Phorm launches data pimping fight back

Evil Scum

Does that sum them up? (not nearly..)

1 Point: 'Google stores everything you search' Yes but only if you use google.

see that, its called choice.

Now if we can convice the animal rights nutters that phorm is a rebrand of pharm and are close to HLS then they'll get what they deserve.

Supermarket Model

If you ask me this is akin to supermarkets tapping your phone calls, when you happen to say 'hill of beans' in a random phone call the next day a 5p off Beans voucher hits your doormat.

but its ok the drones listening are cheap forign labourers they dont care what you say. so it doesn't matter that there listening just forget about them....

This is very bad!

When I use the phone I dont want people listening, when I use the ATM I dont want people interfereing when I change the TV Channel I dont wan t people peeking through my letterbox to see what Im watching. and when I use the Internet I dont want people snooping.

SIMPLE.

That comparrison to google is lame, I choose to use Google. NOT PHORM. >:o(

Imagine ...

"Most websites don't make any money. but imagine you were able to show your audience an ad based on anything they've done on the internet."

Imagine indeed ... and imagine how are they going to do that without storing the habits of surfers ?

It looks like any "we don't store your data" will disappear as soon as they have their technology in place and adopted.

Paris : To reflect the tunnelling aspect of Phorm.

Phorm does not...

... Analyze the contents of email websites. How do they know the url of EVERY email website, including company and hobyist servers?

Privacy or ad resistance?

Great article from the Reg - one of the best.

Anyway, with regard to the argument, it depends whether it's about data privacy or getting ads in the first place. Some people genuinely seem to think they should have a completely clean, free internet experience. You either pay more for services, or put up with ads. I'd personally rather have more targeted ads.

So then the argument is about data privacy. Are Phorm doing anything worse with data than Yahoo or Google? I don't know. And I don't know if that makes it right. At least the Reg has managed to uncover a bit about how it works, unlike Google, who's 'don't be evil' mantra is becomming an empty slogan.

Random URL generators..

So what would happen if we all took to running a script when we aren't actually surfing that just hammers out random page urls (from real sites).

All of those pages would have to be filtered and profiled on the ISPs profile servers.. so how long before they turned up their toes and died. The idea of an ISPs customers actually carrying out a DDOS attack on their own ISPs servers does have a wonderful anarchistic twist to it.

privacy loss get over it

Do you all think that your isp has never ever done any form of packet inspection? All your data that passes over their network unencrypted is subject to being abused right now and always has been. All it would take is a nosy admin with a packet sniffer or browsing through your mail box. While I have an efficient ad-blocking strategy, I don't think this is that big of a deal. Less 'intrusive' than Google to my mind. Good interview.

@Mark

"ok so assuming I've understood the interview correctly I'm less concerned about this issue than I was following the initial stories, assuming that it produces enough extra revenue to fund improvements in the service or cost savings to the consumer to actually justify it."

LOL

Mark, GROW UP!

This is about profits, pure and simple.

************************************************************************************

@Slaine

We know the intraweb isn't free. I look at my VM statement every month and see £££ that I am PAYING for my connection. VM do NOT provide this connection without charge. They are being paid for their service, if they chance the service without my explicit consent then they have broken our contract.

************************************************************************************

@Mike

At times I need to access my work email via webmail. All of these pages would go through Phorm's servers. Where are these servers? China I believe. If this is correct then Phorm is taking my personal data out of the EU into an area which does not have equivalent data protection laws.

************************************************************************************

@Man Outraged

I would go further the DPA says that opt out means that data should NOT BE PROCESSED. It doesn't mean that it is processed and the results discarded. Not processed means leave the fscking stuff alone.

************************************************************************************

My cookies will be limited to those I want, not those that Phorm want to impose on me.

I do not want my granddaughter to see any ads based on my web browsing (she won't understand my fascination with hot, slinky, computer components) and I DEFINITELY do not want any Barbie based adverts.

This idea is just another way to increase the profits going into the corporate coffers.

@ Lyndon Hills

Your ISP is allowed to 'see' your data for example in order to monitor or fix broken equipment. But they are not allowed to profit from it financial or disclose it to non-law enforcement third parties without your consent.

paint it any way you like, but it is time to fight back by any means !!!!

This is the thin end of the wedge,

What if BT started monitoring my phone calls so they could keep a recorded record of all my calls and then sold the information about who i had phoned.

What if as others have said if the royal mail started keeping copies of my mail to sell info on to advertisers.

ISP'S have got away with murder over the last 10 years they can lie like virgin(20mb connection only if it is oversubscribed part of the network and you wont get even a half of that), or like plusnet who disconnected over a thousand users for using their 24/7 service 24/7 (fair usage) words like unlimited and fibre get tossed about like fact when the are word's of fantasy and fiction.

As a virgin user I will be an ex- virgin user when this goes live, and I will shout from the rooftops and anywhere online I can post about this breach in my rights of my freedom as individual to go about my daily online business with being monitored by the likes of phorm.

The opt out policy is a disgrace and a charade, and pointless as the data still goes where I don’t want it to go . it is mine I own it I pay virgin to connect my to the internet that is all, I also pay Scottish power for electricity but I don’t expected them to monitor how I use the power in my own home or sell that information on , so why then does phorm think they can pay my Internet service provider to spy on me in my very own home , which is what is happening does not matter where the data stream goes just where it came from.

If phorm wants my data they should be paying me for it not virgin as the data belongs to me , data protections laws are a absolute nonsense and need urgently revised.

Currently I and a few others have contacted the European Commission for Human Rights to see if a legal challenge can be made through this avenue. As I believe basic democratic rights are being abused as well as some EEC legislation which the phorm legal geniuses seem to have overlooked about international transmission of data out with member states.

BBC have no forum so I'll rip Phorm apart here:

Q: I would like to better understand the strict demarcation of ownership of equipment to be installed in the ISP to really understand the full content of the stream received at the point of entry to equipment under the control of Phorm. Bloggers purporting to be from BT claim that this is the FULL browsing (http - port 80) stream with IP addresses obfuscated in some way. Is this true? And if so, what safeguards over employee recruitment do Phorm have since they will be in an extremely powerful and trusted position, being able to read 10m peoples' web traffic.

A: No, this is not true. IP addresses are not passed in any form, even obfuscated, to Phorm. All that is passed is a limited digest of page data from each navigation. This data is never stored on disk and is immediately deleted from memory as soon as a product category match has been made.

MO: ANSWER THE BLOODY QUESTION - WHAT STREAM DO YOU HAVE.

Q: If two people use a shared computer - how will Phorm ensure that a surprise, e.g. a partner researching wedding venues, is not ruined when the other partner next uses the computer and is bombarded with adverts for dresses and rings?

A: Most people have a separate login if they are sharing a computer and they will therefore have a separate random number. But also, advertisers using our system can choose to show ads based on the page they are visiting, recently visited, or a longer term basis. Only the last of these would be affected if the computer and the login were share, so this scenario if possible but not that likely. If the person really wants to hide a surprise, they can switch webwise off!

MO: He already said that people know if webwise is off because every webwise Ad shows the current status "of/on". Now my missus would be suspecious if I said to here don't use my login, use your own. We just go with what's on. She would also be suspicious if I turned webwise off when it normally is on (she's suspicious).

Basically if it's off it's OFF you just can't have any kind of interception and alter if it's off. SGAASKJGLSKAGJKLSAJKLGAMKLLKSGLKJ:LKJ:ASGLKLK:M

I didn't read it

Thanks for the effort Reg, but i honestly have no interest in his excuses or PR spin, so skipped the pages.

All i want to hear is his plea of mercy to a judge during sentencing.

NOW ON SALE

PEER TO PEER VPN SERVICES.

GET YOUR OPENVPN CERTIFICATE NOW \o/

1/ Connect to my OpenVPN server

2/ Set it as your default gateway (you'll obviously need a static route to its public IP first)

3/ Browse your net alright.

SERVICE STARTING $2 ONLY (£1 for UK sheep).

COME ONE, COME ALL \o/

Afk, filling a patent.

French ISPs for the win, at least they don't try to push crap down our throats, have formidable bandwidth (did I mention hitting 2000kb/s on newsgroups over SSL ?) and no quotas.

Phorm Are Pirates

So let me get this straight? They copy my website as the user visits it and then stores the data. Copyright design and patents act specifically legislates against this. Thankfully, we already have rulings that just because you deleted the mp3s after the downloads you don't get off the hook. Looks like they can be tripped up on this matter alone.

@ Lyndon Hills

If you look at the contract with your ISP, you'll find they have every right to do deep packet inspection. No problem with that.

You'll also (probably) find that they promise to keep this data private and never sell it on to a third party.

Now we see ISPs are planning to sell this data to a third party. Even if you're happy to have your data sold on, surely you see the problem here?

Shared computers

So why did no-one ask them how they cope with shared computers. A lot of ISP accounts are shared by family members, computers may be shared by family members.

Maybe I decide I like the idea of all my internet activity being parsed and scanned and used to deliver targetted ads to me.

My partner who uses my computer DOES NOT want it.

If they use the same browser then they get MY cookie which says "yes I'm a muppet, I love having my browsing habits monitored"

Also as my partner HAS NOT given consent then surely Phorm and my ISP are now intercepting my partners traffic without consent - isn't that ILLEGAL?

Admit it PHORM - you are scum, you are leaches, your product is evil and your spin is just bullshit.

Can we have a list of all sites using OIX to deliver adverts so we can black list them?

Silly name

Am I the only one who thinks the brand "Phorm" sounds just a bit... well... phallic? Where's the penile icon? I guess PH will have to do.

I've nothing to add that previous commentators haven't already mentioned except to say cracking job, El Reg, I look forward to the day this ends up in court...

Simply unacceptable

I'm currently with Virgin - I have informed them that if they implement this spying network I will no longer be choosing to remain a customer.

Opt out my arse - it's non-consensual spying pure and simple. Reminds me of the ID card - 'ok ok you don't have to carry it... but we will keep storing all this data about you in the mean time...'

Disgrunted Employees?

What happens if there is a disgrunted employee as they have mentioned, or a security breach and it's not the data they are interested in, what if they can modify the code and have access to any browing information they like from millions of users. How about a bit of javascript injection instead of an ad?

Can they provide assurance that it is 100% impossible for anyone, ever to gain access to our browsing details.

Also aren't search terms in form fields?

Very Expensive PR

They've been very well coached!! They use a few tried and trusted sales techniques in an attempt to divert attention from the central issue but as always, what they didn't say is more relevant.

Looks like all ISP account holders will be subject to profiling whether opted in or out. If they could turn this off then they would have said so and the story would deflate. The fact the the data stream is ALWAYS monitored by this system indicates a far higher level of buy-in by the ISPs. My hunch is that the ISPs see a huge potential in providing advertisers with detailed breakdown of their account holders' habits. This is the start of a land-grab by BT, TalkTalk etc. to rip some of Google's revenue stream. The obvious conclusion would be ISPs selling this service direct to advertisers. The reason that they've done the deal with Phorm in the way that they have says to me that despite all the bluster they have serious worries about legal and commercial issues otherwise why not just license Phorm or copy the principle? Although I'm sure they know it, Phorm is the patsy fall-guy when the s**t hits the fan!! This will be buried! Nice try though.

Paris asks - can I alter my profile to make sure I ONLY get adds from cam-corder merchants?

Time to make SSL the standard rather than the exception

A gem from the audit by Ernst & Young:

"If a user deletes their opt-out cookie, then the co-opt status, which is contained in the cookie, is lost, and the user will be opted-back into the Phorm Service."

WHAT!?

Let me get this straight: I'm subscribed by default *unless* I keep a specific cookie in my web-browser?

And how is it, pray tell, that my browser will know to include said cookie with *every* outgoing URL request, unless it's completely domain-unrestriced. In which case said cookie can be used to track me by all and sundry across the internet?

I see nothing about Phorm stripping this cookie out from my traffic as it leaves the ISP.

(Ironically, Phorm state that they use a cookie as part of the opt-out process, so my opt-out'ness can follow me around the countryside: "to ensure that such opt-out is effective no matter where the user should take his or her computer and is in other ways more protective of a user's identity". Gasp splutter on that last bit).

There are some problems with your comment: * A title is required. (eh?)

Phorm are being really slippery around the real issues and I dislike that. When questioned about receiving data they answer:

"We don't get any browsing data, just keywords."

when questioned about the opt out:

"We don't get any browsing data or keywords."

What we really want to know is, if I opt out, am I out? Do my browsing habits get profiled or not?

I pay my ISP to connect me to the Internet, what I do when I am on the Internet is none of their business. As the ISP's themselves are arguing at the moment in the "3 strikes" file sharing debate they are simply a conduit for my activity on the world wide web. The ISP's can't have it both ways, by examining my traffic they are doing more than provide a connection service. They are providing an Internet Experience and as such fall foul of the "3 strikes" argument and become responsible for policing their customers for illegal activity and preventing/reporting it where possible.

As a conduit, where I go is none of the ISP's or anyone elses business.

The model that Phorm are implementing is analogous to the Royal Mail opening all of my letters, distilling any correspondence down into a bunch of keywords and then sending details of those keywords off to a third party, and then asking that third party what junk mail I should receive in addition to the letter from my Granny.

If the Royal Mail implemented such a system that involved reading your mail, there would be public outrage and frankly, just because all of my internet correspondence happens electronically, thus making reading all of it a technical possibility, it is no less important to me that my correspondence remains private.

The opt out for this system is a joke, akin to the Royal Mail continuing to open your mail, but just not asking the third party what junk mail to send.

Phorm, can tart up, explain how wonderfully secure it is and how people will get a free Phising filter all they like, the simple fact remains that they (or rather my ISP on their behalf) are still opening my mail and snooping at letters from my Granny and I really would rather that they didn't.

Time to put on my tinfoil coat and hat and move to Zen I guess.

It sucks

I'm going to leave BT for the best ISP to guarantee that they won't be using Phorm technology. BT and the rest of them stink and Phorm ... are dubious guardians of our privacy at best.

message to phorm

I do not want your service-I do not wish to be opted in -i do not want to have to opt out-i will continue blocking ads-i do not need your anti phishing service.If you and my isp foist this service on me I will find another ISP and investigate my recourse in law.

@Random URL generators

Funny you should mention that - cobbled one together last night.

Essentially a web spider that requests a new page every x seconds

Because even if you use a proxy / anonymiser they can still get your traffic.

So hide your real traffic in a flood of other stuff - good luck phorm on sifting this.

now just to tweak it so it doesnt exceed "acceptable usage" per month. Maybe I should release this to the general public then good luck to the isps coping with the additional traffic, rendering phorm completely useless in the process.

a hacker would not need to compromise phorm,

They would only need to compromise the 'profiler'. The people that run phorm are scum. They are intercepting everyone's data. who is to sya that at some point in the future that they will not switch on a storage function.

All the ISP's are trying to do is turn your computer which you paid for, into a web tv console using a connection you paid for so that your bandwidth which you paid for can be consumed by targetted adverts. If we're paying for all this then why the hell have I so little control over the services I've purchased.

If I were a financial institution I would be seriously reconsiddering the credibility of any backbone operator with this technology in their network (SSL or not). How can I guarantee the security of my clients knowing full well that on certain routes their data is intercepted and massaged by 'scarevices' like phorm.

Phorm does nothing to improve people's confidence in the internet, and instead treats everyone's connection (opted in or out) as their own personal playground. Look at the feedback they have received so far. This is hardly a shining light on trust.

There needs to be a picture of KE with Horns, in the meantime Jobs will do the job.

@Random URL generators

"now just to tweak it so it doesnt exceed "acceptable usage" per month. Maybe I should release this to the general public then good luck to the isps coping with the additional traffic, rendering phorm completely useless in the process."

If they ever implement it at Plusnet then I know what my "free" usage between midnight and 8am is going to be doing.

I'm sure you'll get a lot of people who would be interested in it if you did release it.

Guess Who Will Want a Piece of the Action?

The icon says it all. Expect a little black box to be inserted before the "cleaning" system. Especially if it happens here.

@Jonathan

I dont think the point of the random URL generators is to DOS the system, more to obscure your normal browsing habits.

If you normally look at 10 web sites a day and the generator goes to 1000 (not exactly a huge amount at around 40k ? a request) this would be plenty to confuse their system making it useless for the purpose they claim its for.

As for the goverment tapping in: I for one dont really care as I dont have anything to hide. I do, however, have a big problem with my data / habits going to a 3rd party without my consent so they can litter my content with yet more ads.

A further point of concern is all the business apps that have taken to using port 80 to communicate to each other in order to simplify firewalling - will this traffic also get sent to phorm? presumably so...

@Jonathan

It's a very muddy area for anyone that has multiple people on a connection, but it's worse for you since there's a precursor before phorm gets involved.

The contract is between the ISP and your landlord - it's quite possible that he's in breach of it by letting you use the connection, since that would count as the ISP equivalent of a sublet.... I'm pretty sure that my ISP has a clause saying that I'm not allowed to give access to other people (not sure how family/friends are allowed)

Working on the assumption that you are allowed to do this, it's not good for you with respect to the privacy side of things I would have thought.... As long as they get permission from the landlord to monitor the connection, they are covered - it's then your landlord's fault for not getting this cleared with you - they have confirmed with the person they are providing the connection to that it's "OK".

Now I feel worse

I now feel worse about this issue rather than better.

I hope that RIPA is dropped on them like a metric shedload of bricks.

I will only be happy once every single one of them is inside for this outrage!