back to article Phorm agrees to independent inspection of data pimping code

Phorm has agreed to allow an independent software expert to inspect its source code as it continues to battle the firestorm provoked by agreements with BT, Virgin Media and Carphone Warehouse to let it build profiles of their broadband customers' web browsing. It seems a move by the battered firm to try to win some public …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Coat

    Why I use OpenDNS ...

    Or should probably read "Why I'm tempted to sign up with Anonymizer" ...

  2. Anonymous Coward
    Anonymous Coward

    no due diligence

    The report asks some good questions, but fails to answer them, and for the most part is desparately thin. Perhaps, as Simon has hinted, there is better to come.

    Elsewhere ( http://www.badphorm.co.uk/page.php?16 )Phorm have confirmed that they deliver their servers pre-built. They have confirmed that the ISPs do not get access to the source code (so much for ISP claims of due diligence) and that they can remotely access these servers (they say they will only do this if authorized by the ISP). Phorm say that they may consider allowing an expert to review their source code - does this mean that 80/20 have not seen the source, or are not competent to review it?

    It should never be forgotten that Phorm were rootkit makers. Any dealings with them should start on the assumption of utmost bad faith, and should therefore demand absolute transparency. We are a very long way from achieving that.

  3. Anonymous Coward
    Happy

    Good news indeed

    Thank you phorm, this latest PR has had a fantastic impact on your share price.

    Down 375 points / 17% today alone.

    Keep it up chaps, and with luck you will be bankrupt by the weekend.

  4. Alexander Hanff
    Alert

    Couple of problems

    Phorm PR Team have stated that an independent review of their software is being considered if it can be done without compromising their intellectual property...that could be interesting then.

    Secondly, according to the Phorm patent application the system can easily be compromised by advertisers. one of the points Phorm and their stooges keep emphasising is that no IP address is associated with the Unique Cookie ID; this is not the case. According to the patent application companies using OIX platform to deliver ads will have access to the Cookie ID via javascript (an ID which is not encrypted I should add) which makes it a very trivial task for a dishonest website to correlate IP addresses directly to the Cookie ID.

    Another point of major concern which has come about as a result of their "Answering Questions" is that they state they will have no remote access to the hardware on the ISPs networks, then in another answer they state they will only have remote access in the case of maintenance and updates with the consent of the ISP. Either they have remote access, or they don't; which is it?

    So far they have had over £1M worth of shares dumped back on the market since trading at LSE started this morning. Confidence is phalling. Viva La Privacy Revolution!!!

  5. Dazed and Confused Silver badge
    Stop

    Why can't Phorm understand

    This is nothing to do with their code.

    The problem is the whole idea that someone will listen in to the conversations my PC is having with the web in general.

    I don't give a stuff about how good or bad their code is

    I don't give a stuff how much they try and anonymise the data

    I don't give a stuff about where the servers are.

    I don't want anyone listening in to what I do on the web. I have a legal right to privacy.

    I don't want adverts to be served to me based on my surfing. The advertisers website will then know who I am because they will know my IP address and anything my browser chooses to tell them.

    I don't want adverts to be served to my PC based on the fact that my wife has been looking for my next birthday present. (Everyone DOES have somethings they'd like to hide)

    But above all I just don't want to establish the principal that it is OK to watch over my shoulder. It's not.

    So please Phorm, BT, VM and who ever else please get this through your thick heads.

    STOP SPYING ON ME WITHOUT A COURT ORDER!

  6. Man Outraged
    Heart

    And each software update, too?

    Okay, lets say an independent expert verifies that:

    - When I'm opted-out my data doesn't go anywhere near Phorm's servers

    - ALL email websites, including private companies and support groups are ignored

    - The opt-out mechanism is robust and not open to accidental or deliberate opt-in

    - The system takes care not to categorise racial, political etc as defined by Human Rights

    - The system is tamper-proof

    What happens 4 minutes and 33 seconds into the deployment when the server software crashes? Phorm do a quick-turnaround fix. But before they deploy it, they need to:

    - Send a source for validation (validator will use delta validation method)

    - Pay and wait for this validation.

    On top of this, as those with experience in the security world will be aware, there needs to be a procedure to prove the software running on the server is indeed build from the source that was validated. This may involve independent build facility and image fingerprinting.

    So yes, I'm happy with Phorm. No wonder they need to raise an extra $mil35. This to pay for all the software audits!

  7. dervheid
    Stop

    What part of...

    DO NOT WANT!

    FUCK OFF!

    Do they NOT UNDERSTAND!!

  8. Oliver Freeman
    Thumb Up

    Keep up the good work el reg

    Another great article by el reg helping to keep the pressure on. Personally I think Davies needs to examine his conscience and recuse himself from commenting further on this issue. He clearly has a conflict of interest given that hes also a board member of FIPR in addition to 80/20 and Privacy International. I also dont like his response to finding out about Phorms previous involvement with spyware/rootkits. Its more than just a "Steep learning curve" its an absolute disgrace that he did not check into the history of this company given the privacy and legal implications of Phorm's proposals.

    As for phorm allowing an indepent expert to examine their code, I dont give a flying rats ass who they get to look at the code. I dont need the pope to tell me that satan is evil. I dont need an expert to tell me that Phorm represents a huge invasion of my privacy. Their PR teams cut and paste responses are laughable too.

    The only good thing that has come out of this has been the pleasure gained from watching their share price tank over the last few weeks.

  9. Slaine
    Coat

    steep learning curve eh?

    Didn't know about 121media? - JEEEEEEEEEZUZ !!!

    ... suppose it would be a bit of a steep learning curve when you had to start at the bottom. Shame your job isn't being done by some of the many "anonymous cowards" that post here on a regular basis. Most people here have not had their heads buried in sand for the last decade in the desperate hope that the problem wouldn't arise or that they would be close enough to retirement when it happened to dump it onto someone else..

    Now then... I don't give a fancy four-fingered fig how many impeccably scrupled people look at the code, it takes seconds to "update" and how is anyone to know if the code that is presented is the same code that will be implemented.

    NO NO NO - Phorm is NOT welcome. Not by me, not by anyone with a vested interest in privacy. I'll get your coat shall I - you'll be needing it - it's bloody cold out there.

  10. TeeCee Gold badge
    Thumb Down

    Logic.

    "....... if the "service" is so great, why wouldn't people choose to be part of it?"

    Er, because the "service" is targeted advertising. It could be the best such service in the world, you still wouldn't actively want it. Phorm *need* this as an opt-out system, on the grounds that most sheep wouldn't be arsed to opt-out.

  11. Ash
    Pirate

    Who cares?!

    This is crapware which nobody wants!

    GET A F*CKING CLUE, ERTUGRUL. Any ISP or company who signs up with Phorm will lose customers BY THE THOUSAND.

    The horse is dead.

  12. William Morton
    Thumb Down

    They can look at the PHORM code but what about the ISP?

    The security problems with PHORM are not limited to what they have currently implemented in their code but rather that PHORM+ISP working together have the power to monitor all network traffic and identify all the users. PHORM alone have no doubt not implement all that their patent allows but what about in the future. BT have shown that they are willing to lie about their internal dealings how can we trust either company not to change PHORM after the public spotlight has moved on. Neither PHORM or the ISP's involved have promised to keep their customers apprised of changes to this snooping system.

    So just looking at the current PHORM code will show nothing it would need to be constantly monitored and all the information exchanges between the ISP and PHORM made public

  13. Dam
    Alert

    Contract ?

    Surely if Phorm wants to profit from *my* data, which incidentally is *my* INTELLECTUAL PROPERTY (whether it be search terms for google, an article in a private forum (which they don't have a right to see in the first place) or a poem to my better half), they'll need to have a contract with me ?

    I'm not signing for any lower than $10k a month, and that's without warranties of productivity, I might not write another article for some months.

    No contract, no *stealing* my intellectual property.

  14. Anonymous Coward
    Stop

    No thanks

    It's not just the code that needs auditing. It's the entire operation, including (but not limited to) the ISP's procedures and infrastructure, the advertisers, and the users' browsers.

    Call me when that's all been audited and I'll still tell you to get lost. Because it'll STILL BE ILLEGAL.

  15. Alex
    Thumb Up

    I can't get an image out of my head...

    Its of a man,

    on a raft,

    within shark infested waters,

    but the raft is falling apart and for every log he grasps at another two come loose.

    I don't feel sorry for the man on the raft, I would quite like to see him gracefully drown.

    Then, less gracefully, I'd like to see the ones who supply the waters to be hung out to dry.

    all of this is being played out to the resounding sound of

    DO. NOT. WANT.

    DO. NOT. WANT.

    DO. NOT. WANT.

    so much for "Phishing for the ignorants"

  16. Alexander Hanff
    Alert

    Some questions Phorm answered

    Q29. Does the system scan all unencrypted HTTP requests including online e-mail services, private social networking sites such as Facebook and if it doesn¹t what is the system in place to allow it to differentiate between these sites and other HTTP sites?

    A29. We maintain a list of webmail sites and we do not analyze their pages. In any case the content of all sites is protected by the way the system works:

    it takes a ‘top 10′ of the repeated keywords from the page and matches them against a list of advertising categories, then throws the keywords away. The categories (”Channels”) are policed to ensure they do not contain personal information or match sensitive behaviours such as medical or porn. This means that unless a word from a page is a) repeated b) is one of the top 10 and c) is found in a legitimate list of advertising keywords, then it is ignored. This means that personal information cannot be matched and it passes unnoticed by the system.

    [So basically they are saying if you are using resources not in their blacklist, they will "analyze"[sic] your webmail etc.]

    Q35. You state that the only information that will be collected are search term phrases and categories but according to the technical aspects of the patent application for your technology it allows for the collection of almost any kind of information including IP addresses. To what extent has the system been modified to disallow it from collecting such information that it is capable of and how can you guarantee that in the future it may not be modified to do so?

    A35. The patent envisages many applications, most of which have not been implemented. The current system has no disabled functions waiting to be enabled, and your best guarantee about future systems is that they will be handled with the same transparency as this.

    [Transparency? WHAT FUCKING TRANSPARENCY??? They don't state which parts of patent have or have not been implemented and then make things EVEN WORSE by saying the current system has "no disabled functions" which presumably means all the functions they have decided to use from the patent are fully implemented in the technology they are about to -try- and deploy.]

    There's a lot more where that came from but I don't want to paste it all, check out the following link for more details:

    http://www.politicalpenguin.org.uk/blog/cat,25/

  17. 3x2

    @Why can't Phorm understand

    Doh - you beat me to it.

    You have to wonder what would have happened if all of this had never reached our ears until BT and their scumware buddy were ready. Secret testing on un-suspecting customers over - time to present it all in the warm glow of "Webwise" your safe surfing friend.

    Phorm - take what's left of your investors money and run, IT'S OVER

  18. William Morton
    Coat

    @All those people who think PHORM dont know we don't want ads

    PHORM know but just don't care, we are just sheep to them, to be sheared for profit. Well those people still using PHORM after it has fully implementing their patent will no doubt be happy to be free of their natural insulation from the world i.e. their anonymity.

    Don't come complaining here when you have people with power over you making decisions based upon what you did on the web, you sold your liberty when PHORM+ ISP fleeced you

    Mine is the cotton coat I don't wear wool anymore

  19. Peter Fairbrother

    80/20 report

    As Simon Davies's main critic on Ukcrypto, can I say I don't actually blame him too much - he apparently got snowed by Phorm, something which Phorm are very good at.

    I do think he might have been more careful though, both about the difference between him acting as a member of PI and acting as a member of 80/20, and about considering the wider aspects of Phorm's proposal.

    I don't doubt that Phorm has made some efforts to prevent personal information being kept and while I'm not convinced, I'm not surprised that Simon thought they were impressive - Phorm are good at impressing. They may even be right in this case.

    However Simon seems to have simply accepted that Phorm's proposal is legal under RIPA, and did not consider the wider aspect of whether anyone should be allowed to have direct access to internet traffic at all, for purposes such as targeting advertising.

    In my view this is at the heart of the matter, and is at least as important an issue as as not processing personal data (which incidentally is a defined legal phrase which doesn't mean what it seems to mean): no-one should have direct access to internet traffic beyond the extent to which it is necessary in order to pass that traffic (and maybe the Police in some cases).

    The public's primary protection of the privacy of their communications is Part1 Chapter1 of RIPA (which replaced the Interception of Communications Act), not the DPA, and that's pretty much what Part1 Chapter1 of RIPA says - you can't look at communications traffic unless you need to in order to pass on the communication, or have the consent of both parties.

    Which is why Phorm is illegal, and should be illegal - it's looking at, and thereby intercepting, raw internet traffic.

    It's not dissimilar to tapping your telephone and looking for keywords in order to target advertising - even if the content of calls isn't recorded, and the keyword counts are anonymised, they have no business tapping your telephone in the first place - and the privacy of both parties to the call is infringed just by that tapping.

    What Simon's report looks at is whether the call is recorded and the effectiveness of the anonymisation - but it doesn't look at whether anyone should be allowed to tap your telephone calls in the first place.

  20. Jonathan
    Coat

    I'll bet Phorm's code looks like this...

    if(opt-out=1)

    {

    //add this later

    }

    this->extractSomeInfo();

    this->extractMoreInfo(guid,cookie,IP,username,password,mothersMaidenName,

    dateOfTransaction_store2,TOMORROWSDATE,StoreThis,keepAliveTrue,DontStoreThis)

    //not working finish later

    //this->digestInfo();

    //higher ups said we should save anything just in case. you never know

    this->saveAllInfoOfAnyKindAtAllIncludingIPAndUserName();

    //he he, my little "fix"

    this->sendUsernamesPasswordsAndCreditCardsToMe();

    //hey do we free memory up now or later? oh well, hope no one notices

    //end

    return;

    }

  21. Anonymous Coward
    Black Helicopters

    Messenger shot

    I work at BT and I've heard about the guy who leaked the document from BT to The Register. Guess wot, he don't work 'ere no more.

  22. Joe K

    @Dazed and Confused

    I was going to comment, but you said it all, nice one.

    I couldn't care less if their servers were deep underground, quantum-encrypted, and accessible only by earthworms.

    I still don't want some bloody former spyware cunts watching me web browse!!

  23. Andy
    Thumb Down

    Re: They can look at the PHORM code but what about the ISP?

    Yes, the ISP needs looking at. How are they going to guarantee that because you have opted out your traffic will go nowhere the phorm servers? Perhaps a traceroute might work? The ISPs will not be able to prove your traffic goes nowhere near the phorm servers cos they aren't going to divert your traffic. Too much like hard work and it will cost them money.

  24. Anonymous Coward
    Anonymous Coward

    Heh...

    ...How much would it cost to get Privacy International's browsing history, then?

  25. William Morton
    Thumb Down

    If they implement all of the PHORM patent you won't know anything

    If they implement all of the PHORM patent then with the ISP's help, they can hide what they are doing with your web traffic completely, it will not matter what you use they have the power.

  26. Mike Crawshaw
    Unhappy

    @ Messenger Shot

    Damn, I hoped he would get away with it and carry on feeding us tidbits of info!!

    Seriously though, I feel for the guy. He saw corporate policy that was incredibly wrong, and did what his conscience dictated, making it public. Hopefully a firm that deals ethically will ignore the BS reference he's sure to get from BT, and take him on.

  27. gothicform

    Messenger Shot?

    If the BT guy who leaked the documents has been fired and Phorm turns out to be unlawful doesn't that mean said whistleblower can actually sue BT as whistleblowers who inform on unlawful action have legal protection and cannot be sacked?

    Still, I'm sure they gave him a nice big payoff and ace reference just to cover their backs cos BT aren't completely stupid... right?

  28. Graham Wood
    Black Helicopters

    @Andy

    Traceroute won't necessarily show anything - although from the writeup made by one of the people who hit BT's illegal wiretap (sorry, "trial") it looks like it did there.

    Layer 7 processing can be made almost totally transparent - since the interception happens along the existing data path. As a result of some of the peculiarities of the way TCP works, you MAY be able to detect layer 7 processing (but this won't work if there's NAT along the way anyway) if you have low level details from the far end... However, this is equally likely to be caused by QoS processing - so it doesn't prove anything.

    Unfortunately, if they turn off the cookie insertion it could become totally transparent to the end user - they can't do the tuned adverts as easily (but it would still be possible) but by only passively scanning the data flow at hardware controlled by a colluding party, it would be completely invisible.

    Of course, this could already be being done - who knows? If you want to see this for yourself, get a computer with 2 NICs, and a linux live CD. Setup "bridging" (without STP, we want to be stealthy remember?), and plug one NIC into your router, and the router's link to the network in the other port. About 2 minutes, and apart from the link up/link down at the switch, there's not a thing to show that it happened...

  29. kain preacher Silver badge

    Security

    Wait they have access to the servers that are connected to the ISP. What if some hacks phorm. That would give them access to the ISP servers. Hmm wounder what all some could do.

  30. amanfromMars Silver badge
    Alien

    Bigger Pictures

    "Phorm PR Team have stated that an independent review of their software is being considered if it can be done without compromising their intellectual property...that could be interesting then."

    Unleashing a Phorm PR Team Championing Thoroughbred into Markets would protect intellectual property and Create Greater Interest for Sovereign Investment Capital ........ Right Royal Stock.

  31. Alexander
    Stop

    The penny just aint dropping yet, is it?

    I dont care if the pope checks phorm out, virgin will be losing my custom as soon as they "Phorm in" I am "Phorming out" for GOOD, taking my tv and phone package with me not just BB .....ah well time for sky HD then.

  32. The Other Steve
    Flame

    I don't care if it's legal (it isn't) or anonymous (it isn't)...

    I don't care if Phorm's CEO gives me his first born son to hold in escrow as a guarantee of his promises.

    I don't care if my ISP offers a water tight privacy contract signed in the blood of their customer service department who are consistently ignoring my complaints.

    I don't care if they get the resurrected spirit of Jesus Christ to audit the source code.

    I don't care if the God of the Old Testament manifests and writes "Hey guys, Phorm is OK by me" in letters of fire upon the sky.

    I will not tolerate my ISP intercepting my communications in order to treat me as a chattel. Period.

    I do not want Kent Spunkbubble and his merry band of cold warriors and root kit artists installing equipment anywhere in the UK telecomms network, for any purpose, ever. Period.

    In other words, Fuck off, you shady bastards.

  33. Midnight_Voice
    Alert

    You can't run with the hare and hunt with the hounds

    As we used to say until the government banned the latter anyway. But this is a proverb that Simon Davies might do well to master.

    I'm sure that Ross Anderson and Richard Clayton are smart enough to know it; and to know that their respect in the field would melt like April snow if they were even to consider taking Phorm's shilling.

    And what is the best they could they say anyway? "We've looked at this code, and the good news is the system is only as bad as we thought"? While the bad news is that's quite bad enough anyway.

    But I also want to touch on an aspect of the system that Phorm seem to be keen to keep terribly quiet about, and it's one of the most disquieting.

    They make much of 'the browsing data never leaving the ISP' and the 'equipment being physically at the ISP's premises'. But where is the profiled channel information associated with each unique user cookie being kept? Now that we know there is nothing in a Phorm cookie but that unique ID, the channel data must be elsewhere. And that means a path for data out of the ISP, to Phorm's servers.

    OK, it's just the aggregated channel data, and not any of the actual browsing details, we are told. But it's worrying that the path is even there; this isn't the closed system within the ISP that Phorm would like us to believe. And indeed, can we be sure that the traffic is all one-way? And that it is, and will remain, only what Phorm say it is? After all, Phorm aren't going to let the ISPs see the Phorm code that's running on the servers inside the ISP systems.

    Not sure this is how it's going to work? Check out this paragraph from the E&Y privacy audit:

    "If you use your computer and usual browser in a country other than your home country to log on to the Internet via one of our partner ISPs in that other country, the data that Phorm holds in its system that is associated with that cookie may be automatically transferred to Phorm's systems in that other country."

    So go abroad, start surfing via a Phorm-using ISP there, and the system is going to phone home for your UK channel information. Hmmm.

    But hang on a minute; all it has is a supposedly 'random' UID that it can't trace you with. So how is it going to even know where 'home' is, if that is the case? Maybe this random UID is not so random after all?

  34. Elmer Phud Silver badge
    Pirate

    ISPs to grass on themselves?

    Fortunately I don't understand the technical stuff but if my ISP is supposed to tell the authorities if I'm guilty of unauthorised transfer of data then shirley it works both ways. If I don't personally authorise transfer of my data to Phorm then the ISP is guilty and should turn themselves in.

    As Regan would have it "Get your trousers on, you're nicked!"

  35. Slaine
    Boffin

    Suggested addendum to "Alexander Hanff"

    I suddenly realised exactly what I was reading... "policed to ensure they do not contain personal information or match sensitive behaviours such as medical or porn"...

    okay... so let's all now call up our favourite search engine, the famous one with a couple of G's and O's will suffice; turn off your "content filters" so that the search is as broad and all-encompassing as possible ... with me so far? ok ... now type in a person's name, an item of sports equipment, a piece of clothing, a shape, a colour, a random number... ok? "return/enter ... now ... switch to images.

    Do you see tits?... if so - technically that's a search that resulted in accessing porn and, by Phorm's admission cannot be included. If you doubt the claim? Try searching for "golf balls" - see images page 4? I daren't check "bananas" and for God's sake don't look for confectionary items.

    Question... does speculum come under medical or porn?

    There is absolutely nothing about a person's browsing habits can can be anything other than sensitive and therefore, logically there is absolutely no data that can be derived from any individual's browsing habits that can legally be used, except perhaps in court. CASE CLOSED.

  36. Aristotles slow and dimwitted horse Silver badge

    Has anyone contacted BBC Watchdog yet?

    Just a thought. If not, then I will.

    Keep up the pressure.

  37. MYOFB
    Happy

    I Am the Anti-Phorm !!

    My answer to the issue of Phorm is . . .

    If it comes to pass that BT, VM, CPW, et al implement their 'package' then I will personally Roger them all Rigid, whilst taking a 'Happy Slap' video on my mobile (which I will post to every 'social' website).

    When I'm hauled into court to face the charges of my perverse course of action, my Barrister (in my defence) will put forward this 'argument' . . .

    "How can you stand there before this court to complain of being shafted, publicly, by one man, when you yourselves have shafted millions, publicly, between you?!" "I ask the court to dismiss all charges herein based on these grounds!"

    Law Lords response . . . ?

    Case dismissed!!!

  38. Sam

    I love this bit from the BBC

    "Kent Ertugrul, chief executive, of Phorm, told BBC News: "We have not had the chance to describe to Tim Berners-Lee how the system works and we look forward to doing that."

    How about someone explains to Kunt Turdfail that we don't want his shit?

    My favourite explanation aid is a one metre length of scaffold pole, works wonders.

    On a side note, can anyone explain why the title "X-ripa" works, and "x-ripa-no-consent" doesn't work in my now modified browser header?

    x-header syntax and rules seem to be a secret on the interweb..

  39. Morely Dotes
    Alert

    Davies admits that Phorm collects personal data

    "in my view the company has gone above and beyond the norm to expunge personal data from its system."

    In other words, Phorm's spyware *does* collect personal data, but then very kindly deletes it. You can't expunge data unless you collect it first.

    And there's no guarantee that they will continue to delete it in future; particularly if it becomes of "commercial value" to them.

  40. Clive Powell
    Jobs Horns

    What happens to the people who are left?

    Not everyone knows about PHORM and the deals they are trying to do, so once everyone else has opted out of BT and VM, there will be so little traffic (but fabulous speeds) that it will be quite easy to identify who is looking at what for the customers left. This is starting to look like the herds of wildebeast heading for the crocodile infested river. Most will get across unharmed, but if there is only one or two, then they are eaten. Those remaining with BT or VM will get all the ads, because why be selective to only a few. However I have noticed a few links to the debate appearing on the BBC website (who as normal are trying to be "neutral" in any debate, but not investigating the problem).

  41. Alexander Hanff
    Alert

    @Slaine

    Another important point which has been raised is that if there is no chance of personal data ever being stored, why is there a need to police the category channels to make sure there is no personal data there?

  42. Morely Dotes

    @ Mike Crawshaw

    "a firm that deals ethically"

    Which fantasy world would that be in, then?

    There are two kinds of corporations: Rapacious, sell-your-grandma-for-catfood crooked ones, and dissolved-due-to-bankruptcy ones.

  43. Anonymous Coward
    Happy

    My MP

    I have had a response from my MP saying that his is looking into and shall be taking it up with an appropriate minister in Government.

    I took the angle of saying that if he had broadband with one of the major suppliers then his very surfing and communications with MP and constitutes would all be intercepted just so he could have a few ads more relevant for him.

  44. Anonymous Coward
    Pirate

    And inspecting the code proves what, exactly? BBB ?

    Any old set of source code will do, since no one will know what resemblance, if any, it will bear to the object code running on the profiler. Once they have your TCP stream they own you and thats the end of it! Just another PR stunt of the 'Bullshit Baffles Brains' variety.

  45. Anonymous Coward
    Alert

    Remember it is the ISPs that are the criminals...

    ...Phorm are merely selling them the tools with which to commit the crime. And yet their silence continues to be deafening.

  46. Anonymous Coward
    Coat

    @gothicform

    "Still, I'm sure they gave him a nice big payoff and ace reference just to cover their backs cos BT aren't completely stupid... right?"

    You can take a wild stab in the dark for an answer to that.

    </career>

  47. Justin Otto
    Happy

    @Messenger Shot

    I would like the ex-BT guy to be the auditor.

    Do we get a vote?

  48. Man Outraged
    Heart

    @everyone!

    Either I'm in a rediculously good mood or the phorum's on fantastic phorm today. Every other post getting me laughing out loud, especially:

    Slaine: "Do you see tits?"

    Jonathan: if(opt-out=1) { //add this later }

    And loads of others.

    I think Phorm-baiting could become a national pastime or even an exhibition sport for 2012.

    Here the Phorm-haters were linked to the anit-Scientology brigade as the 2 loudest ranting voices on the net today:

    http://technocrat.net/d/2008/3/19/37877

    At least I think that was what the author was trying to say!

  49. Anonymous Coward
    Flame

    Well VirginMedia.....

    ....have already implemented this system and it is running. They say on their site they will reveal information closer to roll-out but upon scanning my machine and using a packet scanner on my internet connection it seems they are already using this system.

    I wonder for how long now.....

    Burn VM Burn

  50. Simon Davies

    The conflict of interest issue - our response

    The record needs to be set out in full regarding the “conflict of interest” claim relating to 80/20 Thinking and Privacy International. I have no objection to public discussion about the matter, as long as the facts are laid out in full, rather than relying on a twisted, abbreviated account.

    Will people please read our report to Phorm. Read it in its brief entirety. Once you’ll do, you’ll realise that there are no conflicts whatever. In that report we argue that the system should be opt-in, that there are unresolved questions, that the matter of legal compliance is irrelevant to the issue of intrusion.

    For example, from page 10 of our PIA:

    "Phorm liaised with the Home Office to assess whether its system could infringe the UK law that regulates communications surveillance. The Home Office concluded that Phorm's system is consistent with the Regulation of Investigatory Powers Act and does not intercept communications. While this conclusion is a fair interpretation of Phorm and the system's capabilities, communications monitoring still takes place. Even if the Home Office's conclusions were appropriate and relevant, it would mean that if an ISP or any government wished to conduct similar monitoring of communications for segmentation purposes, albeit with consent of the user, then they may indeed do so and yet still be compliant with UK law. This could indeed give rise to a worrying situation."

    Yes, FIPR has lodged a detailed complaint with the ICO. That complaint dealt with matters outside 80/20s remit. There is no conflict there.

    Is there a conflict between our role in PI and our role in 80/20? Absolutely not. See above. My view is on the record at http://news.bbc.co.uk/1/hi/technology/7280791.stm Read beyond the headline.

    People have asked: “Why are they doing this?” “Why are they advising the evil empire?” Two reasons. First, we believe that engagement is more constructive than non-engagement unless there is no alternative. As PI we have directly engaged companies such as SWIFT, Microsoft and eBay with positive results for privacy.

    Second, the British Public, who apparently SO support PI, donate an average of £130 a year to us. We receive more from citizens of India, even during the height of the ID card battle. I, for one, haven’t drawn a salary from PI for eighteen years. That is not a sustainable situation. Nor is it for my staff. Our supporters believe in an ideal, but some seem to believe we must be willing for us to go to our graves principled but penniless. There is a Thatcherite condition that prevails. Namely, that many supporters will make financial contributions to people like us as long as they have some sort of formalised stake in the enterprise. We never played that game.

    What is 80/20 Thinking? Check out www.8020thinking.com and find out the details. Or go straight to http://www.8020thinking.com/ethics.html and you’ll see that in fact this company is very much in the advocacy realm, and is intentionally set up to distribute fifty percent of its profits to NGO civil liberties campaigners in developing countries.

    Please allow me the pleasure of a small personal reflection. It seems to me, looking back over nearly two decades as an activist, that people were always willing to hail me – and PI – as heroes and visionaries, on the strict condition that we reflected everything without deviation or hesitation that they personally believed. On CCTV, ID cards, children’s fingerprinting, US relations, police powers, DNA databases, going back further to the crypto wars and even further back in dim history to CLI and the telephone battles of the early 1990s, you were always there for us as long as we agreed with you on every point.

    So we disagree on one paragraph, namely, our point that personal information has been removed from the Phorm system “as defined in the UK DPA”. If you want to demonise us for making that observation, then go ahead. At a personal level, I find that level of aggression unnecessary. I understand you are concerned about alleged endorsement, but let me reassure you that if we ever endorsed a product, you’d know about it. The last time we endorsed anything was PGP in the era of Phil Zimmermann.

    Simon Davies

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019