back to article BT and Phorm secretly tracked 18,000 customers in 2006

BT secretly intercepted and profiled the web browsing of 18,000 of its broadband customers in 2006 using advertising technology provided by 121Media, the alleged spyware company that changed its name to Phorm last year. BT Retail ran the "stealth" pilot without customer consent between 23 September and 6 October 2006. The …

COMMENTS

This topic is closed for new posts.

Page:

Power currupts ? Sorry about the politics

So Patricia Hewitt is on the BT board. Surely only a corrupt government would allow something like this to influence legal issues to act in the favour of the wrongdoer.

I have been a solid Labour supporter for many years and it would sadden me considerably if they were to not act properly on this issue. So much so they would lose a vote that has never ever gone any other way than Labour's.

I fully demand and expect BT and Phorm to be severely treated in this issue with the full impact of the law brought down on them. This is not Robert Mugabe's Zimbabwe where people in power have in the past protected each other. This is Great Britain where citizens rights and laws should be upheld.

It is obvious to anybody within IT that Phorm and BT have acted totally irresponsibly.

0
0

@Alexander Hanff

Well done, good reply. Its a pity we couldn't get a list of the BT users that were spied on and conact them, surely out of that lot we could find one willing to sue.

0
0
Anonymous Coward

"your consent will be assumed"

As far as I know, that kind of thing isn't legally enforceable under UK consumer contract law, whatever the cowboys may try to kid you. In particular it is prohibited by the stuff which deals with unfair terms in consumer contracts. IANAL, but ask a Trading Standards bod or someone with appropriate legal background. If your contract changes, you have an excuse to get out, regardless of "assumed consent". Threaten them with court and they'll give in, as the cowboys know it's easier to settle quietly with the few folks who raise a fuss, rather than be dragged to the courts and have a public precedent set against them and have their (unenforceable) Ts+Cs changed.

0
0
Happy

If the trials were to show Phorm did not affect customer experience..

If the trials were to show Phorm did not affect customer experience..

Then why in the 2007 trials did the customer support reps act clueless when the aggrieved customers phoned up to complain about dodgy redirects and cookies?

Surely if you are testing the water, you brief the customer support people to give you a heads-up to stop you jumping head-first into the boiling pool?

If the first trials were in 2006 - THEN WHY WAIT UNTIL JANUARY 2008 TO GET PRIVACY IMPACT ASSESSMENT AND DATA SECURITY REPORTS!!!

SURELY DATA PROTECTION AND PRIVACY SHOULD BE CORE TO THE SYSTEM, DESIGNED IN FROM THE START AND NOT AN AFTERTHOUGHT.

This just STINKS and BT will get what they deserve. Piss the staff off, they WILL get you back. Piss the customers off, they WILL have the last laugh.

0
0
Joke

I had to laugh

Just had a 'phone call from BT Broadband offering me a £4 per month discount if I sign up for another year. One can't help but wonder if this was precipitated by a wish to retain customers in face of the unfavourable coverage they have received recently.

I did, however, get the opportunity to "educate" the poor phone-peon in why I was unhappy with BT. Poor fella hadn't heard of Phorm, Webwise or "Targeted Advertising". To his credit he did agree with me that profiling was a bit off.

Needless to say I indicated that I found BT's behaviour in this regard despicable and that under no circumstances would I be willing to enter into another twelve months' contract.

I have my eyes on www.fast.co.uk, who look like thoroughly decent folk who (bizarrely) seem to be labouring under the impression that they are there to provide a service to their customers!

Joke 'cos I did actually laugh when I found out who was calling me!

0
0
Heart

@Peter White

I'm no lawyer but if VM signed a contract with Phorm for an activity that is illegal, and if VM did not know that said activity was illegal at the time of signing the contract, then I don't see why they couldn't tear up the contract and use for toilet paper. The truth of the matter I imagine is more that the guys on high at VM are just standing back and monitoring the situation, still sorely tempted by the carrot of Phorm-based revenue.

Almost every decision in life is made on a cost-benefit basis. You weigh up your projected benefits, measure them against your projected costs, and if the benefits outweigh the costs (with suitable certainty) then you go for it. At the moment, the costs associated with a handful of IT-related folks such as ourselves leaving for another ISP, and of the effort of lobbying for a change to the law (or even easier a relaxed interpretation of current law) to make future Phorm-related interception activities legal, are still far less than the rewards to be reaped. So VM and partners are biding their time...

A heart, because in the end love is all that counts.

0
0
Alert

@Mark Simpson

i can tell you who..

http://www.bikegirl.co.uk/forum/forum_posts.asp?TID=2418&PN=1

or

http://pwcforums.co.uk/wiz/printer_friendly_posts.asp?TID=10304

or

https://www.bluffmagazine.com/forum/forum_posts.asp?TID=4108&PN=1&get=last

or

http://www.raisingkids.co.uk/forum/display_topic_threads.asp?ForumID=72&TopicID=17698&PagePosition=1&ThreadPage=2

or

http://www.angelways.co.uk/forum/forum_posts.asp?TID=326&FID=3&PR=3

or

http://www.pwcforums.co.uk/wiz/forum_posts.asp?TID=10314

badphorm.co.uk

0
0

I've cracked it

Pardon me if someone else has already spotted this but PHORM is an anagram for MORPH . Same person different 'form'.

0
0
Thumb Up

BBC - get ready to follow up

Thursday morning BBC Breakfast will have an interview (sorry, I don't have the link, can anyone else get into Cable Forum at the moment?)

We need to subsequently ask the Beeb to follow this up. There is a link to the Newsnight programme here :-

http://news.bbc.co.uk/1/hi/programmes/newsnight/default.stm

The 'contact us' link is on the left hand side.

E-mail them asking that they follow this up. Put Kent in front of Paxman! Keep the BBC rolling on this one.

Well done the Register for helping to keep this issue alive.

0
0
Joke

BT also attempted to bribe me

After complaining to BT Customer Services about Phorm Spyware, I got this letter back:

----------

Thank you for your e-mail dated xx/x/08 about I want to complain - I have a complaint about my service.

I am sorry it took so long to get back to you.

Im sorry about the issue your having at the moment.

Your broadband contract expires on the xx/04/08

If you are wanting to remain with bt for your broadband you are entitled to a £5 per month discount for a further 12 months now you are coming to the contract.

If you want to take up this offer than dont hesitate to get in touch, and i will arrange it for you.

Thank you for contacting BT.

Yours sincerely,

Dean Lee

eContact Customer Service

--------

If they are instituting a policy of bribing customers to stay, they're obviously having one big customer retention problem.

- phormwatch

0
0
Alert

That would be a great laugh

Seeing Paxman lay into that bloke whose name I can never pronounce properly, it often seems to come out sounding like an obscene word.

It took at least one snotty e-mail to Newswatch to get the BBC website to give some light to the latest BT lowlife revelations (not that they would ever admit that, of course).

I can't get into cableforum either. Hope it's just down for routine maintenance or something like that. There's some excellent stuff on there, I hope it's not lost.

0
0

The real problem

While I'm in complete agreement with most posts here re phorm, I can't help but feel a sneaking admiration (for desperate want of a far more approriate word!) for the sheer on-message relentlessness of phorms PR push, which simply ignores all truth or reality and attempts to spin the required myth for public consumption. They just don't blink.

Sadly, it's working, and the reason this has not become much of an issue in the mainstream press is largely down to the on-tap access to phorm staff to "explain" to less tech savvy media types what the "truth" is. Unfortunately, they're swallowing it, and I shudder when I see some of the fairly positive write ups phorm are getting. A "hey thats not a bad idea" editorial in Macuser chided readers not to get hot under the collar about this till they'd cut up theeir (far more dangrous apparently) supermarket loyalty cards. Huh? The most amazing thing is that the idea of "more relevant advertising" - a ridiculous idea - seems to be going down better than I would ever have imagined.

Phorms strategy has risks; if people like the Macuser retard start thinking about it rather than regurgitating fantasy phorm-speak, the public awareness of phorms true nature will kill the idea stone dead. But until there is a co-ordinated opposition campaign that provides accessible geek-lite counter arguments to each and every phorm argument on demand, every time, in the main media outlets, it will remain easy for phorm to dominate the limited awareness of Joe Public and dismiss El Reg and other tech forums as niche paranoic ranters. For gods sake we have black helicopter icons.

The mistake if to dwell on the tech issues; it's simply about privacy and retaining the rights to what amounts to your intellectual property. If the principle of what is private and what comprises consent isn't urgently clarified, legally redefined and toughened, phorm will just be the start of a world of data-pimping pain without apparent end.

0
0
Anonymous Coward

BT and BBC

The BBC reporting is a sham, they are claiming that by deleting your cookies everything will be ok, and nothing is recorded

0
0
Anonymous Coward

Mention on Breakfast TV

Just saw a brief mention on Breakfast TV of the developing BT scandel.

Phorms name wasn't mentioned but the BT representative look unconvincing when she said they had all legal advice etc. B***cks!!! I say.

I doubt BT's legal team even knew in 2006 what was going on between their TCO at the time and Phorm (Sorry 121 Media as it was then known - You know - that rootkit spyware company).

What I want to know : since the TCO of Phorm now was the TCO of BT then. Was his move to Phorm, as it is now known, related in any way?

Smacks of something really bad but the word escapes me!

0
0
Jobs Horns

@Pete

> Almost every decision in life is made on a cost-benefit basis. You weigh up your

> projected benefits, measure them against your projected costs, and if the benefits

> outweigh the costs (with suitable certainty) then you go for it.

The problem is that all young buck management and execs think they’ve cracked this, think they understand this and press ahead on a "cost/benefit" grounds.

BUT - many fail to properly factor in costs and benefits that only occur over a longer period of time, e.g. staff goodwill and brand image/brand damage. Research and Development is another good example.

Short-term thinking is encouraged by the stock market, where execs are hired to provide "shareholder value". But the stock market is inherently short-termist, so shareholder value comes from short-term measures which inevitably lead to a stagnation of share value or a spiral of decline.

This whole sorry tale smacks of short-term or flawed thinking:

1.) Targeted advertising has limited value. For ubiquitous products in a saturated market maybe, but some of the best results come from adverts that catch their viewers unaware or introduce them to products they hadn't even thought about.

2.) Targeted advertising already exists. Advertisers compete for space on websites based on the topic of that website. Phorm is not offering anything unique - it is trying to gatecrash a party, so why is their product deemed so valuable?

3.) Whilst customers (and staff) oppose the tie-up with Phorm, the ISPs risk damaging their long-term value.

0
0
3x2

completely anonymous?

<...>"A small number of customers on one internet exchange were randomly selected for the test and were completely anonymous. Absolutely no personally identifiable information was processed, stored or disclosed during this test. BT has no way of knowing - because the trial was completely anonymous - which customers were part of the test."<...>

Where exactly in RIPA does it say it's OK to wire-tap so long as you don't look at the results too closely? RIPA say's it is illegal to intercept any communication. What you did or didn't do with the results or that you didn't know who you wire-tapped is irrelevant.

Where are HMG in all this? There is more than enough evidence to at least investigate. I'm still searching RIPA for the safe harbour BT think they have and I still can't find it.

0
0
Stop

Don't they realise...

...who they're messing with?

"technically adept [men] older than 30 who [have] trouble fitting in at work and in social situations (...) also own a stockpile of weapons."

You just can't f*ck with people like that.

For some of us (not all of course) the neighbours would say (after the 'incident') "He seemed so normal, he just kept himself to himself", see the danger they're putting themselves in?

(Can't we have a gun-toting-socially-inept-30-something-living-with-mum-nerd-possibly-bearded icon?)

0
0
Heart

investors looking at phorm are wising up

from http://www.iii.co.uk/investment/detail/?display=discussion&code=cotn%3APHRM.L&threshold=0&it=le&pageno=2

read the full post to get the full argument

Mon 14:07 Re: People Lack Real Insight lautresteve 3

below is a few bits from the post

"It's so simple in fact, that I can't understand how they spent so much money developing it. If it were truly worth anything, I'd be on the phone to a VC right about now, but it isn't. And the internet ad experts don't think so either. Profiling for ad targeting has advanced far beyond what Phorm's key technology seeks to deliver. State of the art ad targeting does not simply collect ten facts about you and then match some ads to those keywords, and in fact, matching to categories that the user is already known to be interested in is not considered to be clever, and can be easily achieved without the additional overhead of Phorm/OIX. These days, the ad targeting people want to show you ads for stuff that you didn't know you wanted, which takes a little more inference than the 'ten keywords' approach really allows for,"

"So, their technology is lacklustre at best. It's not very complicated, it's easy to replicate (and improve on) without patent issues (happy to expand on this) and at a far lower cost, it doesn't deliver what the ad targeting people want."

"BT's own survey data suggests that users want less advertising. Given this, and the level of negative publicity surrounding the issue, it's hard to see how many of them would chose to opt in. Some might, of course, but it's not going to be anywhere near the 70% level.

So, no mass profiling, no value to advertisers and no big revenue stream for the ISPs.

Where's the value ? Falling, like the share price."

0
0
Happy

What BT have just done...

And I'm being serious now - is, by coming out fighting, without acknowledgement of customers' concerns, just alienated the customers who felt uneasy about this and enraged those who are baying for blood.

Well done Emma Sanderson of BT, my hat off to you. You have just made things much much better, honest.

0
0
Paris Hilton

Hmm to peter white

Trouble is users wont opt-in, but thats the whole premise, Bt are saying you can opt-out.

No-one opts out unless they have a specific desire, and as yet the issue is not up in front of them.

Paris because she has specific desires and I would like to help her opt-in.

0
0
Paris Hilton

Response from BT

I received a phone call from a nice indian lady this morning asking me why I was complaining that I did not want adverts in my BT email account.

I explained to her very carefully all about Phorm/Webwise, and she had never heard of it. She called the "Broadband Department" and they claimed never to have heard of it either.

Eventually she gave me an address to write to, which I am going to do;

BT Plc

Correspondance Centre

Durham

DH98 1BT

ps: Paris, because this is the only nice picture of her. What?

0
0

the iii.co.uk link

Ugh, it's posters like those present on that site that make me think the first person to invent SoIP (stab over IP) will be immensely rich.

The fact that they are trying to claim that information relating to the legality of the business practices of a firm they are investing in is not relavant to an investment site is astounding - do I have to trot out the "pride cometh before a fall" line?

It's of critical importance, otherwise the company would face punative fines and have their business model destroyed.

Their complaining about the links to technical sites when the firm in question is a technology company is just coming across as a person who simply can't get their head around the information being presented to them.

I hope those who a burying their heads in the sand lose a sizable chunk of money for being so ignorant.

0
0

@Mark 'The real problem'

"... it's simply about privacy and retaining the rights to what amounts to your intellectual property..."

Though contentiously more favourable towards Phorm, Guy Kewney takes a broadly similar view: http://www.whatpc.co.uk/itweek/comment/2213127/enemies-privacy-3907973.

"The one party that should be officially and vigorously banned from accessing and storing user data of this sort is government. Government oppression needs little help from powerful database technologies showing user preferences and habits; it’s all too easy already."

The problem is that, as the Information Commissioner tried to tell us with "Sleepwalking into a surveillance society?" (http://www.statewatch.org/news/2004/aug/08uk-info-commissioner.htm) and as Bill Thompson recently pointed out (http://news.bbc.co.uk/2/low/technology/7226016.stm), it may already be too late.

0
0
Dam

Please not the legal crap again

"Written by civil servant Simon Watkin, it argues that the system will probably be legal if consent is obtained from users."

Oh will it ?

A client consents to his data being spyed upon.

Said client connects to *my* servers, logs in a *restricted* area and receives *my* data (say a tech article).

Phorm *intercepts* said data without *my* consent and falls foul of RIPA, despite having the end user's consent.

Despite of what BT and Phorm may think, a user can't give them consent to intercept intellectual that belongs to me.

Phorm can't be legal because it'd need consent from every site admin and publisher everywhere.

0
0
Anonymous Coward

@ response from BT

"A small number of customers on one internet exchange were randomly selected for the test and were completely anonymous. Absolutely no personally identifiable information was processed, stored or disclosed during this test. BT has no way of knowing - because the trial was completely anonymous - which customers were part of the test"

That can be loosely translated as: "We knew what we were doing was illegal so we made the trial anonymous so that it would be difficult to prove what we were up to"

0
0

BT correspondence

Re. Chris and his correspondence address for BT.

All I can say is - don`t hold your breath. I moved house a mere 600 yards down our country lane and, despite me telling BT that the line passed by the new property (I was a BT maintenance engineer for this rural patch where I now live for 20 years, when it was a public service, so I do know what I`m talking about) and would just need a simple physical diversion (i.e. connecting two wires together on the pole outside), thereby retaining my broadband and making life easy for all concerned, they managed to make the biggest foul-up imaginable, cutting everything off in the exchange, providing a brand new line right the way through the system, as if it was a new installation (this tied up their engineer for some six hours in the pouring rain, about which he was not best pleased when I told him that there was no need for all the extra work he`d carried out) and chopping my broadband in the process, despite me retaining the phone number that it was originally provided on. There was also the "small" problem of making my neighbour`s phone line faulty in the process, but that`s another story. The "engineer" (I use the word loosely) told me that I would have to contact my ISP to have my broadband re-activated, which they would when I spoke to them, but at a cost of £47.00! I fail to see why I should have had to pay this when it was BT that had cocked-up. Luckily (in a way) the line had also been de-tagged, so I started afresh and took my business elsewhere to an ISP with no set-up fee. I tried ringing BT to complain, but, like Chris, got diverted to India. I`m not the slightest bit racist but it has to said that they were totally useless and I too, was put through to "The Broadband Department", even though BT were not my ISP and got the run-around with suggestions that it was normal procedure to cut everything off on a house removal. I wrote to BT at the address that Chris has, suggesting that maybe they hadn`t got it quite right (!) and what were they going to do about my lack of broadband for several weeks, but never, ever, got any reply, either by phone, snail-mail, or e-mail. They are an absolutely despicable company these days in my opinion.

0
0
Anonymous Coward

@alphaxion re iii link

I am one of the people posting on that site trying to wake some of the investors up to the technological and legal ramifications of Phorm and their system. Its like banging your head against a brick wall but I intend to keep at it.

0
0
Anonymous Coward

@@alphaxion re iii link

Why? You're only protecting them from themselves in the end. Let them pay in cash for their own stupidity.

If you want to go for phorm's weakness, it's its legality, and its public perception of legality and snooping. Attack those, the rest will follow.

0
0

@@alphaxion re iii link

Why? You're only protecting them from themselves in the end. Let them pay in cash for their own stupidity.

If you want to go for phorm's weakness, it's its legality, and its public perception of legality and snooping. Attack those, the rest will follow.

0
0
Anonymous Coward

ISP's wake up OR reap no rewards

As I step back just a little from this Phorm BT, VM talk talk spyware sordid story (of which I am very angry and have been vociferous about) I wonder if the ISP's who so far have been 'conned' by Kent and the rootkit mob realise the basic law of customer relations.

a: Good relationships take some time to form.

b: Bad news travels fast

c: Bad relationships can be achieved very quickly.

d: When the internet is involved, good and bad news travels at light speed.

(Unless its slowed down by Phorm and their illegal interception)

The point!!!

Unless some of the ISP's involved with the rootkit gang do some backtracking fast, no amount of bribery will restore either good faith or customer relationships.

Once trust has gone, you can never get it back by the vary nature of what it is. TRUST.

No amount of spouting about what is legal or what is not legal matters. What matters is TRUST - get it?

Get rid of Phorm! WISE UP.

0
0

Richard Clayton in the BBC headlines again

After visiting Phorm, He says it is still illegal

http://news.bbc.co.uk/1/hi/technology/7331493.stm

0
0
Anonymous Coward

Read Richard Clayton's full report on Phorm

http://www.lightbluetouchpaper.org/

0
0

iii

I would have given plenty of caustic commentary to them, if it wasn't for the fact that I can't be bothered to waste my time on the sign up system.

I appreciate people trying to educate others about how bad things are, but I am left wondering how many of the chumps trying to defend phorm on there are actually sat with their fingers in their eyes while chanting "na, na, na, I can't read you".

I wonder how many of them would have complained about someone informing them about nick leeson's activities on the barings bank page had the site existed back then >.<

0
0
Black Helicopters

Privacy Issues

This privacy intrusion has caused me start thinking about the way I conduct all my business.

Being a regular guy with little "nothing" to hide, why does this bother me so much?

Must be the absolute and total intrusion into my time and the things I do.

I work for an ISP, but am now considering not bothering with the Internet at all.

Interesting that I'd give up the resource that enabled me to become aware of the issue in the first place.

Also, considering getting rid of the credit cards, shop cards, and what not.

I don't feel as though I need to be tracked and have information about the things I do and buy shared amongst various corporate behemoths.

Maybe that's what we need, a really major change in the way we do things. No maybe about it.

Do you think that's short sighted of an ISP employee?

0
0
Anonymous Coward

Phorm issued notification of holding

I noticed Phorm issued a notification of holding yesterday. I seems that one of the larger investors has reduced their share level to an amount that requires Phorm to issue a statement.

What is the significance of this?

0
0
Anonymous Coward

Richard Claytons new artlicle today (another one) - ISPs PLEASE READ

I suggest all the ISP owners read this one fast. (I suggest you Pack away your tooth brush and get the wife to learn to cook cakes with files in them)

http://www.lightbluetouchpaper.org/2008/04/05/adding-webwisenet-into-the-cni/#more-316

0
0
Coat

Richard Clayton's report

This bit worried me:

"Phorm explained the process by which an initial web request is redirected three times (using HTTP 307 responses) within their system so that they can inspect cookies to determine if the user has opted out of their system, so that they can set a unique identifier for the user (or collect it if it already exists), and finally to add a cookie that they forge to appear to come from someone else’s website."

So if they can forge a cookie and are using 307 reponses what is to stop the injecting ANYTHING into the stream being returned to the end user.... maybe its adverts, maybe its adware, maybe its malware. But the end user thinks that the site they are visiting is sending it to them

They say they wont do anything like that but do you believe the lying scum?

I'm waiting to see the first time the phorm technology is used to inject malware and then of course the court case where the original website owner sues the arse off the ISP and Phorm.

Mines the one with "Fuck Phorm" printed in big letters on the back

0
0
Happy

Must be illegal!

Here is a statement from the present BT terms and conditions

"WE DO NOT STORE INFORMATION REGARDING YOUR TELEPHONE NUMBER, ACCOUNT OR PAYMENT DETAILS IN THE COOKIE, AND THIS INFORMATION CANNOT BE ACCESSED USING IT.

BT´S COOKIES DO NOT COLLECT ANY INFORMATION REGARDING THE USE OF YOUR PC OR YOUR INTERNET BROWSING IN ANY WAY.

PLEASE NOTE THAT AS THE COOKIE IS BASED ON YOUR PC, WE WILL NOT FIND IT IF YOU VISIT OUR WEBSITES USING A DIFFERENT PC TO THE ONE YOU REGISTERED ON."

Nuff said!

0
0
Thumb Down

Richard's report

His report doesn't seem to address the fact in point 79 that the anonymiser and profiler, whilst owned by the ISP, are in fact boxes that contain phorm software (they were the 'gifted' equipment). so in effect Phorm COULD if it wanted to, alter teh software there to Gain you IP address and link it to your UID and you would be non the wiser (nor would the ISP know about it).

The robots.txt parts are telling as well. Phorm seems not to want website woners to be able to block them without blocking googlebot etc (they wont tell anyone what useragent they pick up on), if they were so honest, why don't they look for a specific "phorm" useragent and respect that?

point 37 of his report shows that phorm has little interest in protecting users wishes..how many sites use basic authentication? i would say over 99% use application logic to set a session cookie to which you're authenticated (PHP based sites mainly do this, as does all our email webmail sites). so in effect phorm is really saying that they, in most cases, scan privileged information [webmail aside where they say they they dont read it--but won't even publish which sites are blacklisted!]

0
0
Anonymous Coward

Let's not beat around the bush

I will never accept Phorm!

I don't trust Phorm

My past experiences with Phorm are negative [Spyware and other nasties I have removed from other peoples PC's]

I really find it difficult to believe that ISP's, who in the past have been so keen to advocate PC security, are involved with this outfit. It really takes the p$$s

No amount of assurances will change that sobering thought.

The bottom line is that if this system comes in [and I find it hard to believe it can - legally], I will leave my ISP and take all my other value added services with me.

I have values and those values don't include Phorm. I hope many others feel the same way.

Lots of people will reformat PC's if that was the only option available to remove spyware. Changing broadband providers is a lot easier option in a relative comparison. Phorm is spyware - no doubt in my mind!

0
0

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2017