back to article The Phorm files

We've had a busy time digging into the deals signed by BT, Virgin Media and Carphone Warehouse to report your browsing habits to Phorm, a new advertising company. Here's the fruits of our labour, lovingly collected for your perusal. There are tales of the secret trials conducted on tens of thousands of BT customers without …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Thumb Up

    Well done El Reg!

    Great work being done here.

  2. Anonymous Coward
    Happy

    All Phorm Comments in one place?

    All comments from previous Phorm stories in this place also?

  3. Dave Bell

    A general question.

    I run a BT broadband router with NAT, and sometimes several people sharing the connection. Hence they look to the outside world to be a single computer/user.

    How can I be sure that inappropriate advertising content will not be delivered by this system? Others have raised the spectre of "adult" advertising being presented to children. What guarantees have we that the advertising with comply with the various UK-specific laws and codes of practice?

    I would suggest that pre-watershed TV standards would be a good start. Are Phorm's customers prepared to follow British rules when they push adverts at customers of British ISPs?

  4. therealvicz
    Dead Vulture

    Question: What did Privacy International endorse?

    A search for Phorm or Webwise on the Privacy International website shows 0 hits so what exactly are they supposed to have endorsed?

    While the use made of the information for advertising may (or may not) be as Phorm describes, what prevents them from doing anything else with it? What ongoing oversight is there? (none?).

  5. Jon
    Unhappy

    Can I have some of that data please?

    If these companies are so sure that the data is being anonymised, perhaps we should put it to the test.

    Suggest prior to setting the ball rolling with Phorm, they should run a competition, open to anyone, to see whether someone can piece together details from what they intend to send to Phorm and play pin the tail on the customer.

    If it's completely safe then there'll be no problem. They could offer the equivalent of an entire years worth of profit from their deal with Phorm, safe in the knowledge that nobody will win the prize.

  6. Leo Rampen
    Linux

    SSH Tunneling

    With these developments, I know that I will personally be tunneling all my browsing over SSH from now on. Find yourself a server and do the same!

  7. frank denton
    Coat

    The makings of a good movie?

    I just had a look at http://www.badphorm.co.uk. It seems the Phorm software was developed by the russian Lebedev Institute which has links to the russian security services. Combine that with OIX servers in china and you have the makings of a tense modern day techno-thriller involving the KGB (yes I know they've changed their name) and the PRC security services.

    If anyone had written such a book/script last year, it would have been laughed at for being too far fetched. There could be an interesting twist of a back story where the UK government had decided it was no good at this modern internet data thingy and decided to subcontract the job of surveillance to people who knew what they were doing.

    As I said earlier, it's too far fetched to be true.

    ..Mine's the one with the RFID tags hidden in the lining.

  8. Anonymous Coward
    Paris Hilton

    uk hotmail down now

    So does that mean if i browse p0rn all night, I will get p0rn banners!!!!!!!!!!

  9. Graham Wood
    Stop

    Voting with your feet is the only way to get them to listen....

    Having said that, thankfully none of the ISPs I deal with are involved so I can't do that myself...

    There is one good thing to come out of this - I've just setup a TOR server on my colo box as part of my complaint (I've also chucked a message on the forum for my ISP), so there's no another 3TB/month available to TOR directly as a result of this debacle.

  10. Joe K
    Stop

    The BT execs should be arrested for this

    Seriously, police should march them out of board rooms and off golf courses in handcuffs come Monday morning.

    They can waffle on about reviews and anonymisers all they want, the very fact that your browsing history is routed to a computer called the "Profiler" located in CHINA is reason alone to sound major alarm bells here.

    So will the profiler look at my bank details to see if i can afford a shiny new car or HD telly and so give me an ad for one?

    Serious questions need to be answered here. Fuckers.

  11. Graham Wood
    Flame

    Re: Previous Comment

    One thing occured to me on the way home - using TOR isn't necessarily going to help.

    With the collection being cross-ISP, the vulnerability is NOT the one that TOR was designed to protect against. Indeed, the ability of the "exit points" to monitor your traffic is one of the stated limitations of TOR - it means that if anyone runs a server at the end of a line provided by one of the compromised ISPs then sessions could be "nobbled".

    I wonder whether China's looking at this and thinking "Why didn't we do that?"

  12. Sim
    Stop

    Reply from Virgin Media

    A reply from virginmedia customer support( edited to reduce tedium)

    I am sorry that the information that we are going to start using phorm

    has worried you, here is some information to help give you a better

    understading in regards to what this is.

    A safer experience

    Webwise will help customers avoid scams, such as 'phishing' - this is

    where someone pretends to be a well known brand, like a bank, but is

    looking to steal confidential information. [SNIP..]...identity theft. In this way Webwise helps to secure our customers' privacy.

    A more relevant browsing experience

    Another great thing about Webwise is that it can help reduce irrelevant

    advertising. As customers browse web pages, Webwise looks at things like

    search terms, and learns what topics might be of interest. This is done

    without collecting any personal information, so once again their privacy

    is protected. These topics are then used to help filter out adverts that

    might be irrelevant - instead they'll simply see an advert that will

    match a topic they're are more interested in.

    Don't worry, they won't see any more adverts than they currently do,

    they'll just be more relevant. [SNIP...]

    Protecting customers' privacy

    Webwise has been designed from the ground up to protect our customers'

    privacy and anonymity. As the system only learns about topics of

    interest, it does this anonymously, ensuring their privacy is completely

    protected.

    Neither the web addresses, nor search terms they use are stored. They

    are purely matched to an advertising topic and then discarded.

    Webwise doesn't store their internet (IP) address or keep track of their

    browsing. The system or advertisers won't know who you are or the

    websites they've visited.

    No personally identifiable information such as email addresses,

    surnames, street addresses, or phone numbers are ever gathered.

    No sensitive or personal financial information, such as credit card

    numbers, login IDs, passwords or bank account numbers are ever gathered.

    We found that this system met our high standards for simplicity and

    privacy - so customers' privacy is assured. These privacy standards were

    also verified independently by Ernst & Young who conducted a detailed

    audit of the whole process and Webwise solution.

    Customers won't be forced to take up Webwise, so they'll be able to keep

    their internet experience as it is now...

    [END...]

    That last phrase leaves it deliberately ambiguous as to whether or not users will be required to Opt In or Opt Out -I wrote back to Virgin Media to request clarification on this point.

  13. Anonymous Coward
    Dead Vulture

    Just the same bullshit...

    ...that is on the BT and Phorm sites. Of course the point is that whatever Phorm SAY they are doing now or whatever they showed E&Y IN THE PAST there is no ongoing supervision to ensure that they don't just change their minds or just pass the information on to their spyware purveying friends. BT and VM actually have no idea what else will happen to our data, no way of checking and no possible way of changing what is being done should they not like it. At the moment they are just happy to take their 30 pieces of silver and run. It is utterly despicable but why do I suspect that once Brown and his goons wake up this their first reaction will be 'hmm how can we get a copy too'....

  14. Morely Dotes
    Black Helicopters

    @ Joe K

    "So will the profiler look at my bank details to see if i can afford a shiny new car or HD telly and so give me an ad for one?"

    It's far more likely that a Phorm employee will set up a direct deduction from your bank account to a bank in China, Joe.

    I'd give up online banking immediately, if I were a customer of one of these three subsidiaries of the Red Chinese Army.

  15. Anonymous Coward
    Anonymous Coward

    Let's give them what they want... and then some

    Remember the SETI project - loads of computers spending spare processing time wading through data?

    Could some bright spark could come up with a 'Phorm-Feed' project? Spend night and day firing off spurious URLs to small data sources, filling their wretched database with completely meaningless data?

  16. Claire Rand

    optin/out

    it will be opt out, and in such a way you have to keep opting out, otherwise there is no money in it.

    the requirement to have a cookie to say 'opt out' is evil, since thats soooo easy for anti spy programes to nuke accidentally, then you forget to reset it.

    with adblock etc I'd never see the ads but i object tot he tracking

    data protection act?

  17. HeavyLight
    Black Helicopters

    Wondering aloud

    Will it be possible for users to identify Phorm-selected ads?

    If so, could an Adblock filter be written to *highlight* those ads?

    And if that came together, how long would it take to devalue Phorm if [a large number] of VM/BT/TT users clicked on every Phorm-served ad whenever they were fortunate enough to see one?

    Every ad. Every time.

    Just wondering, like.

  18. Ben Saxon
    Flame

    I dun made a facebook group to help spread the word

    Here it is, should anyone be interested:

    http://www.facebook.com/groups/edit.php?info&gid=9216870661

    Yes, I realise the irony of starting a group on facebook, a site which is notoriously shady in terms of privacy issues etc., but it is a powerful social tool after all. I just hope facebook members glance up from their lame Vampire/Werewolf fight applications long enough to notice something important going on.

  19. Anonymous Coward
    Anonymous Coward

    Verified...

    >>>These privacy standards were

    also verified independently by Ernst & Young who conducted a detailed

    audit of the whole process and Webwise solution.<<<

    What for, I wonder.

    Profitability?

  20. Andy Enderby
    Thumb Down

    errr a question for the phorm interview

    Just what the f**k makes them think we want any part of their cr*pware ? Enhanced user experience ! My Boney Arse !

  21. Phil A

    BT Privacy policy

    Whoops, perhaps they should have a look at their privacy policy, they seem to be violating it...

    We do not use this information to:

    identify individuals visiting our website; or

    analyse your visits to any other websites (except that we do track you if you go to websites carrying our banner, but we do not identify personal details while we do this); or

    track any Internet searches which you may make while on our website.

  22. Bob W

    @ Verified...

    From the E&Y report-

    "Because of inherent limitations in controls, error or fraud may occur and not be detected."

    What a ringing endorsement!

    Bob W

  23. Anonymous Coward
    Pirate

    SPYCOMS

    Phorm will not like have title of SPYCOMS, i don't care sue me!

    Spying with communications in anyway then that is SPYCOMS.

    Well done Phorm you have honer of being first business in the world to have title of SPYCOMS.

    Just read this and this is powerful comment, totally on the money.

  24. Anonymous Coward
    Anonymous Coward

    Data/Personal details being released .

    I have a BT connection and luckily the name on the account has been mispelled and thus I will know when and if such data is released to a thrid party to send me email or mail spam. Are BT saying that they are NOT disclosing data ?. If I receive anything under the mispelling I will be looking deeply into it and will contact the Register.

  25. Anonymous Coward
    Unhappy

    If they don't collect personal info...

    ...and they don't store IP addresses, how do they know who to target the ads to?

    It would be like a postman trying to deliver a letter that has no name and address on it, wouldn't it?

  26. poh

    Relevance is a danger in itself

    Even taking Phorm at it's word, relevant ads based on your whole browsing history are pretty scary. Say I visit the Consumer Credit Counselling Service URL, a few minutes later I'm at a phorm fed site and up pops an ad for Ocean Finance.

  27. Graham Wood
    Black Helicopters

    @AC

    To use your analogy... There's a story (I believe it is true, but don't guarantee it) that a letter was delivered "to the girls sitting on the back of the 6:30 bus from 'A' to 'B'". The postman never knew who the girls were, but got the message to them... In the same way that phorm won't know who you are, they will know that you're interested in hairy german bottoms - and therefore send you appropriate messages.

    EVERY comment from one of the companies talks about what is stored, not what passes through - quite apart from the security of my data from Phorm, how about my security from someone hacking phorm's network(s) and/or devices?

    95% of unencrypted web traffic is now going to be going through some very well defined pinch points that are all running the same software... Perfect for MI6 (if you want to stay within the law) and/or ID fraudsters (if you want to include the not so happy people) and a complete and utter "no NO NO!" to all security advice around. All anyone has to do is see a single email in your gmail/hotmail/a.n.other folder, and the anonymity is all gone.

    I've picked the helicopter because I hope, REALLY HOPE, that I'm being paranoid.

  28. salil
    Happy

    Need some help...

    so will this mean they will be changing there terms & condition (contract) which will allow me end my contract soon? i really want to change my ISP BT.

  29. Alex
    Gates Horns

    BT can put us on the list of "ex-customers"

    We currently run their top whack option with BT Vision but recently the quality and reliability of our broadband (and supplied equipment) has fallen well short of the mark but this is just plain wrong, I wonder what that other Bastien of privacy and advertising thinks about this, has any one heard from google? surely their ads being swapped out isn't going to make them very happy is it?

  30. Zap
    Stop

    Complain to the Information Commissioner

    Where the hell is the Information Commissioner in all this?

    As usual toothless and doing NOTHING, probably because not enough people are complaining.

    I think one's browsing habits count as personal information and shold NOT be sold without express written permission. The IC should also ensure that such permission is NOT included in ISP Terms and Conditions as this would clearly be an UNFAIR CONTRACT TERM.

    I encourage everyone to make a complaint to the IC office at this address:

    http://www.ico.gov.uk/complaints.aspx

  31. Someone

    The text message anomaly?

    If I send and receive text messages using my mobile phone, my understanding is that they’re afforded a certain amount of protection from general, unwarranted snooping. Sometimes, I send and receive text messages using a standard web browser to access the web portal of an Internet-SMS gateway provider. If my messages have protection while being routed across the mobile phone networks, why do I suddenly lose that protection when they hit the Internet-SMS gateway?

  32. alistair millington Silver badge
    Flame

    I've just complained, going to phone BT tonight.

    I don't mind having targeted ads as I ignore all online ads anyway, just a fact of life, like the ad breaks on TV, just ignore them. It is the fact it is happening without me being asked and stored and that ALL my inline activiity is being logged, not just then but for later use.

    A cookie is one thing, taking that and storing it is another. And storing it overseas is even worse.

    And this might happen using MY BANDWIDTH for the privileage is even worse than that, me paying for them to get more money. Then sending me emails to warn me of a limit I might be exceeding...

    This must be a breach of contract.

  33. Anonymous Coward
    Pirate

    Complain?

    You want to COMPLAIN to some Government (no)Body who's probably on the payroll / a shareholder of one of these corps?

    Seriously, that's why they're getting away with it; everybody's whinging to some ineffectual dullard instead of canning the direct debit on the spot, and pointing out how they're breaching UK and EU privacy law, and their own T's&C's, when they sue for breach of contract.

    The EFF exists for this exact reason.

  34. Anonymous Coward
    Anonymous Coward

    What about content owners?

    Lot of noise from the personal data crowd, which I understand. Having read the wealth of info here is anyone worried about the content owners?

    On first reading, it seems that adverts will be REPLACED or OVERLAYED with OIX adverts. Did I real that right? As a content owner reliant on revenue from advertising on my site is it really going to be that someone is replacing the adverts I chose to show with their own? If so, is this legal? What about the copyright protection? Is this opt-in or opt-out by the site? If I'm opted-in automatically when I own the content I'll be hopping mad to the point of litigation. You can't just go and paste your own adverts over mine and collect the revenue.

    I must be reading this wrong. Why has the mainstream press not picked up on this? Has The Register got it's facts wrong?

  35. poh

    @ pieman

    The Phorm ads will only appear on OIX/Phorm signed up sites. If you're advertising on a site which isn't signed up with OIX/Phorm then your ads should be unaffected.

    If your ads are on an OIX signed up site, I guess it's up to you to do a deal with Phorm or the site owner as to the exposure you want.

  36. Ben Tasker Silver badge
    Paris Hilton

    Lets Knacker the system

    Aside from complaining to the ISP's, the ICO and OFCOM, lets fill Phorms system with Spam. In the process of writing a script that will be run by Cron to access various sites at regular intervals. Simple case of using wget as I imagine won't know the difference. The only thing to change regularly would be what you 'are' viewing.

    Im guessing that all the collected information will be used to create profiles for the most likely target audiences within those not being analysed by Phorm. I.e. those who have ISPs with scruples.

    If enough people fill the system with utter rubbish (one min I'm viewing a car site, then I'm viewing a clothes site, then looking at holidays, then credit cards, then back to cars and so on...) then the system won't be profitable to Phorm. Even better, set up a spider and create your own search database ;-) that'll flood their system quite well.

    Paris cos, well, do I need a reason??

  37. Peter Hunt

    What about BT Subsidiaries?

    I am a Plusnet customer. Plusnet purchased by BT at the end of 2006. I have already asked Plusnet if they too will be selling browsing data to Phorm and I have been told that they won't.

    Nevertheless, I would like to ask Mr Phorm the same question

  38. Mark

    Petition.

    If anyone is interested there is an online petition on the 10 Downing Street website asking for the use of this technology to be investigated and banned if found to breach privacy laws.

    http://petitions.pm.gov.uk/ispphorm/

  39. Paul Barnfather
    Black Helicopters

    Statement from TalkTalk

    After at first denying any partnership with Phorm, TalkTalk have replied to my complaint, stating:

    "I can advise as previously stated PHORM are unable to access any

    personal information without your permission. The service they are

    offering is called Webwise, although they are able to view your browsing

    history, they are unable to recognise who you are through this

    information."

    Can anybody help with a suitable rebuttal of this nonsense? It's like doublespeak. Surely anybody could be easily identified from their browsing history? What makes Phorm "unable" to the same?

  40. Man Outraged
    Linux

    @Paul Barnfather

    Hope like the rest of us that the media and/or regulators will get the ISPs to clime down?

    I totally share your frustration but it seems almost pointless to try and argue what is quite a complex point (but nevertheless important - with wide-ranging implications) with support representatives who aren't that technically/legally trained .

    I'm encouraged by the number or people commenting on these stories, write to the Information Commissioners Office, sign the petition http://petitions.pm.gov.uk/ispphorm/, write to the RIPA Commissioner and your MP, write to press and news agencies...

    Get the facts into the public domain and hopefully these issues will be tackled by the people who have the power to fix things, not the overworked customer support representatives...

  41. Stephen Booth

    What does google think of this

    Call me cynical but I bet they are going to do is base their choice of ads to serve you based entirely on your interaction with search sites.

    Its going to be a lot easier to identify somebodies interests from their search terms and click-through than anything else.

    you could see this as an attempt to undermine google by getting access their raw data.

    There are two parties to every communication. They may be able to claim that the user has opted in but the web-site sure as hell has not. If I was google I would sue them to make sure they don't intercept anything from my site.

    of course they probably want all the other data as well not to target ads but to sell on. Even anonymised that data is valuable to somebody.

  42. Anonymous Coward
    Flame

    @Stephen Booth

    Of course Google and all other search engines profile you, but that is in my mind the right side of the line. You chose to use Google, a free but valuable service, knowing that in return they will serve you adverts and take some interest in your personal data.

    In mitigation, you know a.) you can delete your cookie every day or every visit and the link will be lost, b.) Google have a well stated policy not to give your information to anyone else and c.) they only have access to a small portion on information of your web-based activities, namely search.

    Contrast this with your ISP, who you most likely pay for a service, who are in a trusted position with access to your entire (non-encrypted) web-based activities and have a legal obligation in most cases not to share personal information and now intend to a.) not only profile you but share this information with a third party and b.) in the process of doing so, potentially interrupt the service you pay for by intercepting private packets in transit between 2 parties without and consent, and injecting additional inforamtion (cookies) without consent into such transmissions. The interception element from a protocols issue is beyond belief, that's why I'm so truly upset about this whole debacle...

  43. Anonymous Coward
    Alert

    RE: When the news breaks (and others)

    A few people have commented on the various Phorm stories relating to when the news may break in the mainstream press and how this publicity will affect the ISPs involved.

    I've spoken to a few very well placed friends in the media whove alerted me to their concerns.

    Firstly, the issues are too complicated to spin simply to the punters. They can't just say "all your browsing history for sale" without the guys from Phorm and ISPs coming back with a glossy right-of-reply which will knock down the claims and lead the correspondant into detailed technical arguments that will lose the majority of readers.

    They're basically waiting for someone to act before they report, e.g. a regulator, a legal challenge from a consumer group etc. Without clear allegations from a sufficiently respectable body there just isn't a story.. apparently.

    Secondly, it appears according to this article that many national newspapers are involved in OIX-type advertising:

    http://www.newswireless.net/index.cfm/article/3779

    Phorm could be hear to stay.

  44. Anonymous Coward
    Black Helicopters

    @ Peter Hunt

    Peter, I just asked PlusNet Customer Services the same thing, and they said

    "Unfortunately we have no information regarding this. We will let our customers know when we're aware."

    That's slightly different from what they told you....

  45. Secretgeek
    Go

    Take direct action...

    you never know. It might work.

    Petition to HM Government.

    http://petitions.pm.gov.uk/ispphorm/

    Power to the people! Or somerthing like that.

  46. Anonymous Coward
    Anonymous Coward

    Tell Gordon Brown in giv petition

    http://petitions.pm.gov.uk/ispphorm/

  47. 3x2

    @Take direct action...

    Petitions? Write to? work around?

    Erm.. Dump your fucking ISP for one that states it will not pimp your browsing habits to a scumware vendor

  48. Man Outraged
    Black Helicopters

    Guardian Pulls Phorm Story?

    One minute it's top of Tech-news with a link on the front page, the next it's nowhere to bee seen? Have the legal brigade been dispatched? For those who don't know it was printed on front page of Technology Guardian supplement this morning (Thursday), so a bit like horse and door and stable and bolted...

  49. Man Outraged
    Happy

    @me Scrub last comment, it's back...

    Gruaniad assure me honest rearrangement - story's been moved to Digital Media and a link's been put back to moved story on Techno page. Phew!

  50. Secretgeek
    Paris Hilton

    BBC take a moderate line.

    http://news.bbc.co.uk/1/hi/technology/7280791.stm

    Top tech story at the Beeb. Shame that they don't really seem to appreciate just what BT et al and Phorm are proposing. And no mention of Phorms shady past either. Oh and no way of commenting on the article itself.

    Lookslike they feel they have to report but aren't looking to start any kind of real debate on the issue.

    Paris - because I can't imagine her having much thought for the consequences either. Or much thoughts at all for that matter.

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019