BT's secret Phorm trials open door to corporate eavesdropping

Sad but true!

It seems that its time for a fundamental change to the system of governance in this country. The current system just doesn't work anymore.

err..

> "I'm absolutely sickened and appalled," Pete John, who has tried to interest authorities, told The Register this week.

Get a grip, I told Pete John this week. With all that goes on in the world, if that's the kind of thing that sickens and appalls you then I'm surprised you have the wherewithall to get out of bed in the morning.

That said, keep up the good fight (when you've got your health back, naturally :)) !

Cop Out or corruption?

Can we start taking bets on how long it is before certain key people in government departments that seem to muddying the waters on purpose jump ship and join Phorm?

That bloody "Consent" thing keeps coming up.

I run websites - I DO NOT give consent for phorm (and BT, Talk Talk or Virgin) permission to intercept my traffic.

Mabye if a lot of website owners blacklisted the entire BT, Talk Talk and Virgin IP address ranges so they get a message that says something like "Your ISP is a leeching parasitic scum merchant who would sell his granny for a snort of Cocaine" they might get the message?

Actually even better - a redirect so that they get a page full of the nasty truth about Phorm and then topped up with choice keywords would be good (it would certainly screw up the Phorm profilers.) before they get to the actual website.

No more writing letters.

Anyone willing to put their name on the line and march on Parliament? Peaceful protest my left ass cheek; Through the doors and into the PM's private chambers, so he knows just HOW pissed off the informed public are.

Anonymous? No point. They can track it all anyway.

Me to :(

I have an extremely dismissive letter from Tony McNulty which more or less says "It's not my problem. It's the ISPs responsibility to make sure they don't breach RIPA"

I'm drafting a suitably worded reply, but it's taking a while, since I'm having difficulty framing a sentence without using the phrase "greasy shiteweasel".

As of today, sadly, the position seems to be that public bodies can breach RIPA, in which case they'll be investigated, but this will never come about since everything they do that's covered by RIPA will have been rubberstamped (see Reg passim), that individuals can breach RIPA, in which case inspector knacker will stuff them in chokey for five years, and that corporations can breach RIPA and no one will give a flying fuck.

Fortunately, I can't see this position lasting long, there's to much for the opposition parties and the tabloids to get their teeth into. I mean come one, NuLabour allows big corps to trample over "terrorism"* legislation is a big stick with which to beat an already embattled Prime Minister.

So, on with the fight. The failtrain is still en route, it's just delayed by red tape on the line.

*I know, it actually has very little to do with terrorism, but no one tell the Daily Mail that just yet, eh ?

A new RFC is needed ...

Putting an MD5 hash for every page a server creates in the HTTP header. Clients could perform a matching hash, and if they don't match refuse to display the page. I'm sure Amazon and eBay would be thrilled to know customers were unable to view their pages because of phorm injected crap .....

This is great news, they've just made themselves liable.

Anyone who has had any kind of response from the Home Office, hang on to it. Could come in handy as evidence. Now the Home Office are involved, they have brought the matter within the scope of a Judicial Review. Fatal error. We've just seen how Judicial Reviews feel about the government illegally granting impunity to private corporations in the matter of SFO vs BAE - and they do not like it.

Didja know it only costs £100 to apply for a Judicial Review?

No reply from the home office

I've still not had a reply from the home office about this.

I'm genuinely at a loss as to why this is being ignored.

I have no words!

There are no words that I can find that express how rotten this makes the the country look!

I think I'll pack my bags and move to Zimbabwe - it's starting to look like they have a more moral and trustworthy government.

@b

It's being "ignored" because;

a) There's a LOT of money involved, and / or

b) Someone (maybe more then one) senior in the Home Office / ICO / Ofcom / Media are in this up to their mucky little neck(s).

Like you, I'm baffled why this hasn't hit the tabloids (see post above yours, then refer to 'b' above!!).

Looks like a snoopers charter.

We're all FUCKED!

£100 for a judicial review? Please, where can I contribute.

Yes. I am serious. Unlike our elected representatives.

"Tough on crime, tough on the causes of crime".

Oh yes. We thought he was serious too. Now we know better.

so what

Targetted advertising - Sounds great. whats the big deal?? So they monitor your inernet use etc, only people with sometihng to hide would mind as far as I am concerned.....

Is anyone genuinely surprised........

that a government that views tracking and spying on the people it is *supposed* to be serving as its most important function supports Phorm.

The conspiracy theorist in me wonders if HM Gov views Phorm as a nice, convenient, way of spying on us that they don't have to pay (much) for.

I also wonder if Phorm has been 'in talks' with HM Gov in just this regard.

It would go a *long* way to explain the lack of concern about this from the Home Office and ICO and why BT and Virgin are pushing ahead with this despite the public's outrage.

The last time we incubated anything

It would appear that, if BT, or anyone else passed your information to another company without your knowledge or agreement, then your argument is with BT for breach of contract.

So, why anyone with a choice in the matter still signs up for a BT service totally beats me. At the end of the day, you get what you deserve for not being more discerning in the first place.

And if Virgin tries this caper, as was proposed, then my internet connection will be terminated, and it's back to POTS for this end user and my business, until legislation is evident that will protect my business from industrial espionage.

Which is how I consider this little invasion of privacy by Phorm and BT.

You know it, you are either trust worthy or you bloody well ain't.

Alf

£100 for a judicial review

Seriously? Where do we pay up?

Dont vote for the b***ds

This is typically Britsh. You moan and moan about the council, hte government the opposition your MP and then you vote them in again!

Break the cycle! Vote against the status quo.

This means NOT voting Labour or Tory and except in exceptional cases the dear old lib dems (they wont mind thye never expected annyone to vote for them anyway.

My vote goes to the Monster Raving Loony candidate as being most representitive of my contempt for the current pretend democracy.

Re: so What

So why post as AC? What have *you* got to hide?

Time to 'police' ourselves

I am not suggesting mob policing - just gently silent protests.

For those who object to having their browsing intercepted - change ISP.

BT's broadband pages are full of how they protect customers from AdWare - not true. Is this enough to invalidate their contract with you. I would argue the case if I were with BT.

For webmasters - big warning messages for all BT IP addresses + any other addresses that are tied into profilers from anywhere in the world. I don't earn any income from USA visitors anyway so warn them all.

The Sun will never do anything - look who pays for its advertising space.

Not too sure who owns the local press - the reporters can't all be such fools (Weston-super-Mare excluded from this rant). Maybe they charge BT et al enough for advertising space to cover all the costs of weekly printing so dare not say anything that could risk that income.

Next week I will see what I can get into the school's weekly rag. Even a circulation of 500 is better than none.

The internet is more powerful than this - use it. Because some of us care and have not been blinded nor made dumb.

Mine is the power jacket: power to the people.

Re: Ash

Yeah, because protest marches worked for the anti-Iraq demonstrations and the anti-hunt-ban demonstrations, which I believe were the largest demonstrations in British history. Demonstrations do not work as an expression of opinion, only as a threat of violence, and British people, unlike, say, the French, aren't currently capable of the latter. This is because the government doesn't give two s---s about what you think, only about its survival.

The good news is that BT and Phorm are private companies (in the narrow sense, not the share ownership sense), so unlike Iraq, we do at least have something of a say in the matter. Change your ISP, and if you don't want your website's traffic intercepted, block access from ISPs that use them.

Legal Begal my Ar*e

So the government asks ISP's to help police the net, in exchange for ignoring them breaking the law with this new advertising scam, they all get rich and less P2P traffic on their networks cause they busy grassing us all up for crimes that have no pysical bearing on our society, Does Gorden Brown/labour ever think of anything else but the economy?

Paris has more common sense then our MP's

£100 for Judicial Review?

Why has this not been done already? £100 is hardly breaking the bank.

Hell, i'd pay for it myself if I knew what it was and how to do it properly!

@so what - anonymous coward

I know your post is flame bait, but once Phorm has invaded everything you surf, try explaining to your kids why they get adverts for viagra and hot milf hardcore gangbang on gamesmate because Phorm has skimmed these key words from your spam infested yahoo / hotmail account which you access once a week to clear down.

When the music stops, you're the one who has to deal with phorm...

What a surptise, this has been a whitewashing of concerns by every interested party. BT and phorm tell us this thing won't invade privacy, but give us conflicting reasons as to why not, at the FAQ session Simon Davies acknowledges that the big issue is legality, but then asks everyone not to talk about it, and now HMG (Who I've suspected always wanted this kind of access) won't take action on it.

It's the ISP's responsibility to make sure they don't break RIPA? That may be, but it's sure as hell this governments responsibility to intervene when they do! This is farcical, if it had been a teenager downloading a few songs that the BPI had asked them to investigate then you can guarantee they would've been knocking down his bedroom door before you could say "hasty search warrant", but because it's the citizens (who MP's are supposed to represent) complaining against big business, nothing gets done! I guess we know who makes the bigger campaign contributions!

PS, why no coverage of the phorm Q&A session?

Helicopter because, well, look around.

And now the good news.

Phorm's share price has plunged to 1275p.

Re:£100 for Judicial Review?

The only way to beat Phorm is with *organised* protests and legal action. All of the current 'pressure groups' are no more than rant shops.

What is needed is someone with PR skill and/or legal training to head up a *real* anti-Phorm organisation that we can support with real money. I would gladly stump up, say, £100 a month to fight this obscenity, and I'm sure many others would, too.

Once you have an organisation with real power (i.e. money) then you can really lay into Phorm. Legal action, full page newspaper ads, mailshots to Phormed ISP customers, intense lobbying of MPs.

Unfortunately I have no PR experience, little legal experience and absolutely no idea how to go about setting up such an organisation (would it be a charity?) Anyone care to step forward???

@Ash

" Peaceful protest my left ass cheek; Through the doors and into the PM's private chambers, so he knows just HOW pissed off the informed public are."

If you dont want to be nailed to the tower, you could always vent on an invovled companies property.. be that in there car park or on the side of a van...

As I have maintained all along...

(Tin foil hat on and special flamebait shirt done up!)

Most people use those bloody insidious supermarket loyalty cards, which in my opinion are the biggest excuse for a private company to gather personal information. TESCO, whom I believe have one of the largest customer spending habit databases in the country, but no one minds using the cards and getting their tiny little prize of a fiver off their shopping, at the end of the year do they? Before you start bleating about Phorm/BT, double check your wallet and make sure your shredding your waste paper too!

Until Joe Public actually hears anything about this, this is simply going to be a big shouting match in a quiet little geek corner. Want to make a difference? Simply tell everyone you know who is on the internet in some form or other, that basically their credit info and personal details will sold off to some ad agency in about 6 months time, unless they kick BT/VM/TT up the arse to demand Phorm be removed ASAP. Oh and ask people to stop using those nasty little loyalty cards while you're at it!

Oh Dear

"The tribunal has no jurisdiction to investigate complaints about private individuals or companies unless you believe they are acting on behalf of an intelligence agency, law enforcement body or other public authority covered by RIPA."

Do I read that right, Private individuals and companies are exempt from RIPA unless they are acting on behalf of a law enforcement agency?

well, thats all right then, I thought they were breaking the law when all the time it didnt apply to them.

I am moving house soon and going to change to one of the phorm free ISP's, once they go to phorm I'll move again until there are no more Phorm free ISP's.

Make no mistake this is going to go ahead, too much at stake for the businesses involved to let it phail, mores the pity!

Royal Mail

So the Royal Mail are allowed to open your post after all, as long as they are doing it to steal money from childrens birthday cards then it is allowed, as long as they are not a law enforcement agency... Who wants my vote? im giving in...

@ AC - re MD5 hash

Nothing to stop a man-in-the-middle (MITM) from rehashing the page and replacing the MD5. It'd have to be a cryptographically signed hash, but if you're gonna do that you may as well use HTTPS.

Of course, SSL doesn't prevent you from attacks at the client or the server, so all they'd probably do then is slip adware into their standard software build which intercepted the decrypted SSL data at the client.

@Teabag 2000

Perhaps you ought to point out to Celia Barlow, that a cookie with an ID number actually is personaly identifiable just like number plates are... they may both be random but they are both unique identifiers.

@ George Johnson

how many ISP's do you have? are you in a contract to use soley one supermarket? your analogy is flawed. Phorm is worse than loyalty cards.

Re:As I have maintained all along...

@ George Johnson

First off, I don't have a loyalty card. I'm well aware of what the likes of Tesco use them for and refuse to have anything to do with them.

But even supermarket loyalty cards aren't as evil as Phorm.

You have to apply for a Tesco card, you are given Ts&Cs to read if you want, so there *is* informed consent. Phorm doesn't give you that.

Tesco pay you to use their card. Sure its peanuts, but that's more than you get for being spied on by Phorm.

Tesco can only track what you *buy* from *Tesco* stores. Phorm can track you everywhere on the WWW and track everything you do short of when you switch to SSL to make the payment. Browse TVs on the Argos site, then go to the Currys site, then, maybe Amazon. Phorm will profile you across *all* of them. Can you imagine the outcry from Morrisons if Tesco found a way to track what customers were looking at on their shelves, yet that is exactly the service that Phorm will provide it its partner sites.

No, Phorm is several orders of magnitude more evil than supermarket loyaty cards.

Secure Proxy?

I might be missing something here, maybe it is so obvious that it has been overlooked or it is so unworkable that it has been discarded.

If Phorm doesnt profile HTTPS connections is there a secure proxy and would this then provide a clear gateway to the internet since you would use the secure proxy as your initial point of call and then all other traffic comes back to you via the proxy.

Workable? possible? Stupid?

so I can set myself up as a business

and then intercept people's web traffic and the government/authorities will not do a thing? Sweet!

But hang on, wasn't there a bit of a fight to hear what MP's are claiming on expenses and yet my spending habits can be up for grabs without my consent?

Funny how it seems to be okay for one and not another

IHTFP

~Forum~

@ dangermouse et al..

If you want to move the discussions onto a forum, How about www.badphorm.co.uk? its free.

Re: ~Forum~

Will sign up.

@Dangermouse

re: Judicial Review? Anyone to step forward?

Recommend you read the (end of the) relevant Phorm thread on the CableForum website: http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html

You'll find support, advice and probably others who'll be glad to work with you to launch the legal challenge.

Thanks for taking a lead!

hmmmmm.......

I wonder if they (Phorm) have made any political donations recently......

@ ~Forum~

We don't need a forum, the only people reading it are the people who have been directed there from El Reg. We are already, to quote Andrew Orlowski, an "echo chamber".

We need wider discourse; tell your friends, neighbours, guy down the pub. Most of us here, correct me if I'm wrong, look after the computers of family, friends & neighbours. Tell them! Explain the insidious nature of this poxy Phorm/BT plan to pimp their data. Explain that it really isn't "Enhancing their browsing experience" etc. et bloody c.

Forget The Sun, get the discussion into the pages of the Daily Wail, Torygraph or Grauniad, that might wake up enough harpies, blue rinse brigade and "Disgusted of Tunbridge Wells", to make a real noise :-)

Mine's the one with the "Kick me!" sign on the back :^)

re: Home Secretary Webchat

very quiet on the phorm questions so far and Im asking....

http://www.number10.gov.uk/output/Page15259.asp

An Absolutely BIZARRE UK Government

When your trusted ISP illegally subcontracts out 36,000 user accounts in secret to a known spyware merchant and tries marketing these actions afterwards as an enhanced privacy policy called Webwise then this must be the most bizarre internet event of all time.

Even more bizarre is the government in discussion with these hackers to allow them permanent access to all our private internet transactions thereafter.

Is this really happening here in the UK?

@Neil Greatorex

So you dont believe in coordination then. perhaps you ought to be commenting into AO's shell like then no-one will hear you either.

Jaqui Bloodyuseless Smith...

On Saturday the ISP Pettition will be the 5th most signed current petiton on the downing street Petitions website and somehow Jaqui managed to selectivly avoid answering even one of many questions about phorm, I guess that is called moderation.

FOI request anyone?... a quick bit of research should reveal whether the questions answered reflected the questions asked.. or if moderation was used!

Virgin Media email just received

"Your stuff's in safe hands

Protect your PC from internet nasties with our free PCguard internet security - a must-have for keeping all your private details safe. If you haven't downloaded it yet, get it for free right now! "

How ironic!

John

@ By Anonymous Coward

Ummm, what do you think I was trying to advocate then?

It's pretty pointless the same 47½ people just shouting louder & louder _at each other_

"Kick me" has been replaced by a target, cunningly entitled "Aim here, but only fire if you stopped reading before the end of the first sentence"

@Dangermouse

Godspeed.

I hate this bloody government

I remember being rather happy that day in '97. If only I'd known then what I know now. Taxed to hell; economy heading down the toilet; massive national debt; privacy a thing of the past; freedom rapidly being eaten away; health service up the creek; illegal wars; students screwed by massive debts; total incompetence about anything IT; the list goes on. Add to this, the turning a blind eye to corporate law breaking such the Middle East arms bribery scandal and now rampant privacy invasions by BT and proposed privacy invasions by all and sundry.

I thought that horrible old witch and her cronies were bad back in the 80's but they were nothing compared to this lot. What's worrying is that I can't make up my mind whether they are just incompetent or servants of evil whose purpose is to screw up society so much that it will be easier for Satan to harbour in the apocalypse.

Flames ? Because we're all doomed to die in Hell's before long.

PHORM Investers scamberling for cover

I presume that the goverment are deliberately stalling to allow all the no morals fat cats to get their money back before the axe drops.

These fatcats invested in a dodgy company and should have to take the loss, however the system in this country always uses taxpayers money to save the scum, see LLoyds names, northenrock etc

I think that the gov will get it stuff together eventually once all its mates are out and clear. I wonder if the Pat Hewitt/BT deal had anything to do with the gov's unwillingness to deal with this crime in a timely fashion see http://www.theregister.co.uk/2008/03/13/hewitt_joins_bt/

Godd investment their BT buy yourself a politition avoid prosecution, more and more like the US everyday

From The Home Office Website...

This is a bit long winded, but I Think it's rather salient.

Or go to http://security.homeoffice.gov.uk/ripa and follow the links on the left hand table.

"Interception

Use of interception

Interception is strictly regulated to ensure that its use is proportionate to the activity it is deployed against and in circumstances when required information can’t reasonably be obtained by other means.

Who can use interception?

Intelligence services, the police and other law enforcement agencies such as HM Revenue & Customs can use interception if they have a warrant signed by the Secretary of State."

"Communications data

Obtaining and disclosing data

A strict necessity test must be passed before any communications data can be obtained.

Who can obtain communications data?

A range of public authorities can lawfully obtain communications data, including:

law enforcement agencies - such as the police, the Serious Organised Crime Agency and HM Revenue & Customs

emergency services – such as ambulance services, fire authorities and HM Coastguard

other public authorities – such as the Financial Services Authority and the Department for Transport

‘Authorisations’ to obtain communications data are granted by a ‘designated person’ within each of these organisations. Parliament has specified different levels of seniority required to be a ‘designated person’ for different public authorities. For example, the police ranking required is primarily ‘Superintendent’ and for ambulance services it’s ‘Director of Operations’.

All authorities with permission to obtain communications data do so in accordance with a code of practice, and all activity to obtain communications data is independently monitored by the Interception of Communications Commissioner who reports to Parliament annually.

Permission to obtain communications data

A designated person may only grant an authorisation to obtain communications data if they consider it necessary, proportionate and for a reason available to their public authority whether relating to:

the interests of national security

the interests of public safety

protecting economic well-being of the UK

protecting public health

preventing or detecting crime or preventing disorder

preventing or mitigating death or injury or any damage to a person’s physical

or mental health in an emergency

assessing or collecting any tax, duty, levy or other charge payable to a government department

assist investigations into alleged miscarrages of justice

to identify a person who has died or unable to identify themselves because of a condition not attributable to a crime and to obtain details of the next of kin of such a person or to gather information about the causes of their death or condition

Obtaining the data

The designated person may give notice to a communications service provider (CSP) requiring them to disclose specific communications data or grant an authorisation to officials to acquire specific communications data.

Where notice is given, the CSP must comply with the notice within a reasonably practable time and supply data where it is reasonably practable to do so.

If a CSP fails to disclose the required communications data then the Secretary of State may take civil proceedings against them, which may result in the issue of, inter alia, an injunction which would have the effect of compelling the provision of data.

A notice must immediately be cancelled if the reasons for which it was granted are no longer valid."

Don't see ANYTHING about corporations, companies or private individuals being permitted to do ANY of the above.

@"VM exit strategy?"

There is no need to go with BT as an ISP first - they will give you the line without needing you to take broadband with them.

If you don't want to deal with them at all, then there are companies like AAISP that will provide you with a phoneline through BT without you needing to actually deal with BT ever.

Not as good as not using them at all (since they still get your custom, albeit indirectly), but possibly better than actually dealing with them directly.

Just wish BE would do that. ;)

Other Isp's Secret Trails?

Have any of the other isp's signed up with phorm other than bt came out and said they have never undertaken any secret trails?

i had really weird goings on with my machine on virgin media in may of 2007 same rough date as the bt trails were admitted too, and going off what dr clayton said at the meeting in london earlier in the week - a penny sort of dropped that issues he was describing could happen with the system were the sort of issues that were happening to me at the same time.

I of course post this with my tin hat on for flak obviously but i cant seem to find any statments from talk talk or virgin media denying that they undertook in any sort of trials that bt did.

Any links to comments made about this issue from the relevant isp's to set me straight on this matter would be most welcome.

@AC wrt lol

"Government want to profile everyone so they'll ignore it

Law enforcment want to profile everyone so they'll ignore it"

Those two (at least) are specious. Neither the security or law enforcement services have any need for Phorm to help them with any kind of data surveillance.

I don't for one moment imagine that "the government" are in league with Phorm, it's just that they are a)busy, b)incompetent and c)pitching a huff because we're taking them to task over something that they don't understand. Oh, and they don't like us very much because of a widespread arrogance that delivers statements like :

"The sheeple are all to thick to understand what precedent even means let alone spot them."

You are what you buy.

I'm sick of hearing all this "If politicians were competent.... blah blah".

They ARE competent! Look at how quickly and efficiently the United Kingdom's infrastructure, economy, land, education, media, etc have been opened up to a massive corporate feeding frenzy. Incompetence just happens to be a very very good excuse. They have no reason to care about "us". It's not like we can choose how they spend our taxes.

OK back to corporations*, and specifically BT. If you don't like their product, go elsewhere. If you dislike America, don't buy their wine/cola/cars/films/news/etc. I don't. That's that sorted, right? Right. Buy ethical/sustainable products at twice the price, economically self-punish yourself, and more profit margin for the retailers!

And as for the Phorm guff, it's a private network, what right do people have to privacy of communication across it? Use encryption or put up and shut up. Seriously, if you don't like BT (and believe me I don't after just recieving a demand for about 80 quid for a line and number I cancelled in September!) move to a telephony provider that doesn't use LLU or resell BT ADSL, and therefore BT will not profit. Such as Virgin or.... errrr.... Virgin. If you're lukcy, and if they're any good for you. Maybe.

OK those that can't/won't move to Virgin set up a No. 10 petition, cos that's the way to make things happen: ASK for it! Because the ability to ask for something makes a democracy. Just like the orphanage that Oliver Twist was priveliged enough to attend.

Hmmmm... Maybe we are all rogered after all! Lucky I saw all this coming years ago and made plans, so I'm sorted no matter how bad things get! Now I've been a smug little shite and also suggested a way out of this quagmire for those caught up in it. Mission accomplished! Heh.

- S~I

* An extract from the film "The Corporation". Marc Barry, Author, Spooked: Espionage in Corporate America:

"In 1998 I was invited to Washington DC to attend this meeting that was being put together by the national security agency called the Critical Thinking Consortium. I remember standing there in this room and looking over on one side of the room and we had CIA, NSA, DIA, FBI, Customs, Secret Service, and on the other side of the room we had Coca Cola, Mobile Oil, GTE and Kodak. And I remember thinking, I am in the epicenter of the intelligence industry right now. I mean, the line is not just blurring, it’s just not there anymore. And to me it spoke volumes as to how industry and government were consulting with each other and working with each other."

Home Office talking rubbish

RIPA is very short and sweet on nterception without a warrant...very short indeed.

It is also very short and concise on who can bring a prosecution under RIPA.... very concise indeed

Anyone CAN bring a case under RIPA but under Section 1 subsection 8..

No proceedings for any offence which is an offence by virtue of this section shall be instituted—

(a) in England and Wales, except by or with the consent of the Director of Public Prosecutions;

(b) in Northern Ireland, except by or with the consent of the Director of Public Prosecutions for Northern Ireland.

Pretty open and shut there then....if the DPP consents to proceedings they can happen.

Basically RIPA was worded to make sure Joe Bloggs couldn't take HM Government to court for breaking it.....but it also means that HM Gov can protect plc's.... now why would they do that????

Methinks the technology BT tested may do more than just serve ads

Re: Is anyone genuinely surprised........ By Eponymous Cowherd

Well Jaqui Smith is the Home Office! The same Jaqui Smith who proposed stopping paedos using Bebo by registering their email address with the police. Obviously that would not work, but think what Phorm could do for that idea.

Do you think that Phorm could actually stop someone visiting a particular website using their BT ISP connection?

It looks to me as if Jaqui was counting on Phorm to make her paedo blocking ting work. Obviosuly switching ISP's would carry a 5 year prison term. Also long term Phorm would become law. Like having a government official sitting at the back of the school classroom or a government official on the staff of every news paper and radio station.

What if...

What's the score if you have a typical family setup, where parents and children share a computer. Maybe Ma and Pa like to look at adult oriented web sites after the ankle biters are in bed. Are the little darlings going to be bombarded with adult oriented advertising the next time they login to their favourite ad-sponsored kiddie websites?

I hope not.

Most of the 'family PCs' I see have a single login, because the grown-ups can't be bothered (or don't know how) to configure separate accounts for everyone in the family. OK, so they *should* keep things separate, but it doesn't happen. Phorm ain't gonna know who it's serving up 'targetted' ads to, even if it can identify the computer by cookie, ip, whatever.

Not for me thanks.

Why the government will not act.

In the good old days there was the British Post Office running the phones. Every month, a certain number of randomly selected phone lines were monitored for quality and engineering research purposes by GCHQ. The random selection could, of course, be slightly less than random if there was a good reason.

All this was nice and cozey with the government owning the BPO and BPO employees signing the official secrets act.

Let us suppose that this still goes on today even though BT is not government owned. This would mean that the government and BT are breaching RIPA every day. Would it be sensible for the government to start investigating BT for breaching RIPA? I think not.

The government will not act against BT or PHORM. The only hope is for users to implement countermeasures when the system comes into use. The main aim of the countermeasures would be to bring the validity of the collected data into doubt so that nobody would want to buy it or act upon it.

If PHORM uses cookies, then write scripts to modify the cookies every hour or so. Offer the scripts free of charge to anyone who wants to protect themselves.

@"If phorm uses cookies" (19:46) (cookie confusion ongoing :()

I'll try to put this politely (again) because apparently it's not yet universally understood: the cookies are irrelevant, the monitoring and analysis goes on regardless of the cookies, all the cookies do is turn on/off the delivery of extra-customised ads.

Imagine a Royal Mail subcontractor opening and reading all your non-encrypted post, and storing details of the "anonymous" information they are reading. They use this "non personal information" (!) to deliver "better targeted" direct mail adverts (for which service they are taking money from the advertisers), while at the same time they are time telling you, the Royal Mail user and customer, that the mail-opening "service" improves your privacy.

Oh, and the Royal Mail trialled the service without telling you, and mail interception was illegal then and now, but they've done nothing illegal.

And Royal Mail's CTO left to work as CTO at LetterOpeners'R'Us.

But if you want to "opt out", a Post-it(tm) on your letterbox (a cookie in your web browser) tells them not to deliver the custom ads, just the routine ones. Till it gets removed.

That's the way Phorm works, except it's BT not the Royal Mail, and it's web traffic not hardcopy mail.

Comfortable with that?

Can sort of prove it

I have similar reservations of the poster above about virgin media running secret trials and not issuing any statment that it has not done similar trials.

but my period of discomfort would be from roughly may 2007 i could dig up my call records to virgin media at this time (they would also have the logs of my time on to technical support) and posts i made about issues are documented about the problems i was having on forums which have a timestamp and date to further back me up.

Would love to hear from anyone confirming if vm have said they have not conducted in any way any sort of secret trial.

An alternative explanation

First of all, remember the adage "never attribute to malice that which can be explained by incompetence."

Second, consider one of the great management vices of the late 20th century, continuing into the third millenium: a profound distaste for ever being seen to have made a mistake, large or small. Institutional paralysis results, as the only criticism that can then result is that of indecisiveness -- but never the feared "made a mistake."

This is a form of incompetence, as any intelligent person knows that anyone or any organization that actually does anything, that actually makes decisions, is going to make mistakes reasonably often.

I offer this up as an explanation (in part or in whole, I dunno!) of the incredible misbehavior of that cow of a home secretary and her boss the blithering idiot.

Gee, I'm glad I don't live in Britain!

An alien couldn't think this up even if he was stoned on skunk.

Just move

Just move ISP! Don't moan about it, demand your MAC code. I won't matter if you have signed up for a minimum term contract. Point out to BT that they [BT] won't say exactly WHO was part of the 2007 test, so it COULD be "me". Therefore BT are in breach of contract for allowing "my" data to be intercepted without "my" permission. BT may respond that "you" where not in the trial, at which point you ask them to prove conclusively that you where NOT part of the trial - for example showing the list of the people who where in trial.

Of course, they won't do this, so they will probably just give you your MAC code.

Then you can head for an ISP like Fast.co.uk (no, I don't work for them, but they are my ISP) who are advertising:

"We can confirm that we are not one of the ISPs who have had any discussion with, or entered into a contract with Phorm, or any similar company, who use browsing history data to provide targeted advertising. We strongly respect the privacy of our customers, and will never share any customer data".

YOU are the customer. Vote with your wallet by heading elsewhere. Hit them where it hurts - in the bank balance.

As for the inept fools attempting to run the country on our behalf (in the words of the late, great Douglas Adams) - "They'll be the first againsted the wall, come the Revolution!"

Paris? She could do a better job than the Labour Government!

A real can of phorms!

Nasty, nasty, nasty.

Repeat after me: DO NOT WANT

@Steve Roper

That's a very great and wonderful thing you've done there. That will make the sheeple sit up and take notice at least, bravo!

@ Steve Roper

Well done.

Now if MORE hosting services follow your lead....

@Steve Roper

Bravo sir, Bravo! Now if more people take your lead...

Respect +

@ Steve Roper

Good move,

but as Christophano says, the biggest problem will be persuading ecommerce sites that they don't need 70% of the UK market.

How about an https portal for Phormed ISPs that shows an anti-Phorm banner to Phormed users. eCommerce sites could add a Phorm protection surcharge of a few pence to their prices to cover the cost of the SSL certificate.

In other words, alongside the cost of the product, VAT and delivery will be something like "Privacy surcharge 50p".....

Shouldn't put too many people off and might encourage them to go to an ISP that value their customer's privacy more than the chance to make a quick buck with a former spyware pusher.

@Steve Roper

You, sir, have balls of steel. This is how things get done - by people actually doing something and sucking up the possibility that they might personally lose out as a result of their decision, rather than whining that the government should be the one to do something. Congratulations.

Section 3 of the RIPA Act 2000

http://www.opsi.gov.uk/acts/acts2000/ukpga_20000023_en_2#pt1-ch1-pb1-l1g3

I think they must be talking about this bit:

(3) Conduct consisting in the interception of a communication is authorised by this section if—

(a) it is conduct by or on behalf of a person who provides a postal service or a telecommunications service; and

(b) it takes place for purposes connected with the provision or operation of that service or with the enforcement, in relation to that service, of any enactment relating to the use of postal services or telecommunications services.

Anyway - I'm taking my ball and going to a different ISP. I have some free time tonight.

Cunning Plan

I am going to register myself as a corporation as they are clearly above the law.

Me, as a person, will cease to exist shortly, you can only now refer to me as "Anonymous Coward PLC" - I will be spying on you all shortly, thank you for your cooperation.

@ anonymous coward

"I have always up to now supported the Labour party. I now think that the Liberals are a more trusted party since they seem to have the only pro active MP's on this very important matter."

Christ man, it's the fault of people like who having voted Labour in and keeping them there that we're in the mess we're in, and now you want to switch to Liberal? Good lord!

Does this include business contracts

I work for the police force in IT, we use BT broadband (supposedly encrypted and secure) for our remote access home users. They access police criminal records, murder enquiries, paedo data, etc is BT going to be intercepting this as well and passing to Phorm. This has got me worried, how many other government agencies etc are going to be profiled or will they be exempt. I asked BT and surprise surprise I got stonewalled.

If the home office arent concerned, they should considering confidential and secret information will be passed to a spyware company!

Bar-stewards!

Phorm Webwise

We've been happily calling this scummy product Phorm. The trouble is that the "service" will be called "Webwise" when it is launched so in a sense all this awareness we're generating will be wasted when the average person doesn't realise they are the same thing. IMHO we need to make sure that the Webwise name is always associated with the negative truth about this technology. May I suggest we refer to it as "Phorm Webwise" from now on?

Phorm Webwise may well me convenient for the Government and Police. If they purchase information from a company that has already collected or gather it by monitoring their traffic it then it's not intercepting personal communications any more as it's a company that is the target.

You can do it ...

Do a BOFH-approved protest against BT: Stick your phone lines into your big phat and juicy 240V mains line.

Remember to shout "Profile THIS!!!" before sending your broadband-consuming zap!

Mine's the one with the holstered etherkiller.

BT - All your data belong to us!

Apparently the following is a response from BT about them stealing other peoples web content to feed phorm:

"For HTTP traffic, we assume that if a website wishes to be found by the public through being profiled by major search engines (Google), then the site is in the public domain and therefore as long as we have consent from the requester of the page, we are permitted to profile the site.

However we note that you have specifically requested that your own website(s) should be excluded. Please can you provide me with the url(s) of your website(s), together with confirmation that you are the website(s) owner, and we will honour your request to exclude your website(s) from profiling within the BT Webwise system.

We believe this approach is reasonable and is supported by the advice we have received. If I require any further information from you (aside from the url) then rest assured I will let you know prior to commencement of our trial."

So - you let Google index your site so we can take your data and profit from it.

But at least they will allow you to tell them that you want to be excluded (do you believe they will).

Why not just allow US to set an entry in robots.txt

Re: All your data belong to us!

"For HTTP traffic, we assume that if a website wishes to be found by the public through being profiled by major search engines (Google), then the site is in the public domain..."

I think they have an inadequate grasp of copyright law and you should reply to that effect immediately with a threat to sue if they don't respect your web site's published terms of use.

You have no need to supply them with a URL. Otherwise the RIAA etc. would have to supply each of us with a list of the CDs they didn't want us to copy and we'd be free to copy any they'd missed out (or where the notification hadn't arrived).

Complete bullocks. Don't accept that argument for one moment!

A for Adware

Am I paying BT as an 'ISP' or an 'IASP'?

Will BT continue to falsely trade under the ISP business title?

I think not.

You Losers....

are just jealous because none of you are getting "paid" (tax free no doubt) the huge sums of money that the government ministers and top (at least high) level bureaucrats are. How else do you expect these selfless servants of humanity (UK at least) to retire into the splendor and ease that they doubtlessly believe they have earned?

I still don't understand why there appears to be so little noise from corporations about this. Surely (yes, I'm talkin' to you), corps must transmit lots of data that they'd rather not have have inspected.

BT - All your data belong to us!

So, now BT are going to be employing 500 temps just to open all the letters we have to send to keep our sites out of their grubby little hands. Why should we need to supply proof of ownership of the domains - many have whois data as private and that should be respected. And, what about new domains. I register and publish on the same day. Do I then have to block all profiling ISPs from new sites until I have confirmation that they have updated their database to not profile the site. Or does that mean BT customers will be blocked at ISP level from seeing the sites too?

I have 3 servers hosting websites - it would make so much more sense if BT offered a form on their Webwise site that site owners could add IP addresses to, to cover all domains hosted on those IP addresses.

I looked over the BT site to discover how to contact BT to ask this very question. All I could find were forms that needed my account details - the phone numbers of customer services are really well hidden. It is almost as though they redid the site to make contact more difficult.

I don't know why anyone thinks that just because well behaved bots like search engines are allowed into sites that that also means scrapper bots are given access. I have so many IP addresses blocked that I begin to worry that my servers will be slowing down.

BT may have to go under a different name soon

Such as:

http://www.datapimpingservices.com

@Herby

For you USAians reading here, Phorm may not have tried it on your side of the pond yet, but they are planning to.

In the meantime, you should Google on NebuAd and FrontPorch. They are already doing it to you. (NebuAd have a UK office too.)

"NebuAd is dedicated to the highest standards of consumer privacy. NebuAd’s network was designed from the ground up to meet industry best-practices regarding consumer privacy and protection, and does not collect and use any personally identifiable information. NebuAd has also established industry-leading privacy controls and practices with respect to transparency, consumer notice and consent. NebuAd’s privacy policy provides consumers with clear “Opt Out” instructions."

Sounds just like Phorm/Webwise :-(

The rise of the Thin Subscriber?

it was bound to happen, BT have done it to themselves,

I wonder how they fancy spying on encrypted keystrokes and mouse movements?

that should bugger their parasitic revenue/privacy grab!!

http://www.portal.itproportal.com/articles/2008/04/21/desktop-demand-concept-looks-quash-privacy-issues/1/

the first of many offerings no doubt!!!

viva la thin!!

BadPhorm

Just found out why I was having trouble registering with BadPhorm. BT has been consigning the validation eMails to the spam folder.

unlawful processing of personal data

http://www.openrightsgroup.org/2008/...vice-on-phorm/

"

FIPR calls on Home Office to withdraw misleading advice on Phorm

Posted by Becky in Computer Law, Data Protection, Net Neutrality, Privacy, Regulation of Investigatory Powers Act at April 23rd, 2008

The Foundation for Information Policy Research (FIPR) has today sent the Home Office in-depth legal analysis [pdf] of the Phorm behavioural advertising system.

The analysis has been produced by FIPR’s General Counsel (and ORG Advisory Council member) Nicholas Bohm, and complements the technical analysis produced by Richard Clayton earlier this month [pdf]. The analysis shows that Phorm’s systems involve interception of communications contrary to the Regulation of Investigatory Powers Act, fraud, contrary to the Fraud Act, and therefore unlawful processing of personal data, contrary to the Data Protection Act.

.....

Same old, Same Old from BT

"We completely understand the potential concerns of some website owners, who have sensitive/private/password protected websites or areas on their website, and are taking the necessary steps to ensure that password protected sites are excluded from this service and no information will be scanned from these pages. We are also excluding a range of more sensitive categories for example medical, religious and gambling websites. Finally we are also taking steps to ensure that those websites that do not want search engines to 'crawl' them (by the use of robots.txt) will also be excluded from the Webwise service. I hope that clarifies the steps we are taking to address your potential concerns. If not please let me know."

I have asked them why they think that because a website is indexed by Google that gives them the right to use that data to earn them money and that business sites (for example one selling Antiques) may find that by BT scraping their site their visitors then visit a phorm/OIX site and get targeted ads for antiques. BT/phorm potentially earn money from an advert click and the original site looses a sale.

I have also asked them to state precisely what entry needs to go into robots.txt to STOP phorm scraping the site..

robots.txt file

>I have also asked them to state precisely what entry needs to go into robots.txt to STOP phorm scraping the site..

The answer is they will assume that a website allows search engine crawlers to index their site, Phorm will assume permission trawl for keywords for OIX. This is wrong, of course, but I'd be surprised if you don't get a cookie-cutter response.

This issue really has to be pressed with BT/Phorm. Of course, just like with the opt-out/out-in situation, they want to retain value of Phorm/OIX spyware system; fewer users (opt-in) or fewer websites (robots.txt) means fewer profits. They will do everything to avoid making it easier for websites to stop OIX trawling, I bet.