back to article Data pimping: surveillance expert raises illegal wiretap worries

A leading expert on computer surveillance has raised serious doubts over the legality of deals by BT, Virgin Media and Carphone Warehouse to sell their customers' web browsing data to Phorm, a new online advertising company. Professor Peter Sommer, the author of the groundbreaking 1980s book The Hacker's Handbook and a …

COMMENTS

This topic is closed for new posts.
  1. Neil Barnes Silver badge

    The benefits of Webwise

    Are there any? To me?

  2. Barrie Shepherd
    Stop

    Phorm

    If people want an agency, with which they have no commercial or contractual agreement, to see what they are viewing and data mine their "interests" then let them have the right to opt-in.

    Everyone else should be locked out (not opted out) from the service - meaning no data is passed and that their page requests are just processed directly without delay.

    Lets say that BT & VM press ahead and enable the evil device - it may be over a year before it gets proven to be breaking laws by which tine the operators will have mined enough information on people to go on a big pushed advertising spree at the best, or sell it on to others for linking to bank account details.

    How long before the spies of the US get their hands on the mined data and claim all the info (about my money movements around the UK for example) is theirs? (Oh and BTW Phorm please don’t delete the info just send it over to this US IP address).

    BT shareholders had better sell up now before the value of their company slumps against a background of lost customers and law suits.

  3. TimBiller
    Thumb Down

    RIPA

    I imagine that the Government (who would doubtless benefit from a tap into this data stream) would simply change the law to suit themselves, as happens every time HRMC lose a court case.

    Tim

  4. DM
    Alert

    Marketing...

    Who else guessed that it would boil down the the marketing department with their seemingly blank cheques and limitless unaccountability getting the jump on legal, security and compliance?

    Happens everywhere whilst the security staff are left to clean up the mess, now where's my clue stick?

  5. David Willis
    Thumb Up

    Difficult Call- Contradictory RIPA

    1.3.1 Lawful interception without an interception warrant

    (1) Conduct by any person consisting in the interception of a communication is authorised by this section if the communication is one which, or which that person has reasonable grounds for believing, is both—

    (a) a communication sent by a person who has consented to the interception; and

    (b) a communication the intended recipient of which has so consented

    Basically - YOU HAVE TO GIVE PERMISSION OR IMPLIED PERMISSION - Think "this call will be recorded for training or other purposes" message when you call a call centre.

    However

    1.3.3 Lawful interception without an interception warrant

    (3) Conduct consisting in the interception of a communication is authorised by this section if—

    (a) it is conduct by or on behalf of a person who provides a postal service or a telecommunications service; and

    (b) it takes place for purposes connected with the provision or operation of that service or with the enforcement, in relation to that service, of any enactment relating to the use of postal services or telecommunications services.

    Initially you have to consent to the operation, unless the operation is "for purposes connected with the provision or operation of that service".

    This ALLOWS BT to record your home phone number, the number you have called, and the time of the call. It also allows you to keep a log of incoming IP numbers in relation to "operation of that service ".

    However even if the Data Pimping is decided by a court to be not within the provison & operation of the service people can still proberbly get out by :-

    1.1.6 Unlawful interception

    The circumstances in which a person makes an interception of a communication in the course of its transmission by means of a private telecommunication system are such that his conduct is excluded from criminal liability under subsection (2) if—

    (a) he is a person with a right to control the operation or the use of the system; or

    (b) he has the express or implied consent of such a person to make the interception.

    Basically "ITS OUR SYSTEM WE WILL DO WHAT WE WANT WITH IT". Depends how BT want to throw the wording of public vs private telecoms system.

    I personally think they are on dodgy ground..

  6. Anonymous Coward
    Anonymous Coward

    "Most customers like this" - really?

    Oh really? I would invite BT to share their questionaire method with us because I have a hard time believing this statement (I also dislike the "most" because that's conveniently vague).

    To me it smacks more of the Ken Livingstone method of surveying (don't ask - just take it from me that "tuning a survey" is a polite way of describing it), so before I believe any statement of the parties standing to benefit from this breach of privacy I'd like to see hard facts.

    And yes, this is the one positive side of RIPA - this is principally an intercept because it results in personally identifyable data acquisition, and thus verboten..

  7. gothicform
    Thumb Up

    What about the data being sent by websites to the customer?

    One thing however that isn't mentioned in the article is that data is being sent both way. Whilst the ISP might have permission of the customer to look at their data do they have the permission of the website sending them the data too? Once they have the data do they have the permission to store it from the website that owns the data or are they going to modify that data, violate the copyright etc?

    I can't see them getting away with this for long before the whole thing collapses in lawsuits and the sharks start to circle as the banks are now discovering.

  8. Anonymous Coward
    Anonymous Coward

    Profile built up on your computer and not Phorm's?

    Where? How do I delete it? Can I edit my father in law's to make it look like he's interested in goat porn?

  9. Tom

    Like getting Hotbar from your ISP

    Sounds just like crap like Hotbar and Cool cursor where they give you some useless "feature" like anti-phishing warnings in exchange for spying and crap ads. Only this time they don't need to use drive-by-downloads to get it installed on peoples computers, they are getting the users own ISP to do it for them.

  10. Aristotles slow and dimwitted horse
    Stop

    Who makes sure that...

    Once I have turned the service off, that it actually IS and remains off, and that none of my browser traffic is being intercepted surreptitiously? Because unfortunately I simply don't believe a word these fuckers say anymore.

    Maybe it's just me but I believe that there no-one, except an infestation of marketing types who believe that the online experience is enhanced due to increased advertising.

    BT, Virgin et al will dig themselves into a hole over this.

  11. Steve
    Alert

    No link, again...

    So here is the link to the FAQ... http://www.webwise.com/how-it-works/faq.html

    I find this Q particularly interesting: I delete my cookies regularly, and I want to keep Webwise switched off. How do I do that?

    If you regularly delete your cookies and want to ensure that Webwise is permanently switched off, simply add [OIX.net] to the Blocked Cookies settings in your browser.

    P.S. El reg, I do love you so, but please learn to link within your articles it's what HTML was designed for... ;) :P

  12. Anonymous Coward
    Anonymous Coward

    re: Difficult Call

    1.3.1(a)&(b) would seem to suggest that you would need permission from both ends so even if I opted in to this system, the website I was browsing would also need to opt in to having it's communications intercepted before it was permissible.

  13. Matthew
    Stop

    gothicform is right

    I host a website and any adverts I choose to serve from my website should be left alone: the site depends on them!

    This idea sounds like it will rip out the ads the website owner provides - which possibly help fund a free site's existence - and replace them with 'targeted' ads for something else.

    It'll kill thousands of small sites when they lose their advertisers, not to mention the problem of a teenager's pr0n-browsing-habits generating dodgy ads on, say, a five year old's view of a Disney page...

    Imagine ITV's views on this kind of thing if, for example, a Freeview decoder replaced the ads they broadcast with something else. I'm looking forward to the first court case!

  14. Hywel Thomas
    Thumb Down

    Does this mean free pr0n ?

    So I can hide my browsing history from the missus, but Virgin may be free to sell this information on ? Disgrace !

    I wonder how this stuff gets pushed back though ? I pay the bill, but four very different people use the connection (a man, a woman, a boy and a girl), for different things (tech, pr0n, tech pr0n; shopping; pokemon, pointless sites; kids tv flash games).

  15. MikeC
    Thumb Down

    Our survey says...bye bye to BT???

    "Detailed customer research by BT has shown that once customers are aware of the benefits of Webwise, they are overwhelmingly in favour of the free security features and more relevant advertising during web browsing," it told The Register last week.

    Are these the same customers who click on every "You have Spyware, download this FREE anti-virus, anti-spyware, and anti-spam software now" link they come across?

    The same software that then shafts your computer right royaly that then takes ages for someone with enough brains not to click on said link to remove?

    If only I'd been asked my opinion, I'd have told them where to stick the enitre thing...

  16. Matthew
    Flame

    The law on unintended consequences

    Anyone prepared to run the book on how long it is before other organisations/individuals/hackers are reading your preferences off your Phorm cookie?

  17. Anonymous Coward
    Anonymous Coward

    remove the right to Export your data

    "Virgin Media told us today: "Virgin Media is still some way from deploying Webwise. We will roll-out the system once we are completely satisfied that our implementation meets all applicable privacy guidelines _and complies with all data protection requirements._"

    Potential violation of RIPA through an unlawful interception is a separate issue to requirements under the Data Protection Act, however."

    if there are any DPA personel/UK experts reading , perhaps you might comment on this point please.

    if you send a Data Protection Act notice to the ISP stating ' under the DPA act bla bla, i remove the right to export my personal data'

    does this have the desired effect of stopping any and all data processing of the DPA covered data outside the UK by 3rd partys they want to sell my property to, and indeed anything else outside the basic supply and billing of the Broadband.

    plus the added benefit of putting ISP at odds with exporting the data to their offshore customer care department of course.

    also, can anyone clarify the EU rules as regards your ISP supplyed IP address as personal data as this is also relevant as is the EU opt in advertising.

    it would be good to have all these matters written up and clarifyed in one place so as to help clear the air and misunderstanding.

    not least from the many ISP personel that dont know or consider the DPA important or relevant to their actions and advice they and their line managers etc give.

  18. Steve

    VM's response

    "Hi there,

    Thanks for your email to Virgin Media.

    BT, Virgin Media and Talk Talk argue that Phorm's anonymising techniques> will achieve this feat. When discussing Webwise, the consumer brand for Phorm's advertising targeting system, the existing partners all place heavy emphasis on its widely-available and standard anti-phishing features.

    Here is the link for it http://www.theregister.co.uk/2008/02/29/phorm_broadband_isp_targets/

    I hope the above answers your query, however, should you need further assistance, please don't hesitate to contact us again.

    Kind regards

    (Your Name)

    Virgin Media Technical Support Centre"

    The original question was "How do I opt out of this?" and, yes, the muppet did leave in the (Your Name) part instead of putting his own in. I particularly enjoyed pointing out that the article they linked to has a stream of comments complaining about this idea and the 2nd of which was mine.

  19. The Other Steve
    Thumb Down

    BT privacy policy says...

    " We do not use this information to:

    * identify individuals visiting our website; or

    * analyse your visits to any other websites (except that we do track you if you go to websites carrying our banner, but we do not identify personal details while we do this); or

    * track any Internet searches which you may make while on our website."

    http://www2.bt.com/btPortal/application?pageid=pan_privacy_policy&siteArea=pan

    So I for one will be leaving for another ISP, citing breach breach of contract.

    As for this "detailed custoner research", bollocks. They haven't asked me, although I /am/ in the process of giving them my unsolicited opinion. I somehow can't imagine any group of people answering an honest question, such as "Do you think it's OK if we monitor all your online activities so that we can then embed intrusive advertising and send you spam from our partners" with anything other than a resounding "FOAD".

    In keeping with the way these things are done, I suspect it was a focus group asked something like "Is it OK if we use the data that we already have access to anyway, completely anonymously of course, to erm, give you some free chocolate ?"

    Bastards.

  20. Anonymous Coward
    IT Angle

    Would this be a work around

    Hi,

    would this counter phorm?

    Setting up a EC2 Machine or similar http://www.amazon.com/gp/browse.html?node=201590011

    Then encrpyting all my web traffic via ssh and then redirect it to the EC2 machine to serve all my requests?

    Alternatively setup a machine in Sweden then create a vpn session to it and then use that machine for all my web traffic?

    As it's all encrypted then I doubt they would know what's happening, they would see a very long stream of encrypted traffic. Not sure someone who is more knowledgeable would need to comment on it.

    I don't trust the webwise opt out, granted you wouldn't see the adverts but what's to say that your data is being sent to the anonymiser and then onto china?

  21. Man Outraged
    Linux

    @numerous comments

    1.) Surprising how many people suspect [UK] government surveillance spooks have a hand in this. I reckon if anything it will be foreign intelligence of some kind, possibly even commercial. Think of all the confidential business going on unencryped as people bounce emails to home etc etc.

    2.) RE: Contracdictory RIPA - the get out clauses only seem to apply to the service provider and it is seemingly implied that there needs to be an element of necessity of interception in order to route the communication, i.e. NOT when they're passing information to a third party. Also I'm guessing the rationale behind the get-out clauses is to allow transaparent caching?

    GREAT WORK El-REg - keep it up! Channel 4 News have this story and I can't see it being a case of any publicity is good publicity in this case anyway...

  22. Anonymous Coward
    Anonymous Coward

    Do These people not read the news or something?

    From memory of recent articles:

    Google is falling foul of EU privacy laws and is facing sanction unless they take action for recording browsing habits by IP which can be traced back to a person.

    Facebook faced a massive revolt and an eventual climbdown over their tracking systems

    Its all just a bad idea, wont fly with the regulators, wont please the customers, wont work. I use admuncher to strip out adverts, so i wont benefit from it. I also use CC cleaner to wipe cookies i don't explicitly want / need.

    If the marketing men and women want to earn more £ for breaching my privacy they can just sod off unless they are offering me some £ and even then i dont think my goat pr0n habits are for sale. Its my privacy, its not for sale and i expect the powers that be to stamp on folk who disagree especially dodgy spyware companies.

    ISP's you have been warned! Some set up a Downing street petition please!

  23. g e

    Ummm id I undertsand this right?

    So Phorm's machines proxy the request for you or they are just inserted in the BT route for the data path?

    If the former then as an ISP you can simply stick a simple Apache style redirect into your HTTPD config for Phorm IP's informing the customer their browsing may be being intercepted.

    Presumably they exempt HTTPS traffic as well??

  24. Maurice Shakeshaft

    I don't really mind...

    receiving junk eMails or, indeed, telephone cold calls selling double glazing. I'd rather not but it happens.

    I do, however, really mind more than ever such a little tiny bit any website setting out to capture my browsing habits with a view to using them to "condition" my "internet experience". I get very pissed off when they then start to make a profit out of said data by selling it on to potentially unscrupulous 3rd parties or government agencies in a possibly illegal manner.

    I know it isn't April 1st and I assume that this isn't a joke?

    I can see multiple identities being required here..... but ooops, that's not allowed for law abiding citizens. So, if I try to evade I'm performing an illegal act myself???

  25. Chris

    re: Downing Street petition

    "ISP's you have been warned! Some set up a Downing street petition please!"

    There is one, it's here: http://petitions.pm.gov.uk/ispphorm/

    Wisnae me.

  26. darsyx
    Stop

    @Maurice Shakeshaft

    for telephone cold calls, you can (in theory) opt out by subscribing to the telephone preference service ( http://www.tpsonline.org.uk/tps/ ).

    Perhaps we need a similar service to opt out of Phorm-supplied ads...

  27. Mark

    Nothing much to worry about

    So they're just storing info about you in a cookie on your PC and nowhere else - sounds much less worrying than was first thought then. Because Phorm aren't storing any data then data protection is a non issue.

    Blocking cookies from oix.com would effectively turn off this functionality - no need for an opt out.

    @ Matthew

    No, as has been said countless times (and in this article) the Phorm ads will only appear on websites which have signed up to the Phorm service.

  28. Secretgeek
    Stop

    The more people....

    Tell your friends, tell your family, tell the people at work and the man on the bus (ok maybe not him he's looks a bit weird). I work in Data Proetction and Freedom of Information and this story gives me the willies! How dare they.

    I'm no expert on RIPA but I'd have to say that even under plain old DPA 1998 they're on highly dubious ground. 'Excessive use' anybody? Transfer outside the EEUA possibly? What we have to remember is that the people that we really need to communicate this message to won't be able to set up intricate workarounds, aren't interested in the whys and wherefore's. Keep it simple - EVERY WEBSITE YOU VISIT ONLINE IS INTERCEPTED AND TRACKED BY BT AND PHORM.

  29. Hayden Clark Silver badge
    Unhappy

    You people have such touching faith in the mass of users out there.

    Most people on BT broadband will see the email, go "huh?" and forget it. Really. There will be no mass migration, no outrage, no shareholder revolt. Why would most people bother, even if they had any clue what was going on (which they won't because the comforting words from their ISP won't tell them).

  30. Ash

    Hey there!

    Ash again!

    Just popping by to say that i'm dropping Virgin again :)

    Thanks for the RIPA and DPA info; i'll be sure to include that in the letter!

  31. Anonymous Coward
    Happy

    Re: Mycho

    Mycho said:

    "Where? How do I delete it? Can I edit my father in law's to make it look like he's interested in goat porn?"

    More to the point, how can I edit my settings to make it look like I am NOT interested in goat porn?

  32. Ian Peters
    Thumb Down

    Detailed customer research by BT

    Does anyone every see these types of research? Why do journalists never seem to ask to see them as proof?

  33. Anonymous Coward
    Coat

    But what about the Children?

    No-one seems to be willing to answer the question about what happens when more than one person is sharing and internet connection?

    I dont have kids using my internet connection but I know several people who have.. so, for the sake of argument, lets pretend I have

    How will phorm ensure that adverts based on MY browsing habits aren't delivered to my kids, and to turn it round ensure that I don't get bombarded for adverts based on my kids browsing habits?

  34. John Bayly
    Flame

    @Hayden Clark

    Agreed, which is why I've been telling everyone I know. And everyone (except for a housemate) was appalled.

    I've spent a decent amount of time writing to various places to try getting an article in a website for the masses. The problem is that most media outlets don't appear to give a shit.

    <rant>

    This is another example of the the media deciding what we should know and care about. At least people in China,North Korea, etc know they can't make a difference. We are taught from the word go that we can choose how the country is run. This is just another prime example of how this is bullshit.

    </rant>

  35. Anonymous Coward
    Anonymous Coward

    Pandora's box

    I can't think of an end to the mischief that this opens the door to. I can't think of a way of defeating it technically except by encrypting everything sent over HTTP.

    I hope that's only because I'm not an expert on the intertubes.

  36. Anonymous Coward
    Flame

    @John Bayly

    My boyfriend is actually a deputy editor at a national broadsheet. I've been hopping about this since it broke on Feb 14 and he keeps telling me it's a.) difficult to explain the more alarmist elements without getting into detailed technical arguments that will lose the readers and b.) difficult to research without a real tech-focussed reporter and c.) not really target audience. Obviously they will report it if/when any action is announced by regulators or someone launches civil legal proceedings.

    On another slant - everyone is focussing on data privacy and protection, but there's one technical argument that shouldn't be overlooked. I know of at least one proprietary system that (ab)uses port 80 (HTTP) and html in order to allow remote clients to connect to head office. It uses port 80 and pseudo html so the connection can be routed via most proxys. If the system is broken by spurious unexpected content such as cookies being injected then who's at fault? You could argue the system developers were short sighted but you never expect your data stream to be tampered with, do you?

  37. Richard Thomas

    @ Pie Man

    Your boyfriend's national broadsheet wouldn't happen to be The Grauniad or the FT would it? If so there's a teeny weeny conflict of interest according to the article...

  38. Anonymous Coward
    Anonymous Coward

    Keep this one going

    Thank god this story hasn't been forgotten from last week.

    Still no word from the regular media about this, which is shocking, but hopefully the shit will hit the fan this week.

    Again, people need arresting for this.

  39. Anonymous Coward
    Unhappy

    Privacy International

    I got a reply to my email, to avoid any legal problems, I wrote this myself.

    We have been pushing for Phorm to remove this content for quite some

    time now. PI does not work for companies, nor do we endorse products.

    Two of PI's staff members, in a private venture, advised Phorm of the

    serious risks that their technology raised. We are pushing for Phorm

    to disclose this risk assessment.

    To avoid any conflict of interest, we have notified our Trustees and

    International Advisory Board of this activity.

    The reality is that PI's accounts are so weak that we must often fund

    ourselves through other ventures.

    Keep well...

  40. Jon

    opt-out opt-in

    ISPs won't want to miss out on this money making scheme. all they will odo is create a two tier system. If you are ok with ads then you only pay current rates and by paying this rate you opt-in. If you want to keep your browsing secret you will have to pay "enhanced" rate of propbaly 3 times this. :(

  41. Andy ORourke
    Thumb Down

    BT's Response (& implied opt-in)

    I just opened a ticket to opt out and here is the reply:

    Thank you for your e-mail dated 3rd March '08. It has been logged under the reference number BLAH BLAH BLAH. As I understand from you e-mail, you want to opt out of BT Phorm.

    I regret to inform we, being the broadband technical helpdesk, do not have the adequate resources to terminate your BT Phorm subscription. Hence, issue needs to be taken care of our dedicated BT Broadband Technical Helpdesk on 0845 600 7030 (open 24 hours / 7 days). They would investigate into the matter and if necessary, they would transfer the call to our Yahoo! Helpdesk.

    For any further assistance please do not hesitate to contact us or use our BT Broadband Self Help web site http://www.bt.com/broadband/help

    Thank you for using BT Total Broadband Support

    BT Total Broadband Support

    Notice the phrase "Your BT Phorm Subscription" I don’t remember subscribing? By the way the incorrect spelling and grammar have been left in place!

  42. Anonymous Coward
    Anonymous Coward

    Channel 4 site

    Yay! and they're even using the correct Registerese - 'data pimping'. Let's make sure that Phorm, BT and 'data pimping' become part of daily conversation:

    http://www.channel4.com/news/articles/science_technology/concerns+over+data+pimping+deal/1703547

    Now I wonder if they'll run the story on the television news?

  43. John Bayly
    Thumb Up

    @Pie Man

    Those are fair points that you've made. Point (a) is the one I really have to agree with. It took a bit of effort to explain to my housemate (he's the type that tries to login when "his bank" email him).

    I have just found that it's been mentioned on Channel 4's new website:

    http://www.channel4.com/news/articles/science_technology/concerns+over+data+pimping+deal/1703547

    Regarding the Proprierty system you mentioned, not only could they be breaking it (I imagine that inserting cookies into the response could break checksums too), they are eavesdropping on something that is not supposed. (Using their highly dubious logic that our HTTP streams are theirs to snoop)

  44. Anonymous Coward
    Thumb Down

    Webwise my @rse!

    This webwise nonsense is a complete joke. Switch to OpenDNS and you get warned about phising sites for free without OpenDNS having to examine all your data. This Phorm lark is pure evil. I'm a VM customer, does anyone have the great Beardy one's contact details. I think a number of concerned customers complaining to him directly about how his integrity and brand image will be damaged by this might achieve something.

    Arturo Toromolusco

  45. mixbsd

    Boycott

    It wouldn't be too difficult to compile a list of companies who utilise the ad brokers/publishers connected to Phorm.

    Boycott the lot of 'em.

  46. RW
    Alert

    That Ernst & Young Report

    It's just disinformation commissioned in order to muddy the waters.

    Accounting firms are like lawyers: they tell the clients what the clients want to hear.

    You have been warned.

  47. Anonymous Coward
    Anonymous Coward

    @Richard Thomas

    No... comment! But forgive me I've been totally rebuked for ev en mentioning using my partners name in trying to publicise this. But seriously so many people on here have mentioned writing to the likes of the BBC, and I myself have written to several news outlets, and the only people running the story (and duly crediting El-Reg) are Channel 4 News:

    http://www.channel4.com/news/articles/science_technology/concerns+over+data+pimping+deal/1703547

    Spread the word!

  48. Anonymous Coward
    Anonymous Coward

    Tuning a Survey

    On the subject of tuning a survey by "Anonymous Coward",

    think back to the last time you completed an employee satisfaction survey for your employer, every company I have ever worked for which conducts those surveys always seems to miss out the fundamental questions. Funny, how those surveys *always* show that the employer is doing a good job, and the employees are nearly entirely happy.

  49. Graham Wood
    Stop

    @Mark

    The "opt out" doesn't stop phorm snooping the traffic, and therefore it being exposed to interception.

    Would you be happy for all your phone calls to be routed through a single building on the Thames near vauxhall (co-inceidently next to MI6's HQ) if you were told that typing something at the start of the call would stop anyone listening?

    The network diagrams that el-reg has shown imply that ALL TRAFFIC goes through the phorm devices - regardless of any opt in/out. Therefore all your opt out does is stop them sending you the ads, it DOESN'T stop them seeing your traffic.

  50. John Edwards

    This should cover it

    Virgin Media Ltd

    PO Box 333

    Swansea SA7 9ZJ

    4.3.08

    Sir,

    I forbid the collection of data concerning the use of my computer and its connections for any purpose whatever beyond that which is necessary for billing or monitoring for technical faults.

    In particular I expressly forbid for passing any of my information to Phorm, (or any like organisation), for any purpose whatever.

    This letter may be taken to over-ride any past or future conditions in your End User License Agreement.

    Yours faithfully,

    Paris because she can cover me any time she likes

  51. Anonymous Coward
    Stop

    Any Word From Privacy International Yet?

    Has anyone heard anything from Privacy International about Phorm's claim that "they have endorsed the technology"?

    Thanks for keeping this story going. It needs as much exposure as we can give it.

  52. Anonymous Coward
    Anonymous Coward

    BT know nothing

    Just off the phone with BT to request my MAC code - sadly Im still under contract for 3 months. When I told them why I wanted to leave no one knew what I was talking about. After speaking to customer options I was told BT have not released any press releases and that the one on Phorm's site has nothing to do with BT. Strangely when I asked to speak to someone higher up about the situation no one was available as they were in meetings all day and will be going home after.

    You just have to love the communication within BT. Roll on June so I can leave lol

  53. Alexander Hanff
    Alert

    The majority of customers are ok with it?

    So they are quick to claim that once they know about the *cough* added security features *cough* of the system most of their customers are happy with this. So my next questions are as follows:

    1. Were the quizzed customers told that this "value added service" breaks the following laws:

    a: RIPA

    b: DPA

    c: European Convention on Human Rights

    d: Trespass of Chattels

    e: Computer Misuse Act

    2. Were the quizzed customers told that the above laws exist to prevent exactly this type of thing and by giving their consent they are giving BT/Virgin et al a means to contravene important civil rights and legislation?

    3. Were the quizzed customers made aware that even if they decide they have had enough of this system so they take the blue cookie to opt-out but in fact all their web traffic is still being intercepted by their ISP and Phorm but they promise not to use it?

    4. Were the quizzed customers told about dark and shady past of Phorm Executives with regards Spyware and Malware?

    5. Were the quizzed customers residents in the local Coma Ward of their city's hospital?

    Incidentally, now with news that the profile is built on the surfers machine, it adds Trespass to Chattels and Computer Misuse Act to the number of laws being broken by this money making scam. Especially if a user opts out and especially if the terms do not specifically state that the service is altering the behaviour of their computer and installing 3rd party software.

    I said it once, I will say it again, BT, Virgin and CPW customers need to grow some balls and tackle this through the courts, especially BT customers who were allegedly already caught up in this through the secret BT trials last summer.

    Until they grow some balls, nothing will happen and the plans will go ahead.

    It astonishes me when I see people making comments (like several in the previous articles) saying things like "If BT go ahead with this I will be leaving them." IF? Leave them NOW. Don't worry about contracts they already boiled their eggs on that one by running secret trials last summer.

  54. Anonymous Coward
    Anonymous Coward

    The real question...

    The real question is, are any of these companies not scum? Can any of them be trusted in the slightest? If they're offering you a free service, you can bet it's not just to make your life easier.

    Would you trust an ex-con that'd been convicted for multiple burglaries to hold on to your house keys?

  55. Anonymous Coward
    Happy

    Dont leave - Have fun

    I have issued a letter to my ISP withdrawing any permission for them to share my personal data with a 3rd party, or ship said data overseas.

    I now have plans to have fun.

    Each time I get a call from an indian call center a complaint will be raised with the data protection people.

    It will be fun to take action at a european level once phorm is implimented.

    If I leave and find another ISP all the furure fun will end. So I plan to fight from within an who knows become richer to boot.

  56. colin stone
    Paris Hilton

    phishing

    Just a thought?

    The excuse for Phorm is it is to make surfing safer and stop Phishing.

    Errrrr is it not the same ISP's who do bugger all to clean up / block the spam in the first place who are the cause of the phishing in the first place.

    Paris because with all the Viagra, and make it bigger cream I will make her very happy

  57. Terence McCarthy
    Linux

    Semi-Literate Control (Remember "1984")

    Another BT man commented anonymously on our last Phorm story, to say the firm is telling worried staff via its intranet: "--Others like you feel different.

    "We will monitor this carefully and see what the experience in practice will be and evaluate seriously."

    If the "BT Man" cannot even express him/herself in standard English (Different/differently), or even in English

    "We will monitor this carefully and see what the experience in practice will be and evaluate seriously."

    what hope is there for the average Labour government educated semi-literate semi-numerate computer illiterate?

  58. Anonymous Coward
    Flame

    Phorm and paedophiles

    I'm a bit confused here.

    BT and other ISPs claim they are common carriers and can't intercept the bits of customers to actively hunt out illegal activities such as the trafficking of paedophile images. Instead, they insist the police get warrants to tap specific data.

    But along comes Phorm and all of a sudden common carrier be buggered, BT say it's perfectly possible to intercept data in order to earn money.

    If I was in the Home Office, I might be asking questions why BT and other ISPs aren't willing to help crack down on serious crime when they clearly have the tools to intercept paedophile data in real time.

  59. Anonymous Coward
    Unhappy

    Bye bye Virgin

    Sigh.

    BT and Virgin get money for targeted advertising, and we get... more adverts. Great deal guys.

    I'm going to write to Virgin and withdraw permission for them to use my details.

    Call me paranoid, but in the past day or two I've noticed odd browsing behaviour. Sometimes, when I request a link, I immediately get told the server cannot be found. If I try again, it works without question. This is even after I switched to using OpenDNS as my DNS.

    This whole episode has now soured me on cookies - I now block all cookies, except for those originating from trusted sites. Given that 90% of them are used for tracking and adverts, I couldnt care less.

    Lets hope other national news outlets pick this story up - its important that people here what BT, Virgin and CW are willing to do with their private data for the sake of money.

  60. Anonymous Coward
    Anonymous Coward

    @ "BT know nothing"

    I doubt that "BT know nothing" - they're past the trial stage which means they have already committed breach of contract (read the comments higher up). You can put them on the basis of these press reports in breach of contract (in writing) and ask them what compensation they propose. I doubt you get offers (expect a whole lot of bullshit instead - that's what they pay lawyers the big bucks for) but once you've done that you may then propose they call it quits - the contract no longer exists due to a unilateral breach of conditions on their part so it's going to be rather rich if they still try to hold YOU to its terms.

    However, IANAL. Get some legal advice, best with a couple of people together. There's nothing a company likes less than collective effort..

    However, part II - where else are you going to go? Do you *really* think you'll be able to escape the clutches of anything promises easy earnings? You're in the UK, you know..

  61. milan
    Unhappy

    Another VM contract lost

    Well I've stuck by Telewest/VM for some time now. Through losing Sky1, through traffic management, even through putting up no contest when asked to divulge my personal details to Davenport Lyons so they could attempt to blackmail me.

    They've had their 3 strikes, I'm not giving them the option of auto including me into this b******s.

    The question is though, who the hell can I move to?

  62. system

    Copyright law?

    Anyone know what copyright law would have to say about them making a copy of the pages to pass on to phorm?

    From a quick read on the IPO site, it does not meet any of the copyright exceptions. If it can be classed as the distribution of an unauthorized copy to a 3rd party, webmasters could possibly put a stop to it.

    Would the fact that they are making money from our content (by building profiles from it) make it easier to prosecute? Would those profiles become derivative works?

    I know if BT were to host our content right on their servers without permission or sufficient acknowledgement, they would be guilty of copyright infringement whether it was seen by 1 or 20,000 people.

  63. Jason Tan

    wide interpretation

    I don't know about UK law, but I suspect in a lot of jurisdictions that server logs are considered "business records" rather than "interceptions".

    Whether or not they would be subject to other privacy laws and the like is another question.

    I suspect if the good professors interpretation were correct sys admins could not do things like run tcpdump to debug problems. I.e. I think his interpretation is likely too wide and would not stand up, as it would not be in the public interest.

  64. Peter Fairbrother

    Some RIPA points answered

    Re: opt-out, opt-in

    Opting in would give BT "reasonable grounds to believe" that you have consented to the interception - but not opting-out would not, as failing to object to something is not the same as granting consent, and granting consent, or a reasonable belief that that has happened, is what is required under the Act. And accepting a cookie you never see on your browser is not granting consent!

    However, in any case the granting of consent must be done by _both_ parties if it's to make the interception lawful:

    Re: What about the data being sent by websites to the customer?

    _Both_ the sender _and_ the intended recipient have to agree for consensual interception to become lawful under S.3(1).

    I raised this very point with Peter Sommer last week, so I doubt he got it wrong - but perhaps he thinks the data is only looked at if it comes from sites which have agreed to Phorm intercepting it, and only when the customer has also agreed - though that is contrary to the little we have been told of how Phorm operate...

    Re: Difficult Call- Contradictory RIPA :

    S.3(3) The "purposes of a telecommunications system" - and note, it's a system, not a service or an ISP - are defined in S.2(1) to be the "transmission of communications". There is no "out" here for storing or passing on anything more than traffic data.

    S 1(6) is about private telecomms systems - BT is not a private telecomms system as far as RIPA goes. There is no contradiction.

    I can't see anything which would or even could make the interception lawful.

    in fact I can't see any grounds to suppose what they are doing could possibly be considered not to be interception, or could possibly be considered to be lawful interception - and unlawful interception, unlike most breaches of the Data Protection Acts, is a criminal offense punishable by up to 2 years in prison.

    Which is where they belong. All of them. Though whether the wimpy Commissioner, or the DPP, will agree to a prosecution is another matter ..

    BTW, if you want to break your contract with BT, Virgin etc - this is good grounds to do so. They are breaking the law. It's also good grounds to sue them .. :)

  65. Anonymous Coward
    Black Helicopters

    RIPA

    Perhaps the best way of ensuring that Phorm doesn't get foisted on the customers of BT, Virgin Media & Talk Talk is for those users who have been unfortunate enough to be on the BT pilot to get themselves a packet sniffer to gather evidence of the intercept and then make a formal complaint to the police. Once the directors of Phorm & BT get to spend a night in the cells they may wish to reconsider their plans.

    http://www.met.police.uk/computercrime/index.htm might be a useful link for anybody considering doing this.

  66. Anonymous Coward
    Anonymous Coward

    Coming to America?

    Previous US & overseas commentators with questions such as "don't you guys over there have data protection" WATCH OUT - Phorm have their sights set on expansion:

    ISP Ad Partners NebuAd and Phorm Eye Overseas Expansions (NY Clickz)

    http://www.clickz.com/showPage.html?page=3628633

  67. Andy Worth

    Contracts....

    So surely in order to start snooping on everyone they'll have to make a contract change, which it is "assumed" you accept by continuing to use the service? If they do this then you have the option to freely get out of your contract without any charges (it's a clause in most contracts like this that if the terms are changed, you can opt out freely).

    Personally I'm happy NOT to be with any of these ISP's. I sign up to the TPS and MPS so I don't get junk mail or "marketing" (i.e. telesales) calls, and all they are doing is exploiting their customers to find other ways of spewing out garbage "targeted" ads at them. Like the "targeted" advertising that arrived offering my dad life insurance 6 months after he had died for example......

    They still don't seem to get that if most people WANT something online, they already know how to search for it.

  68. Michael
    Coat

    Cool!!

    I wonder if it works with wget .....or w3m... and i look forward to my swedish goat pr0n ads ....oh..and. dosent this look like some kind of blocklist?? Is it to keep the crawlers out ? or the marks in, so they can be block-auctioned?

    Mine's the grey mac and the wellies

  69. Paul
    Paris Hilton

    The story writes itself.

    @Pie Man

    Your boyfriend can have this copy for nothing:

    THE SPY IN YOUR LAPTOP!

    UKs major internet companies want to sell your private data to pornographers

    “My 10 year old daughter was researching battery farms and up popped a great big cock”, shreiked a distraught mum.

    A spokesman for the PM said, "Once he was made made aware of the facts he began to look nervous, but regained his composure to say that it is 'totally unacceptable' that a private company had thought about this before the Home Office."

    Paris, because it's happened to her.

  70. Mike Dailly

    Isn't this basiclly stalking?

    Aside from the nastyness of handing over private records, I'm fairly sure if someone was following your everymove you could get them stopped on grounds that they are stalking you....computer or not... you have the right to go about your life without that kind of attention.

  71. Andrew Meredith
    Black Helicopters

    Who to go to & wget

    Several people have asked "If not BT et al then who?". In the comments on another article on this subject I mentioned that I asked PlusNET if they were going to do this and they gave an unequivocal "No we are not". Despite the fact they are owned by BT.

    As for whether wget will get caught, I'm not sure we know enough about the system to say 100%, but from the network diagrams, the wget traffic does at least pass through their equipment, so the Phorm system would seem to "see" your wget traffic, even if it doesn't note it down.

    (Black Helis because the subject matter deserves it)

  72. Robert Jenkins

    Anyone told the BBC?

    The BBC use the name 'WebWise' for their 'Beginners guide to the internet' - I wonder what they will think of BT etc. using it for an advertising service?

    http://www.bbc.co.uk/webwise/

  73. I. Aproveofitspendingonspecificprojects
    Black Helicopters

    @Steve

    Posted onto Firefox.

    I have no doubt that an extension will be made ready by the time the bastards have the scam set up.

    (http://forums.mozillazine.org/viewtopic.php?p=3281599#3281599)

    No doubt Opera will too.

    Who knows, maybe even IE. (Joking.)

  74. alistair millington
    Flame

    more fuel to the PYRE please

    @Jason Tan,

    I think sys admins working on a system for a business don't fall under RIPA because of the contract with work, working as part of their job to process lawfully as the company wants. They are in effect colleagues and staff working on data for the company or by contract for that company, legally covered and permitted under law by that contract.

    BT being an ISP is a service, not a sys admin. They provide your internet connection so your data isn't something that they can consider theirs to work with as they see fit. Which includes tracking and selling it on. BT are third party and not colleague or staff. As a service provide you don't expect them to record your phone calls without first telling you or tap your calls in secret without some legal entitiy giving them an order. You can omit from them recording calls by not calling them, you can't omit from being bugged as the police are doing it, but you know they had to ask a judge etc etc.

    Imagine a bus driver as part of driving you back and forth on his route also wanting access to your shopping bags and to see what you are carrying. It just isn't done.

    This nonsense has to stop.

    BT think that it's customers wants this to happen... Rubbish, and the bit about the profile is built up on my PC????

    So MY CPU power and my electricity is being used to work out their logic for selling their products, earning them more money, and I don't get a cheaper bill at the end...

    JOKE!!! must be a joke... There is a punch line somewhere.

    BT are very soon to lose a customer as everything I hear makes me more nervous.

  75. Anonymous Coward
    Black Helicopters

    @Paul re: The Story Writes Itself

    How did you guess it was the Daily Star!

    Interestingly, much of this may already be going on in partys of the world (who knows where) using a less technologically-intrusive system but arguably just as worrying:

    "Is Your ISP Selling Your Clickstream Data? Do You Have Any Privacy At All?"

    http://www.techdirt.com/articles/20070313/213014.shtml

    Whoever set up the petition, maybe it should be calling for a Public Enquiry into technologies used by data carriers to profile customers, the privacy of data held and adequacy of current legislation in light of this. A second petition would dilute the first, but maybe put a clear message to parliament?

  76. owen bullock
    Stop

    not PlusNET!

    If you ever want to use bittorent again, dont touch PlusNET with a bargepole - they may not be using Phorm, but thats because they've already invested in the deep-packet inspection monster that is Ellacoya. I wouldnt mind if they throttled your traffic after you hit a certain usage limit, but they do it ALL THE TIME, indiscriminately.

    I'm not a heavy user (15G/month) but i want to use the web for What I Want, When I Want - thats why Zen are good for me - i pay for 20G and I use it how i like, none of this 'unlimited' sales bull.

  77. Man Outraged
    Flame

    How to find the Data Controller?

    Who really takes data protection seriously?

    ICO Website is pretty rubbish searching for the Data Controller for British Telecom. Try it yourself.

    Now try the BT website:

    You searched All of BT.com for data controller

    No results were found from your search.

    Suggestions:

    * Make sure all words are spelled correctly.

    * Try different keywords.

    * Try more general keywords.

    * If you are searching with three or more words try using just two or try advanced search.

    Alternatively, if you're looking for a phone number, you can check The Phone Book online.

  78. Slarti
    Alert

    So, is there a way to opt out permanently

    Apart from all the other problems, I was especially struck by your quote from BT's FAQ: "Once you have opted out, the opt out cookie prevents any of your browsing from being collected,".

    Does that mean that if you have sensible privacy settings which, for instance, delete all cookies at the end of a session, that you have to opt out again at the start of every browser session? That is NOT a reasonable opt-out option. If they're sticking hardware in the stream to get the info, they can bloody well remmeber who has opted out at that level.

  79. Rat King

    EY audit

    If anybody has taken the time to actually read the EY audit, the penultimate paragraph is quite interesting...

    "The projection of any conclusions, based on our findings, to future periods is subject to the risk that the validity of such conclusions may be altered because of changes made to the Service or controls..."

    This, to my mind, sounds like them saying that yes, in its present form there is no harm done, but once it is installed and everyone is used to it, they can change the rules to collect private data.

  80. Anonymous Coward
    Anonymous Coward

    Bleurgh

    ----

    A profile of interests is built up on your computer, rather than Phorm's.

    ----

    That being the case set the folder to "read only" - see if that scuppers it?

    ----

    I'm not a heavy user (15G/month)

    ----

    I nearly choked on my Weetabix, or would have done had I read this earlier - to me, 15gGig a month is HUGE. I use less than 2, normally less than 1 unless there's a lot of patching that needs doing; the only time I've used more than 2 gigs in a month was when I was beta testing a new game and had to download it in it's entirety.

    What do I use my Internet connection for... Online gaming, a bit of surfing and web development mostly. All of which, unless there's a round of patches, by their very nature transfer quite small amounts of data (when compared to say, streaming/downloading video).

    Frankly I'd love it if Virgin Media switched to a pay-per-gig type service - I could potentially save a fortune.

    I'm hoping VM realise the shitstorm implementing Phorm could generate once people understand the implications and that they scrap the idea. If not, I'll chip in for the inevitable lawsuit. I've emailed VM and am awaiting a response (surprise).

    Now for everyone who says "change supplier then" - realistically, I can't. I live in a flat, I hold the long term lease but the building itself is still owned by the council. To get HDTV I need either Sky or VM. To get Sky I'd have to get the council to allow me to get a dish installed - and they're quite anti-dish so it'll probably not happen.

    So my options are.

    1: stick with VM for the tv, get a BT phone line installed (as well as the cable one) and pay both VM and BT for phone lines.

    2: ditch VM and put up with just the Freeview channels, loose VMs tv/films-on-demand and catch-up tv - get a BT line installed etc.

    3: stick with VM

    Besides, I honestly think cable is the better technology and I'd rather stick with cable than go back to DSL - at least when I moved into the flat I had a choice of cable suppliers (it was before the NTL/Telewest merger).

    AC coz it's all about the privacy, innit?

  81. Rod Marsh
    Thumb Down

    Bill Hicks

    Had it nailed when he said....

    ''Hands up all those that work in Sales & Marketing'.....

    To which x percent of audiance puts up hands...

    'Kill yourselves, I'm not joking, seriously, kill yourselves'

    He wasn't joking and he was right, People who work in Sales and Marketing add no value whatsoever to society. They are merely a drain on and a pain in the ass to the rest of us.

  82. Robin Zaker
    Coat

    Tinfoil hats off NOW- AND CLEAN UP YOUR MESS

    With the Phorm thing, you are all wrong- if you bother to actually do your research then you'll get a different picture- Why not be more concerned about the secretive Ellacoya or even Google's 24month profile retention? Phorm doesn't even keep data- its trying to reverse the belief that you have to keep massive detailed profile to advertise or anything else (and I know that you hate advertising but be realistic- its not going away, especially with the 'free broadband' wars pushing profits down and out).

    As one of the PI employees sent to look at Phorm (though i'm not allowed to reveal my identity (NDA)- and we feel that 'endorsed' is a bit of a strong word) I had access to their proposed technology and I was impressed with what they are intending to do- it is in my view a step forward in what has been a downhill battle for privacy- not as private as i would want but definitely against the flow of all the other data squirrels.

    Obviously you have realised that porn and the 'sensitive' material will not be read- as the system only recognises pre-defined words/matches. i'm depressed that the rest of the tech community are attacking the one thing that I thought they would consider sensible, but they are too paranoid as ever.

    Ads will not be unlawfully changed-they'll just earn more for the website owner...

    if you opt out then they would not legally be able to even scan your data for wordmatches- that'd be suicide so as a commercial company they wouldn't.

    it's not infringing RIPA- they passed an investigation months ago..

    In fact almost all the problems that you sheep worriers have are not even slightly founded- its all misinformed- go do proper research not wildly inaccurate speculation

    Oh and the whole CHINESE SERVER thing stems from a MUPPET searching for a trace on OXI.com, what a TOOL.

    The thing that depresses me most is that you probably won't even believe an analyst like me who has actually researched the system but that is the truly depressing thing about the 'true online community'- they spend so much time worrying where the next threat will come from they attack the wrong threats with the wrong information...

  83. Alexander Hanff

    Re: Bleurgh

    "To get Sky I'd have to get the council to allow me to get a dish installed - and they're quite anti-dish so it'll probably not happen."

    Not true. You can get "internal" sky dishes now for exactly this sort of situation. The receiver sits on your window sill.

    You basically have no options, if you want to retain your privacy, you need to leave Virgin, it's as simple as that.

  84. Anonymous Coward
    Anonymous Coward

    not a patch on Thereg tech coverage though

    http://www.guardian.co.uk/technology/2008/mar/05/privacy.internet.phorm

  85. Anonymous Coward
    Flame

    @Robin Zaker

    You are not the only person to have such knowledge of this subject, although if you really do work for Privacy International then granted you have a priviledged insight to the actual technology being used by Phorm that I don't have access to.

    I do however have many years experience designing and developing software systems and tell you that beyond all doubt there will be several software updates. Once the infrastucture is in place it offers yet another opening for either malicious or well-meaning persons either within or outside of the ISP to add a new "feature" to the system.

    On a point of law, interception is interception. Discussions with the Home Office or anyone cannot preempt how the law will be interpreted by a court if it is ever tested. From what I know of RIPA it doesn't matter if the end use of the data protects the privacy of the individual, it's the manner that communications were intercepted. Was the interception necessary to route the data? Was only the carrier involved with the interception, and if not, why did the carrier need to involve a third party.

    And finally, as a purist from a protocols perspective you shouldn't have the carrier injecting anything that is not needed for the purpose of routing traffic into a transaction between the server and the client. It opens up the system to a whole host of abuses which could include overlay etc. The content of the stream sent by the server is owned by someone, it's not up to an ISP to inject anything, even so small as a cookie, into this stream. Purist I know but without rules and principals we wouldn't have such as rich and wonderful thing as HTTP/HTML etc developed from scratch by mass participation in a relatively short time frame.

  86. Anonymous Coward
    Flame

    @Robin Zaker AGAIN

    Oh, and I still don't see how an organisation dedicated to protecting privacy can argue like you do that a simple profile of interests does not breach privacy just because it's only against selected keywords.

    Even seemingly innocuous data such as a person's movie tastes can give away a person's political and sexual persuasions; rights enshrined in Human Rights legislation, as described in the debacle following release of anonymous survey data by Netflix:

    http://www.techdirt.com/articles/20071130/114005.shtml

  87. Anonymous Coward
    Flame

    @ Robin Zaker Even if you are genuine...

    'Robin' an interesting and thoughtful response which may damp down some of the hysteria but many unanswered and worrying issues remain, including:

    The deliberate secrecy of BT, VM and TT around their plans and deliberate obfuscating of the page tracking behind the virtually worthless anti-phishing marketing story;

    The undeniably shady past of the company principals, re spyware, rootkits and 121;

    The overenthusiastic spin on privacy including reference to a PI endorsement - which you admit does not exist - and an E&Y endorsement that is so caveated as to be virtually worthless going forward;

    The apparent lack of any ongoing supervision to prevent deliberate or accidental changes to the use made of the collected data;

    The fact that all webpage data will be potentially available to phorm/OIX irrespective to what they have demonstrated to you and others for 'day 1';

    The fact that the 'opt-out' capability described for webwise does not prevent your data from being collected, only ignored (for the time being);

    The concern that unsuitable ads may be targeted at different people using a single computer (not just pr0n!);

    The 'Chinese Servers' may or may not be incorrect but in fact nobody knows where the company will operate. (The UK address of phorm is a serviced office block).

    While these and other questions remain it is sensible for customers to be concerned and to err on the side of caution. The fact that the phorm approach may be 'less bad' than others is hardly cause for celebration.

  88. Anonymous Coward
    Anonymous Coward

    @PieMan the gardian tech censored the law posts...

    i cant beleave it, TheReg rocks and keeps everyones poststs.

    however all those law references posts by IATL in that gardian tech thread you posted in today PieMan have all been removed, they dont like truth only their version of the truth apparently.

    lucky most if not all the law parts were also placed here by several good users, so if you want some real insight, TheReg is your place to find it.

  89. Anonymous Coward
    Anonymous Coward

    and so phorm bring out the PR team

    http://www.ispreview.co.uk/talk/showpost.php?p=198873&postcount=5

    "...

    we are fully confident that our system complies with the Data Protection Act, RIPA and other applicable UK law

    ..."

    http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-39.html#post34501036

    "None :

    Well here’s something interesting. Reading the comments here - http://www.politicalpenguin.org.uk/blog/p,297/#comments

    Note comment 7 is a response from someone on the tech team at techteam@phorm.com

    The part that interested me was this,

    “Re the opt out, if you opt out — or switch the system off, it’s off. 100%. No browsing data whatsoever is passed from the ISP to Phorm”

    So they say that once opted out that no data passes to Phorm. Interesting. Still don’t believe it, but interesting statement nevertheless.

    __________________

    Learn more at www.badphorm.co.uk | Get tooled up at www.torproject.org | Complain to Virgin with this template | Sign the e-petition at http://petitions.pm.gov.uk/ispphorm "

  90. SilverWave
    Flame

    Cut and Paste to send to the "Non techie"

    To make it easy for non techie's to see what is going on here, let me explain it in the context of a system everyone knows about... the phone system.

    Imagine that your TSP (Telecom Service Provider) decides to make some extra money on the side by allowing "Targeted Advertising" in the same way that these ISP's (Internet Service Provider's) are with Phorm.

    So here Goes:

    You make phone calls to your Wife, your Doctor and your Daughter, with the new service, "The Gold Standard in Privacy" Phrom...

    What happens is this:

    Each time you call, someone from Phrom taps the line and listens in, they have strict instructions to write down all that you say, except numbers with more than 3 digits (to protect against the accidental collection of social security, telephone and credit card numbers), email addresses and calls to your Bank (if you use your scrambler) and to listen for certain key words (which they say will help them send you targeted advertisements tailored to you).

    So they hear that you are talking a lot about "Top Gear" and mention "Audi" and "Bentley" so the Profiler writes down "Expensive Cars" - Not against your name but against a "Number" all of the time you are on the phone talking, the profiler keeps listening and adding to the different categories about you.

    They also do the same if your children make a call or your grandparents or if you call your Doctor.

    Now as soon as you hang up the Profiler is supposed to destroy the notes he took of the conversation

    So all of the following should be destroyed:

    The time of the call

    The number you called.

    The details of the call e.g. who you called and what you talked about.

    Your Name and Number.

    In return for you very kindly letting the Profiler listen in to your calls you get a SupaDuppaService from Phrom its called WebSpy and its free!

    How WebSpy Works:

    If the Profiler listening into your calls notices that you have called a dodgy number in Russia, which is suspected of terrible behaviour, (like bugging your phone), then the profiler will shout at you to hang up.

    How Phrom Targeted Advertising Works:

    From time to time the guys listening into the calls you are making will notice that you have called one of their members numbers.

    The member will, without you knowing, pass the Profiler a note asking what you like.

    Then the profiler will shout at you to buy a Expensive Car from this guy.

    Wow what a great service that is!?

    Its certainly worth giving up a little bit of privacy and having someone from Phrom listening in to all your calls isn't it?!

    Notes:

    "Phorm's systems collect browsing information such as URLs visited, search terms entered, OS version, relevant keywords of a particular page and randomly-generated unique Ids.

  91. Anonymous Coward
    Black Helicopters

    @AC IATL Is NOT me!

    Sorry, I am not posting as Iamthelaw. I'm posting as simplepieman as always.

    Interesting though that they've been removed. There appears to be a concerted effort of Phorm porponents to discredit the tin-foil-hatters. I have a new CONSPIRACY THEORY!

    Interesting also that Robin Zaker above noting that "tools" who accidentally looked up oxi.com [sic] and accientally thought the Phorm servers were in China.

    Well obviously oix.net, used by Phorm, is registered in New York and uses a Gloucester-based ISP, and the whois record last updated 07-Dec.

    The China rumour is possibly that, a rumour, that Phorm will use to it's strength.

    Bootnote:

    So what about oxi.com and oix.com (both for completeness)? oxi.com is presumably a typo by Robin Zaker, it's registered and served from NY State, whois record has not been changed since late 2007 and the owner seems a well established firm

    HOWEVER, oix.com IS owned by Phorm, and whois record was last updated 29-Feb-08 AFTER THIS STORY BROKE ON 14-Feb! No proof here, but if Phorm are going to use the .com/.net distinction to counter the China claim what can we draw from the whois record change on 29-Feb-08?!

  92. Florence Stanfield
    Thumb Down

    Invasion of my privacy and human rights

    I feel this is an invasion of my privacy and human rights. I have signed the patition aboutt his for Number 10 but feel these ISPs need to do a total rethink on this. The advert I watched about Phorm filled me with so much horror it was as unconvincing as all those Tiscali TV adverts.

    This type of thing should be opt-in only not considered you have oped-in since you didn't go and opt-out.

    When you get spam emails you never go to the opt-out link since that proves the email address is correct. This is no different I signed upto TPS to stop cold calls over the phone, I use adblocker and regularly check for adware on my pc. My antivirus and firewall both have antiphishing so why do I need the spy on the net trying to target adverts I dont want towards me.

  93. alphaxion

    robin

    I'd pay more attention to israeli firm allot, they have monsters that even ellacoya get nightmares about.

    I still find it rediculous that there is this belief by companies that adverts make the internet experience and that their being relevant to what you are browsing actually enhances this experience.

    in the words of the late, great bill hicks (since he was invoked earlier in this thread) "allow me to *bang* pop that fuckin bubble".. adverts are an annoying noise that many people simply filter out (either mentally or thru software) ads and the spam that ensues often detracts from the net and is usually seen as a necessary evil that allows the majority of sites to keep running.

    I look forward to a day when we can figure out a mechanism for funding websites without the need to suckle at the teet of the advertising industry.

  94. Anonymous Coward
    Anonymous Coward

    and so phorm bring out the PR team

    http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-48.html#post34502306

    "Hi all

    I work on behalf of Phorm here in the UK. Many of you may already have seen it but of not there is a transcript of last nights live interview with Phorm's CEO at http://www.webwise.com/chat as well as a Q&A session at http://www.theregister.co.uk/2008/03...rgess_ertegrul

    Rgds

    PhormUktechteam

    "

    http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-49.html#post34502409

    "Hi all

    I work on behalf of Phorm here in the UK. Many of you may already have seen it but of not there is a transcript of last nights live interview with Phorm's CEO at http://www.webwise.com/chat as well as a Q&A session at http://www.theregister.co.uk/2008/03...rgess_ertegrul

    Rgds

    PhormUktechteam"

    "down the thread, paul Nolan

    ...

    but frankly TechTeam and PhormUKTechTeam, as far as we know has no detailed knowledge of the workings of ISP's data capture Phorms patents, and the like.

    Maybe they're just passing on uniformed propaganda meant to mislead us and stall on complaining to the ISP's involved."

  95. Anonymous Coward
    Anonymous Coward

    and so phorm bring out the PR team

    sorry about that

    http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-49.html#post34502409

    should read

    "Thanks Mick

    To be clear, yes I work for an external agency for Phorm - a UK PR agency.

    My job is solely to take the information Phorm is making available - the interviews, the Q&As etc and place them into these discussions.

    I believe I am totally open about this - my log in name is pretty clear, and the first line of my introduction clearly states who I work for.

    It is my job to simply present the facts about Phorm."

  96. steve hayes

    Solicitor advice - Phorm

    Come on, there must be a good solicitor who reads this column who cares enough to muster up (for free) a BRILLIANT anti Phorm template letter that we could all copy that we would definitively serve us well in a mailing to our ISP's to get under their skin due to the sheer volume of mailers.

  97. Anonymous Coward
    Anonymous Coward

    RIPA, explicit consent required, remove it NOW

    hi chris ;)

    it would seem from a RIPA POV pritty simple then.

    if they dont get 'explicit consent of ISPs' users' and a website owner were to place a notice on a webmasters pages to the effect of ,they do not allow interception by Profileing electronic devices such as the Phorm system, then any 'Targeted online advertising services' are a no go end of story.

    might be advisable to keep an eye on those T&Cs though , dont want your consent auto inserted in there while your not looking do we.

    like i keep saying send that DPA notice removing consent for anything outside the basic supply and billing now and in the future, to be sure to override those auto inserted consents.

This topic is closed for new posts.