal advice to members of the public.

    The CPS is not an investigative body and has no power to investigate allegations of crime. Therefore, when a criminal offence has been committed, it should be reported to the police so that an appropriate course of action can be taken.

    I hope that this information assists.

    Correspondence Unit

    Crown Prosecution Service

    14 April 2008 "

    So who's is it. (If the Met. can't, or won't touch it!)?

    Looks like no-one wants to pick up the ball on this!

  89. Christophano

    re: Try the CPS.

    The CPS don't investigate, that's down to the Police.

    At least that's what the reply I got said.

  90. Werner McGoole
    Unhappy

    Could be good old incompetence

    OK, so most of us are agreed that a crime appears to have been committed by BT and that nothing seems to be happening about it. So far what I've heard on various forums is:

    1) The Police (New Scotland Yard) think this is a job for "someone higher up".

    2) The Information Commissioner's Office think this is a job for the Home Office.

    3) The Home Office think this is a Job for the Information Commissioner's Office.

    4) The Crown Prosecution Service think this is a job for the Police.

    5) The Interception Commissioner can only investigate if a public body committed the crime.

    6) Downing Street (via the petitions website) think they don't have any power to tell anyone to do anything about it.

    So I guess we shouldn't necessarily invoke a conspiracy given that all the evidence above points to incompetence (hardly unknown in government after all).

    So who's job is it to sort out government incompetence? Is there an ombudsman or someone who decides who's orifice to stick it up?

    Anyone know?

  91. Anonymous Coward
    Anonymous Coward

    I'm not sure if it is an urban myth but.....

    Lord Weinstock of GEC fame never had much trouble with the banks when he ran GEC (unlike his successors at Macaroni! ) because they never had power over him with respect to the exclusivity of service supply. They all wanted to be sole supplier so they could screw GEC just as they have done to other companies in various ways.

    However, my point is that, unless the government and CPS are prepared to act, and then do act decisively, BT et al will have no interest in complying with consumer whining about Phorm and other, - yet to be developed- invaders. The intertia of people means they won't move - even if they see the reality of the issue.

    All those BT/other users should be up in arms and banging on the door of their nearest Constabulary office to press for the blighters heads. If you don't do that you have two more main choices - get a new ISP or get used to it. Vote with your/feet or wallet because they're not listening to you.

  92. Anonymous Coward
    Pirate

    Re: Could be good old incompetence

    Which is why I suggested going all French and start setting fire to exchanges until they start listening! :D

    Note: Responsibility for actions held exclusively by those acting, not myself, expression of personal opinion, not intended as advice or instruction etc etc.

  93. Anonymous Coward
    Pirate

    Whose baby?

    How about SOCA?

    Aren't any fees or other money's worth passing between Phorm and BT "proceeds of crime".

    NCIS defined organised crime as: "any enterprise, or group of persons, engaged in continuing illegal activities which has as its primary purpose the generation of profits, irrespective of national boundaries."

    And it looks to me that one might be able to make out offences defined in the Serious Crime Act as serious crime against one or other of BT and Phorm (to whit, contarary to the Fraud Act 2006, s1 (fraud by false representation, failing to disclose information or abuse of position), or contrary to Proceeds of Crime Act 2002, s328 facilitating the acquisition etc. of criminal property by or on behalf of another).

    Even if you couldn't they certainly have by their actions facilitated the commission of such offences and others, which would make them potential subjects of a Serious Crime Prevention Order.

    Way to go, overbroad and oppressive legislation!

  94. RW
    Go

    DHCP: Bang! You're dead!

    Seems to me that it's a Good Idea to relinquish one's DHCP reservation before going to bed. Leave the IP address unused overnight and you have a better chance of getting a different one in the morning, no?

    That should frustrate the snoops who depend on IP address to tie your browsing habits together.

  95. Anonymous Coward
    Flame

    Onions anyone?

    As far as I recall the Communication Workers Union, or other Management Unions that are involved with BT could be approached to investigate whether any of their employees had been encouraged to commit a crime at the behest of BT Senior Management.

    Surely it is in the interests of Unions to protect their Members. Strike Action at BT anyone?

  96. James Pickett
    Pirate

    WTC7

    "Frankly you could blow down three world trade centre towers with C4 and blame it on two hi-jacked planes"

    There were meant to be three planes, of course. Funny how few people have queried the discrepancy.

    OT, I know, but it illustrates what you can get away with if you think big enough...

  97. Alex
    Stop

    Its all about who you know

    well then, what were these "trials" all in aid of then, was it just a 'dry run' could it have just been a harmless 'proof of concept'??

    You would say that the stakes would have to be pretty high for a CIO to be prepared to run a set of illegal live tests, especially when the only ones telling you that it would be ok were ether on your payroll, offering you a slice of the pie or baking the thing, so these stakes... ...what were they then?

    *cough*

    "Phorm has initially populated the OIX with data gathered from BT, Virgin and Carphone Warehouse on users’ internet browsing habits"

    Hugo Drayton, CEO Phorm

    careless talk and all that eh?

    link: http://www.how-do.co.uk/north-west-media-news/north-west-digital-media/phorm-ceo-to-defend-%E2%80%98user-centred-advertising%92-on-tuesday-night-200804142351/

  98. Anonymous Coward
    Anonymous Coward

    1 Month Virgin Media - Thats all you have got!

    As a VM Customer, I have been patiently waiting to see what happens regarding Phorm. Well I have decided I will wait no longer than 30 days. If VM doesn't come out with a positive statement along the lines of "We are not going to allow spyware on our customers data" . I will be off regardless of their future stance. The fact they are dithering loses my confidence.

    I didn't believe that Virgin would be so stupid to risk losing so many customers because of this bunch of wide boys known to myself now as as Kent and the trojan gang.

    I am still not sure they get it! Intercepting data NO! (Not legal). Intercepting customer data in cahoots with spyware writers who I wouldn't trust - DEFINITELY NO!

    I could never give my card details online again.

    I am told Zen are a good company for broadband who I would trust having used them for hosting, and Sky - they can can get my TV connectivity. (Not too sure about their broadband deal.

  99. Anonymous Coward
    Anonymous Coward

    Just ask Ben Verwaayen BT CEO

    If concerned, simply ask Ben Verwaayen for a Yes/No as to whether your traffic has been intercepted via Phorm

    http://www.btplc.com/Thegroup/Theboard/BenVerwaayen/BenVerwaayen.htm

  100. Anonymous Coward
    Anonymous Coward

    omfg

    Re: hugo drayton comment to the press

    So either phorm are lying or all the isps are lying , this really is getting nasty now if VM BT carphone did gather data for form then that's bad, if they didn't and phorm are luying then isn't this stockmarket manipulation

  101. Alex

    Kill the head and the body will die

    OIX, Phorm's data cash cow is full of...

    "Current partners include BT, TalkTalk, and Virgin Media - companies representing approximately 70% of the UK broadband ISP market."

    please note the term "CURRENT PARTNERS"

    if you dig a little deeper you get to see the foundations of which these cozy little arrangements have been built:

    About 121Media

    121Media (AIM: OTO) is a technology-driven online marketing services company establishing a new cornerstone for future revenue models and communication strategies. Providing ISPs with precise awareness of all traffic in their pipes, 121Media offers the first turnkey solution for increasing subscriber revenue and lowering marketing and support costs.

    121Media’s PageSense technology enables ISPs to increase per-customer income through new dynamic advertising revenue channels; reduce customer churn and expand customer margins from product cross-sell; provide more effective online customer support in real-time and reduce costs of call center and email channels.

    Source: 121Media (Posted on 2006/6/2 8:15:29)

    http://www.internetadsales.com/modules/news/article.php?storyid=7583

    ...so privacy has always been a key driver here? oh money you say? sorry what was the first bit, never mind, oh a Job, a really big bit of the pie? oh CIO? now your talkin big fella.

    this has got to be the best link of the evening though: http://www.oix.com/util/user_privacy/

    Not Found

    The requested URL /util/user_privacy/ was not found on this server.

    Apache/2.2.3 (FH) Server at www.oix.com Port 80

    ...that just about says it all, oh except for the "web beacons" bit hey K*nt ;)

  102. Anonymous Coward
    Anonymous Coward

    Can I just block OIX at mi firewall and be done with it?

    I am a talktalk customer having migrated from bt 4 months ago. Since talktalk have now promised that without a specific opt-in from customers there data will never pass any phorm hardware I wonder can I just block OIX at my firewall and never have to worry about it again, even if I miss the informative re-direct that is undoubtedly coming my way asking if I would like to participate in this mess? A quick "host oix.com" came up with 3 ip addresses that have been added to my iptables script to block, but somehow I doubt thats going to be sufficient. I have got to the point where, targeted or not, I don't want any phorm advertising to get even close to my machine, even if adblock+ stops it before its displayed.

  103. William Morton
    Thumb Down

    The data help by PHORM was obtained without the owners consent

    The data help by PHORM was obtained without the owners consent and hence should be destroyed. I do not believe that the data is anonymous I have seen the PHORM patent and I have seen how BT have acted it is clear to me that this was illegal data collection and under the data protection laws PHORM should have their right to hold peoples data removed and their servers/backups wiped.

  104. Alex
    Dead Vulture

    a bit more digging reveals:

    *** caution cut & paste (not edited) and ranting ****

    (this is taken from the 121 Media INC - Interim Results 29 September 2006)

    (available here: http://www.investegate.co.uk/articlePrint.aspx?id=20060929151738P5FE7)

    Executive Appointments

    The considerable headway we have made in our strategic partnerships with ISPs and the rolling out of 121Media's next generation contextual advertising products and services will lead to a change in 121Media's corporate structure.

    In addition, Dave Dorman, former chairman and chief executive officer of AT&T Corporation, was appointed as an adviser in July 2006.

    *RANT** Eric Eichmann sights pressing family considerations as reason for leaving. (no mention of Phorm/121media or other such on his current bio here:http://www.rosettastone.com/global/leadership/eric-eichmann/)-(I wonder what happened to that remuneration package of over 150,000 common shares in 121Media at an exercise price of 540 pence per share. These vest over a four year period and must be exercised by 15 June 2016. link: http://www.londonstockexchange.com/LSECWS/IFSPages/MarketNewsPopup.aspx?id=1242357&source=RNS )

    The Board believes that significant revenues should flow from this investment in 2007 and that our anticipated strategic partnerships with ISPs will have a materially beneficial impact on our future financial performance.

    *RANT** I don't doubt that, still your shareholders must be 'stoked' atm!

    Our PageSense technology

    We have made outstanding progress towards our goal of establishing 121Media's

    PageSense technology as the `gold standard' in contextual online advertising as

    well as consumer privacy. The Directors believe that PageSense represents the

    future of digital advertising. It allows advertisers to show their messages to

    users based on their online behaviour rather than locking the advertising to

    fixed content pages. It can rapidly build up profiles rich in lifestyle and

    demographic data. In the old world of media this knowledge could only be

    extracted from surveys and questionnaires and inevitably only applied to a

    small sample of any given audience.

    *RANT**** excuse me? excuse me? can you spare five minutes? ...oh sod this for a lark, lets tap their comms!

    121Media's technology is innovative because it translates the content of a web

    page into elements which form a profile of interests for the user. Using this

    profile, the advertising a user sees can be customized to match his interest,

    greatly boosting response and increasing the value of the media space. This

    genuine creation of value marks a step-change in the advertising economy. It is

    a leap forward in sophistication from which we believe shareholders will enjoy

    considerable growth in value.

    **RANT** it builds a profile of your interests, then sells them, you see what you do, we see, then we sell it, and we make money and all you have to give up is a profile or your interests/opinions/purchases/etc, yeah you don't get anything for it but hey! we get rich!

    Our products and services; benefits

    We are confident that the sophisticated behavioural targeting of the type PageSense makes possible will lend a new relevance to online advertising,

    (vulturepuke icon as this is making me feel sick)

  105. Anonymous Coward
    Anonymous Coward

    BT are lying, they know who was profiled

    My understanding is that those people profiled where the ones who's router's dynamic IP was in the same subnet as the PHORM kit. This was not limited to but one exchange I live in the Midlands and was profiled. BT say they cannot say who was profiled but this is just an outright lie, the security forces of this country require all ISP to retain which substriber had which IP. They know exactly who was profiled and when and for how long. In addition those people with BTYahoo had the PHORM ad server on their email page and hence if they were stupid enough to use the web email client then their email was profiled as well. I imaging that this would be quite a few people especially those you read their home email at work.

  106. heystoopid
    Black Helicopters

    So BT play dirty pool !

    So BT play dirty pool and will sing like a bird for the cost of peanuts , now that be a sad thing !

    But what is the MET Police Fraud and Company Squads doing about the numerous major breaches of assorted UK laws that senior executives over at BT have committed in real time such as the so called data security acts and so on ! Or are they still out of the office looking in the other direction as friends in high place send them on other wild goose chases or taking bribes themselves ?

    The next question is who in the legal profession gave them such poor advice in the first place , could it have been the second or third cousin on the English side of the family of one Alberto Gonzales , for he be a man of law that can't seem to comprehend what the law really means in the first place or the oath of any office he has sat in previously at the best of times after he passed the Bar Exam last century !

    Hmm , at this rate one would have to establish different alter egos and identities at the various Intertube Cafes with paying cash just to surf in peace or one of those Wi Fi enabled touch screen Eee Pc to connect to the assorted open wireless links that abound aplenty !

  107. Matthew

    Can someone explain something to me?

    The thing I don't understand about Phorm is "DO they replace/insert ads on websites, and does the website have to agree?" From the commentary here, it isn't that obvious that they do.

    Reason for asking: many sites make money from ads. Some they handle through networks, some the self sell, etc. If Phorm comes along and replaces that ad that *I* have put in, Phorm is putting my revenue at risk. If the site has consented to this, that's one thing, if they have not, then that's significant. I have not seen that sort of partnership being touted or even mentioned in what I know about Phorm.

    BT slapping their ads or accepting payments for ads to be slapped over other networks or sites is all kinds of bad.

    Webmasters are slightly more technically adept, and may be more willing to dry Phorm up at the source: the customer.

    If the UK authorities won't act, take a play from accross the pond. Litigate. Civil/tort actions for breach of privacy are perfectly legitimate means of affecting commercial interests and disincentivising certain behaviors. Ambulance chasers occasionally serve a purpose. This might be one such case.

  108. Gorilla

    Just suppose ...

    the BT trials had included software that was (unbeknown to them) defective or dangerous? Suppose is did something really outlandish, such as causing spyware to install itself on users' machines? Or it successfully phished for bank details (maybe by impersonating other websites)? These things would be criminal offences in their own right. If BT don't know who the guinea-pigs were, then how could they put things right for their customers? Compensate them?

    If BT customers make DPA data subject requests about the trials, then BT would be breaking the law yet again if they didn't respond honestly. The more they twist and turn, the more they will (eventually) cross the line and force the government to take action.

  109. Michael

    "The Times" newspaper embraces Phorm

    Two anti-phorm sites:

    www.antiphormleague.com

    http://phormwatch.blogspot.com/

    phormwatch.blogspot.com and www.antiphormleague.com/isp.php give a list of ISPs that will have nothing to do with Phorm, or are currently having nothing to do with Phorm. Experian, which we're not hearing much about, is another Internet surveillance system. Experian are currently in talks with a number of unnamed ISPs to find out who is interested in deploying their spyware.

    I tried to post a comment on "The Times" Web site (www.timesonline.co.uk), but it was rejected numerous times because I was telling its readers that "The Times" has signed up to Phorm. Other comments I made were accepted. Some clear censorship is going on.

    So, visit phormwatch.blogspot.com for a list of Web sites that are happy to collude with spyware crooks - and don't give them your money! They include:

    Financial Times

    Guardian Unlimited - No Longer Participating!

    iVillage

    MySpace - No Longer Participating!

    The Telegraph

    The Times (UK Newspaper)

    Unanimis

    Universal McCann

  110. Moss Icely Spaceport
    Thumb Down

    For the 50,000th time....

    DO

    NOT

    WANT

  111. Sean
    Alert

    Opt-opt: Really?

    So, although I don't really have the time to read through all the comments to all the Phorm related articles on El Reg, I have taken the time to read the Ernest & Young Privacy Examination report posted on Phorm's website (so apologies if this has been dealt with already).

    I found one interesting section on the current opt-out process supplied by CEO, Kent Ertugrul:

    "An Easy Opt-Out Mechanism:

    We offer an easy, anonymous method for users to opt out of Phorm's systems if they would rather not receive targeted advertising and content. For as long as the user retains the Phorm opt-out cookie, the system will not collect or store data on their browsing behaviour"

    Um, does this mean that each time you clear your cookie cache you have inadvertently opted-in?

    As clearing cookies would not be something that is normally considered an opt-in mechanism for, well, anything, how does this process stand up legally as an opt-out option?

  112. Eponymous Cowherd
    Unhappy

    Not the point

    @ Sean

    The fact that Ertugrul says "We offer an easy, anonymous method for users to opt out of Phorm's systems if they would rather not receive targeted advertising and content." means, by inference, that you will still be profiled even if you *do* opt-out.

    This is unacceptable to me as an ISP customer and, probably, unacceptable to most web site owners who will be visited by Phormed users.

    They (Phorm, BT and Virgin) are all being *very* shady when it comes to stating what *actually* happens when you opt-out (or don't opt-in). This reluctance to come clean adds more weight to the suspicion that your browsing will *still* be analysed even if you opt-out.

    Even though the data you provide cannot be used to directly target *you* (when you opt-out), it is still *very* valuable for statistical purposes and for selling on to 3rd parties. For example Phorm will be able to compile statistics about the most popular products on eCommerce sites (Argos, Currys, Scan, Dabs, etc) even it *all* their victims opt-out.

    And there will be little these sites will be able to do to prevent it!

  113. Anonymous Coward
    Anonymous Coward

    There appear to be two new folk asking questions...

    ...so here's a potted summary of what Phorm/OIX do. For Matthew and the AC who asks if blocking OIX will be "enough".

    BT routes your web traffic through the Phorm-supplied sniff-box. They analyse all your data and tag your browser with a cookie containing a summary. This allows websites who host advertising from the OIX network to read your little barcode and put appropriate ads, rather than arbitrary ones into the banner/pop-up/popunder adspaces on their pages.

    Blocking OIX will *not* stop your web habits being analysed, AC, and no, the current implementation of the Phorm proxy doesn't inject or modify any code coming back from the sites you visit. Also, at the moment, the analysis process doesn't retain any identifying information.

    However, the *patent* for this process allows the possibility of injecting scripts into the pages they return to you, and for the information kept to be attached to an identifiable key. Also, the Phorm box seems essentially to be a proxy, and there are no promises that it doesn't modify your requests on the way out, or that it won't modify the info it returns to you.

  114. Anonymous Coward
    Unhappy

    Another question

    Phorm say that you will not see any more adverts than at present but in their patent I found this

    [0046] In another example, as shown in FIG. 5, tailored advertising content may be presented as a bridge or transition advertisement 140, which is presented between requested pages 142 and 144, and independently of any page specifically requested by the browser.

    Does this mean ads will be served even while you are changing pages! That to me seems like more ads I would not want. DON'T WANT PHORM AT ALL, NOT EVER

  115. Anonymous Coward
    Anonymous Coward

    Comment on Phorm

    This is the reply I received from my bank (name redacted) following an email to them expressing my concern about the security of my internet banking:

    After investigation by [bank], we have been advised by British Telecom that the technology they use does not view any information on secure

    (HTTPS) pages. The data on these pages is in encrypted format and therefore not viewable by third parties. BT also informs us that on general

    Internet pages the technology ignores strings of numbers longer than three digits to ensure that they do not collect credit card numbers, phone

    numbers, National Insurance or other private information.

    You need have no concerns regarding the security of your Online Banking service. In the case of British Telecom they have advised that their

    site: www.bt.com/webwise <http://www.bt.com/webwise> will give answers to questions relating to this matter.

    Whilst this information gathering will not affect your Online Banking service in any way, there could be an increase in marketing related pop ups which you may need to take action to prevent and most modern Internet browsers now have the capability to suppress these.

  116. Anonymous Coward
    Boffin

    Opt in

    From what I've gathered - if a person acts as though they agree to something, then whether or not they did is irrelevant in some cases.

    It's largely down to the judge on whether or not to apply the above objective test or whether they want to be more subjective for various reasons - but the opt in could be done that way.

  117. Bobby
    Stop

    Wholesale Victimisation

    Targeted advertising will reduce consumer choice in the long run and will prohibit new or less known and innovative products from ever finding their way into the internet market place through this discriminatory practice.

    I call for market freedom as has always been and let no monopoly ever tell me what is ‘significant’ or ‘insignificant’

    Individual selective targeting implies victimisation of a singular selected person and is totally illegal under UK law. Ask the people and 100% of them would object to being individually targeted for any product, service or criminal attack as they would naturally enough feel unfairly victimised by this.

    I ask the government to take the bold step forward with an immediate blanket ban on all ‘selected individual targeting’ proposals by Phorm under present day antidiscrimination laws and preserve freedom of rights for us all.

  118. Anonymous Coward
    Anonymous Coward

    BT T&C changes

    I am one of those folks who tends to collect paper. Last night I was reading through the BTUpdate for Feb 2008 that came with my end of March phone bill.

    I am wondering if, BT customers failing to act on this notification, is why BT are now saying that customers can't just get out of contracts if they disagree with being phormed.

    "Changes to the Terms and Conditions for BT Telephone Services, BT Total Broadband, BT Vision, BT Broadband Talk, BT Mobile, BT Fusion and BT Value Bundle took place on 3rd January 2008. The changes are summarised below:

    * Charges that apply to termination and where you have broken the terms of the agreement have been classified as compensatory for clarification purposes.

    * All references to a contractual change which are to your "significat disadvantage" have been changed to "material disadvantage." These changes are for clarification purposes only.

    *In future when we make contractual changes that we reasonably believe is to you "material disadvantage" we will also let you know that you may end the agreement early without paying a charge for doing so.

    *If you wish to end the agreement because of a materially disadvantageous change you must not let us know within 10 days instead of 7 days that you wish to do so.

    ....

    Full detail of these chages and other clarification changes to our terms and conditions are set out on www.bt.com/pricing."

    I am not too sure how I would read "significant". However, "material" tends to read as having a monetary value and excludes all other aspects which could be covered under "significant". I read this as being an unfair change in the T&Cs. As I am only a member of the public and not a lawyer and this is my opinion, this may be of some help (the reasonable understanding) to anyone who needs to look for a defence when canceling their BT broadband when they are phormed/because they were phormed in the past without concent.

  119. Anonymous Coward
    Boffin

    Cancellation: Significant v Material not up to BT to decide

    Interesting example here http://www.out-law.com/page-6910 in particular the para on 'Changes to the contract' states that if 'the consumer reasonably considers he has been disadvantaged by a change, he can cancel.'

  120. Anonymous Coward
    Black Helicopters

    EUROCRAPS and PHORM

    the EUberspooks must be in on this, as kpn(PTT) in the Kingdom of the Netherlands also had breached customer data under Verwaayen when it was still national. i wouldnt be suprised if Mandys gimp is in on it too.

  121. Gorilla

    Cancellation: Significant v Material not up to BT to decide

    Any unfair term in a consumer contract is unenforceable

  122. Kanhef
    Happy

    Update

    from the BBC: http://news.bbc.co.uk/2/hi/technology/7349715.stm

    Phorm is not only illegal, but also "make the net less secure and breaches human rights"

  123. Anonymous Coward
    Coat

    @Kanhef

    And I see that Phorm are up to their usual bullshit spin (anyone noticed they don't come here any more because we can see through their shit?)

    "Phorm makes all websites capable of making a living," he said, adding the technology could end the stranglehold Google has online advertising market.'

    No - it allows Phorm and OIX to make a living by STEALING web content created by others. How can a company stand there and say it is all right to infringe copyright by intercepting and using other peoples material because someone can make money on it.

  124. Alex

    guess who's putting pressure on the ICO

    http://www.nma.co.uk/Logon/ResourceBarrier.aspx?RequiredServices=17,|&PipelinedPage=/Articles/37294/ISPA+defends+Phorm+as+ICO+conducts+investigation.html&PipelinedQueryString=liArticleID%3d37294#ContentContinues

    well well, its no surprise to find out that it was the ISPA (http://www.ispa.org.uk/)

    ...I wonder why they think its such a good idea, they do seem to have a bit of sway with the ICO though, perhaps its time to investigate them a little more??

  125. bobbles31
    Coat

    @Alex

    I love the comment:

    "If Phorm complies with the law, then it sounds like a damn good service,"

    If withdrawing money from banks with a Gun was legal that would be a damn good service too but its not so fuck off and leave my browsing habits alone.

  126. Alex
    Thumb Down

    But they did it, why can't we!

    *** CAUTION RANT ****

    K*nt stating that "google are worse, all the offer is search, email, news, etc, etc, etc" and "ISP's offer services too, after all without them you couldn't connect to the internet"...

    RRRRRAAAGGGHH

    ....well done K*nt, people have the choice to use Google or not, just the same as they have the option to visit their ISP's homepages, BTYahoo for example!! why don't you stick your SPYWARE on the BTYahoo portal? that's a fair comparision, oh but then there's all the overhead of producing content, bandwidth, services, etc

    yep your right K*nt, just keep with the "well people use google so why can't I parasitically spy on your web activity then sell it to advertisiers"

    ....just how did you populate the OIX again K*nt??

  127. Eponymous Cowherd
    Jobs Horns

    YouTube

    Searching for Phorm on YouTube returns a *lot* of Phorm PR bullshit videos.

    Seems to have backfired though as anyone watching them can't fail to notice the vitriolic anti-Phorm comments and 'one star' ratings.

    iHate icon as you don't have a uK*nt one yet.

  128. Anonymous Coward
    Anonymous Coward

    Webwise Cuckoos

    Cuckoo:

    1: A cookie set for a website using man-in-the-middle techniques as part of a parasitic system e.g. one tracking and parsing the content of an individual's web browsing activity in order to deliver targeted adverts.

    2: An ISP exec contemplating the deployment of a parasitic advertising system that doesn't provide ICO-compliant opt-in and positively harms privacy by reportedly making an opted-in user's unique identifier available to any website they access.

    3: Someone who's been on the net for more than a month and still notices adverts on web pages.

    4: A ISP customer opting-in to a parasitic targeted advertising system.

    Webwise Cuckoos:

    1: A bunch of kids with psi-power from Webwise, Winshire who can read your thoughts and make you do things.

    2: A bunch of suits with money-power from Delaware, US who want to read your thoughts and make you buy things.

    Cuckoo Spit:

    1: Response from suits with money-power on encountering a law that stands in the way of Profit.

    Cloud-Cuckoo-Land:

    1: Place full of people who think Webwise and the precedent it might set is harmless.

  129. Alex
    Paris Hilton

    sell! sell! sell!

    from the 13,831,224 shares issued, so that seems to a be a sale of about 0.468% of the total shares in one trade!!

    not an insignificant amount?

    I wonder who just dumped their share options then!

  130. Anonymous Coward
    Thumb Up

    Phrom and BT

    People, I really dont see why people are so mad about this. TBH, I feel that people that complain have something to hide??

    I have done quite a bit of research into this myself, the wording that the Register has printed is making it very misleading to making people judge it is a bad thing. Opt-In means you must go onto the BT Webwise site and click it on or off. The choice is at YOUR fingure tips!!!

    BT Webwise or Phorm does not store any of your details. It simply uses cookies on your computer to track websites that you have visited to ensure that they are not illegal. What is so wrong with that?...Lets say a site was set up just like your internet banking site and when you log into it, your providing your access details to your account. BT website/Phorm will help stop this from happening. Is this a bad thing?

    It will also help stop child porn etc on the internet. As I said before, people that complain may be the ones that like these sites and that is why they are unhappy etc who knows...

    But my view is bring it on! It is a good thing and well really help. Those people that dont like it, DONT OPT IN then!!!

This topic is closed for new posts.

Other stories you might like