Very poor phorm

Advertisers should not be allowed to spy on net users' browsing habits

By Becky Hogge Published 02 October 2008

Isn't online advertising marvellous? I go to the New Statesman website to look up the article I wrote on Phorm, the behavioural targeting advertising company, in March 2008. And there it is, right at the top of the page: a Google ad for Phorm. That Phorm is advertising using the company it intends to treat as its first true competitor is as ironic as the Phorm tagline, "Creating two revolutions: in online advertising and in privacy."

Well, perhaps not ironic. Phorm can claim privacy-enhancing features for its web-tracking service, but they are just that - "enhancing", not "guaranteeing". And when it comes to privacy of online communications, its technology is more degrading than enhancing.

Phorm's technology dials direct into your internet service provider's network and tracks your web surfing in order to deliver targeted ads. Picking a handful of keywords from each of the websites you visit, it attempts to build a picture of your interests, assigning you to segmented channels that serve ads it believes will cater to your tastes. Google serves up ads based on the page you are looking at now. Phorm will serve ads based on what you have looked at in the past.

The Information Commissioner has already made clear that, in order to deploy Phorm within data protection principles, ISPs must obtain users' explicit consent. What's not so clear is whether ISPs are legally able to intercept the communications, between web users and website owners, that make up browsing the web at all. Unless the ISPs have the explicit consent of users and website owners, they are likely to be breaking laws that govern interception of communications in the UK.

Because of this, Phorm has been responsible for a third revolution, or at least a resistance. When stories about the firm broke in January, so, too, did consternation break out among a number of internet users - computer experts, lawyers and ordinary consumers. Establishing websites such as www.dephormation.org.uk, these people started circulating advice and tools for others outraged by Phorm to circumvent the technology, and to register their objections with elected officials.

When news hit that BT had conducted secret Phorm trials on its own customers without seeking consent, the actions increased. Campaigners picketed BT's annual general meeting, some even buying shares in the company to make sure their concerns were heard at board level. Rebuffed by the Interception Commissioner ("not my job"), one individual handed a dossier to the City of London Police, who declined to pursue the case because it was too complex.

Now concerned citizens are holding a whip-round to pursue the issue in the courts. Whether this will affect deployment of the technology is not clear - but an anticipated second round of BT trials has not materialised at the time of going to press.

Tags: privacy digital rights internet

View the discussion thread.

10 comments

Thu, 2008-10-02 21:36 — fiddler1

"Phorm must endeavour to ensure that ISPs clearly communicate with their users the issues involved
in this targeting, and actively and regularly pursue users' consent. This is the only way to mitigate
concerns". (80/20 PIA report, p 17)
So get to work phorm, those BT stooges are falling at every fence!

Thu, 2008-10-09 02:47 — phormishorrible

BT say they'll need 300 extra servers just to run the Phorm system, its not just the privacy issues, performance will be affected too. Phorm's horrible cookie handling will clog up the system both ends. I would advise anyone concerned about this to listen to episode 151 of Security Now http://www.grc.com/securitynow.htm

Thu, 2008-10-09 02:50 — phormishorrible

It should also be noted that Phorm are a rebranded company (formerly 121Media) who were behind some of the worst adware of the last few years, producing spyware and root-kits infecting thousands of machines. Do you REALLY trust your personal information with these charlatans?

Thu, 2008-10-02 15:11 — droogie

Isn't journalism marvellous?
"Campaigners picketed BT's annual general meeting" - less than 12 people turnes up, hardly a public outcry eh?
"but an anticipated second round of BT trials has not materialised at the time of going to press. " - the THIRD round of trials started on 30th September.
Sorry, poor show all round much the same as the rest of the hysteria surrounding this issue.

Thu, 2008-10-02 17:52 — Anti Phorm

Seems to be a lone Phorm Drone trying to dismiss the Article without trying to answer any of the questions.

There have never been any real debate about the Deep Packet Injection side of this Technology either, along with it's potential to total disrupt the WWW.

Thu, 2008-10-02 17:56 — Zaggie

This third trial may have started but it's the only one that wasn't secret. The other 2 trials intercepted users browsing secretly in contravention of RIPA .
As for the campaigners at the BT AGM, a few campaigners enlightening shareholders and asking questions is worth far more than a rabble shouting and marching up and down.

Thu, 2008-10-02 18:07 — P3tH4mst3r

Well at least Becky has not had to Bribe any EuroMarks eh Kent?, how was the wining and dining. Check iii out.
12 representing over 18200 .......
http://petitions.number10.gov.uk/ispphorm/
No intimidation, and a lot of inphormed shareholders who were previously clueless about the matter. Poor show BT Weblies and Phorm

Thu, 2008-10-02 18:15 — bluecar1

droogie
perhaps you can prove phorm does not store personally information as defined by the data protection act, for instance if you look at a black car page only the word black is stored with no context, is that refering the colour car or our your race, if you look at male or female connector will that be stored and used as connector or gender?

there is no way phorm can say no PI is stored, there are many other possible examples,

as to the protest over 1500 leaflets were given out at BT's agm, questions asked inside of the director, which got poorly answered after hasty phone calls to legal advice, no shareholders where inconvienienced by large numbers, so a very effective and peaceful protest.

as to the third trial, 3 days in and not a single posting on the net that a single instance of the invitation page has been spotted in the wild, oh and by the way the screen shots of said page have already changed at least twice, and one was of a page displayed in a safari browser said not to be compaitble with webwise??

on financial forums there has been many attempts to ramp the shares saying they will fly once trial announce, this has come and gone and they are still very thinly traded at under £7.00

the sooner BT drop this dodo the better, but i will still leave as soon as my contract is up as i no longer trust them not to pull another similar stunt in the future
Peter

Thu, 2008-10-02 18:19 — Anne6

It is good to see some journalism that isn’t whitewashed with PR for Phorm.
The resent release of Phorm’s PIA mentions a lot about transparency, a public meeting that was called short notice in London. All those unable to attend were promised unedited video which due to Phorm transparency has never been seen since.
AGM some managed to go others couldn’t afford the high public transport costs so do relay on help and those living near the venues It would be nice if the press were more open with their views on Phorm sadly many sound like payed PR for phorm.
BT said trials started 30th Sept so far nobody has heard any reports of anyone being given the invite page. BT’s invite page still falls short on the ICO recommendation for informed consent due to lack of information, also large difference between the accept button and the reject words. Both should have a button same size.
That aside seems BT is over run with requests for MAC keys to migrate away some are now in their 9th day still waiting for the MAC. The petition against phorm now has 18,204 Signatures:
What is needed is more to look beyond the words Phorm have assured us.. There are two sides to this dispute Phorm the search engine of people as they have been reported as saying they are and the people who wish to protect their privacy with no wish to be in Phorm search engine of people.
Keep up the good work

Thu, 2008-10-02 18:33 — bluecar1

i missed a point, BT will not check the credentials of the user that accept the first invitation to ensure they are the primary account holder, and so legally the only person to be able to enact the change to the contract to make phorms interception of web traffic "legal".

instead they are saying it is up to the primary account holder to inform "ALL" users on his network, including visitors of webwise and how they should respond.

this is not what the ICO said was required

also they can't do a check on the credentials because the invitation page is hosted on a server run by phorm, outside the BT network, so unless BT want to fall foul of DPA by giving a third party (phorm) access to there customer database their appears no way to do this

a very well thought out system i think

on last point it has also been said that the full release of phorm / BT Webwise may be opt-out, again in direct contradiction of what the ICO said was required for phorm / BT Webwise to be legal under UK / EU law