back to article BT's secret Phorm trials open door to corporate eavesdropping

The government has refused to investigate BT's covert wiretapping of thousands of its customers in 2006 and 2007, despite its own expert's view that without consent Phorm's advertising targeting technology is a breach of criminal law. Whitehall's willingness to turn a blind eye to the fact that tens of thousands of people were …

COMMENTS

This topic is closed for new posts.
  1. Neil Greatorex
    Happy

    This just gets worse

    Government refusing to act?

    Usual story.

    It might be a completely different story if we knew which MP's were caught in the trials.

    "Mr Speaker, is the Prime Minister aware of the recent illegal Phorm/BT trials?"

    Insert noise of unruly rabble here...

    "Well he should, as he was included, as was the Foreign Minister".

    Heh, one can but dream.

  2. bobbles31
    Coat

    Sad but true!

    It seems that its time for a fundamental change to the system of governance in this country. The current system just doesn't work anymore.

  3. Anonymous Coward
    Anonymous Coward

    I'm voting Liberal

    I have always up to now supported the Labour party. I now think that the Liberals are a more trusted party since they seem to have the only pro active MP's on this very important matter. Labours ineffectiveness in this matter loses them my Vote. Confusion reigns supreme Gordon Brown. Get a grip and show that nobody is above the law!

    Phorm is Illegal!

  4. lansalot
    Stop

    err..

    > "I'm absolutely sickened and appalled," Pete John, who has tried to interest authorities, told The Register this week.

    Get a grip, I told Pete John this week. With all that goes on in the world, if that's the kind of thing that sickens and appalls you then I'm surprised you have the wherewithall to get out of bed in the morning.

    That said, keep up the good fight (when you've got your health back, naturally :)) !

  5. Anonymous Coward
    Anonymous Coward

    Sounds like our politicians can get on with doing something useful...

    The Tribunal's remit excludes it from acting. "ICO say the Home Office. The Police say the Home Office. The Home Office say they have no investigative role".

    If the politicians are serious ( but, hey, we know they aren't) they'd investigate in a Parliamentary committee and then NTBs into the future. Other than prison and punative damages there is little that can be done about the past now but the bleeders need to be stopped from taking the mick in future.

    Can BT, Phorm and the rest be nailed under trading standards legislation?

  6. Sir Runcible Spoon Silver badge

    @This just gets worse

    If they have BT Broadband, then there is a bloody good chance they were.

  7. Anonymous Coward
    Flame

    Cop Out or corruption?

    Can we start taking bets on how long it is before certain key people in government departments that seem to muddying the waters on purpose jump ship and join Phorm?

    That bloody "Consent" thing keeps coming up.

    I run websites - I DO NOT give consent for phorm (and BT, Talk Talk or Virgin) permission to intercept my traffic.

    Mabye if a lot of website owners blacklisted the entire BT, Talk Talk and Virgin IP address ranges so they get a message that says something like "Your ISP is a leeching parasitic scum merchant who would sell his granny for a snort of Cocaine" they might get the message?

    Actually even better - a redirect so that they get a page full of the nasty truth about Phorm and then topped up with choice keywords would be good (it would certainly screw up the Phorm profilers.) before they get to the actual website.

  8. Ash
    Pirate

    No more writing letters.

    Anyone willing to put their name on the line and march on Parliament? Peaceful protest my left ass cheek; Through the doors and into the PM's private chambers, so he knows just HOW pissed off the informed public are.

    Anonymous? No point. They can track it all anyway.

  9. The Other Steve
    Unhappy

    Me to :(

    I have an extremely dismissive letter from Tony McNulty which more or less says "It's not my problem. It's the ISPs responsibility to make sure they don't breach RIPA"

    I'm drafting a suitably worded reply, but it's taking a while, since I'm having difficulty framing a sentence without using the phrase "greasy shiteweasel".

    As of today, sadly, the position seems to be that public bodies can breach RIPA, in which case they'll be investigated, but this will never come about since everything they do that's covered by RIPA will have been rubberstamped (see Reg passim), that individuals can breach RIPA, in which case inspector knacker will stuff them in chokey for five years, and that corporations can breach RIPA and no one will give a flying fuck.

    Fortunately, I can't see this position lasting long, there's to much for the opposition parties and the tabloids to get their teeth into. I mean come one, NuLabour allows big corps to trample over "terrorism"* legislation is a big stick with which to beat an already embattled Prime Minister.

    So, on with the fight. The failtrain is still en route, it's just delayed by red tape on the line.

    *I know, it actually has very little to do with terrorism, but no one tell the Daily Mail that just yet, eh ?

  10. Anonymous Coward
    Pirate

    A new RFC is needed ...

    Putting an MD5 hash for every page a server creates in the HTTP header. Clients could perform a matching hash, and if they don't match refuse to display the page. I'm sure Amazon and eBay would be thrilled to know customers were unable to view their pages because of phorm injected crap .....

  11. Anonymous Coward
    Heart

    This is great news, they've just made themselves liable.

    Anyone who has had any kind of response from the Home Office, hang on to it. Could come in handy as evidence. Now the Home Office are involved, they have brought the matter within the scope of a Judicial Review. Fatal error. We've just seen how Judicial Reviews feel about the government illegally granting impunity to private corporations in the matter of SFO vs BAE - and they do not like it.

    Didja know it only costs £100 to apply for a Judicial Review?

  12. Anonymous Coward
    Anonymous Coward

    We need something else

    huge letters in The Sun shouting:

    BT SPIED ON IT'S USERS

    That would be enough to stop that shit going. If all those unwashed start shouting government will not be able to just put a blind eye to it.

    My 2p.

  13. b
    Flame

    No reply from the home office

    I've still not had a reply from the home office about this.

    I'm genuinely at a loss as to why this is being ignored.

  14. GettinSadda
    Alert

    I have no words!

    There are no words that I can find that express how rotten this makes the the country look!

    I think I'll pack my bags and move to Zimbabwe - it's starting to look like they have a more moral and trustworthy government.

  15. Anonymous Coward
    Anonymous Coward

    Tow the line

    I wrote to my MP (Celia Barlow (Lab)) a few weeks ago to ask for her support against this technology. Her reply is below:

    "Phorm Programs, Open Internet Exchange (OIX) and Webwise are designed solely for advertising, and increased privacy settings. Phorm's ad serving technology uses anonymised data, and does not store any personally identifiable information or IP addresses. The use of OIX and Webwise is voluntary, and as a mother of 3 children, I too am concerned about privacy and monitoring their internet use.

    I have passed on your concerns to Michael Wills, Minister of State for the Ministry of Justice. I hope the Minister will be able to provide you with further information. I will write again once I have received a reply."

    According to theyworkforyou.com my MP tows the party line on all issues. So I would assume that the above text is consistent with Government feeling. It's nice to see that a new, and additional, method of intercepting private communication can increase privacy. I would have thought that was logically impossible but maybe that is why I am not a leader of people.

  16. dervheid
    Coat

    @b

    It's being "ignored" because;

    a) There's a LOT of money involved, and / or

    b) Someone (maybe more then one) senior in the Home Office / ICO / Ofcom / Media are in this up to their mucky little neck(s).

    Like you, I'm baffled why this hasn't hit the tabloids (see post above yours, then refer to 'b' above!!).

    Looks like a snoopers charter.

    We're all FUCKED!

  17. Anonymous Coward
    Thumb Up

    £100 for a judicial review? Please, where can I contribute.

    Yes. I am serious. Unlike our elected representatives.

    "Tough on crime, tough on the causes of crime".

    Oh yes. We thought he was serious too. Now we know better.

  18. Anonymous Coward
    Anonymous Coward

    dont forget florences latest email from Simon Watkin HO 15-04-2008

    Chris it need verifying OC, but dont forget florences latest email with permission from Simon Watkin HO 15-04-2008.

    http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-228.html#post34529144

    ill leave it to florence to post her views on this matter, as im sure she will be reading this latest news revelation.....as theres a link posted as always to your indepth coverage..

    shame the other news outlets dont get their purpose is to inform and investigate, not re-post pre-made PR stories to get the front page counts up....

    it seems though, Simon Watkin is on our side, and has been taken out of context by the ISP's, Kurt and the many Phorm/webwise PR teams to make their pimping users copyrighted datastreams for profit projects as profitable as possible.

    shame their piracy of user datastreaming piramid scam is falling through the floor looking at the latest market share prices ;)

    to reiterate, Simon Watkin makes it cristal clear:

    "Simon Watkin HO:it wasn't, and didn't purport to be, based upon a detailed

    technical examination of any particular technology. "

    "Simon Watkin HO:As much as we were saying was, that in relation to RIPA, we considered it

    **may** be possible for such services to be offered lawfully - but it all

    depends on how they are offered and how they work."

    "Simon Watkin HO:It's not a ruling. It's not advice. It's not a legal opinion. It's a view

    and - repeating myself - all it says is it **may** be possible for such

    services to be offered lawfully."

  19. Paul Gomme

    Don't know why we're surprised...

    This government knows nothing about data protection or protecting privacy. I'm one of 25 million people who had their personal details lost by the government, and have had one letter to say it happened (like we didn't know this already!). No apology, no compensation. And let's not forget about the other recent losses - all taken place without any basic security being applied to the data.

    Of course, I may be being totally cynical, but I'm sure ex-ministers sitting on BT's board won't have ANY bearing on the government's (in)decision to act...

  20. Oliver Freeman

    Pass the parcel

    Its good to see that the register is still on the case and its good to see lib-dem MP Don Foster is staying closely in touch with all that is going on. This ridiculous (deliberately obstructive?) game of pass the parcel between the ICO, Home Office, Police etc needs to stop. Potentially thousands of criminal offences have been committed in the secret trials of 2006 and 2007 and its time the Home Office did its job and moved to uphold the laws of the land.

    If they wont do so then maybe they can be so bold as to point us to a single parliamentary act that they passed giving either BT or Phorm immunity from prosecution? If they cant then they should damn well do what they are paid to do and instruct the police to launch a criminal investigation.

    In the mean time here is a link to a new term I have added to urban dictionary "terra-phorming":

    http://www.urbandictionary.com/defin...terra-phorming

  21. Anonymous Coward
    Go

    so what

    Targetted advertising - Sounds great. whats the big deal?? So they monitor your inernet use etc, only people with sometihng to hide would mind as far as I am concerned.....

  22. Eponymous Cowherd
    Black Helicopters

    Is anyone genuinely surprised........

    that a government that views tracking and spying on the people it is *supposed* to be serving as its most important function supports Phorm.

    The conspiracy theorist in me wonders if HM Gov views Phorm as a nice, convenient, way of spying on us that they don't have to pay (much) for.

    I also wonder if Phorm has been 'in talks' with HM Gov in just this regard.

    It would go a *long* way to explain the lack of concern about this from the Home Office and ICO and why BT and Virgin are pushing ahead with this despite the public's outrage.

  23. Alfazed
    Flame

    The last time we incubated anything

    It would appear that, if BT, or anyone else passed your information to another company without your knowledge or agreement, then your argument is with BT for breach of contract.

    So, why anyone with a choice in the matter still signs up for a BT service totally beats me. At the end of the day, you get what you deserve for not being more discerning in the first place.

    And if Virgin tries this caper, as was proposed, then my internet connection will be terminated, and it's back to POTS for this end user and my business, until legislation is evident that will protect my business from industrial espionage.

    Which is how I consider this little invasion of privacy by Phorm and BT.

    You know it, you are either trust worthy or you bloody well ain't.

    Alf

  24. b
    Go

    £100 for a judicial review

    Seriously? Where do we pay up?

  25. Anonymous Coward
    Anonymous Coward

    Write to MPs

    Write to your MPs again but this time put in that there is a local election coming up and if you don't do something about it instead of spouting the same crap as everyone else you won't get my vote.

  26. James Anderson
    Happy

    Dont vote for the b***ds

    This is typically Britsh. You moan and moan about the council, hte government the opposition your MP and then you vote them in again!

    Break the cycle! Vote against the status quo.

    This means NOT voting Labour or Tory and except in exceptional cases the dear old lib dems (they wont mind thye never expected annyone to vote for them anyway.

    My vote goes to the Monster Raving Loony candidate as being most representitive of my contempt for the current pretend democracy.

  27. Anonymous Coward
    Anonymous Coward

    >The government has refused to investigate [...] a breach of criminal law.

    Quite right, the police investigate breaches of criminal law.

    So, you phoned up the police and they said "Nah, can't be arsed.."?

    That suprises you? Never spoken to them before then?

  28. Eponymous Cowherd
    Flame

    Re: so What

    So why post as AC? What have *you* got to hide?

  29. Anonymous Coward
    Coat

    Time to 'police' ourselves

    I am not suggesting mob policing - just gently silent protests.

    For those who object to having their browsing intercepted - change ISP.

    BT's broadband pages are full of how they protect customers from AdWare - not true. Is this enough to invalidate their contract with you. I would argue the case if I were with BT.

    For webmasters - big warning messages for all BT IP addresses + any other addresses that are tied into profilers from anywhere in the world. I don't earn any income from USA visitors anyway so warn them all.

    The Sun will never do anything - look who pays for its advertising space.

    Not too sure who owns the local press - the reporters can't all be such fools (Weston-super-Mare excluded from this rant). Maybe they charge BT et al enough for advertising space to cover all the costs of weekly printing so dare not say anything that could risk that income.

    Next week I will see what I can get into the school's weekly rag. Even a circulation of 500 is better than none.

    The internet is more powerful than this - use it. Because some of us care and have not been blinded nor made dumb.

    Mine is the power jacket: power to the people.

  30. Spleen
    Flame

    Re: Ash

    Yeah, because protest marches worked for the anti-Iraq demonstrations and the anti-hunt-ban demonstrations, which I believe were the largest demonstrations in British history. Demonstrations do not work as an expression of opinion, only as a threat of violence, and British people, unlike, say, the French, aren't currently capable of the latter. This is because the government doesn't give two s---s about what you think, only about its survival.

    The good news is that BT and Phorm are private companies (in the narrow sense, not the share ownership sense), so unlike Iraq, we do at least have something of a say in the matter. Change your ISP, and if you don't want your website's traffic intercepted, block access from ISPs that use them.

  31. Joanne Connors

    EU time

    I'm about to email Viviane Reding, who is the European Commissioner for Information, informing her that the British Government are refusing to act in blatant cases of illegal interception.

    http://ec.europa.eu/commission_barroso/reding/index_en.htm

  32. Oliver Freeman

    working link...

    My link to the urban dictionary entry was borked. Doh. Heres a working one:

    http://www.urbandictionary.com/define.php?term=terra-phorming

  33. Fluffykins Silver badge

    Release the hounds

    For more detail see this site:

    http://www.hmcourts-service.gov.uk/cms/1220.htm

    Judicial review is the procedure by which you can seek to challenge the decision, action or failure to act of a public body such as a government department or a local authority or other body exercising a public law function. If you are challenging the decision of a court, the jurisdiction of judicial review extends only to decisions of inferior courts. It does not extend to decisions of the High Court or Court of Appeal. Judicial review must be used where you are seeking:

    * a mandatory order (i.e. an order requiring the public body to do something and formerly known as an order of mandamus);

    * a prohibiting order (i.e. an order preventing the public body from doing something and formerly known as an order of prohibition); or

    * a quashing order (i.e. an order quashing the public body's decision and formerly known as an order of certiorari)

    * a declaration

    * HRA Damages

    Claims will generally be heard by a single Judge sitting in open Court at the Royal Courts of Justice in London. They may be heard by a Divisional Court (a court of two judges) where the Court so directs.

    A fee of £50.00 is payable when you lodge your application for permission to apply for Judicial Review. A further £180.00 is payable if you wish to pursue the claim after permission is granted (Civil Proceedings Fees Order 2004).

    NB - If you are in receipt of certain types of benefits you may be entitled to exemption/remission of any fee due.

  34. Luther Blissett

    Corruption at BT?

    http://www.theregister.co.uk/2008/04/03/bt_phorm_interview/ - Stratis Scleparis left his position as Chief Technology Officer at BT to join Phorm after the 2007 trial. Public defence of BT's position is then undertaken by Emma Sanderson of BT Retail.

    Subsequently Ben Verwaayen (apparently much respected by BT insiders) resigns as chief executive. The BT board shoo-in Ian Livingston, formerly Finance Director - and old head of BT Retail.

    It has since been alleged that the trials of 2007, which were kept secret from both BT customers and BT support staff, were performed without a contract having been entered into between BT and Phorm; that at the time Phorm was still 121Media; that the results of the trial were used to populate Phorm's database.

    The allegations, if true, suggest at that persons at BT failed in due diligence over the 2007 trial, which may have been run without the knowledge of the BT board, and specifically the then chief executive. That data which is the property of BT may have been illicitly transferred to Phorm. That persons at BT may have conspired to act illicitly. That they may have been corruptly induced to do so.

    Will the competent authorities investigate these matters?

  35. Anonymous Coward
    Anonymous Coward

    tabloid comments

    I just hope if it does hit the tabloids it isnt represented in an untruthful manner, more lies about it will not help.

    To those of you that say its about whether you have something to hide, its not! If you believe everyone should be open about everything tear down your curtains and give all your neighbours binoculars to watch your every move.

  36. Anonymous Coward
    Paris Hilton

    Legal Begal my Ar*e

    So the government asks ISP's to help police the net, in exchange for ignoring them breaking the law with this new advertising scam, they all get rich and less P2P traffic on their networks cause they busy grassing us all up for crimes that have no pysical bearing on our society, Does Gorden Brown/labour ever think of anything else but the economy?

    Paris has more common sense then our MP's

  37. Ash
    Go

    £100 for Judicial Review?

    Why has this not been done already? £100 is hardly breaking the bank.

    Hell, i'd pay for it myself if I knew what it was and how to do it properly!

  38. The Jon
    Stop

    @so what - anonymous coward

    I know your post is flame bait, but once Phorm has invaded everything you surf, try explaining to your kids why they get adverts for viagra and hot milf hardcore gangbang on gamesmate because Phorm has skimmed these key words from your spam infested yahoo / hotmail account which you access once a week to clear down.

  39. Anonymous Coward
    Anonymous Coward

    European courts

    Not being spied on is a basic human right, there's a European Court of Human Rights. If the British government refuses to uphold the law, that's the next step.

  40. Anonymous Coward
    Anonymous Coward

    A variation of an old joke

    It’s a variation of an old joke: Tap the Internet connection of one person and you’re a nosey relative; tap the Internet connection of ten people and you’re an illegal private investigator; tap the Internet connection of 38,000 people and you’re big business.

    The government needs to get its act together, and fast. This harms customer confidence, which harms the economy. This harms the confidence of those outside the country looking to do business with us. If there is no way to bring BT to account, then every company across the country can, from today, start intercepting voice and data communications at will.

  41. David
    Black Helicopters

    When the music stops, you're the one who has to deal with phorm...

    What a surptise, this has been a whitewashing of concerns by every interested party. BT and phorm tell us this thing won't invade privacy, but give us conflicting reasons as to why not, at the FAQ session Simon Davies acknowledges that the big issue is legality, but then asks everyone not to talk about it, and now HMG (Who I've suspected always wanted this kind of access) won't take action on it.

    It's the ISP's responsibility to make sure they don't break RIPA? That may be, but it's sure as hell this governments responsibility to intervene when they do! This is farcical, if it had been a teenager downloading a few songs that the BPI had asked them to investigate then you can guarantee they would've been knocking down his bedroom door before you could say "hasty search warrant", but because it's the citizens (who MP's are supposed to represent) complaining against big business, nothing gets done! I guess we know who makes the bigger campaign contributions!

    PS, why no coverage of the phorm Q&A session?

    Helicopter because, well, look around.

  42. Eponymous Cowherd
    Happy

    And now the good news.

    Phorm's share price has plunged to 1275p.

  43. TrishaD

    @JonB

    Exactly so.....

    Cant be bothered with big business

    Cant be bothered with crime in the streets

    Cant be bothered to secure our personal information

    Socialism (you know, the sort of stuff the Labour Party used to believe in) used to run on the basis of 'Do what we tell you and we'll see you're looked after'. Like that or not, it was consistent.

    New Labour's version? 'Do what we tell you and we'll crap all over you anyway' .....

    But of course, resources of law enforcement agencies cannot possibly be diverted from essential tasks like shooting random Brazilians and safeguarding us from the worldwide Islamist terrorist movement, can they?

  44. Anonymous Coward
    Anonymous Coward

    @so what

    The only people doing the hiding is Phorm. They omit when ever they can to mention they wrote spyware and rootkits (under 121 Media).

    Since they have wrote rootkits and all sort of PC nasties, don't want these sort of people having access to all my online data. They made their money effectively from spyware.

    Phorm - just say NO!

  45. Eponymous Cowherd
    Alert

    Re:£100 for Judicial Review?

    The only way to beat Phorm is with *organised* protests and legal action. All of the current 'pressure groups' are no more than rant shops.

    What is needed is someone with PR skill and/or legal training to head up a *real* anti-Phorm organisation that we can support with real money. I would gladly stump up, say, £100 a month to fight this obscenity, and I'm sure many others would, too.

    Once you have an organisation with real power (i.e. money) then you can really lay into Phorm. Legal action, full page newspaper ads, mailshots to Phormed ISP customers, intense lobbying of MPs.

    Unfortunately I have no PR experience, little legal experience and absolutely no idea how to go about setting up such an organisation (would it be a charity?) Anyone care to step forward???

  46. Anonymous Coward
    Alert

    @Ash

    " Peaceful protest my left ass cheek; Through the doors and into the PM's private chambers, so he knows just HOW pissed off the informed public are."

    If you dont want to be nailed to the tower, you could always vent on an invovled companies property.. be that in there car park or on the side of a van...

  47. Fluffykins Silver badge

    Judicial review - How to apply

    See

    http://www.hmcourts-service.gov.uk/cms/1220.htm

  48. George Johnson
    Thumb Up

    As I have maintained all along...

    (Tin foil hat on and special flamebait shirt done up!)

    Most people use those bloody insidious supermarket loyalty cards, which in my opinion are the biggest excuse for a private company to gather personal information. TESCO, whom I believe have one of the largest customer spending habit databases in the country, but no one minds using the cards and getting their tiny little prize of a fiver off their shopping, at the end of the year do they? Before you start bleating about Phorm/BT, double check your wallet and make sure your shredding your waste paper too!

    Until Joe Public actually hears anything about this, this is simply going to be a big shouting match in a quiet little geek corner. Want to make a difference? Simply tell everyone you know who is on the internet in some form or other, that basically their credit info and personal details will sold off to some ad agency in about 6 months time, unless they kick BT/VM/TT up the arse to demand Phorm be removed ASAP. Oh and ask people to stop using those nasty little loyalty cards while you're at it!

  49. Andy ORourke
    Unhappy

    Oh Dear

    "The tribunal has no jurisdiction to investigate complaints about private individuals or companies unless you believe they are acting on behalf of an intelligence agency, law enforcement body or other public authority covered by RIPA."

    Do I read that right, Private individuals and companies are exempt from RIPA unless they are acting on behalf of a law enforcement agency?

    well, thats all right then, I thought they were breaking the law when all the time it didnt apply to them.

    I am moving house soon and going to change to one of the phorm free ISP's, once they go to phorm I'll move again until there are no more Phorm free ISP's.

    Make no mistake this is going to go ahead, too much at stake for the businesses involved to let it phail, mores the pity!

  50. Anonymous Coward
    Black Helicopters

    Royal Mail

    So the Royal Mail are allowed to open your post after all, as long as they are doing it to steal money from childrens birthday cards then it is allowed, as long as they are not a law enforcement agency... Who wants my vote? im giving in...

  51. Russell Howe
    Thumb Up

    @ AC - re MD5 hash

    Nothing to stop a man-in-the-middle (MITM) from rehashing the page and replacing the MD5. It'd have to be a cryptographically signed hash, but if you're gonna do that you may as well use HTTPS.

    Of course, SSL doesn't prevent you from attacks at the client or the server, so all they'd probably do then is slip adware into their standard software build which intercepted the decrypted SSL data at the client.

  52. davenewman

    Private prosecution

    Is it possible to launch a private prosecution of BT for breaking RIPA?

  53. Dangermouse

    Judicial Review? Anyone to step forward?

    Yes.

    Me.

    Am based in London, and I suggest that some of us meet to discuss tactics and get a proper strategy organised. I am also willing to get the Judicial Review sorted out of my own pocket.

    Anybody up for a meeting?

  54. Anonymous Coward
    Alert

    @Teabag 2000

    Perhaps you ought to point out to Celia Barlow, that a cookie with an ID number actually is personaly identifiable just like number plates are... they may both be random but they are both unique identifiers.

  55. Anonymous Coward
    Alert

    @ George Johnson

    how many ISP's do you have? are you in a contract to use soley one supermarket? your analogy is flawed. Phorm is worse than loyalty cards.

  56. Anonymous Coward
    Anonymous Coward

    TESCO ... spending habit databases

    1. The clubcard scheme is opt in, even if you are opted in you if you don't want to be tracked for a particular purchase (those dodgy Private Eye purchases) you just don't give them the card.

    2. They pay you for the privilege.

    >ask people to stop using those nasty little loyalty cards

    If they want to make a note of everything they purchase and sell it to Tesco or Sainsbury or Debenhams or whoever, that's their business.

    The problem with phorm is the opt-in.

    I actually suspect that once this is all set up and ticking along nicely, phorm'll start sending out 5 times the data for the non-phorm-id'd adverts thereby making a phorm sign up much quicker online.

  57. Eponymous Cowherd
    Thumb Down

    Re:As I have maintained all along...

    @ George Johnson

    First off, I don't have a loyalty card. I'm well aware of what the likes of Tesco use them for and refuse to have anything to do with them.

    But even supermarket loyalty cards aren't as evil as Phorm.

    You have to apply for a Tesco card, you are given Ts&Cs to read if you want, so there *is* informed consent. Phorm doesn't give you that.

    Tesco pay you to use their card. Sure its peanuts, but that's more than you get for being spied on by Phorm.

    Tesco can only track what you *buy* from *Tesco* stores. Phorm can track you everywhere on the WWW and track everything you do short of when you switch to SSL to make the payment. Browse TVs on the Argos site, then go to the Currys site, then, maybe Amazon. Phorm will profile you across *all* of them. Can you imagine the outcry from Morrisons if Tesco found a way to track what customers were looking at on their shelves, yet that is exactly the service that Phorm will provide it its partner sites.

    No, Phorm is several orders of magnitude more evil than supermarket loyaty cards.

  58. Anonymous Coward
    Black Helicopters

    Secure Proxy?

    I might be missing something here, maybe it is so obvious that it has been overlooked or it is so unworkable that it has been discarded.

    If Phorm doesnt profile HTTPS connections is there a secure proxy and would this then provide a clear gateway to the internet since you would use the secure proxy as your initial point of call and then all other traffic comes back to you via the proxy.

    Workable? possible? Stupid?

  59. colin stone

    Home Secretary Webchat

    hi lets start the protest now

    go to

    http://www.number10.gov.uk/output/Page15259.asp

    and ask the question to our lazy home secatetary. FORCE her to answer by flooding the system with questions

  60. Damian Gabriel Moran
    Unhappy

    so I can set myself up as a business

    and then intercept people's web traffic and the government/authorities will not do a thing? Sweet!

    But hang on, wasn't there a bit of a fight to hear what MP's are claiming on expenses and yet my spending habits can be up for grabs without my consent?

    Funny how it seems to be okay for one and not another

    IHTFP

  61. Anonymous Coward
    Pirate

    ~Forum~

    @ dangermouse et al..

    If you want to move the discussions onto a forum, How about www.badphorm.co.uk? its free.

  62. Alasdair

    Easy now Chris

    "Liberal Democrat shadow culture, media and sport secretary Don Foster 'blasted' the Home Office's brick wall stance today."

    careful Chris. Otherwise you'll be using words like 'actually' and 'basically' in your reports, like ITV.

  63. Eponymous Cowherd
    Thumb Up

    Re: ~Forum~

    Will sign up.

  64. N Silver badge

    BT sucks anyway... so why stay

    BT is crap anyway, you dont have to use them.

    if you use BT as your ISP then move elsewhere & state this as the reason for leaving

  65. Anonymous Coward
    Anonymous Coward

    bits to keep in mind for the future...

    AC:"The government needs to get its act together, and fast. This harms customer confidence, which harms the economy. This harms the confidence of those outside the country looking to do business with us. If there is no way to bring BT to account, then every company across the country can, from today, start intercepting voice and data communications at will."

    lets not forget the http://www.theregister.co.uk/2008/03/12/mobile_phom/

    Qualcomm buys into Phorm-alike firm

    Data gathering on the hoof

  66. Anonymous Coward
    Anonymous Coward

    Jaqui smiths live webchat is now on please go post i already have

    http://www.cableforum.co.uk/board/34530859-post3815.html

    "Bonglet

    cf.addict

    Join Date: May 2007

    Posts: 167

    Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

    --------------------------------------------------------------------------------

    Jaqui smiths live webchat is now on please go post i already have .

    http://www.number10.gov.uk/output/Page15259.asp "

  67. HeavyLight
    Thumb Up

    @Dangermouse

    re: Judicial Review? Anyone to step forward?

    Recommend you read the (end of the) relevant Phorm thread on the CableForum website: http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html

    You'll find support, advice and probably others who'll be glad to work with you to launch the legal challenge.

    Thanks for taking a lead!

  68. Andy Enderby
    Thumb Down

    hmmmmm.......

    I wonder if they (Phorm) have made any political donations recently......

  69. Neil Greatorex
    Coat

    @ ~Forum~

    We don't need a forum, the only people reading it are the people who have been directed there from El Reg. We are already, to quote Andrew Orlowski, an "echo chamber".

    We need wider discourse; tell your friends, neighbours, guy down the pub. Most of us here, correct me if I'm wrong, look after the computers of family, friends & neighbours. Tell them! Explain the insidious nature of this poxy Phorm/BT plan to pimp their data. Explain that it really isn't "Enhancing their browsing experience" etc. et bloody c.

    Forget The Sun, get the discussion into the pages of the Daily Wail, Torygraph or Grauniad, that might wake up enough harpies, blue rinse brigade and "Disgusted of Tunbridge Wells", to make a real noise :-)

    Mine's the one with the "Kick me!" sign on the back :^)

  70. Anonymous Coward
    Alert

    re: Home Secretary Webchat

    very quiet on the phorm questions so far and Im asking....

    http://www.number10.gov.uk/output/Page15259.asp

  71. Shabble

    Spooks go private

    "It is important to remember that private companies such as ISPs are allowed to do certain things under section 3 of [the Regulation of Investigatory Powers Act] that Law Enforcement Agencies cannot do without permission."

    So, companies are allowed to do things that the Government can't do when it comes to monitoring network traffic. Hmmm - so, the Government allows BT to monitor customers' traffic without permission from either a judge or the consumer themselves... now, what if BT just so happens to spot someone is looking at anti-democracy websites and they, purely out of civic-mindedness, decide to inform the police?

    Voila! The State secretly gets to find out who's reading/saying what on-line without having to conform to annoying 'principles' such as human rights or judicial process.

  72. Bobby
    Stop

    An Absolutely BIZARRE UK Government

    When your trusted ISP illegally subcontracts out 36,000 user accounts in secret to a known spyware merchant and tries marketing these actions afterwards as an enhanced privacy policy called Webwise then this must be the most bizarre internet event of all time.

    Even more bizarre is the government in discussion with these hackers to allow them permanent access to all our private internet transactions thereafter.

    Is this really happening here in the UK?

  73. Luther Blissett

    @TrishaD

    > "Can't be bothered " [sundry grumbles snipped]

    It's not that nu labour can't be bothered - Bliar's ceaseless endeavours for an invasion of Iraq show they can perfectly when they want to - but that, of governing parties, New Labour has never run an empire. Just as the little englanders of recent times have passed into the hyperreal as tory-voting caricatures, so they are replaced by the nu labouring little-englanders in the real. And just as the old ones were genuinely nostalgic for a lost real empire, so the new ones feign nostalgia for an empire in the hyperreal.

    We might call them the little Wozards of Is.

  74. Anonymous Coward
    Alert

    @Neil Greatorex

    So you dont believe in coordination then. perhaps you ought to be commenting into AO's shell like then no-one will hear you either.

  75. Anonymous Coward
    Alert

    Jaqui Bloodyuseless Smith...

    On Saturday the ISP Pettition will be the 5th most signed current petiton on the downing street Petitions website and somehow Jaqui managed to selectivly avoid answering even one of many questions about phorm, I guess that is called moderation.

    FOI request anyone?... a quick bit of research should reveal whether the questions answered reflected the questions asked.. or if moderation was used!

  76. Anonymous Coward
    Anonymous Coward

    Warning messages for people I rather like that response

    Not only could sites be changed for BT, Virgin Media, and Talk Talk, they could also be changed for the entire IP ranges that the civil service, military and government uses. That may very well drive the message home.

    And hey why don't we share all their browsing habits amongst ourselves, whilst we are at, could build quite an interesting profile.

    I have quite a few domains I am willing to do this with, they have a fair amount of traffic, if people are interested I will post a guide on how to do it with apache.

  77. Anonymous Coward
    Happy

    Virgin Media email just received

    "Your stuff's in safe hands

    Protect your PC from internet nasties with our free PCguard internet security - a must-have for keeping all your private details safe. If you haven't downloaded it yet, get it for free right now! "

    How ironic!

    John

  78. Anonymous Coward
    Anonymous Coward

    re: Home Secretary Webchat

    Ignored the phorm stuff, my, what a surprise.

    This is why no-one votes anymore.

  79. Jimmy

    BT loyalty card?

    Trying to equate supermarket loyalty cards with the sinister, covert profiling operation envisioned by Phorm and its partners simply won't stand up.

    Tesco, for example, have an unequivocal opt-in policy: don't accept the card and your shopping habits won't be profiled. Those who choose to opt-in enter into an agreement with the store whereby they receive financial benefits in return for allowing their purchasing habits to be analysed. I don't have a loyalty card through choice, but none the less it seems like a fair and equitable arrangement for those who do sign up.

    Contrast this with the activities of BT which has carried out a massive, and probably illegal, covert surveillance operation on its own customers. BT loyalty card, anyone?

    However, let's give credit where it is due. Stand up Tony Bliar and Gordon Brown, the architects of unregulated businesses and financial institutions. (Or as the spin meisters call it 'light-touch regulation'.) Well, that fucking works, doesn't it, guys. Credit squeeze, housing market in freefall, collapse of major bank, political intervention to stop an investigation into BAE corruption and now a blank cheque for all their corporate partners to spy on UK citizens.

    Enough with the snake-oil salesmen. Vote for any party other than NuLabour or the Tories.

  80. Graham Wood

    Home Office (in-)action

    I've been emailing them to try and find out who to make my complaint to... And since (from their own analysis of the RIPA, my willingness to share the e-mail with the world is enough to make it legal) I include it here (any typos are theirs, this is a direct c&p):

    Thankyou for you email related to Targeted Online Adverts. As you point out the issue is split between data protection, which is the responsibility of the Information Commissioner's Office and interception as defined by the Regulation of Investigatory Powers Act 2000 (RIPA), which is the responsibility of the Home Office. You are therefore correct to say that the Home Office is responsible for RIPA legislation. RIPA is primarily about how state bodies; such as the police, local councils the security and intelligence agencies, conduct some of their investigatory functions. RIPA exists to provide a statutory basis and operating framework for the Police and other law enforcement bodies to interfere with an individual's right to privacy for instance during the course of an investigation. An independent body exists to deal with complaints about breaches of RIPA in relation to the police or other State investigatory bodies.

    The Home Office published a view http://cryptome.org/ho-phorm.htm based upon its understanding of targeted online advertising, specifically related to Phorm. It is important to add this is not a legal opinion, which only a court can give. This is the written response that has been supplied to Phorm and that which is mentioned in the Information Commissioner's statement. As mentioned in the view, there is the

    possibility that a communications company can lawfully intercept communications. That is not to say whether or not that has happened in this case, it is for the communications company to ensure that they are compliant with the law.

    ----

    My reply included stating that from their own analysis (that they refered me to in the second paragraph) the trials in 2006/2007 were illegal - and again repeating the question of who I can make a complaint to to get it investigated... Will update if/when I get a reply

  81. Neil Greatorex
    Coat

    @ By Anonymous Coward

    Ummm, what do you think I was trying to advocate then?

    It's pretty pointless the same 47½ people just shouting louder & louder _at each other_

    "Kick me" has been replaced by a target, cunningly entitled "Aim here, but only fire if you stopped reading before the end of the first sentence"

  82. Anonymous Coward
    Anonymous Coward

    @ shabble

    "

    "It is important to remember that private companies such as ISPs are allowed to do certain things under section 3 of [the Regulation of Investigatory Powers Act] that Law Enforcement Agencies cannot do without permission."

    So, companies are allowed to do things that the Government can't do when it comes to monitoring network traffic. Hmmm

    "

    were are you getting your first quote from shabble, yours is the only reference on the page.....

    if your trying to say thats your Opinion, then your wrong, NO companys are allowed to break the law, if its in RIPA or any other legislation and its not on the exclusion list that they cant do it , end of story......

    the fact they have.., and jacui has done jack about it tells you lots... not least id it were anyone other than BT that wouldnt have been left so long unresolved.....

  83. Dangermouse

    Taking a lead...

    I have just joined www.cableforum.co.uk under Dangermouse so if anyone is interested in my previous offer and meeting up in London, then email me through that site and we can get something arranged.

  84. Sam
    Thumb Up

    @Dangermouse

    Godspeed.

  85. 3x2

    RIPA

    <..>The Home Office refused to say where people can go to report that they believe they have been illegally eavesdropped upon by a company.<..>

    I suppose it all depends on who's traffic you intercept ...

    http://www.theregister.co.uk/2006/08/10/royal_phone_tap_charges/

  86. Anonymous Coward
    Anonymous Coward

    IP Numbers

    MOD is quite easy they are 25/8

    The others are harder to get and look like there are huge blocks assigned to them, but they are gapped.

    Another approach would be to allow the search engine bots the normal entry, and just deliver a Phorm awareness page to everyone else.

    That way Phorm and the companies involved would not profit from the high search engine exposure. Whilst a more detailed IP mapping list was compiled. There are quite a few databases out there, and some coordinated whois on traffic would reveal the blocks over a short time if people pooled the results.

    Getting the list of IP numbers allocated to the UK should not be too hard.

    Someone may already have done a lot of the leg work and be willing to share.

    The search for these numbers and ranges begins at http://www.iana.org

    There is also GEOIP that could help in targeting the main datacenters that the three ISPs use.

    http://www.irnis.net/soft/xipl/ is a windows tool that also helps with geographical location.

  87. Anonymous Coward
    Anonymous Coward

    VM exit strategy?

    I'm a Virgin Media cable customer, and I only have a cable connection into my house. If VM go with Phorm I would have to sign with BT as my ISP for 12 months just to get an ADSL connection, before I could finally switch to a non-scumbag ISP.

    I appear to be royally screwed - the only way I will be able to escape Phorm will be to use mobile internet. I feel very let down by the government - their position is so bizarre I can only assume there is something underhand or corrupt going on. Ms Gisela Stuart (my MP) won't be getting my vote next time.

  88. Anonymous Coward
    Flame

    I hate this bloody government

    I remember being rather happy that day in '97. If only I'd known then what I know now. Taxed to hell; economy heading down the toilet; massive national debt; privacy a thing of the past; freedom rapidly being eaten away; health service up the creek; illegal wars; students screwed by massive debts; total incompetence about anything IT; the list goes on. Add to this, the turning a blind eye to corporate law breaking such the Middle East arms bribery scandal and now rampant privacy invasions by BT and proposed privacy invasions by all and sundry.

    I thought that horrible old witch and her cronies were bad back in the 80's but they were nothing compared to this lot. What's worrying is that I can't make up my mind whether they are just incompetent or servants of evil whose purpose is to screw up society so much that it will be easier for Satan to harbour in the apocalypse.

    Flames ? Because we're all doomed to die in Hell's before long.

  89. Anonymous Coward
    Black Helicopters

    PHORM Investers scamberling for cover

    I presume that the goverment are deliberately stalling to allow all the no morals fat cats to get their money back before the axe drops.

    These fatcats invested in a dodgy company and should have to take the loss, however the system in this country always uses taxpayers money to save the scum, see LLoyds names, northenrock etc

    I think that the gov will get it stuff together eventually once all its mates are out and clear. I wonder if the Pat Hewitt/BT deal had anything to do with the gov's unwillingness to deal with this crime in a timely fashion see http://www.theregister.co.uk/2008/03/13/hewitt_joins_bt/

    Godd investment their BT buy yourself a politition avoid prosecution, more and more like the US everyday

  90. Anonymous Coward
    Anonymous Coward

    lol

    I told y'all before

    Government want to profile everyone so they'll ignore it

    Law enforcment want to profile everyone so they'll ignore it

    ISP's and Telecos want money back so they'll install it

    Advertisers want better guarantees on their ads so they want it

    Corporates want to sell stuff so they want it.

    The sheeple are all to thick to understand what precedent even means let alone spot them.

    The last remaining few of us who have brains and sense don't count. So we should just give up and accept getting spied on until we can escape this dump and go somewhere that's at least obviously a totalitarian hell hole, how does Zimbabwe or China sound?

  91. dervheid
    Boffin

    From The Home Office Website...

    This is a bit long winded, but I Think it's rather salient.

    Or go to http://security.homeoffice.gov.uk/ripa and follow the links on the left hand table.

    "Interception

    Use of interception

    Interception is strictly regulated to ensure that its use is proportionate to the activity it is deployed against and in circumstances when required information can’t reasonably be obtained by other means.

    Who can use interception?

    Intelligence services, the police and other law enforcement agencies such as HM Revenue & Customs can use interception if they have a warrant signed by the Secretary of State."

    "Communications data

    Obtaining and disclosing data

    A strict necessity test must be passed before any communications data can be obtained.

    Who can obtain communications data?

    A range of public authorities can lawfully obtain communications data, including:

    law enforcement agencies - such as the police, the Serious Organised Crime Agency and HM Revenue & Customs

    emergency services – such as ambulance services, fire authorities and HM Coastguard

    other public authorities – such as the Financial Services Authority and the Department for Transport

    ‘Authorisations’ to obtain communications data are granted by a ‘designated person’ within each of these organisations. Parliament has specified different levels of seniority required to be a ‘designated person’ for different public authorities. For example, the police ranking required is primarily ‘Superintendent’ and for ambulance services it’s ‘Director of Operations’.

    All authorities with permission to obtain communications data do so in accordance with a code of practice, and all activity to obtain communications data is independently monitored by the Interception of Communications Commissioner who reports to Parliament annually.

    Permission to obtain communications data

    A designated person may only grant an authorisation to obtain communications data if they consider it necessary, proportionate and for a reason available to their public authority whether relating to:

    the interests of national security

    the interests of public safety

    protecting economic well-being of the UK

    protecting public health

    preventing or detecting crime or preventing disorder

    preventing or mitigating death or injury or any damage to a person’s physical

    or mental health in an emergency

    assessing or collecting any tax, duty, levy or other charge payable to a government department

    assist investigations into alleged miscarrages of justice

    to identify a person who has died or unable to identify themselves because of a condition not attributable to a crime and to obtain details of the next of kin of such a person or to gather information about the causes of their death or condition

    Obtaining the data

    The designated person may give notice to a communications service provider (CSP) requiring them to disclose specific communications data or grant an authorisation to officials to acquire specific communications data.

    Where notice is given, the CSP must comply with the notice within a reasonably practable time and supply data where it is reasonably practable to do so.

    If a CSP fails to disclose the required communications data then the Secretary of State may take civil proceedings against them, which may result in the issue of, inter alia, an injunction which would have the effect of compelling the provision of data.

    A notice must immediately be cancelled if the reasons for which it was granted are no longer valid."

    Don't see ANYTHING about corporations, companies or private individuals being permitted to do ANY of the above.

  92. Graham Wood
    Thumb Up

    @"VM exit strategy?"

    There is no need to go with BT as an ISP first - they will give you the line without needing you to take broadband with them.

    If you don't want to deal with them at all, then there are companies like AAISP that will provide you with a phoneline through BT without you needing to actually deal with BT ever.

    Not as good as not using them at all (since they still get your custom, albeit indirectly), but possibly better than actually dealing with them directly.

    Just wish BE would do that. ;)

  93. Robin Weston

    @VM exit strategy

    You're safe - I had just cable at my abode and told them to phuck off sometime ago, called up BT, got them to put in a phone line.. once it was in I went to o2 for my broadband after first getting an assurance that they aren't going down the same road. (I'd advise it's important for everyone to ask this to make sure they know how many people feel strongly enough to leave if the shiny penny is too tempting).

    Granted I have a 12 month tie in with BT for the phone, but paying by DD and managing bills online keeps this to a minimum. The phone's not being used until such time as I can move the calls to someone less nefarious.

  94. Anonymous Coward
    Alert

    Other Isp's Secret Trails?

    Have any of the other isp's signed up with phorm other than bt came out and said they have never undertaken any secret trails?

    i had really weird goings on with my machine on virgin media in may of 2007 same rough date as the bt trails were admitted too, and going off what dr clayton said at the meeting in london earlier in the week - a penny sort of dropped that issues he was describing could happen with the system were the sort of issues that were happening to me at the same time.

    I of course post this with my tin hat on for flak obviously but i cant seem to find any statments from talk talk or virgin media denying that they undertook in any sort of trials that bt did.

    Any links to comments made about this issue from the relevant isp's to set me straight on this matter would be most welcome.

  95. Anonymous Coward
    Anonymous Coward

    Why we love to hate lawyers

    This situation is precisely why we in the US love the trial lawyers we hate. The downside is numerous silly and annoying lawsuits that defy common sense. However, the upside is that if the government decides not to do something, the civil law can be employed. While we aren't able to put the SOBs in jail, we can nick them for multi-millions which hurts them almost as much -- especially if it causes usually sleepy corporate boards to chuck the CEO out and cut off his country club membership. Except of course when the government decides to actively shield their buddies, as with the telco wiretapping lawsuits in progress -- but they haven't won that one yet. It is fortunately harder for government to do something (immunize their buddies) than do nothing (refuse to investigate).

  96. Anonymous Coward
    Anonymous Coward

    Click throughs...

    Phorm get paid due to click throughs, advertisers pay this because they perceive it means traffic is coming to their site.

    So what if they had to contend with millions of click throughs?

    What's required is a set of scripts doing a "click-through" on phorm delivered ads, thus devaluing the advert because the massive "traffic" is no longer people...

  97. The Other Steve
    Flame

    @AC wrt lol

    "Government want to profile everyone so they'll ignore it

    Law enforcment want to profile everyone so they'll ignore it"

    Those two (at least) are specious. Neither the security or law enforcement services have any need for Phorm to help them with any kind of data surveillance.

    I don't for one moment imagine that "the government" are in league with Phorm, it's just that they are a)busy, b)incompetent and c)pitching a huff because we're taking them to task over something that they don't understand. Oh, and they don't like us very much because of a widespread arrogance that delivers statements like :

    "The sheeple are all to thick to understand what precedent even means let alone spot them."

  98. Suburban Inmate
    Flame

    You are what you buy.

    I'm sick of hearing all this "If politicians were competent.... blah blah".

    They ARE competent! Look at how quickly and efficiently the United Kingdom's infrastructure, economy, land, education, media, etc have been opened up to a massive corporate feeding frenzy. Incompetence just happens to be a very very good excuse. They have no reason to care about "us". It's not like we can choose how they spend our taxes.

    OK back to corporations*, and specifically BT. If you don't like their product, go elsewhere. If you dislike America, don't buy their wine/cola/cars/films/news/etc. I don't. That's that sorted, right? Right. Buy ethical/sustainable products at twice the price, economically self-punish yourself, and more profit margin for the retailers!

    And as for the Phorm guff, it's a private network, what right do people have to privacy of communication across it? Use encryption or put up and shut up. Seriously, if you don't like BT (and believe me I don't after just recieving a demand for about 80 quid for a line and number I cancelled in September!) move to a telephony provider that doesn't use LLU or resell BT ADSL, and therefore BT will not profit. Such as Virgin or.... errrr.... Virgin. If you're lukcy, and if they're any good for you. Maybe.

    OK those that can't/won't move to Virgin set up a No. 10 petition, cos that's the way to make things happen: ASK for it! Because the ability to ask for something makes a democracy. Just like the orphanage that Oliver Twist was priveliged enough to attend.

    Hmmmm... Maybe we are all rogered after all! Lucky I saw all this coming years ago and made plans, so I'm sorted no matter how bad things get! Now I've been a smug little shite and also suggested a way out of this quagmire for those caught up in it. Mission accomplished! Heh.

    - S~I

    * An extract from the film "The Corporation". Marc Barry, Author, Spooked: Espionage in Corporate America:

    "In 1998 I was invited to Washington DC to attend this meeting that was being put together by the national security agency called the Critical Thinking Consortium. I remember standing there in this room and looking over on one side of the room and we had CIA, NSA, DIA, FBI, Customs, Secret Service, and on the other side of the room we had Coca Cola, Mobile Oil, GTE and Kodak. And I remember thinking, I am in the epicenter of the intelligence industry right now. I mean, the line is not just blurring, it’s just not there anymore. And to me it spoke volumes as to how industry and government were consulting with each other and working with each other."

  99. Herby Silver badge

    Strategy: Call it what it is!

    Wiretapping is wiretapping no matter what the purpose. It is the same as opening up the mail to see what you get/send. So:

    PHORM is WIRETAPPING!

    and by inference:

    BT is WIRETAPPING!

    Carry on!

    Thankfully here in the USA they haven't tries this junk yet. If they do, I'm going to be the first to call up the media. There are several radio people who have "consumer" talk shows who will be interested!

  100. XB

    The Police seem to have investigated RIPA based complaints before.

    Its ridiculous the police are refusing to investigate this they must have conducted investiagations based on RIPA in the past. I seem to remember a case of some waste company that was illegally wire tapping the phones in a village near them to scupper some campaign against the company organised by the locals.

    http://news.bbc.co.uk/1/hi/uk/6767019.stm

  101. Outsider
    Black Helicopters

    Home Office talking rubbish

    RIPA is very short and sweet on nterception without a warrant...very short indeed.

    It is also very short and concise on who can bring a prosecution under RIPA.... very concise indeed

    Anyone CAN bring a case under RIPA but under Section 1 subsection 8..

    No proceedings for any offence which is an offence by virtue of this section shall be instituted—

    (a) in England and Wales, except by or with the consent of the Director of Public Prosecutions;

    (b) in Northern Ireland, except by or with the consent of the Director of Public Prosecutions for Northern Ireland.

    Pretty open and shut there then....if the DPP consents to proceedings they can happen.

    Basically RIPA was worded to make sure Joe Bloggs couldn't take HM Government to court for breaking it.....but it also means that HM Gov can protect plc's.... now why would they do that????

    Methinks the technology BT tested may do more than just serve ads

  102. Wayland Sothcott Bronze badge
    Black Helicopters

    Re: Is anyone genuinely surprised........ By Eponymous Cowherd

    Well Jaqui Smith is the Home Office! The same Jaqui Smith who proposed stopping paedos using Bebo by registering their email address with the police. Obviously that would not work, but think what Phorm could do for that idea.

    Do you think that Phorm could actually stop someone visiting a particular website using their BT ISP connection?

    It looks to me as if Jaqui was counting on Phorm to make her paedo blocking ting work. Obviosuly switching ISP's would carry a 5 year prison term. Also long term Phorm would become law. Like having a government official sitting at the back of the school classroom or a government official on the staff of every news paper and radio station.

  103. Mike Richards Silver badge

    Sell! Sell! Sell!

    Phorm's share price is a delight to behold. Whilst the FTSE 100 has pretty much moved sideways in the last few months, Phorm is now trading at about 1/3 of where it was in early March. Clearly investors don't have much faith in the brave new world of Webwise.

    Long URL approaching:

    http://www.iii.co.uk/investment/detail?type=&display=chart&code=cotn%3APHRM.L&it=le&timeframe=6m&index=li%3Acotn%3AUKX.L&versus=&linetype=line&Go=Plot+&overlay=&overlay2=&overlay3=&overlay4=&indicator=&indicator2=&indicator3=&indicator4=&chartwidth=500

  104. Anonymous Coward
    Stop

    What if...

    What's the score if you have a typical family setup, where parents and children share a computer. Maybe Ma and Pa like to look at adult oriented web sites after the ankle biters are in bed. Are the little darlings going to be bombarded with adult oriented advertising the next time they login to their favourite ad-sponsored kiddie websites?

    I hope not.

    Most of the 'family PCs' I see have a single login, because the grown-ups can't be bothered (or don't know how) to configure separate accounts for everyone in the family. OK, so they *should* keep things separate, but it doesn't happen. Phorm ain't gonna know who it's serving up 'targetted' ads to, even if it can identify the computer by cookie, ip, whatever.

    Not for me thanks.

  105. Anonymous Coward
    Black Helicopters

    Why the government will not act.

    In the good old days there was the British Post Office running the phones. Every month, a certain number of randomly selected phone lines were monitored for quality and engineering research purposes by GCHQ. The random selection could, of course, be slightly less than random if there was a good reason.

    All this was nice and cozey with the government owning the BPO and BPO employees signing the official secrets act.

    Let us suppose that this still goes on today even though BT is not government owned. This would mean that the government and BT are breaching RIPA every day. Would it be sensible for the government to start investigating BT for breaching RIPA? I think not.

    The government will not act against BT or PHORM. The only hope is for users to implement countermeasures when the system comes into use. The main aim of the countermeasures would be to bring the validity of the collected data into doubt so that nobody would want to buy it or act upon it.

    If PHORM uses cookies, then write scripts to modify the cookies every hour or so. Offer the scripts free of charge to anyone who wants to protect themselves.

  106. Anonymous Coward
    Anonymous Coward

    Can't prove it now but...

    During a period of unemployment in 2006 I remember trying out ethereal for the first time on one of my PC's. I noticed some strange IP addresses in the log and I thought I had a Trojan. After many, many checks and please bear in mind I am ultra cautious regarding spy-ware and I lock my PC down pretty well, I found nothing untoward after countless hours of checks to my PC. I didn't understand it and I shut down the PC until the next day so as to 'sleep' on it as it was very worrying. Something was happening that was very strange.

    When I tried ethereal over the next few days the strange IP addresses seem to have gone and subsequent checks showed nothing.

    When I saw the news reports about BT tests on the TV (two weeks ago?) staring Stephen Mainwaring, one of the IP address names in the report seemed somewhat familiar to the one I remember seeing.

    I can't be absolutely certain as I no longer have the saved dump and I am acting on memory, but maybe Virgin Media are keeping one of the nets best kept secrets and is allowing BT to take all the flack.

    Either that, or I did have a root-kit or I just couldn't find a Trojan and it decided to disappear of its own accord?. Incidentally, I have removed the like off countless PC's of others who have sought my help and I have never reached a dead end of that sort before. I wish it had turned up again the next day so that I could have tried a few more things.

    One thing for certain. The phorm dns name on the TV did look very familiar in my mind and I never ever had any problems on my PC afterwards despite regular countless checks, due to my paranoia, using every reputable spy-ware package under the sun and of course ethereal.

    Have Virgin Media ever offered a statement that denies that they have ever had similar tests performed to that of BT.

  107. Anonymous Coward
    Anonymous Coward

    At last everyone is realising....

    that it is all one big illusion and the poor old man on the street does NOT have any rights whatsoever. I have been thru the wringer myself already and can tell you from that experience that there is an unseen code of conduct between the Courts, the Authorities such as Police and a few others and if they want to stop something in its tracks then they can easily telephone their friends and do whatever they like !!. You see what they rely on is the old "it cannot be true" and as 99% of people never need to use the "system" to obtain Justice they never come to know how corrupt it actually is. I could give many examples but I wont bore you with it, save to say that not long ago Met Police were meeting secretly with Judges to discuss various cases. THAT is a known fact, known to some lawyers.

  108. Nic

    Profiling

    In the Data Protection Act, personal data is defined as meaning "data which relate to a living individual who can be identified(a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.

    They key point to note is (b). If there is a means by which supposedly anonymised data can, with other data likely to come into the possession of the data controller, be traced back to an individual, then that supposedly anonymised data is personal data and therefore subject to the provisions of the DPA, which requires the consent of the individuals to whom the personal data relates.

    Since IP addresses and user account details are certain to be "in the possession of" BT, they can hardly claim that their actions do not contravene the DPA.

  109. Anonymous Coward
    Flame

    @"If phorm uses cookies" (19:46) (cookie confusion ongoing :()

    I'll try to put this politely (again) because apparently it's not yet universally understood: the cookies are irrelevant, the monitoring and analysis goes on regardless of the cookies, all the cookies do is turn on/off the delivery of extra-customised ads.

    Imagine a Royal Mail subcontractor opening and reading all your non-encrypted post, and storing details of the "anonymous" information they are reading. They use this "non personal information" (!) to deliver "better targeted" direct mail adverts (for which service they are taking money from the advertisers), while at the same time they are time telling you, the Royal Mail user and customer, that the mail-opening "service" improves your privacy.

    Oh, and the Royal Mail trialled the service without telling you, and mail interception was illegal then and now, but they've done nothing illegal.

    And Royal Mail's CTO left to work as CTO at LetterOpeners'R'Us.

    But if you want to "opt out", a Post-it(tm) on your letterbox (a cookie in your web browser) tells them not to deliver the custom ads, just the routine ones. Till it gets removed.

    That's the way Phorm works, except it's BT not the Royal Mail, and it's web traffic not hardcopy mail.

    Comfortable with that?

  110. John Watson
    Stop

    Can sort of prove it

    I have similar reservations of the poster above about virgin media running secret trials and not issuing any statment that it has not done similar trials.

    but my period of discomfort would be from roughly may 2007 i could dig up my call records to virgin media at this time (they would also have the logs of my time on to technical support) and posts i made about issues are documented about the problems i was having on forums which have a timestamp and date to further back me up.

    Would love to hear from anyone confirming if vm have said they have not conducted in any way any sort of secret trial.

  111. anonymous sms

    Labour's utter contempt for the rights and wishes of the voter.

    How many top Labour politicians are going to receive cozy directorships when they loose the next general election?

    How many spineless backbenchers are going to regret they didn't speak out more in the defense of the rights of the electorate?

  112. Gary

    Great

    So,we are right back where we were in the 70s,80s and early 90s. Plod subcontracts to a private company and no one gives a shit! Same as how they would subcontract tracing agents to find people who they REALLY wanted to "speak to" and "private investigators" to install monitoring devices (Oh all right then, bugs!) in target adresses. Now where did I leave all those cryptographic articles ansd user manuals------

    Gary

  113. RW
    Alien

    An alternative explanation

    First of all, remember the adage "never attribute to malice that which can be explained by incompetence."

    Second, consider one of the great management vices of the late 20th century, continuing into the third millenium: a profound distaste for ever being seen to have made a mistake, large or small. Institutional paralysis results, as the only criticism that can then result is that of indecisiveness -- but never the feared "made a mistake."

    This is a form of incompetence, as any intelligent person knows that anyone or any organization that actually does anything, that actually makes decisions, is going to make mistakes reasonably often.

    I offer this up as an explanation (in part or in whole, I dunno!) of the incredible misbehavior of that cow of a home secretary and her boss the blithering idiot.

    Gee, I'm glad I don't live in Britain!

    An alien couldn't think this up even if he was stoned on skunk.

  114. Dom
    Paris Hilton

    Just move

    Just move ISP! Don't moan about it, demand your MAC code. I won't matter if you have signed up for a minimum term contract. Point out to BT that they [BT] won't say exactly WHO was part of the 2007 test, so it COULD be "me". Therefore BT are in breach of contract for allowing "my" data to be intercepted without "my" permission. BT may respond that "you" where not in the trial, at which point you ask them to prove conclusively that you where NOT part of the trial - for example showing the list of the people who where in trial.

    Of course, they won't do this, so they will probably just give you your MAC code.

    Then you can head for an ISP like Fast.co.uk (no, I don't work for them, but they are my ISP) who are advertising:

    "We can confirm that we are not one of the ISPs who have had any discussion with, or entered into a contract with Phorm, or any similar company, who use browsing history data to provide targeted advertising. We strongly respect the privacy of our customers, and will never share any customer data".

    YOU are the customer. Vote with your wallet by heading elsewhere. Hit them where it hurts - in the bank balance.

    As for the inept fools attempting to run the country on our behalf (in the words of the late, great Douglas Adams) - "They'll be the first againsted the wall, come the Revolution!"

    Paris? She could do a better job than the Labour Government!

  115. Aubry Thonon

    Apache add-on?

    Does anyone know if there is an Apache module/add-on I can use to recognise HTTP requests from BT? Because if BT put Phorm on-line in an attempt to make money by using *my* web pages to profile users, I want to be able to send a "BT and Phorm can get lost" page instead of my normal sites.

  116. Moss Icely Spaceport
    Alert

    A real can of phorms!

    Nasty, nasty, nasty.

    Repeat after me: DO NOT WANT

  117. Steve Roper

    We've now blocked all access from BT IP ranges to our websites

    As the IT Manager for our company and an admin for 22 commercial domains, I have now circulated the following letter to all our clients who are operating eCommerce websites on our system:

    -------------------------------------------------------------------------------------------------------

    Dear [CLIENT_NAME],

    It has recently come to our attention that BT, a major ISP in the United Kingdom, has allegedly been engaging in illegal interception practices possibly for the past few years. These practices involve intercepting traffic between your hosted website and any viewer of that site who is a residential customer of BT, and passing this intercepted information to a company known as Phorm, a known purveyor of spyware and malware. According to some reports, the possibility exists that even SSL encrypted traffic, such as credit card payment pages, may be intercepted due to the way ISP servers operate.

    Obviously, this presents a serious fraud risk both for you and your valued customers. Consequently, we have put in place a system to prevent any person using BT as their ISP from accessing your website. Such persons will instead be redirected to a warning page advising them of the fraud risk and suggesting they use a different ISP. We believe that the loss of some visitors to your site is more than offset by the mitigation of the fraud risk presented by this situation.

    If you disagree with our action, please advise us as soon as possible, and we will remove the anti-BT blocking at your request. However, should you choose to remove the blocking, you must agree to assume any and all liability for loss and damage as a result of credit card fraud on your website, since we cannot guarantee the security of your data in the face of such interception. In this case we will provide you with an amended Hosting Agreement which you would need to sign and return to us in order for us to continue hosting your website.

    If you agree with our action, however, you need do nothing further, and your current Hosting Agreement and all data security guarantees will continue in full force and effect.

    Should BT discontinue this practice and provide evidence that they are no longer intercepting their customers' traffic we will of course restore full access to your website for their customers.

    Please do not hesitate to contact us if you have any further inquiries concerning this matter.

    Regards,

    Steve Roper

    IT Manager,

    [company details redacted]

    -------------------------------------------------------------------------------------------------------

    That's 22 domains that are now off-limits to BT users. So far, all of our clients who have responded have fully supported our action; the possibility of fraud resulting from this illegal interception is something our clients have taken very seriously. I strongly urge other companies hosting eCommerce websites to carry out a similar action, because the legal quagmire that could result from this is a very serious issue, both for you and for your clients.

  118. Sir Runcible Spoon Silver badge
    Thumb Up

    @Steve Roper

    That's a very great and wonderful thing you've done there. That will make the sheeple sit up and take notice at least, bravo!

  119. dervheid
    Thumb Up

    @ Steve Roper

    Well done.

    Now if MORE hosting services follow your lead....

  120. Christophano

    @ Steve Roper

    That's great, it would be good if more hots took the same stance, and it's great that the site owners themselves have (so far) supported you.

    The only problem would be if (when?) all 3 of the currently interested providers do implement this system.

    Presumably these ecommerces sites you host are geared towards to UK market (just an assumption on my part here)? If so, how many ecommerce site would be happy with their hosts blocking 70% of their potential market?

    That's the only fly in the ointment I can see in it for now, but it is stil a strong stance to take. If enough sites took this stance (expecially a couple of big sites such as ebay) then customers would be leaving the said ISPs in their droves, and it would be the best way to hammer home to issue.

    Have you contact the BBC, Channel 4, The Guardian and, of course, our own El Reg about them doind a story on this?

    For a lot of people, just seeing a news story that parts of the web will be closed to them due to these actions would be enough.

  121. David
    Thumb Up

    @Steve Roper

    Bravo sir, Bravo! Now if more people take your lead...

    Respect +

  122. Eponymous Cowherd
    Thumb Up

    @ Steve Roper

    Good move,

    but as Christophano says, the biggest problem will be persuading ecommerce sites that they don't need 70% of the UK market.

    How about an https portal for Phormed ISPs that shows an anti-Phorm banner to Phormed users. eCommerce sites could add a Phorm protection surcharge of a few pence to their prices to cover the cost of the SSL certificate.

    In other words, alongside the cost of the product, VAT and delivery will be something like "Privacy surcharge 50p".....

    Shouldn't put too many people off and might encourage them to go to an ISP that value their customer's privacy more than the chance to make a quick buck with a former spyware pusher.

  123. Eponymous Cowherd

    Big eCommerce sites?

    Has anyone heard of any feedback from big eCommerce sites on Phorm. Unless they are Phorm 'partners' Phorm could badly impact on their business. Amazon? eBay? Play.com, etc???

    Or are they *all* signed up to Phorm......

  124. Spleen
    Thumb Up

    @Steve Roper

    You, sir, have balls of steel. This is how things get done - by people actually doing something and sucking up the possibility that they might personally lose out as a result of their decision, rather than whining that the government should be the one to do something. Congratulations.

  125. Richard Silver badge
    Pirate

    Section 3 of the RIPA Act 2000

    http://www.opsi.gov.uk/acts/acts2000/ukpga_20000023_en_2#pt1-ch1-pb1-l1g3

    I think they must be talking about this bit:

    (3) Conduct consisting in the interception of a communication is authorised by this section if—

    (a) it is conduct by or on behalf of a person who provides a postal service or a telecommunications service; and

    (b) it takes place for purposes connected with the provision or operation of that service or with the enforcement, in relation to that service, of any enactment relating to the use of postal services or telecommunications services.

    Anyway - I'm taking my ball and going to a different ISP. I have some free time tonight.

  126. Anonymous Coward
    Black Helicopters

    Cunning Plan

    I am going to register myself as a corporation as they are clearly above the law.

    Me, as a person, will cease to exist shortly, you can only now refer to me as "Anonymous Coward PLC" - I will be spying on you all shortly, thank you for your cooperation.

  127. Anonymous Coward
    Anonymous Coward

    @Steve Roper

    I'm totally against the Phorm interceptions and the privacy issues it raises. I'm also totally astonished at the sheer lack of suitable response from .gov.

    Despite all this, I do wonder whether your response is entirely appropriate.

    If you see your clients computers being targeted with some vicious attack, okay, take action. But you didn't take action during the previous BT/Phorm trials (why would you didn't know they were going on) and the next trials haven't started. Don't you think you should have contacted the customers BEFORE making the change.

    I'm involved with a number of sites that are aimed predominantly at a UK customer base. If I found one your letters in my post, I'd blow a gasket. What you're saying is that customers are on BT broadband can't get to the site. So if it were my site, with most customers arriving via web advertising, then I've just paid for the click that directed them to my site, but then they're being turned away.

    So aside from the huge drop traffic (and thus revenue) I'd still be paying for them arriving in the first place.

    ".. the legal quagmire that could result from this is a very serious issue... "

    I'd suggest that effectively switching off a website without prior consent of your customer could also be a bad thing.

    Don't misunderstand me, I think it's great that you are keeping an eye on the issues that could effect your clients, but that's a pretty big change to make and it does seem a bit knee jerk.

  128. Neil
    Pirate

    @ anonymous coward

    "I have always up to now supported the Labour party. I now think that the Liberals are a more trusted party since they seem to have the only pro active MP's on this very important matter."

    Christ man, it's the fault of people like who having voted Labour in and keeping them there that we're in the mess we're in, and now you want to switch to Liberal? Good lord!

  129. Anonymous Coward
    Anonymous Coward

    @ Steve Roper

    Perhaps cutting off the customers is not the best solution as you may only upset the webhosts I support the insertion of a clickthrough warning, whereby the BT VM CW customer are alerted to the fact that they are being watched, but are then allowed to proceed. this is more likely to alert the customers and help spread the word without denying anything.

    Are you able to supplie IP ranges so that we may implement this also without having to trawl nominet/other sorces..

  130. Anonymous Coward
    Black Helicopters

    Does this include business contracts

    I work for the police force in IT, we use BT broadband (supposedly encrypted and secure) for our remote access home users. They access police criminal records, murder enquiries, paedo data, etc is BT going to be intercepting this as well and passing to Phorm. This has got me worried, how many other government agencies etc are going to be profiled or will they be exempt. I asked BT and surprise surprise I got stonewalled.

    If the home office arent concerned, they should considering confidential and secret information will be passed to a spyware company!

    Bar-stewards!

  131. Anonymous Coward
    Stop

    Phorm Webwise

    We've been happily calling this scummy product Phorm. The trouble is that the "service" will be called "Webwise" when it is launched so in a sense all this awareness we're generating will be wasted when the average person doesn't realise they are the same thing. IMHO we need to make sure that the Webwise name is always associated with the negative truth about this technology. May I suggest we refer to it as "Phorm Webwise" from now on?

    Phorm Webwise may well me convenient for the Government and Police. If they purchase information from a company that has already collected or gather it by monitoring their traffic it then it's not intercepting personal communications any more as it's a company that is the target.

  132. Anonymous Coward
    Coat

    You can do it ...

    Do a BOFH-approved protest against BT: Stick your phone lines into your big phat and juicy 240V mains line.

    Remember to shout "Profile THIS!!!" before sending your broadband-consuming zap!

    Mine's the one with the holstered etherkiller.

  133. Mark

    IP ranges

    I'm very much up for putting a large warning notice on my sites pages targeted at BT/CPW/VM customers. But like others I'm short of the IP ranges needed. Perhaps we should use the forum over at badphorm to coordinate getting a definitive list of the ranges needed.

    I think this is probably the best (only??) way of getting the issue across to the majority of the ISP customers affected, but it'll take a lot of sites participating to make an impact.

    Time to start fighting back?

  134. Anonymous Coward
    Coat

    BT - All your data belong to us!

    Apparently the following is a response from BT about them stealing other peoples web content to feed phorm:

    "For HTTP traffic, we assume that if a website wishes to be found by the public through being profiled by major search engines (Google), then the site is in the public domain and therefore as long as we have consent from the requester of the page, we are permitted to profile the site.

    However we note that you have specifically requested that your own website(s) should be excluded. Please can you provide me with the url(s) of your website(s), together with confirmation that you are the website(s) owner, and we will honour your request to exclude your website(s) from profiling within the BT Webwise system.

    We believe this approach is reasonable and is supported by the advice we have received. If I require any further information from you (aside from the url) then rest assured I will let you know prior to commencement of our trial."

    So - you let Google index your site so we can take your data and profit from it.

    But at least they will allow you to tell them that you want to be excluded (do you believe they will).

    Why not just allow US to set an entry in robots.txt

  135. Werner McGoole
    Stop

    Re: All your data belong to us!

    "For HTTP traffic, we assume that if a website wishes to be found by the public through being profiled by major search engines (Google), then the site is in the public domain..."

    I think they have an inadequate grasp of copyright law and you should reply to that effect immediately with a threat to sue if they don't respect your web site's published terms of use.

    You have no need to supply them with a URL. Otherwise the RIAA etc. would have to supply each of us with a list of the CDs they didn't want us to copy and we'd be free to copy any they'd missed out (or where the notification hadn't arrived).

    Complete bullocks. Don't accept that argument for one moment!

  136. Bobby
    Stop

    A for Adware

    Am I paying BT as an 'ISP' or an 'IASP'?

    Will BT continue to falsely trade under the ISP business title?

    I think not.

  137. Anonymous Coward
    Black Helicopters

    You Losers....

    are just jealous because none of you are getting "paid" (tax free no doubt) the huge sums of money that the government ministers and top (at least high) level bureaucrats are. How else do you expect these selfless servants of humanity (UK at least) to retire into the splendor and ease that they doubtlessly believe they have earned?

    I still don't understand why there appears to be so little noise from corporations about this. Surely (yes, I'm talkin' to you), corps must transmit lots of data that they'd rather not have have inspected.

  138. Anonymous Coward
    Thumb Down

    BT - All your data belong to us!

    So, now BT are going to be employing 500 temps just to open all the letters we have to send to keep our sites out of their grubby little hands. Why should we need to supply proof of ownership of the domains - many have whois data as private and that should be respected. And, what about new domains. I register and publish on the same day. Do I then have to block all profiling ISPs from new sites until I have confirmation that they have updated their database to not profile the site. Or does that mean BT customers will be blocked at ISP level from seeing the sites too?

    I have 3 servers hosting websites - it would make so much more sense if BT offered a form on their Webwise site that site owners could add IP addresses to, to cover all domains hosted on those IP addresses.

    I looked over the BT site to discover how to contact BT to ask this very question. All I could find were forms that needed my account details - the phone numbers of customer services are really well hidden. It is almost as though they redid the site to make contact more difficult.

    I don't know why anyone thinks that just because well behaved bots like search engines are allowed into sites that that also means scrapper bots are given access. I have so many IP addresses blocked that I begin to worry that my servers will be slowing down.

  139. Anonymous Coward
    Anonymous Coward

    @BT - All your data belong to us!

    Also using the BT analogy, since many customers are in the BT phone book and we can find them in the directory. Can we all listen to their conversations too?

  140. Anonymous Coward
    Happy

    BT may have to go under a different name soon

    Such as:

    http://www.datapimpingservices.com

  141. Anonymous Coward
    Anonymous Coward

    Blocking the domain in Apache

    Sorry, just got a new EEE so my attention drifted.

    Whilst IP blocking is a better form of blocking; much harder to reallocate your IPs - there is domain blocking.

    http://httpd.apache.org/docs/2.2/howto/access.html

    The apache (2.2.) module mod_authz_host needs to be included

    Now to the domain names :

    # good a start as any

    deny from btcentralplus.com

    # block the corp as well

    deny from bt.com

    # possible phorm's ISP

    deny ht-systems.ru

    Yes they are Russians.

    For domain blocking to work reverse DNS may need to be enabled on the server - I am going to check these out and see what happens.

    But a typical Directory param is looking like

    <Directory "/web">

    ....

    Order Deny,Allow

    ....

    # BT

    Deny from btcentralplus.com

    Deny from bt.com

    # Phorm ISP?

    Deny from ht-systems.ru

    </Directory>

  142. Anonymous Coward
    Anonymous Coward

    HostNameLookups on

    If you wish to try the domain blocking technique in Apache

    HostNameLookups on

    has to be included in your httpd.conf

    This will make the site a little slower but no great shakes for smaller sites, and I am willing to take one for the team to get the message out. And if you are using things like webalizer with hostname then it doesn't go through the reverse dns itself.

    You can then

    Deny from btcentralplus.com

    in .htaccess or in httpd.conf or in your virtual host file normally under extras directory.

    If your hosting site does not have HostNameLookups, you can do it a scripting language and then apply the conditional in the code.

    dig -x ip.nu.mb.er

    is a command line tool to do reverse DNS.

    Personally I am going for a block then a warning message, I do think that it is not wise to deliver pages that could be actively intercepted, in fact one of the business models I have for a site is severely weakened by the intercept.

    I am just blatting out the methods, if people want more help, then just post.

  143. Anonymous Coward
    Anonymous Coward

    A few more domains

    Most of the following domains probably use BT as their provider - they tend to have a monopoly on these type of organisations.

    Deny from 25

    Deny from gov.uk

    Deny from police.uk

    Deny from nhs.uk

    Each one of these is open to Phorm wire tapping as it stands, if BT won't release who they are doing this to, we don't have many other options but to block their big groups. If all the people in these organisations cannot access a lot of sites in the UK it will make a stink.

  144. Anonymous Coward
    Pirate

    @Herby

    For you USAians reading here, Phorm may not have tried it on your side of the pond yet, but they are planning to.

    In the meantime, you should Google on NebuAd and FrontPorch. They are already doing it to you. (NebuAd have a UK office too.)

    "NebuAd is dedicated to the highest standards of consumer privacy. NebuAd’s network was designed from the ground up to meet industry best-practices regarding consumer privacy and protection, and does not collect and use any personally identifiable information. NebuAd has also established industry-leading privacy controls and practices with respect to transparency, consumer notice and consent. NebuAd’s privacy policy provides consumers with clear “Opt Out” instructions."

    Sounds just like Phorm/Webwise :-(

  145. Anonymous Coward
    Anonymous Coward

    Reply from my MP...

    Reply from Simon Burns MP (cons) to my letter

    "Thank you very much indeed for your email of today's date concerning the use of the digital technology, Phorm, that is designed to deliver targeted advertising based on a user's browsing habits."

    I fully appreciate your concern over this issue and I am grateful to you for drawing it to my attention. I believe that this form of advertising has the potential to infringe on individual privacy and property rights in data, and consequently needs to be investigated further before its use is permitted

    As I understand it, the Home Office has indicated that Phorm's proposed service is only legal if an individual user gives their explicit consent, and as this clearly did not happen when BT ran secret trials in 2006 I am taking this matter up directly with the relevant Home Office Minister. When I have received a response, I shall, of course, write to you again but I should warn you that it can take up to six weeks to receive a Ministerial Reply,"

  146. Anonymous Coward
    Anonymous Coward

    Good and Evil

    My grandfather was a policeman. He rose from village bobby to chief constable. He knew the difference between right and wrong. This is something that we no longer seem to understand, not only concerning Phorm, but across the board.

    As for all the organisations prevaricating regarding the legality, let alone the acceptability, of Phorm type activities, you have further lost my respect.

    Has anyone read Fahrenheit 451 by Ray Bradbury for a picture of where such technology can lead? But then again, it's probably inevitable but I wonder if there is a conspiracy to get one foot in the door for such technology.

  147. Steve Roper

    Re: the responses to my action in blocking BT users

    The action we took in blocking BT was taken only after careful consideration of the consequences, including the possibility that our clients might not agree with us blocking BT users from their websites. We also considered that, we and most of our clients being based in Australia and much of our business being here or from the USA more than the UK, that UK BT users weren't a large percentage of our market, although a reasonably significant one. We weighed up the potential market loss against the possibility of losses incurred as a result of privacy violations and legal repercussions, should BT or Phorm "accidentally" lose private customer data. After researching Phorm and its dubious background, and noting also the UK's rather poor track record in keeping confidential data secure generally, we decided to implement the blocking and advise our clients of the risk and our response.

    Now, our Hosting Agreement provides a Data Security Guarantee, in which we agree to cover client losses due to privacy violations (where such violations are the result of negligence or inadequate security on our part), but only on the proviso that we may implement whatever preventative measures we deem necessary to reduce such violations - including blocking access to individuals, *organisations* and countries we deem to pose an unacceptably high risk.

    So our clients are already made aware, when we develop and host their websites, that we may do things like this. For the AC who would "blow a gasket", we were actually anticipating such a response from at least some of our clients, which is why we gave them the option of removing the blocking, provided they waive the Data Security Guarantee. I ask you this: is it unreasonable, if your web host offers the exceptional service (and risk for us) of protecting you financially against data security violations, to expect that if you want to bypass the host's preventative measures, that the host should not then be liable for your losses as a result?

  148. Alex
    Thumb Up

    The rise of the Thin Subscriber?

    it was bound to happen, BT have done it to themselves,

    I wonder how they fancy spying on encrypted keystrokes and mouse movements?

    that should bugger their parasitic revenue/privacy grab!!

    http://www.portal.itproportal.com/articles/2008/04/21/desktop-demand-concept-looks-quash-privacy-issues/1/

    the first of many offerings no doubt!!!

    viva la thin!!

  149. Eponymous Cowherd
    Unhappy

    BadPhorm

    Just found out why I was having trouble registering with BadPhorm. BT has been consigning the validation eMails to the spam folder.

  150. Alex

    RE: the rise of the thin subscriber

    althoughugh perhaps not with Desktopondemand, as their privacy policy reads:

    Privacy Policy

    We gather two types of information about users: non-personally identifiable and personally identifiable information.

    Non-Personally Identifiable Information

    We may collect and aggregate non-personally identifiable information indicating, among other things, which pages were visited, which hyperlinks were clicked and where you are using our services from. Collecting such information involves the logging of IP addresses, operating system and browser software used by each visitor to our websites and servers. Although this information is not personally identifiable, we can determine from the IP address a visitor's Internet Service Provider and the geographic location of his or her point of connectivity. This is industry standard practice.

    The non-personally identifiable information that we collect (with or without the use of Cookies) helps us, among other things, to monitor our internal operations, improve our services, identify the most popular areas of our services and determine the effectiveness of our services and promotional activities. It also helps us make available higher quality and more useful online services by performing statistical analyses of the collective characteristics and behaviour of the users of our services, and by measuring demographics and interests regarding specific areas of these services.

    This non-personally identifiable information may be shared with 3rd party suppliers or partners for the purpose of targeted advertising and sponsorship of one or more areas of our services BUT will not be usable by those suppliers or partners to contact you directly or send you unsolicited sales information.

    Personally Identifiable Information

    All personal information you submit is collected by using pages that are secured and encrypted by industry standard SSL technology.

    We do not collect any information that personally identifies you unless you knowingly and willingly provide it. We explicitly ask for information that personally identifies you only where we require you register for and use one of our services.

    Please note that personal information may need to be shared with our payment processing provider(s) for verifying and processing payments and for the purpose of preventing fraud. Information may also need to be shared with Legal authorities BUT will only be done so on presentation of a UK court order or to establish or exercise our legal rights or defend against legal claims.

    We will not send email or contact you for any purpose other than directly related to our services or your usage thereof. Nor will we ever sell your contact or personal data to a third party .

    That said, as we continue to develop our business, we might sell or buy companies or assets. In the event that Desktop On Demand or its parent company (Defuturo Ltd) is acquired or sells some or all of its assets and/or subsidiaries, customer information and data might be one of the transferred assets.

    Your personal information can be updated at any time via an online user control panel or by emailing admin@desktopondemand.com

    In the event that you should need to opt out of receiving any promotional communication or newsletters you can reply to any of those communications or newsletters, inserting the word 'unsubscribe' in the subject field. If there are any problems with this, please contact support for assistance.

    Data Control

    All personal data is handled in accordance with the Data Protection Act 1998. We are members of the Data Protection Register. Registration number Z961586X.

    Children

    The Desktop On Demand website and software are not intended for persons under the age of 18 and we do not knowingly collect personal information from children under 18.

    Privacy Issues

    If you should have any concerns or issues regarding the privacy of your personal information on Desktop On Demand please email privacy@desktopondemand.com

    Changes to this policy

    We reserve the right to make changes this privacy policy and any changes will be announced by email and therefore we encourage users to ensure they have valid contact email addresses registered with us at all times.

    ...good grief!

  151. alphaxion

    @steve roper

    I notice that you instigated this change on an opt-out basis.. would it not have been prudent, considering one of the main gripes here, to have made it opt in?

    Don't get me wrong, I'm all for generating a bit of people power, because I'm rapidly approaching the point of desiring a revolution against our crappy, self serving government because it is so obviously broken and not fit for purpose!

    I guess it's scenarios like this where the right to bear arms would be of great benefit ;)

    (please note the dripping of sarcasm in that line)

    I contacted chris pirillo about the whole sorry saga in an effort to boost awareness in the US tech circles (the guy does have quite a following, both noob and industry)... sadly the email never got a reply.

  152. Julian

    Correct me if I'm wrong

    I seem to remember an item on The Register some months ago concerning unidentified activity on the Internet, which was possibly Java based, but which no-one could fathom out. There were many posts but it still just remained an unsolved puzzle.

    Seems to me this was the unauthorised trial(s) of the Phorm/Webwise system.

    Anyone else remember?

  153. Anonymous Coward
    Thumb Up

    unlawful processing of personal data

    http://www.openrightsgroup.org/2008/...vice-on-phorm/

    "

    FIPR calls on Home Office to withdraw misleading advice on Phorm

    Posted by Becky in Computer Law, Data Protection, Net Neutrality, Privacy, Regulation of Investigatory Powers Act at April 23rd, 2008

    The Foundation for Information Policy Research (FIPR) has today sent the Home Office in-depth legal analysis [pdf] of the Phorm behavioural advertising system.

    The analysis has been produced by FIPR’s General Counsel (and ORG Advisory Council member) Nicholas Bohm, and complements the technical analysis produced by Richard Clayton earlier this month [pdf]. The analysis shows that Phorm’s systems involve interception of communications contrary to the Regulation of Investigatory Powers Act, fraud, contrary to the Fraud Act, and therefore unlawful processing of personal data, contrary to the Data Protection Act.

    .....

  154. Anonymous Coward
    Coat

    Same old, Same Old from BT

    "We completely understand the potential concerns of some website owners, who have sensitive/private/password protected websites or areas on their website, and are taking the necessary steps to ensure that password protected sites are excluded from this service and no information will be scanned from these pages. We are also excluding a range of more sensitive categories for example medical, religious and gambling websites. Finally we are also taking steps to ensure that those websites that do not want search engines to 'crawl' them (by the use of robots.txt) will also be excluded from the Webwise service. I hope that clarifies the steps we are taking to address your potential concerns. If not please let me know."

    I have asked them why they think that because a website is indexed by Google that gives them the right to use that data to earn them money and that business sites (for example one selling Antiques) may find that by BT scraping their site their visitors then visit a phorm/OIX site and get targeted ads for antiques. BT/phorm potentially earn money from an advert click and the original site looses a sale.

    I have also asked them to state precisely what entry needs to go into robots.txt to STOP phorm scraping the site..

  155. phormwatch
    Black Helicopters

    robots.txt file

    >I have also asked them to state precisely what entry needs to go into robots.txt to STOP phorm scraping the site..

    The answer is they will assume that a website allows search engine crawlers to index their site, Phorm will assume permission trawl for keywords for OIX. This is wrong, of course, but I'd be surprised if you don't get a cookie-cutter response.

    This issue really has to be pressed with BT/Phorm. Of course, just like with the opt-out/out-in situation, they want to retain value of Phorm/OIX spyware system; fewer users (opt-in) or fewer websites (robots.txt) means fewer profits. They will do everything to avoid making it easier for websites to stop OIX trawling, I bet.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019