back to article Dear ISP, I am not a target market

Chapter four of Generation X, Douglas Coupland's seminal 1990 eulogy to post-war optimism, bears the winning title "I am not a target market". We've been constantly reminded of that romantic, seemingly futile protest against corporate society in the last two weeks. Coupland's trio of Arizona drop-outs would surely be amused by …


This topic is closed for new posts.
  1. Greg Berlin


    The fact that they are targetting ads at me is maybe not to bad - I actually consider the fact that there are ads on the pages to be much more of a problem.

    The number of times that a Register page does not render because it is waiting for to respond is far to much, and very annoying!

  2. Steve

    Here, here

    Phorm is made of fail and lies.

  3. Anonymous Coward
    Anonymous Coward

    And whose model is not out of the pages of Orwell nowdays?


    Can you please tell us the name of a company selling consumer product that does not try to engage in at least some form of Orwellian target marketing? What is the name of the company that does not try to collect the addresses of marks for future fr^H^Hmarketing promotions through fake freebies and prises? What is the name of the company that does not try to perform data mining on their customers.

    Frankly, compared to the Nectar abomination Phorm is a harmless marketing w**k.

    Note, I do not try to defend BT or Phorm, I am simply stating the bleeding obvious. It is about time to make a psychiatric certification a requirement for sitting on a corporate board and being a company director. Otherwise we will end up in something more akin to "This Perfect Day" skipping 1984 altogether.

  4. Anonymous Coward

    A question to PhormPRteam

    A simple question.

    You are going around the forums saying your system is good and has been audeted, etc, on and on.

    OK if it is so good, why do all the people who know about the technology say it is bad, and an invasion of privacy.

    When all the world (except the BBC) say something stinks it must actualy stink.

    Thanks Reg another good piece.

  5. The Other Steve

    Excellent article

    Sums it up very nicely I think. I don't hate ads, I hate the idea of my ISP selling me to some scumbag spyware outfit like Phorm I hate them for even thinking that this is OK. And I really hate them for trying so desperately to muddy the issue, especially with regards to consent. It's arrogant, underhanded, devious, and at best only borderline legal.

    These are the kinds of tactics I expect to see from some dodgy, many times bankrupt business listings firm. Not the UKs major ISPs

  6. Jonathan
    Paris Hilton

    its a shame

    You know, on the Internet, my two pet hates are advertising and unwanted software. By unwanted software, I mean anything that wants to install itself on my computer, or otherwise affect my computer, that I dont want there. Thus, adware, malware, spyware and viruses and trojans all fall into this category.

    And so, its with dismay that I realize the reason Phorm is so bad, is because its using the Number 1 Worst Internet thing (Spyware), to promote the Number 2 Worst Internet thing (Adverts), by violating my privacy.

    How is this good for me exactly?

    Phorm is an example of the worst of the public's fear of a corporation - a corporation that makes money by exploiting customers in a fashion that, if it isnt directly illegal, is at best immoral.

    I'd love to understand what motivated the founders of this company to be so underhanded. What made them wake up one morning, and think "Gee you know what? I love money so much, that I'm going to sell the private data of millions of people to unscrupulous advertisers. because I know they wont be crazy about the idea, I'll hide it under an anti phishing technology that nobody needs anyway, and lie as much as possible so I wont get found out. Woohoo, Money, here I come!"

    Paris, because the makers of this software would love to be as rich as she is, too bad they didnt have rich daddies - maybe then we wouldnt have Phorm? Maybe we should start a donation drive for these guys, they are obviously so hard done by.

  7. Tanuki
    Paris Hilton

    You are the product.

    Just remember: as far as Phorm/ISPs are concerned - just as with commercial TV - you are not a customer.

    The customer is the advertiser. Your eye-time is the "product" and the ISP/TV-station's only interest is to deliver losts of product to customers.

    Paris: because she's 'product'.

  8. The Mighty Spang

    war on phorm

    surely this will just spark website owners to start coding JS to rip out phorm added stuff. they don't have enough time to track 500 million variants of the same code.

    perhaps re-write the html to include 32000 (hidden) links to the phorm corp site

  9. Anonymous Coward

    Where are the rights of the page owners?

    I never look at any adds on internet pages. If I want to buy something, I'll google for particular companies who supply it - just to round it off, I'll ignore anyone who is in google's sponsored links who isn't also in their non-sponsored links.

    If a site owner wants to allow their pages to host some advertising as a way of making more money - or even subsidising the running of their site - then that is up to them to decide. They will then presumably have some say over what gets put there and where it is situated so as to be visible but not to distract from the content of their site.

    What I object most strongly to, is that Phorm are possibly planning on putting adverts onto pages where the original content creator has chosen not to place them....or they are going to replace the advert the site owner did want (presumably because it related in some way to the content of their site) with something targeted at me.

    So not only are we letting our own personal data into the hands of a company we don't like/trust/want, but we're also being led down the path where we allow site content to be modified based on marketing habits - very dangerous indeed!!

  10. Darren Winter

    Mozilla / Firefox / Adblock

    Forgive the naivety of my question (if indeed it is a naive question), but will the combination of Firefox and Adblock throttle these wonderful, life-enhancing adverts? In fact, by being able to use the *phorm* wildcard combination, might it be even easier to cut adverts off than it is now?

    If this is so, then this might the kick in the goolies that IE needs. If everyone knows how simple it is to cut almost all ads of at source - rather than, as one earlier commentator said, wait for doubleclick to steal more of your life away - might this be the start of IE's long-awaited trip down the dumper?

  11. Man Outraged

    Thanks again El Reg - WELL PUT!

    A whole bunch of Reg Readers, many doing it as a hobby without pay, spent many hours over the last 15 years contributing to standards that drive the internet today. From HTTP through to XML, all due credit to the original pioneers, have benefitted from a public standardisation, review and refinement/RFC process.

    Why does anyone think that we'll sit back when someone claims to do the seemingly improssible - profile everyone to the benefit of marketing types without affecting the very fabric of the internet itself or put personal privacy at risk?

    We sat up, questioned everything, got marketing guff in response as gaping holes appeared in the claimns. A data gathering exercise at the heart of the countries information exchange and a couple of "reports", ONE WHICH HAS YET TO BE RELEASED claim all is good, nothing to see here.


    Anyone who ever worked on a software system knows how difficult it is to check it does what's needed, never mind check it doesn't have unintended side effects. Fairly simple financial control systems can cost hundreds of millions of dollars because they have to be thoroughly audited both to do what they say they do, have an electronic trail of all operations, etc etc.

    And then look what still happened at SocGen!!!

    You Phorm Tech Team/CDR PR MONKEYS and more importantly BT, Virgin Media and Talk Talk go an print off 10000000 copies of your report... And use it to *wipe your arses on for the next 3 years/*clean up this mess (*delete as appropriate)


  12. Alicia

    Where's my share?

    So people are selling my private data?

    My stuff?

    Why is this even legal? I don't remember saying they could claim ownership of that data in the first place!

  13. Ben Davies

    Copyright ingringement

    Doesn't the creation of a derivative work (i.e. sticking ad's into the HTML code of my website) without consent constitute Copyright Infringement?

  14. Anonymous Coward

    K.I.S.S. or, I.T.I.S.P.S.

    It's The ISP, Stupid!

    About time the focus was on the real villains here - the ISPs. They are the ones proposing to intercept their customers HTTP traffic, default *their* customers to opt-in rather than opt-out, analyse their customers web traffic.

    If they need to change their Terms of Service to operate this then customers should be made aware they can cancel the contract without penalty and move to another, non-intercepting, ISP.

    Publish a list of quality ISPs that have undertaken never to intercept their customers Internet traffic (except in accordance with the law and court orders). Preferably, move to an ISP that operates one-month contracts like Zen rather than 12 or 18-month lock-ins.

    Phorm's targeted advertising system is good at what it does and, if it were analysing data gathered in an acceptable manner, is better than most current advertising engines (Google, etc.) in that it doesn't keep a history.

    For clarity, Phorm *isn't* about inserting or replacing adverts in pages as some people think. Their system only analyses traffic and builds up a profile of categories of advertising.

    Web-site operators who use the OIX advertising system on their site will be able to deliver targeted adverts to visitors if those visitors present the cookie containing the random number which relates to categories the visitor has been determined to be interested in. Without the cookie the advertising won't be so targeted.

  15. Dave Jones
    Jobs Horns

    When in doot, pollute!!

    We should be happy that marketeers are such dullards. They never understand how easy it is to program our machines to outfox them. If they start cueing off IP packets, then machines will start sending HTTP packets to all manner of random addresses. It wouldn't take much to undermine their business model. If some percentage of Phorm's database is worthless, then their friends in advertising will drop them like a rock. Start polluting!

  16. Anonymous Coward

    Re: Where are the rights of the page owners?

    Sorry, but where have you read that Phorm are going to be injecting adverts into pages without the owners consent? That's news to me, it hasn't appeared in any article I've read, but I concede that my habit of speed reading does occasionally mean that I miss something.

    What I have read is that website owners will place Phorm javascript/code into their pages, much like they do for any other advertiser. The difference being that visitors to that site will receive targeted adverts based on their browsing.

    What Phorm does is wrong and if Virgin Media don't come to their senses they will lose me as a customer, but lets not muddy the issue with misinformation.

  17. Karlis

    so, modifying the pages again?

    from their website: "with irrelevant ads replaced in the process."

    such a scumbags...

  18. Aaron

    My Browsing habits are not for sale

    Basically the title says it all, I consider my browsing habits my property and do not give ISP's or anyone else for that matter permission to use the product of my time to make profit for themselves without my consent.

    Thank god my ISP wont be doing this.

    Im just looking forward to the adverts "Come to X ISP, unlike some we wont sell your browsing habits to 3rd parties without your permission".

  19. The Other Steve

    Excellent technical info here,295/

    Including information from Etregul's patent, which at least one of us ought to have thought of, oh well.

    Juiciest bits from the patent, because I know you'll all love this, but go have a look, it's a truly excellent piece. See if any of this sounds familiar...

    "Furthermore, though the present disclosure discusses HTTP traffic in many examples, it will be appreciated that other types of protocols and traffic may be employed in connection with the targeted advertising system and method described herein."


    "Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed "


    "Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client"

    Oh dear.

    "As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."

    Oh Phorm, have you been telling us some MASSIVE porkies or what ?

    The patent (linked at the above blog) is pretty dense, as you would expect, and contains plenty more of this kind of stuff. No doubt Phorm's hapless spinmeisters will be around to tell us that this isn't the technology they are going to implement NOW, and who knows, they might even be telling the truth*. But Phorm have lodged a patent application for technology that does indeed do all the things they have just assured us that they definitely won't do, ever, honest, we promise, cross our hearts.

    Phail !

    Props to Political Penguin for digging this up, looks like a smoking gun to me. Why patent a technology that you aren't going to use ?

    * Really, they might. After all they did have Simon Davies look at it.

  20. Rob Elliott

    Vote with your feet

    If you don't like it, go to another ISP. If you feel really strongly you could also write a letter telling your old ISP why you left.

  21. Joe K

    Bill Hicks saw where we were going

    "By the way if anyone here is in advertising or marketing... kill yourself.

    No, no, no it's just a little thought. I'm just trying to plant seeds. Maybe one day, they'll take root - I don't know. You try, you do what you can. Kill yourself.

    Seriously though, if you are, do.

    Aaah, no really, there's no rationalisation for what you do and you are Satan's little helpers. Okay - kill yourself - seriously. You are the ruiner of all things good, seriously. No this is not a joke, you're going, "there's going to be a joke coming," there's no fucking joke coming. You are Satan's spawn filling the world with bile and garbage. You are fucked and you are fucking us. Kill yourself. It's the only way to save your fucking soul, kill yourself.

    Planting seeds. I know all the marketing people are going, "he's doing a joke..." there's no joke here whatsoever. Suck a tail-pipe, fucking hang yourself, borrow a gun from a Yank friend - I don't care how you do it. Rid the world of your evil fucking makinations. Machi... Whatever, you know what I mean.

    I know what all the marketing people are thinking right now too, "Oh, you know what Bill's doing, he's going for that anti-marketing dollar. That's a good market, he's very smart."

    Oh man, I am not doing that. You fucking evil scumbags!

    "Ooh, you know what Bill's doing now, he's going for the righteous indignation dollar. That's a big dollar. A lot of people are feeling that indignation. We've done research - huge market. He's doing a good thing."

    Godammit, I'm not doing that, you scum-bags! Quit putting a godamm dollar sign on every fucking thing on this planet!

    "Ooh, the anger dollar. Huge. Huge in times of recession. Giant market, Bill's very bright to do that."

    God, I'm just caught in a fucking web.

    "Ooh the trapped dollar, big dollar, huge dollar. Good market - look at our research. We see that many people feel trapped. If we play to that and then separate them into the trapped dollar..."

    How do you live like that? And I bet you sleep like fucking babies at night, don't you?"

  22. MarkMac

    Who cares about the ads?

    The ads are the least of it, its easy to add to the blocklist along with

    The real issue is your browsing history being handed to a 3rd party surely?

    And no, they won't be injecting entirely new adverts into the stream, merely serving up "relevant" ads on webpages which already have hooks to their system. So you won't suddently get adverts on the BBC website, or injected into a "wget"...

  23. Sam

    Re; When in doot, pollute!!

    So when will this "confuserator" be available?

    Preferably as a Firefox plugin?

  24. Ash

    @Rob Elliott

    Done and done! I have the letter, I have the T's and C's and Contract unmolested so I can compare once the service goes live and show them the exact breaches they are guilty of!

    All I need is the date it goes live, and my cancellation will be there with the afternoon post :)

    Fantastic article, by the way, and well done The Other Steve for linking the patent article! Another bullet in the clip.

  25. Anonymous Coward

    @Mark Wilson - how current advertising works

    In page adverts are served usually by a media brocker. So as a site owner with my 1million hits per month to sell, I go to this brocker and they will serve the ads to my site in the banner and skyscraper area defined for them. Then they will track them and tell me how many were served, clicked etc etc often they will make these figures up so as to pay me less.

    The choice of which advertisers is fairly arbitrary, the site owner can obviously list competitors that should not be shown, also some adverstisers will stipulate that they do not want to be shown on a site also advertising competitors, e.g. you wont often see a vodafone and orange ad on the same site in the same session.

    Also the advertiser will have approached the broker and said broadly what sites they want to appear on, e.g. family friendly or technology related. etc etc. Also what sites they dont want to be shown on e.g. filesharing, porn etc

    So in reality as a site owner you already have little control over what ads are shown on your site. Phorm is attractive since the marketing is much more targeted so there is more of a chance of a sale therefore the advertising costs are higher than they would be currently.

    Obvioulsy as both a site owner and a consumer this does not benefit me as that ad-revenue doesn't come to me.

    Presumably the ad brockerage networks must be involved in this too.

    And .. how long before someone like those of us commenting here can knock out a grease monkey script to taint the sniffed data so that it is not as targetted as they would be banking on for the marketers.

  26. kosmos
    Jobs Horns

    A superb summation

    One can not claim transparency on one hand, whilst engaging secrecy on the other.

    Phorm sells consumers short, by treating our data as its own personal money-printing tool.

  27. Anonymous Coward
    Thumb Down

    but does it run on linux?

    My understanding of this is that the process of sticking these 'targetted ads' into peoples browsers will be done via spyware, but where is this spyware going to be running? On the ISP's servers? intercepting and modifying every single packet sent in or out? How is that even remotele viable and how will this affect the socks5 proxy I use via an ssh tunnel to prevent users on my local network monitoring my traffic?? and what about the fact that I use ABP and NoScript?

    All in all I find this whole concept disgusting and will be moving to a new ISP promptly in order to maintain my browsing dignity.

    Posted anonymously cos that's how I roll.

  28. Anonymous Coward

    So what???

    I don't really see the problem.

    I don't click on advertising like this but people do. I suspect more people (maybe even me included) would click on these banners if they were more relevant.

    To me, this means that ads are maybe going to get worth looking at as they could show me a product that I actually want.

    When i watch tv i am forced to watch adverts trying to sell me false teeth adhesive or kids toys when my teeth are my own and i have no kids... THAT winds me up. If the adverts were for snowboards or cameras because i have been watching programs about these then i would be less wound up and may even respond to them.

  29. Killian

    more relevant...

    Excellent article.

    An ISP's offering will be relevant to me when simply provides me with a internet connection that I can plug my router into - end of.

    No amount of marketing is going to convince me - or anyone who takes a moment to think about it - that my actual requirement is any more complicated than that. No phone packages, web space, email services, web site builders, etc. But apparently, in the wonderful world of the free market economy, it's impossible to make money by simply building infrastucture and charging for connection and usage.


  30. Fruitloop

    Bill Hicks...

    Outstanding reference...thoroughly enjoyed that!

    I have just emailed my ISP (Eclipse) to ask if they or Kingston Communications who own them are planning to sign up to this Phorm shit. If they say they will then as soon as they do and I see the Webwise page I'll give them the boot and tell them exactly why as well.

    Its just as the AC above said, its the ISP's who are really screwing us over on this so tell them to get stuffed as soon as you get the Webwise page.

  31. Martin Simpson

    My solution.

    I am a current customer of Virgin, and i do not like this one single bit.

    From here on in, all data sent over the internet will be first encrypted then sent to a server in amsterdam (which i own). The latency is around 20 seconds, and worth it as far as i am concerned.

    Sign-ups are welcome ;)

  32. The Other Steve

    @ Vote with your feet

    Thing is, until this, I liked my ISP. I realise that this makes me fairly unique in a world of cynics and freetards, but they give good service for a reasonable price, don't bug me about download limits on the occasions when I find myself downloading 15GB of Service Packs, Dev tools, SDKs, source code and all the normal shite in the course of a week, and although their tech support is reputedly pretty awful, I cant actually remember the last time anything went wrong enough for me to have to speak to them. They've been my ISP for, well, since I stopped dialing through local universities to get net access, anyway. I have NEVER had an issue with them. Until now. Which is why this pisses me off so much.

    If they go ahead with this, I *will* be off, no question, even if I have to put up with a more rubbish service. I'll be voting with more than my feet, I'll be voting with my feet, my solicitor, my friends and family, and anyone else whose ears I can reach. As is suspect will many others.

    But OTOH, if they see the error of their ways and stop acting like cnuts, I am willing to reconsider. Quid Pro Quo. I have made them aware of this position, weather they take any note of such customer feedback I have no idea.

  33. Michael

    Missing the point?

    Surely if your ISP is passing data to other companies this would be illegal under the Data Protection Act as in some cases at least his would constitute personal data - the whole point is to build up personal browsing history? A few legal cases might go a long way to discredit the idea.

    Adblocking any resulting ads would get around the problem of unwanted tosh arriving at your computer - but why not ask your ISP to block the spam which they are sending to you unsolicited and which could count towards your monthly download quota - or raise your quota and pay part of your electricity bill to cover your administrative costs.

    Ultimately, if the companies whose ads were targeted were to learn that nobody liked receiving their advertisements at that it reflected badly on them, then the whole scheme would last a long about as an ice cream in a microwave.

  34. JohnG

    "Sorry, the information you requested won't be displayed....

    ...because your ISP and Phorm have chosen to replace the ads that pay for my website with others that only pay them."

  35. Law
    Thumb Up

    @ Ash & everybody else

    Not sure if you have the time - but if you are doing all that maybe you should post your letter, the current T&C's and whos-who to send them to - maybe in some sort of blog. If you do, then others can take action with you and we can all show how wrong this is.

    When that happens, the BBC will come in with their "unbiased" reporting and jump on the bandwagon too - they love a good old internet protest! :)

    I bet within a week or three you will have sparked off a mass-protest, with people using a printout of your letter with their name on it.

    They would have to take us serious then. Strength in numbers!!! :)

  36. Pseudopath

    @ Ash

    Where did you obtain the 'T's and C's and Contract unmolested' from so I can obtain my own please?


  37. Graham Dresch

    Since Phorm consider my browsing data valuable...

    .. they can pay me for it. The initial charge will be 100 GBP / click.

    Collecting data constitutes acceptance of this agreement, I reserve the right to increase the charge as and when I see fit without prior notice.

  38. Paul Hurst

    RE: And whose model is not out of the pages of Orwell nowdays?

    "Frankly, compared to the Nectar abomination Phorm is a harmless marketing w**k."

    You see, I always thought that the nectar was optional (and i can shop at nectar enabled outlets, without having a card, or could choose not to use it for buying particular items)

    That said, whilst the payout is small, you do get a *slight* cut of the wealth.

    Are you suggesting that a card that you present at your discretion in a handful of shops, is substantially more dangerous that all your shopping at *every store* (Given that SSL is only used at the card payment stage)?

  39. Anonymous Coward
    Black Helicopters


    You can make a start with TrackMeNot ( ), a Firefox extension:

    TrackMeNot runs in Firefox as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and MSN. It hides users' actual search trails in a cloud of 'ghost' queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles. As of version 0.4, TMN's static word list has been replaced with a dynamic query mechanism which 'evolves' each client (uniquely) over time, parsing the results of its searches for 'logical' future query terms with which to replace those already used.

  40. scott green

    Re; When in doot, pollute!!

    "So when will this "confuserator" be available?

    Preferably as a Firefox plugin?"

    I find Noscript/Adblock Plus/Track Me Not works just fine, 'cept Track Me Not is currently Us for my Beta 3 version of FF3

  41. Anonymous Coward
    Anonymous Coward

    @Compared to Nectar...

    ... I never signed up to Nectar and they left me along.

  42. Tony


    ABC Breakdown Cover

    29a Ertegrul Way



    Dear valued customer,

    We would like to thank you for your long-term subscription to our 24 hour accident and breakdown recovery service and would like to take the opportunity to advise you of some minor changes to our terms and conditions.

    As you may be aware, the UK breakdown market has become extremely competitive in recent years and to continue to attract new customers we have had to offer significant discounts- in some cases even free cover. This has obviously had a major impact on profits and to ensure a healthy return for our shareholders we had to investigate alternative ways to generate income.

    We are very proud to have found a way to do so - while still continuing to provide the same high level of breakdown cover as always, with the same courteous service and at the same great price.

    We have recently signed a deal with a major agency whereby, in exchange for a percentage of profits, our long term subscribers will assist visiting Korean businessmen with executive stress relief.

    Despite any alarmist reports you may have read in the gutter press, this arrangement should cause you little or no discomfort. You will only be required to participate once a month, at a Holiday Inn of your choice. Furthermore, a generous amount of lube will be provided at no extra cost and your anonymity will be preserved at all times by use of our ingenious ‘paper bag over the head’ system.

    In the unlikely event that you are for some reason unhappy with this minor update to our terms and conditions, you are free to cancel your policy and seek cover elsewhere. Of course, a similar system has recently been adopted by nearly all of our major competitors as well - I hear the RAC don’t even give you the lube.

    Just to further allay any fears you may have that this new policy is in some way ‘immoral’ or even ‘illegal’ – I can assure you that our legal team has researched the matter thoroughly and insist that this is completely ethical, based on a recent precedent set in the UK ISP market.

    We would like to thank you for your continued custom.

    Yours insincerely,

    Mr A Patsy.

  43. Chris Jones-Gill

    Pay me for my time and preferences

    By all means target ads at me - as long as I get paid for it.

    e.g. If the targeted ads are really targeted correctly then they will appeal to me (i.e. they will be small, unobtrusive, informative, no fancy graphics, the subject or item will be of interest, etc). If I click through them, then purchase something from the site, I want to be paid - in cash, not discounts or points or other BS rewards.

    Everyone else gets the benefit of me allowing my preferences to be analysed, the isp gets paid, the promoter (phorm, or whoever) gets paid, the site I visit benefits from the order. If I am worth so much to all these companies, I want my share of the pie.

    This would not work with Search Engines, as you only visit them when you are looking for something - so your pay back is relevant links, either via advertising or high ranked pages. If your preferred search engine does not give relevant results, then switch to another.

    The ads you are targeted with are for things you are not actively searching for, and are for things the you (don't know you) want. It takes time out of what you were doing to read the ad, follow the link, read the site, check out reviews, etc. My time is not free, and it seems that these ad targeting companies are generating money from me and my time - I do not work for free.

    If I am not going to be paid, I will block all ads and otp out of the targeting campaign.

  44. Alex

    Do ISP's dream of Electric Sheep?

    well this cock doth crow:

    A trusted provider of a service, the ISP's (BT, possibly others too) concerned have already breached both the trust of their subscribers and the LAW of the country.

    The 'profiling' is being run by the ISP's.

    The 'means' is provided by Phorm.

    Your privacy, agreed T&C's and the law HAS already been breached.

    There needs to be an immediate injunction to prevent any further work's, deployment or removal of any of equipment/data/etc and the M.E.T. should be collecting the evidence.

    That's not the sounds of the black helicopters, its the shredding equipment & clean up within the offices of your ISP.

    once again for the record.




    I am a randomly generated number.

    I am a collection of actions.

    I am a profile.

    My name is profile: ######## but you can call me Alex




  45. Chad H.

    what does the eu get?

    nothing. We hand over our personal habits for... Nothing.

    Okay, before someone says phishing philter, most security software packages already have that.

    Now if it was advertised as "half price if you let us sell your habits" I'd consider it.

  46. Anonymous Coward

    My solution

    1)Use linux to minimise the possibility of viruses and spyware.

    2)Get a shell account on a remote server that is not served by any ISP's involved in this debacle.

    3)Use ssh -D <unpriveleged port> <user>@<server>

    4)Configure firefox to use a socks5/html proxy (depending on what's available on the remote host) running through the unpriveleged port.

    Bingo. All your webtraffic is now encrypted and Phail will never see a packet of it. This also has the added bonus of securing your traffic on your local network as well and is usually faster than using Tor.

    Jolly Roger cos evading the wishes of corporate scum these days is *clearly* piracy :P

  47. Alex

    I wonder if...

    Perhaps if/when Microsoft do eventually get hold of Yahoo! (BT Broadband is actually BTYahoo!) then it could lead to some rather entertaining info-popups from this Phorm infection....

    Imagine for a moment:

    a gardener & a hairdresser sharing a computer

    Phorm helpful messaging system: (ie: the phishing warnings)

    "it looks as though your trying to build an improvised explosive device, would you like some help"

  48. The Other Steve

    And I was just thinking...

    That Phorms PR vampires had gone quiet, and then the astroturfing begins in earnest.

    @So what??? [Phorm Tech Team, and boy are you doing this in the wrong place]

    Ads are not the issue. The issue at hand is that ISPs are about to begin intercepting, reading and analysing all your HTTP traffic. Every word in every web page will be read. All your traffic will be proxied via the 'profiler' weather you opt out or not.

    They will then sell such data as they feel they can get away with to third parties, in this particular case a company responsible for a really unpleasant piece of spyware, details of which you can find here :

    So again, Ads, not the issue. ISPs getting into bed with scumbags. Issue. ISP selling data on my surfing habits to said scumbags. HUGE ISSUE.

  49. Joe


    There seem to be a few people misunderstanding the system. Correct me if I'm wrong, but here's how I see it...

    * Ad injection by your ISP isn't part of it - Phorm ads are not inserted into web pages by the ISP, they're served up by current methods (using a tracking cookie) on pages that have signed up to show Phorm ads.

    * The difference lies in how the cookie is generated - this is where the privacy problem lies. The cookie is generated based on all your surfing data which is monitored by Phorm's software.

    * Phorm are only selling the technology to the ISPs, and the equipment/software is located on-site. It's also super-mega-hyper-secure and privacy-respecting, or so they claim!

    I still don't like it any more than I'd like the Royal Mail opening my letters to help them decide what junk mail to post.

  50. JasonW

    What about when it goes wrong?

    Accepting for the moment the premise that it does not breach RIPA or other laws (I don't accept that but assuming it goes ahead).

    There is an interception of all my HTTP traffic by a single cluster of devices somewhere in my ISPs network. This cluster has now become mana from heaven to the black hat mob.

    Since it will have been installed by the hand of (wo)man, it is certain to be accessible by a similar hand (it might take a while for someone who isn't supposed to access it to do so) - but *inevitably* it will be *compromised* (after all there are people defacing websites of banks, governments etc already).

    When the compromise happens, have I just broken every agreement with (say) my bank about taking care of my information (even though they routinely leave it out the back for collection with the bins)?

  51. Mr Anonymous


    Block these servers in your hosts file until we know what UK ISPs are using their snooping technology. &

  52. tech idiot
    Paris Hilton

    The truth will out!!

    Q: There are inconsistencies appearing. Phorm told The Register that data is still passed to the "Profiler" even if people opt-out, but apparently the "Profiler" is owned by the ISP, which is how they claim no personal data is sent to Phorm, as per the reply to the BBC.

    Chris, I don't know if you've seen this on the BBC technology pages. They followed uo with some much harder hitting questions.

    Q: There are inconsistencies appearing. Phorm told The Register that data is still passed to the "Profiler" even if people opt-out, but apparently the "Profiler" is owned by the ISP, which is how they claim no personal data is sent to Phorm, as per the reply to the BBC.

    A: This isn't inconsistent. The Profiler is owned by the ISP. If someone opts out no data is passed from the ISP to Phorm.

    Q: However, I would like to know who provides the software for the "Profiler" and if it's not written by the ISP, how does the ISP check that it does what it's meant to?

    A: Phorm provides the software for the profiles, just like Cisco, for example, provides software for an ISP router. The ISP can see exactly what data is being passed in and out of its systems and has complete control over it.

    They've finally admitted that the ISPs do all the dirty whilst Phorm are a conduit for pimping the data to content providers. The obvious question is what happens at the ISP level if I don't show the Phorm cookie? i.e. Am I profiled?

    Also think your right to state that this opens a can of worms for the future. If they can profile some then why not all?

    Paris is excited - imagine all those new "fans" that this marvellous profiling lark will throw up. You can never have too many "admirers"!

  53. Mostor Astrakan

    Plain and simple.

    1. I have NOT given anyone permission to intercept my web traffic.

    2. BT now intercepts everything I do on the Web and sends it to a Phorm server. (Or would if I had my connection with them, which I don't).

    I do NOT care about or mind:

    - Phishing sites. I have adequate defenses against that.

    - Making web site advertising more relevant. The interesting bit on the website is what its webmasters have put there, NOT advertisements. They are the distractions.

    - Normal and non-intrusive ads on pages, ESPECIALLY if they happen to be on the same subject as the website I'm browsing. Pssst... Corporate World: You can do that by advertising your cars on... an automotive oriented website!

    I DO care about:

    - Security on-line. Phorm seems to employ the same magic smoke vendors as the ID card database vendors who claim that their systems are "Unhackable". This is not Hogwarts, you myopic blunderheads! You may not keep the data on YOUR systems, but what exactly prevents someone from compromising your systems and making them send the uncut version somewhere else?

    - Making those fetid crack-smoking customer-sodomising bottom feeders that put wild blinking ads on what might otherwise have been a useful website, INCLUDING the excrement-encrusted coprophages that put a huge rolling corporate logo on top of and over these very Register pages, die a long, slow, protracted and painful death.

    My home Internets come from a small Internet company that does charge me more than others, but doesn't try and "monetise" MY web surfing.

    Anyone who is considering making money by distracting web surfers from their work, should ask themselves this question: "DO I *REALLY* want my corporate name to be associated with the words SMEG OFF!?"

  54. Anonymous Coward
    Anonymous Coward

    Annoying ads

    Funnily enough, there was one on this story. It's not that I mind advertising, I mean, it's there to provide funding and is pretty well targetted here. But those "filmed" ones with incredibly stupid looking sub-standard "actors" tapping at the camera and pointing at things in an "attention whore" kind of way has got to be one of the most annoying things EVER.

    Still, if like me, those things really annoy you, right click on the top corner and zoom in a few times, that gets shot of them! Doesn't work with some, if that's the case, I usually just find another story, or another site with ads that aren't so intrusive in what you're trying to read.

    Ranks alongside channels turning the vlume up when the adverts come on. Pretty low.

  55. Anonymous Coward


    All these comments are a welcome sign that many of us respect a level playing field and like things done proper like and in the open. But this is Corporate Business we are talking about. You know, the people whose sole responsibility is to their shareholders, not Joe Blogs, not justice and not end-user rights. They will push this through because they can. With help from their mates in high places if need be.

    Surely the mass of IT knowledge, ingenuity and savvy coding abilities displayed by so many Reg'ers and others will mean that tools to generally screw-over Phorm will soon be available to those that want them and know where to look.

    Phorm is for the masses who buy machines at PC Mart and plug them straight in! The peeps who take all the bull they are fed as gospel and even trust the systems in order to do everything they can on-line cause they are sooo lazy.

    We really shouldn't be expending our energies on protecting the dumb and witless. Leave them to the Corporations to swallow up. Darwin's theory will win out in the end.

  56. A J Stiles

    Ad-Free ISP

    Is there anyone out there who would be prepared to pay slightly more than they are currently paying, for an ISP with the following:

    * 2Mb download / 256Kb upload. Not "up to". 2Mb and 256Kb.

    * No more than 20:1 contention.

    * Static IP address and no inbound ports blocked. Run your own servers! Be your own MX!

    * POP3, IMAP and SMTP email (virtual hosted for unlimited addresses) with SpamAssassin (creates "star ratings" depending how "spammy" messages appear to be) and SpamJavelin (generates "disposable" addresses for display on web pages; each address is displayed only once and is allowed to receive only a limited number of messages, with all future ones sent to /dev/null) as standard. CGI script to edit your SpamAssassin and SpamJavelin settings.

    * Transparent web proxyserver blocking all known advertising sites and most pernicious cookies (e.g. Urchin Tracking) before they ever get anywhere near you. CGI script to submit new advertising sites / cookie specs.

    * All logs to /dev/null. We don't hand over other people's personal information for any purpose, not even to keep our sorry arses out of prison.

    Personally, I'm waiting for the day a cyberstalker preys on someone whom, it transpires in court, he knew to be a young vegetarian woman by analysing the adverts streamed to her browser.

  57. milan

    All that aside

    Does this mean if I spend hours and hours searching for that perfect gift for my partners birthday, Phorm as just going to serve up ad after ad to her showing exactly what I'm getting her?

  58. The Other Steve

    RE: Re; When in doot, pollute!!

    "The Dephormation Add On ensures that your decision to opt out of Phorm profiling cannot be undone.

    Optionally, the Add On can also alert you to sites using Phorm/Webwise/OIX profile based advertising.

    With each page you view in your browser, a Phorm 'opt out' cookie is set automatically, and the Phorm UID cookie is randomised. Even if you delete all your cookies regularly.

    But Dephormation is not a solution. Its a fig leaf for your privacy."

    Nice, and bloody quick.

  59. Anonymous Coward

    going down

    Phorm are amazing, watch them do the share price slide.

    down so far today by -36.67%

    total loss in two weeks - 54%

  60. Scott Broukell

    @ “Relax” by anonymous coward

    The attitude expressed in your offering seems to be no better than that of the corporations you so despise!

    Personally my reading of “A level playing field” is One for all and All for one.

    The “dumb and witless” need help and education otherwise we are collectively no better off!

  61. Anonymous Coward
    Anonymous Coward

    When is an ISP not just an Internet Service Provider?

    I'm not so bothered about the ads, more about the implication:

    - that the major UK ISPs feel no obligation to simply provide an IP service, i.e. forward IP packets to a given address and port (with appropriate QoS and flow control), but now assume they have the right do whatever they like with the content.

    - that ISPs can't be trusted not to mount a "man in the middle" attack on supposedly private connections (e.g. to an online bank).

    Remember all the fuss about Virgin media generating "spoof" Reset frames? Which now seems pretty benign by comparison - now they want to spoof everything...

  62. Pete

    Modify The Phorm Cookie?

    Couldn't Phorm's monitoring be spoilt by having the client machine modify their cookie to some random value every couple of seconds (a short script springs to mind)? Any attempt to track activity based on what they think your anonymous ID would be pointless, and their ad server wouldn't know who you were to send targeted ads to.

    Or have I got it wrong?

  63. RW

    Psychiatric certification of corporate directors

    Can't offer a reference, but I'm sure I've read of psychiatric/psychological studies done of corporate honchos at the higher levels.

    A significant fraction of those studied turned out to be true sociopaths: utterly amoral, disinterested in anyone else's needs or wants, lying, manipulative SOBs who would murder their grandmothers if it got them what they want. (That's not much of an exaggeration, btw. Them's very scary types.)

    If you imposed psychiatric certification on corporate board members, the board rooms of the world would be emptied toot sweet.

    Until the sociopaths suborned the psychiatrists, that is.

    PS: from what I've read, it seems that sociopaths are born, not made, and are incurable. Their brains don't work like normal people's.

  64. Eden

    There's an idea..

    why not start an online protest where BT/Virgin/CW customers can post, I am leaving if/when this goes in so they can see just how many customers they will loose.

    +2 lines here :),...or should that be -2 lines..


    Well done! Great article.

    At last someone gets it..!

    OPT IN.

    No silly cookies, no opt outs, no add ons.

    Its not rocket science. It simply has to be opt in.

  66. Anonymous Coward
    Anonymous Coward


    Yeah i've read that too.

    And have spent enough time in the corp world to see that its completely true, most execs have the morals and concience of a robot.

  67. The Other Steve

    @going down

    Yeah, I've been watching that to. I wonder if that's why their PR socks went quiet. I'd be looking for a new PR company if I lost more than a third of my market cap in one day.

  68. Luther Blissett

    @ The Profiler is owned by the ISP

    And that presumably is why their lawyers want to believe that noone is doing any illegal interception. The objection to this is that the ISP would not own a profiler (or have a profiler) were it not for collusion with Phorm in the first place. This is what the judges call a "concert party". Phorm clearly have intent to intercept communications.

    This should be ruled illegal. But as HMG want to spy on everyone all the time, they will be exerting pressure on the old boys network to evade judicial process.

    Finally, if the system can serve up "targeted adverts", it is equally capable of serving up "targeted text". In which case the Nu Insect Overlards finally have a way to control the internet in the same way they control Big Media.

  69. Anonymous Coward
    Thumb Down

    Share price tanked indeed

    Maybe it was all a pump and dump scam after all..

  70. Morely Dotes


    As I understand it, Phorm's spyware will be tracking you by use of a cookie containing "random" number which is linked to your browsing habits.

    Cookies are text files. It is simplicity itself to write a resident background program which will read the cookie and change the "random" number to a truly random number (insofar as your PC is capable of randomness) every time you follow a link in your browser.

    I imagine we'll see such a program as a Firefox plugin before this privacy breach conspiracy goes live.

  71. frymaster

    Apparently, and other alleged truths

    Apparently, each page is only analysed to find the categories, and then thrown away, so you can tell someone's been looking at car related sites but not that their mid-life crisis is kicking in and they're about to buy a Porche.

    I have to say, if I wanted some random low-life scum to start skimming my browsing habits, this is the least privacy infringing way to do it. But I don't.

    Also apparently, this data will only be used to target ads that Phorm would be sending to your browser anyway, instead of making it random. But they also say they have the ability to add to the stream, but apparently will only do this if they think there's a phishing risk. Apparently, they won't insert their ads into pages or replace competitors ads with their own.


  72. Anonymous Coward
    Anonymous Coward

    1984 is....

    a book , NOT a template for BT, Virgin Media or the Labour Govt. Got to say i got that from some tory MP on Question Time, but he's right.

    BT deserve to lose all their customers.

  73. Anonymous Coward
    Anonymous Coward

    Poor Phorm

    Just another piece of unwelcome bloated corpware to screw with and break...should be amusing to see them pour good money after bad down the drain in a(nother) pathetic bid by an enormous corporation to make even more money by selling of another element of our privacy and trying to control everything.

  74. Simon Day

    Have you written to your ISP yet?

    If you do not wish your ISP to roll out such a system then why don't you write to them before they sign any deals. 1 person won't make a difference - but if a respectable percentage of a companies customer base say they will switch if they bring it in then there is a better chance they will listen.

    When you write include the following:

    Ask them if they are planning on introducing Phorm

    Tell them you will leave if they do.

    Tell them that as a material change to their terms and conditions that you will consider their contract unenforceable and recommend they see unfair terms in consumer contracts 1999 in regard to changes in terms and conditions (note IANAL) and that you will not pay an early cancellation or penalty fees and would be prepared to fight any in court as a matter of principal.

    Tell them that if they will commit to not using this system you will be prepared to stay with them for the foreseeable future and that you will recommend them to those that you know who are intending to switch ISPs

    Ideally if there are any lawyers out there that feel comfortable with providing a standard letter which would cover this I'm sure many would greatly appreciate it.

  75. Claire Rand

    why random?

    why have a widget that sets the cookie to a random value, why not have one that sets it to be the same, rgardless of who you are.

    everyone get the same setting..

    target that.

  76. Henry Wertz Gold badge

    Re:Mozilla / Firefox / Adblock

    Nope, that is why people are protesting so much. Adblock will prevent the ads from displaying, but Phorm intends to hook in at the ISP level to track people's browsing habits. Two additional problems:

    1) It's opt-*out* instead of opt-in.

    2) It doesn't ignore traffic over a connection even if it is opted out. It's like "Well, we collect the data anyway, but trust us, we don't actually use it". The "profiler" is apparently owned by the ISP to keep things legal in this case, but it runs Phorm software and forwards any results to Phorm-owned equipment.

    So, based on the descriptions, they'll still be profiling you even with Adblock running.

    Personally, I think the guys at Phorm are probably right.. this probably does anonymize info properly, probably isn't a big privacy leak etc. But the thing that bothers me is it's 100% unnecessary. As opposed to this system, which hooks into the ISP level and hoovers up data no matter what, other ad companies do extensive profiling, but via cookies and IP tracking when images are loaded. So, the end user who doesn't want this tracking doesn't have to trust the ad company, they can block images and cookies from doubleclick, google, etc.

    Note: To me, this is the BIIIIG lie about Phorm claiming ads will get better because of them -- Doubleclick, Google, etc. already have profiling data for most poeple to personalize their ads. The ad companies, or ad purchasers, just don't want custom ads apparently.

  77. Someone

    ISP-Phorm duality

    When looked at for the purposes of the Regulation of Investigatory Powers Act, the equipment will be found to belong to the ISP.

    When looked at for the purposes of The Electronic Commerce (EC Directive) Regulations, the equipment will be found to belong to Phorm.

  78. William Bronze badge

    Remember NTL Hell

    Now known as, that claims its complete and utter independance from Ntl/Virgin, well there is very little about this over there.

    Considering its a site for the consumers of this company, they are certainly keeping it low profile. Surely this site should be screaming this information from the rooftops. Unless of course, it isn't as impartial as it claims to be?


  79. Boris the Cockroach Silver badge

    Annoyed at the *****ers in charge

    I dont believe a word of what the ISPs /Phorm has to say .

    I want to remain unmonitered when it comes to my browsing habits.

    Any ideas of how your basic skint user could block these buggers easily besides turning off the cookies ? (pretty sure the name would change fast if everyone did that)

    Anyway, given that I have an interest in particle phizzics, and radioactive materials, can I look forward to being spammed with ads for ex-russian nuclear bombs ?

  80. Anonymous Coward

    There is a petition

    2477 signatures and still counting

  81. J
    Thumb Down

    There, there

    Good article.

    As many said: if I wanted to tell you something about me and give you my "personality profile" or whatever, I'd go and do it. Opt in, right... until someone discovers some "mistake", oops...

  82. Pierre

    @ ad, polluting etc

    Ads have nothing to do with the problem at hand. Polluting the system (dephormation or other) would certainly be good for your nerves but won't change a thing either. The system will still see each and every page you view. Ho, and your requests, also. And it adds a new entry way for hackers in the ISPs system. Not to mention that Phorm may well have a backdoor on their hardware hosted by the ISPs. And a few more small problems, such as T&C breach, absolutely no benefit for the user ("We make money from your data, and as a reward you are allowed to see the adds we make money from. Which is how we make money."-not to mention the anti-phishing service, based on "a list of known phishing sites". About as protective as a fishnet condom.)

    This is going to be a fun crash to look at!

  83. Anonymous Coward
    Anonymous Coward

    @ Joe K

    Personally, I think you sugar coated your post, and I sincerely applaud your tact, which is something I would not have been able to do.

    Soylent Phorm is people!

  84. davefb


    no , nothing on cablehell.. Apart from the stickied discussion , potential ways to avoid it and talk about other ISP's also being involved ( ie AOL ).

    But apart from that, nothing.

  85. Anonymous Coward
    Anonymous Coward

    Share Prices

    It has been very satisfying to see Phorm's share price take a spanking. With a bit of luck the ISP's shares will follow suit in the near future!

  86. Lol Whibley

    these ISPs

    are just trying to cover the costs of failing loss-leading stratagems like "free broadband forever".. which they were sold by the marketteers (who, incidentally fecked their predictions for that one soooo badly...)

    these ISPs have shareholders to support and they have addictions to feed like 'year-on-year growth' and 'expected profits'... you gotta feel for them. poor things.

    make no mistake, I think Phail are mountebanks and charlattans but they've set their sites on precisely the right bunch. the coprophagic-corporates don't know a bad idea from a good one. they just need to feed that insatiable need for profit and this one's been pitched just right...

    data-routing is cheap when your an ISP. passing it through one more server on your back-haul is minimal. getting paid for that leg of the routing is gilt-wrapped and a sure-sell to those in the company heirarchy who have to justify their yearly boni with the desired increases in profits.. secondary income is king when you're giving away one portion of your network's capabilities and charging sooo little for the rest of it...

    i DO NOT WANT my data pimping out to all and sundry. i DO NOTWANT my ISP to butt-rape my privacy. i've got a government to do that badly enough already. I don't want proffessionals to do it as well..

    i will be telling Virgin this and moving my service elsewhere. they can die screaming...

    ..unless, of course, they renege on the deals signed with the phorm-pimps.

    We just have to make it a matter in which the shareholders are going to lose more of their cherished profit generating customers as a consequence of a continued collaboration with these cnut$.

    untill then,

    mine's the one with the reverse straddle-stirrups for footloops..

  87. Anonymous Coward
    Anonymous Coward

    BT Broadband's T&Cs

    T&Cs link:

    Relevant section:

    BT Total Broadband and Broadband Anywhere price terms

    9. Unless we have made a change to the prices or terms and conditions that is to your material disadvantage or paragraphs 9 and 10 of the BT Total Broadband service terms apply you must pay a charge for ending BT Total Broadband within the minimum period by way of compensation to us. This charge will be equal to the total of the monthly rental charges left in the minimum period. This charge will not be subject to VAT.

    (the para 9&10 bits are for new customers within the 14 days)

    I can fairly guarantee that they'll never accept that pimping your data is a "material disadvantage".

    As someone who has been with BT Broadband since 2001 (ish) and had absolutely no problems in three different addresses I was not bothered when I got a sales call at the start of Feb offering a £2 per month reduction for me re-signing. Why should I refuse, I had no intention of moving? Now I know... sneaky, underhand, devious and (amazingly enough) disappointing.

    They've had an email, with written letter chaser, saying that any move to intercept and analyse my data, whether opted out or not, is a material disadvantage to me as I value my privacy as a non-negotiable commodity. I've made them aware that I treat any changes of terms and conditions that reduce my privacy, in my subjective opinion, to be terminal breaches of the contract and that any barriers to me moving ISP after any breach may be pursued in the courts as reliance on an unfair contract term as defined by the Consumer Contract Regulations 1999:

    'a contractual term which has not been individually negotiated shall be regarded as unfair if, contrary to the requirement of good faith, it causes a significant imbalance in the parties’ rights and obligations arising under the contract, to the detriment of the consumer…' [Regulation 5(1)]

    Regulation 7 states that a firm 'shall ensure that any written term of a contract is expressed in plain, intelligible language' and 'if there is doubt about the meaning of a written term, the interpretation which is most favourable to the consumer shall prevail..' Essentially, this is their defeating clause as I term reduction privacy as a material disadvantage but BT will not, the term is in doubt meaning that I win (depending on the mood of whoever is deciding...)

    I'm hoping they just let me go without messing around as I could be doing with unbroken service as I use t'interweb for 9/10ths of my work. Now, the only problem is who do I go for....

    War is Peace

    Freedom is Slavery

    Ignorance is Strength

  88. Gleb

    This article was rubbish.

    It's like arguing that sky is blue. Yes, you are right, but spawning a lyrical child the size of this article isn't a good idea. It clutters the basic idea, that internet is free as in freedom and that ad-highjack wouldn't work with it.

    I double dare the ISPs to actually go at it. What would happen? I'll tell you what -

    First there would be so many lawsuits that they'd have to hire a mid-size law firm to deal with it all. Then site owners would smart up - why waste bandwidth on people who aren't even able to click the adds? And there would be a lists of ISP IPs and sites wouldn't service them.

    So go ahead. God willing this would create more competition among ISPs.

  89. Peter

    This is legally dangerous for the ISPs

    This is probably a seriously bad move for ISPs, and not just because we'll vote with our feet.

    At the moment, ISPs are regarded as carriers, like the Roayl Mail. In the same way that the Royal Mail is not responsible for a letter bomb or hate mail, the ISPs are not responsible for online crime, child porn or other horrible activities. This is on the basis that they don't know what they are carrying - their business is simply to carry traffic, and not worry about what that traffic is.

    Now, all of a sudden, they are inspecting every packet for content. They know full well what people are looking at, and recording it. They are then profiting from that information by selling it to others. This could well make them legally liable if they don't take immediate action against any form of illegal online activity.

    Losing their carrier status would open them up to lawsuits from a thousand directions, and possibly criminal proceedings too. Would you like to be the BT executive who stood in front of a Daily Mail campaign-inspired Parliament Select Committee and had to explain that yes, you had been monitoring that paedophile's connection, and you had made money from selling the info on the web sites he visited, but you didn't do anything else to stop him, not even reporting him to the police?

  90. Anonymous Coward
    Anonymous Coward

    Phorm shares now down 30%+

    If this keeps on sinking, we'll be able to club together and buy the interpimps.

  91. Roger Heathcote

    No problem with ads...

    they're the only thing funding many of my favourite sites. The problem with phorm is more fundamental, it's to do with architecture and peoples general expectation that the only people who 'see' your surfing activity are people you ASK to, i.e. the people serving the pages you go to and, if both you and they do advertising, their advertisers.

    That I DON'T have a problem with. If you don't like a sites advertisers you still have a number of choices: don't go there, disable 3rd party cookies, install ad-blockers whatever, it's YOUR choice and the market will vote with its feet.

    How is a market supposed to function well when everybody is tied into 12 month contracts whos terms can change without your agreement at pretty much any point.

    Your ISP will already co-operate with the police if a judge agrees there's reasonable suspicion of a crime being commited. Now in order to more effectively flog viagra and insurance we are creating a single point where dozens of ISPs send all their users surfing history in real time, creating a dangerous resource, one that only the most hopelessly naive would suggest won't be abused at some point in the future - as the police database routinely is.

    "There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live -- did live, from habit that became instinct -- in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized."

    Christ, 1984 really ought to be part of the national curriculum!

    Roger Heathcote (using https whenever possible from now onwards!)

  92. mikus

    firefox/adblock plus

    enough said - when the rest of the windoze users wake up and finally stop using internet explorer (pronounced: internet exploiter), they will realize about 80% of their problems go away with Internet drive-by viruses or trojans. When they have their coffee and add noscript with adblock plus, they will realize the rest of their problems go away. The idiots that still insist on opening email attachments with .vbs extensions are the same ones that will use IE until they die, and happily pay geek squad to format their box every 6 months. May those customers' pr0n collections copied without their knowledge bring the asshole end of the tech support food chain some comfort in knowingly pimping them repeatedly thanks to microsoft inadequacies. They could just tell them to stop using IE and to use firefox/noscript, but where would the profit be in that?


    Only a few need fight for freedom from ISPs

    Oops - most people will greet this as they do the mountain of junk through the letterbox - with the dustbin.

    Why not ban anything not requested by the recipient?

    Surely there is no great problem removing all cookies several times a day and in this age of broadband they aren't needed to speed things up, did they ever.

    Am I right "remove the cookies" and you can't be tracked?

    Probably remove all files recording your internet activity & save all personal info on a stand-a-lone drive not accessible by the net is the way to go.

  94. Anonymous Coward
    Anonymous Coward

    How long...

    How long will it be, until Phorm becomes a "contractor" for the various Government Security agencies?

    The British Tax man bought stolen tax details recently, whats to stop Phorm "stealing" our details and selling them to the tax man, etc.

  95. Anonymous Coward
    Black Helicopters

    Zen and the art of internet service provision.

    I was seduced by the high speeds offerered by Virgin and got connected, I was getting an average 17-18Mbs, (not bad).

    Then I read about Phorm.

    When I called Virgin, to be disconnected after only 3 days, they were curious, i told them about Phorm, and they went into script mode, and read out a piece from Virgin management about how it was not a problem and that I could disconnect anyway etc etc.

    They are definitely worried about it. So if enough people get themselves off of these three ISP's the Phorm virus will hopefully not spread.

    By the way, if you don't like Google, but like their results..... use Scroogle scraper.... same results - no ads - no cookie.

    Meanwhile it is back to Zen.... no shit here.

  96. Matthew Wall

    Some contradictory thoughts...

    1. Wake up and smell the coffee peeps...we live in a capitalist society predicated upon marketing and advertising. It pays for your pension. So don't be surprised when companies try to find better ways to make money from behavioural targeting. Not saying it's ethical, just inevitable. Oppose by all means, but drop the histrionics please. They've been doing much the same thing with cookies for years anyway.

    2. Answer: The Internet Service Providers Association introduces a compulsory 'opt in' requirement for Phorm-type technology into its member code of practice.

    3. If ISPs think they have a right to hijack our search and behavioural data this way, presumably they think they own it. Which means they have responsibility for it. So logically, when we do stuff online that is illegal they, as the owners, become accessories after the fact. In other words, they could be opening a giant can of worms with this one. Their corporate greed/desperation could eventually land them in court. Ironic, eh?

  97. James Anderson

    If you want to explain why this is bad to a non techie.

    Just ask them how htey would feel about the Post Office opening your mail, reading the contents, and, depending on what they find stuffing some junk mail in with the contents.

    Or what if BT had someone listen in on you phone calls, when they hear you complain of a shortage of money they could interupt the conversion to tell you about the favourable terms available from Kray Bros. Financial Services.

  98. Andy ORourke

    I wouldnt mind but....

    They opt everyone in, now if this was such a compelling offer then surely they should just advertise it and allow people to opt in and then only the opted in data is collected.

    Anyway, I digress. I just went to the BT website to view the T&C's and privacy policy. After a very long pause I get a 404 error. Just logged into my account area and tried to "Contact Us" and used the complaint button, can you guess what happened...........

  99. Sam
    Thumb Up

    @ All

    I was already running Noscript, Customise Google, Adblock plus and Trackmenot..just added Dephormation to the mix, lovely Jubbly!

    It occurs to me that if more and more people do stuff like we are doing, Google's data mining is going to take a collateral hit, at which point they will probably wish to batter Kent Turdyfail like a ginger stepchild...I look forward to it!

    Now; :"2)Get a shell account on a remote server that is not served by any ISP's involved in this debacle.

    3)Use ssh -D <unpriveleged port> <user>@<server>

    4)Configure firefox to use a socks5/html proxy (depending on what's available on the remote host) running through the unpriveleged port."

    ....Any more details on this subject out there, anywhere?

  100. Anonymous Coward
    Anonymous Coward

    Privacy is at its heart

    Hi, I'm from the Phorm Tech Team

    Privacy is a real concern for people - that's why we do NOT tie into the ISP authentication systems, don't use MAC addresses and don't store IP addresses. It's important to understand that our system uses page information to make a real-time match against advertiser categories (e.g. sport). We only store the category, not the browsing information, so we can't tell where you've been on the internet, or what the page contained.

    As some background, we've spent a long time developing our technology, systems and practices as regards privacy protection. We believe that most people like personalisation online. We just don't believe they should have to give up their personal data to get it. And that philosophy has informed the development of our entire system.

    There are three main hallmarks to the system: we don't know who you are, we don't know where you¹ve been and participation is always a choice - unlike other provders which hold personal data for 12 months or more. Our technology adheres to these principles and we are fully confident that our system complies with the Data Protection Act, RIPA and other applicable UK law.

    There's more info on all this at Or you can drop me an email:

    Tech Team @ Phorm

  101. Anonymous Coward
    Anonymous Coward

    Why not send the execs an email?

    Usual rules - be polite, be brief, stick to facts. Be clear. If you like the proposed system, say so. If you don't then be clear that you don't want it.

  102. michael
    IT Angle

    maby I am missing somthing

    can you tell me if I am reading somthing wrong

    the isp anlises all streams and anomises (I love that word) them and stores sorts and ships the data to phorn?

    the isp says if you optout they will not ship yuor data but will still colect it?

    but if it has been anomised and sorted and stored how do they know what is your data?

  103. Andy

    Google hacking through Phorm

    Presumably, if I set up a browser plugin which just sets the cookie to each number in series and then browses to a malware web site repeatedly, I will eventually cause adverts for that malware site to appear in my "relevant" advertising. Providing I can do this faster than Phorm can remove the new malware sites, I can infect a decent number of customers in no time flat. It also gives a way to completely skew the results.

  104. system

    RE: @ All and Privacy is at its heart

    Sam: When you start an SSH connection with the -D switch it creates a socks5 proxy on the port you provide. In putty, this can be achieved by going to SSH -> tunnels and adding the port number and choosing dynamic. You then set firefox to use the socks proxy in tools -> options -> advanced -> network -> connection settings. All web traffic is then sent over the SSH connection to your remote shell before being sent from there to the site server. Unless your ISP can break SSH encryption, they cannot read any of it.

    Another trick is to go to about:config in firefox, and set network.proxy.socks_remote_dns to true. This will cause FF to do all DNS lookups on the remote side, so your ISP can not interfere, or even look at what sites you are visiting.

    For yet more privacy, you can add two more ssh tunnels with local port 25 and 110, and a destination of your email servers IP on port 25 and 110 (give the dest as xx.xx.xx.xx:25) and then set your email client to use as the email server. This not only makes your emails unreadable, but stops the ISP even seeing that you are sending or receiving emails, or which server you use to do so.

    Phorm "tech team": Please just drop the whole pretence that you actually understand what you are talking about. You're a P.R droid, not a tech wizard.

    Regarding privacy and not using IPs, perhaps the real tech guys at phorm can explain to you what happens when you pull the ads from the oix server out on the internet with your "anonymous" cookie. The oix server has a record of the cookie and the I.P address. The only way phorm can never see an IP matched to a cookie is by having the ads injected into the page at the ISP end, which has been denied repeatedly.

    Drowning the issue in contradictory claims might work on the average punter who doesn't know or care about things like HTTP, TCP/IP etc, but El Reg is not exactly overflowing with average punters.

  105. colin stone

    Please stop telling lies

    hi phorm tech team

    Firstly you are not phorm tech team you are a PR company. Please be open and honist about that point.

    you say

    "Privacy is a real concern for people - that's why we do NOT tie into the ISP authentication systems, don't use MAC addresses and don't store IP addresses. It's important to understand that our system uses page information to make a real-time match against advertiser categories (e.g. sport). We only store the category, not the browsing information, so we can't tell where you've been on the internet, or what the page contained."

    I have read your patent and it says

    " the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."

    If that is not collecting data please tell what your definition of collection is. As it clearly is not what the rest of us think.

    So stop posting the same party line of lies.

    Thank you and for more information and your education on the facts please read the patent at

    This is a VERY VERY scary invasion of privacy.

    Flame icon as I hope that is what happens to your share price today

  106. Anonymous Coward

    Making your complaint count

    If you want your complaint to really count, especially if it has legal significance, don't use the phone or email. They're far too easily ignored. Put your complaint on paper (you know, a letter) and keep it to one side in length. Spell check it.

    Then go to the Companies House website and look up the company registered address. Send your letter to "The Company Secretary" at that address, ideally using recorded delivery. Pieces of paper received via that route are very hard for a company to ignore. They are likely to be logged and seen by senior people. Even if delegated to others, those "others" will find it hard to take no action.

    For added impact, cc the latter to someone with authority over the company (assuming the letter justifies it). For example, for an ISP send a copy to the regulator (and be sure to write "cc OFCOM" at the bottom of the letter) and/or the Information Commissioner's Office.

    If complaining about a regulator taking no action, you might consider sending a copy to the National Consumer Council, who are planning to do a review of regulators:

  107. Anonymous Coward
    Anonymous Coward

    Any horse's heads missing?

    By my reckoning, Mr. Ertegul was technically worth £85.5M when this story broke, and is now £32M (Thirty Two Million Pounds) poorer. Whooo. And the share price is still going south, quickly.

    Of course, these are all very nice people, so I'm sure there'll be no horse heads popping up in anyone's bed soon.

  108. Anonymous Coward

    Dear PhormPRtechteam

    I've posted this elsewhere but I'm still waiting for an answer from yourselves so I'd appreciate it if you could reply please.

    You claim your system complies with the data protection act, respects privacy and ignores personal information?

    Let's see,

    According to the data protection act, personal data is defined as:

    'data which relate to a living individual who can be identified--

    (a) from those data, or

    (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller'

    And processing is defined as:

    '“processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including....'

    So, if someone looks at a webpage with ANY identifiable information on it and your system is in reciept of this traffic, regardless of whether you analyse it or delete it immediately, according to the data protection act you are processing personal information.

    Now, bearing that in mind:

    Under section 11 of the DPA: 'Right to prevent processing for purposes of direct marketing)'

    "(1) An individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing for the purposes of direct marketing personal data in respect of which he is the data subject.


    (3) In this section “direct marketing” means the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals."

    In a recent interview you claimed that if a person opts out of webwise, their traffic is still passed to your system but they aren't served any adverts and won't benefit from the phishing protection.

    So if I have written to my ISP and requested that they cease processing my personal details for purposes of direct marketing, IF you receive ANY personal information (which is deemed as processing) wouldn't you say that's a breach of the data protection act?

    So, please answer the question. Who has stated your system complies with the Data protection act, the RIPA, the human rights act (right to privacy) etc. and please can we see some evidence?


  109. Andy Enderby
    Thumb Down

    What part of this do they not understand...

    Did the Phorm CEO head a crapware/scareware/malware punting company ? - yes

    Are the servers in China ? - yes

    Does Phorms business model smell like yesterdays pile of donkey cr*p ? - yes

    All my usage data are belong to Phorm - get stuffed

    Does any right thinking person want any part of this pile of dross ? - No way.

    Bugger Phorm, the horse they rode in on, and the expensive PR hacks.

  110. Jonathan

    @Phorm Tech Team

    "Hi, I'm from the Phorm Tech Team"

    Lie #1. No you arent, you are a paid PR person. As such, your "facts" and opinions are worth less than nothing.

    "We just don't believe they should have to give up their personal data to get it."

    Lie #2. You go through my personal data - my page requests, and responses - and filter the stuff you deem unnecessary. In fact, given that you store it in a condensed form, you still store it. If I downloaded pirate software, and compress it, it is still pirate software. The same applies to your system. If you truly believe that I dont need to give up my private data, then dont search through my data - simple hey?

    "we don't know who you are, we don't know where you¹ve been"

    Lie #3. Ah but you do. You want my browser to store a cookie that uniquely identifies me, therefore you know who I am. Your system must necessarily process both my IP address and cookie ID, even if the IP address is not stored.

    "participation is always a choice"

    but I cant stop my data from being analysed by a profiler at all, can I? And its opt-out, not opt-in. Given how uninformed the majority of users are, how is this a choice? Whatever I choose, you still analyse my data - you just dont build up a profile.

    "Or you can drop me an email:"

    Somehow I doubt my email would reach you, since you arent employed by Phorm at all.

    Its a sad day when not even PR - people paid to manipulate, lie and obfuscate - can make Phorm seem like a good idea. Perhaps that is why Phorm has lost over 50% of its market value in 2 weeks - everyone thinks is a bad idea. How long before those in charge of Phorm get over their huge egos and realize that consumers arent willing to be treated like that?

  111. colin stone

    A few questions to Phorm PR have a good story which raises a few more questions

    So Mr PR person. Why have you not responded to Outlaw's questions, even after being asked some weeks ago?

    You are very quick to spin to everybody else. Is it because ..Er... They are a Law Firm by any chance.

    Also I love this statement

    "Company chief executive Kent Ertegrul told The Register last week, though, that he believes users should have no privacy concerns"

    I draw your attention to two telling words... "he believes".. Not he knows, or is positive that there are no privacy concerns... But just he believes that users should have no privacy concerns.

    Honest answers please ..

  112. Anonymous Coward
    Anonymous Coward

    @Phorm Tech Team

    "make a real-time match " - LIES!


    narcosis: What sort of impact will the scanning & tagging of http traffic have on response times during peak surfing times ?

    MBurgess: Pages are not tagged (or modified), and the keyword analysis process is offline so it can't affect response times. The ISPs are very concerned not to interfere with users' browsing experience.

    narcosis: If the keyword analysis process is offline then in order to scan for keywords would you not have to have a copy of webpage in order to analyze it offline ?

    MBurgess: Yes, a mirrored copy is analyzed."

  113. Anonymous Coward
    Dead Vulture

    Essence of Fact v Fiction

    The comments trail for El Reg's excellent coverage of this is huge, so it is not surprising that many people are not reading through them all, so unfortunately the same issues / ideas / responses get repeated over and over. IMHO here are the key issues - First the good news:

    @ Andy et al - Phorm deny the servers are in China, they claim this is a result of someone confusing OIX.COM and OXI.COM domains. However, I have not seen anything from them about where they actually will be, though this is not surprising for security reasons

    The targeted ads are not really an issue for or against. Only ads currently managed by OIX will be affected, and these are only on web pages where the site owner has 'signed up' with OIX. Phorm claim they will not inject additional popups or pop-unders though they could easily do this if t hey wished.

    Phorm is working hard to portray itself as a respectable and responsible company (well they would wouldn't they) and deny that their previous ventures involved 'spyware', preferring to call it 'adware' - a moot point

    Now the bad news:

    The Phorm profiler will process every web page you retrieve and pass a list of interesting words to the ad servers which will then select their choice of most appropriate ad. This 'profiler' will be owned and managed by the ISP, even though it will run software supplied by Phorm. This means that it is the ISP carrying out the 'wiretap', which will be illegal unless the ISP has your consent. Under current UK guidelines this should be by your explicit opt-in. If the rest of the system operates as per Phorm's PR then they will be 'in the clear' legally, although we have only their word that they will not accumulate data or use various possible mechanisms (eg based on cookies) to personalise it at some time in the future.

    Similarly opinions sought from E&Y, PI, the DPA, etc. refer only to the system as currently specified, without safeguards as to how they will be monitored going forward. The patent filed by Phorm describes much more intrusive monitoring for example.

    At present the BT Webwise approach to opting out (cookie based) will still involve all of your information being processed by the Phorm profiler, and is easily accidentally lost by inadvertantly deleting the cookie.

    There will be an as yet unquantified slow down in your browsing while the ad processing takes place. The additional architectural complexity introduced will increase the chance of downtime and increase the security risk.

    Nothing you do with opendns, adblocking, tracking obfuscation, etc will prevent your web pages from being processed in the profiler.

    The anti-phishing features of Webwise are trivial and virtually worthless for most users.

    BT conducted secret trials last summer and denied it repeatedly until recently.

    The Phorm Principals do have a shady past in spy/adware and have been economical with the truth on several occasions since the story broke last week. They are currently conducting a PR offensive in which they are repeating many of the half -truths and inconsistencies that have already been exposed in this and other forums.

    The ISPs involved seem to be keeping their heads down hoping it will all blow over.

    Hope this has helped!

  114. Anonymous Coward
    Anonymous Coward

    Phorm is just one of dozens of companies doing the same around the world and in the UK

    Phorm was late into the UK market. They really are just 'one of the many' who have also been trying to get into the UK market.

    Here are some other behaviour target suppliers for you to get excited about - if your ISP is not looking at Phorm, they could well be looking at the competition.

    The USA and Canadian ISPs have been signed up to this crowd for months, with daily installations.




    Project Rialto


    I hope other readers here can add to the list.

    If you look at their websites, what Phorm is doing with the ISPs comes high up the rankings of ethical - which leaves some of the others so far down in the bog that I wonder their financial backers can sleep at night.

    Time to put an end to any 'spying' which can't be blocked by refusing cookies.

    I hate the way Google, Yahoo and MSN track everything I do - but at least I can reject their cookies and not use their service.

    Time for all internet users around the world to demand the right to privacy and to demand that their ISP does not install any behaviour tracking system within their systems nor make any information about them available to anyone other than those who require it for the efficient and legal provision of the service offered.

  115. Eddie
    Paris Hilton

    Phorm have two hurdles, I think

    I think one thing we should note - as far as I can tell from reading the PR spin, adverts are only injected into pages which have consented to have Phorm inject adverts.

    I think this may be the biggest Achilles heel for these scumbags - currently, Google have a virtual monopoly of online advertising - there is a simple brokerage system, easy to understand, global, it doesn't rely on setting up equipment with various ISPs, all of whom will have the right to cancel, should it not seem like a good idea.

    Maybe the bombing of Phorm's value is more to do with Phorm not being able to convince page-owners of the value of their system over Google/Doubleclick, and investors realising that they are being sold snake-oil

    Meh - we'll see. I've got Dephormation loaded to cover me for the time it takes to switch ISP if VirginMedia sell me out.

    Paris - 'cos she probably knows as much as I do about this :)

  116. Someone

    No way, not never

    Phorm need to realise that even if their technical team was headed up by Linus Torvalds and Richard Stallman, and their board members included Oprah Winfrey, Sir David Attenborough and Tenzin Gyatso, the 14th Dalai Lama, instead of Kent ‘not evil, just slimy’ Ertugrul, the public still wouldn’t want it.

  117. Sam
    Thumb Up

    @ system

    Great post, many thanks!

    You've probably helped a great many people with those tips!

  118. Anonymous Coward
    Thumb Down

    Share price

    It seems that someone or some organisation is doing its level best to prop up the share price with the number of buys going on today.

  119. Anonymous Coward

    @ Phorm is just one of dozens of companies...

    Apologies due - these companies do indeed seem to be selling or developing the same stuff as Phorm, and also have patents pending. It seems this is the thin end of a potentially very big and smelly wedge .....

  120. Wayland Sothcott

    @Mozilla / Firefox / Adblock

    It's not really about adverts, they are on the sites already and can be blocked. Phorm probably not planning to alter existing ads, simply modify their own ads having got a website to place them.

    The real problem is their monitoring your datastream. They can sell on marketing data derrived from that regardless of weather you have opted out of ads. With their servers in that position they could do a lot more than they are currently talking about. Ofcourse ISP's are also in that trusted position, but instead of taking the risk directly they have let a 3rd party do it without altering the ISPs original function.

    There have been many calls for censorship of the Internet as well as monitoring. You may not be able to get foreign sites to take stuff down fast enough for your liking but you can cirtainly control your domestic ISP. You can't not have a domestic ISP unless you use satellite. But then it would be very very easy to feed Interferance into a satellite from an earth station.

    People might say use an encrypted or Tor service but then that's going to be easy to block and outlaw.

    The Internet probably has about 2 years left before it becomes something else But at the rate things are going, so will everyting else.

  121. Anonymous Coward
    Anonymous Coward

    NSA Backdoor

    This company has headquarters in Delaware. So what happens if the NSA or Office of Homeland Security or whatever demands a backdoor is put into the system to give them access to monitor browsing habits of people in the UK? You know it makes sense.

  122. The Other Steve

    @Citigate Dewe Rogerson

    > Hi, I'm from the Phorm Tech Team

    No, you are a PR team working on behalf of Phorm.

    Citigate Dewe Rogerson

    3 London Wall Buildings

    London Wall

    London EC2M 5SY

    > Privacy is a real concern for people ...

    Yes it is, which is why we oppose the idea of our ISPs making deals to sell our data to a former spyware distributor with a patent for quite the most intrusive internet monitoring system since carnivore. Privacy is SUCH a concern that we'd rather our ISPs didn't do business with Phorm at all

    > There are three main hallmarks to the system: we don't know who you are,

    Phorm will build a profile of individual users, linked to an identifying cookie, when this cookie is passed to any OIX domain for the purposes of serving me an ad, Phorm will have both the cookie and the user's IP, even if they haven't already collected it . You have said in many other of your of copy 'n' paste 'jack and jane do PR' emissions on the web that Phorm regard this as PII.

    Also, as stated above, in the patent, taken out by Phorm, which we must assume covers the technology they are deploying (since it says so on their website), says : "As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."

    The 'context reader' is part of the profiler. While you muddy the waters with regards to Phorm's responsibility for this, the fact is that it is designed and supplied by them. Are we to believe that this capability will not switched on ? Are we to take the word of a company that specialises in spyware ?

    > we don't know where you¹ve been

    See above

    > and participation is always a choice

    Only it's not, is it ? First of all, every one is opted in by default. That isn't a choice. Then the customer will be misled into believing that Phorm's 'service' is a security feature, which it is not. Then, they will be misled again if they do opt out, because even if they do, their HTTP data stream will still be redirected through the profiler.

    There is NO WAY to opt out of the profiling.

    > we are fully confident that our system complies with the Data Protection Act, RIPA and other applicable UK law.

    Why ? Who has judged this to be the case ? The ICO has not issued any statement other than the one that can be found at :

    which basically says "We will comment in due course". There has been no test case. In one of your companies(CDR, not Phorm) posts it even states that the "Home Office" have approved Phorm. Who at the Home Office ? And why were they even involved, since it has nothing to do with them.

    Please let us know why Phorm, or CDR, or whoever is responsible for making these statements believes that they comply with UK law, what supporting evidence do you have for this position ?

    > There's more info on all this at

    No. There isn't, there's just more of the same fluffy bunny PR speak. And frankly it doesn't matter very much, even if it was chock full of technical documentation, no one is going to take the word of a PR company working on behalf of a spyware company. The very idea is laughable.

    > Or you can drop me an email:

    I have sent a copy of this comment to that very address, you seem unwilling or unable to answer these issues in public forums, perhaps because you are to busy googling for your client's name and then pasting this same press release into the forum threads, perhaps you will find the time to answer them by e-mail ?

  123. Midnight_Voice

    malPhormed name

    Get Net Lurker!

    Seems kind of apt, somehow......

  124. Anonymous Coward
    Anonymous Coward

    Phorm webchat tonight

    "Phorm will be hosting another live webchat with the CEO and CIO tonight at 20.30 UK time - again the URL is"

  125. Anonymous Coward
    Anonymous Coward

    "It's the database, stupid"

    Am I right "remove the cookies" and you can't be tracked?


    You're dead wrong.

    Without the cookie, the sites that serve ads out of the OIX brokerage network will not be able to "personalise your experience" [bleurgh]. Your browsing history will still be subject to analysis.

  126. PhormUKcommsteam

    On behalf of Phorm

    Hi all

    Phorm will be hosting another live webchat with the CEO and CIO tonight at 20.30 UK time - again the URL is



  127. Anonymous Coward
    Thumb Down

    Phorm chat does not work with my browsers

    .. so even though I could log onto the system - 3rd browser before I got rid of the "If you see this message you do not have a Java enabled browser. Visit ParaChat Support for more information on how to upgrade your browser!", I still can't input anything into the text field.

    You may not realise it, but there is a legal requirement in the UK for websites to comply with the accessibility standards. If Phorm can't be relied upon to get the basics sorted, what other errors are there in their systems?

  128. Paul

    Copyright violation ahoy!

    > narcosis: If the keyword analysis process is offline then in order to

    > scan for keywords would you not have to have a copy of webpage

    > in order to analyze it offline ?


    > MBurgess: Yes, a mirrored copy is analyzed."

    That means that a copy is being made. We can do them for copyright violation if they are making unauthorised copies of web pages we write. Especially as the copy is not incidental to the process of browsing (and thus not covered by an implicit licence) - rather it is an additional, unnecessary copy, made for commercial purposes, for the commercial benefit of the ISP and Phorm.

    Let slip the writs of war!

  129. Anonymous Coward
    Black Helicopters

    For those in the defence business

    Call me a paranoid but I do know that a lot of unclassified research is conducted over the internet, but various contractors and their subcontractors. And if enough data were gathered, one could conceivably piece together classified components though the list of unclassified components researched.

  130. Alex
    Paris Hilton

    complicity reigns


    On our board of directors is:

    the former Chairman / CEO of ATT,

    the current Vice-Chairman of Rothschild bank,

    the former president of the Coca-Cola company worldwide,

    the former head of strategy of ATT.

    Our executive team represents a "who's who" of stars from the internet and media industries:

    a founding member of Doubleclick,

    the former Head of technology of Atlas,

    the former CTO of BT retail,

    the former head of sales of Expedia,

    the former head of communications of Yahoo Europe,

    and so on.

    We are about as far away from the dark shadowy company portrayed by some of the blogs as it is possible for a company to be.

    AT&T? that would be the same company that changed its privacy policy back in 2006 as follows:

    The new policy says that AT&T -- not customers -- owns customers' confidential info and can use it "to protect its legitimate business interests, safeguard others, or respond to legal process."

    Coke Worldwide? not dark or shadowy at all then* (* I guess thats excluding India, Columbia, etc then yes?)

    the former CTO of BT Retail you say? oh and Yahoo? oh and Expedia?

    ...that's the BTMicrohoo! angle then! sounds like a monopolys wet dream, I wonder if thats why Google/Double click's been green lighted?

    Rothschild bank, where there's muck there's brass eh?

    AT&T again, nice strategy btw!

    then there's:

    Doubleclick, hardly surprising really... ...don't worry guys your deal with google will be fine.

    Atlas you say? Mr Meyer joins Phorm from his role as SVP Product and Technology, Atlas - a division of aQuantive, the digital marketing solutions company recently acquired by Microsoft Corp. oh does he now?

    This all stinks, this really stinks, Users of the internet are not your crop, you have no right to monitor the private activities of individuals for your own financial gain, be it online or in the flesh. NO MATTER HOW YOU DRESS IT "ANONYMIZED" OR NOT. After all we are not just numbers, we're UNIQUE.

    The auto-opt-in & alterations to terms & conditions via sleight of hand is disgraceful.

    I truly hope their private jet crashes.

    good night,

    the future is unwritten.

    Paris, because the world is a dumb place

  131. Anonymous Coward
    Anonymous Coward

    Opting Out

    Hi. This is the Phorm Tech team here picking up on the opt out debate.

    You can opt out or in as and when you want - it's a simple as going to And you can permanently switch off the service: simply add to the Blocked Cookies settings in your browser.

    When you opt out - or switch the system off - it's off. 100%. No browsing data whatsoever is passed from the ISP to Phorm - the Profiler is owned by the ISP, which performs the opt out check. We should be clear: the Phorm servers are located in the ISP's network and browsing data is not transmitted outside the ISP. Even if you are opted out websites will still show you ads (as they do now) but these will not be ads from the Phorm service and they will not be relevant to your browsing.

    It’s worth noting that you will see banner ads saying that Webwise is on if you have decided not to opt out. So if you don't want it, you will be able to click on these ads and switch them off.

    We've been very open on this issue. We have said that we would consider using another agency to audit the opt out provisions in addition to our existing external auditor, Ernst & Young and the Privacy Impact Assessment being conducted by 80/20 Thinking.

    In reality the technology represents a major breakthrough in online privacy. There is no online participant today which manages to generate such a level of relevance in advertising while simultaneously maintaining complete anonymity, no storage whatsoever of browsing history and such a transaprency as to choice of participation. If you look at your browser right now, you will see that perhaps hundreds of cookies have traked your activity online. You never gave permission for any of that, they all store where you have been and shutting off cookies makes the internet basically unusable.

    With that in mind it's better to have a system that is more useful from an advertiser's perspective, which stores no data at all as to browsing history and for the first time gives users a clear and readily accessible on / off switch.

    There's lots more info at Or you can drop me an email -

    Tech Tech @ Phorm

  132. Anonymous Coward
    Anonymous Coward

    How is it anonymous exactly.

    firstly even if we opt out (As BT customers) the profiler still sees all our traffic. if we are opted out, we have to have a cookie set to say that. this cookie will be set to which is owned by phorm (

    if you are opted in then the cookie you get is ( of course.

    so if a person opts in..then BT webwise equipment at BT premisess owned by Phorm (assuming they are ONLY doing what they say they are doing) have your UID + browsing history "digest" and not your IP address.

    when you visit in "infected" page, then the webserver will have a advert served by your opt in cookie (which has the UID in it of course) is sent from YOUR machine right to webwise..and of course, you cant help but send your IP address with the TCP data now can how is it that Phorm cannot use the data from BT WEBWISE plus the data from its WEBSITE PARTNERs (by way of html included advert tags) to correlate IP address to UID then?!?

    example opt out cookie

    HTTP/1.1 200 OK

    Date: Wed, 11 Mar 2008 01:31:19 GMT

    Server: Apache

    Set-Cookie: OPTED_OUT=YES; expires=Fri, 12-Mar-2010 02:33:02 GMT;; path=/


    Content-Length: 0

    Connection: close

    Content-Type: text/plain

    example opt in cookie

    HTTP/1.1 200 OK

    Date: Wed, 11 Mar 2008 01:31:19 GMT

    Server: Apache

    Set-Cookie: uid=9sRe3AeRcDDwA2ASDYXXLg||; expires=Thu, 12-Mar-2009 02:33:39 GMT; path=/services/


    Content-Length: 0

    Connection: close

    Content-Type: text/plain

  133. Alex
    Thumb Down


    Opting out is Opting in!

    You're unique! You're anonymous!

    We don't copy, We just mirror! about,


    DO. NOT. WANT.

    ..or do we all sit back and watch the internet die of ignorance at the hands of unscrupulous profiteers?

  134. Ralph Beales
    Dead Vulture

    For crying out loud

    If something is good, it doesn't need to be advertised. If it's being advertised, then it's something that doesn't cost a lot make and is being sold for a high margin. Chances are, it's at best average quality.

    Once you realise this, you'll make a point of not buying advertised goods. I'll give you a good example, Roger&Gallet. You can only buy it from certain retailers (I get mine from John Lewis) it's never advertised, it's one of the best bathroom products on the market. Does well on word of mouth alone.

    See Aston Martin advertising? How about Ebuyer/DABS et al? No! Plenty for PC World, not so much for Maplin; compare prices.

    So, targeted ads eh.............gosh, something else for the firewall to block/be ignored.

    Why is El Reg trying to make such a mountain out of this molehill? Don't you read your readers' own comments?

  135. Anonymous Coward

    121 You've got PHORM.

    I dont care about opting out of adverts. (so shut up about your opt out.)




    I CHOOSE to use GOOGLE - They know what I SEARCH - Im Happy

    I CHOOSE my SUPERMARKET - They know what I BUY - Im Happy

    I CHOOSE my INSURER - They record my INSURANCE calls - Im Happy



    Blanket Monitoring is the same crap you have been pimping for years it didn't work as Ad/spy-ware it wont work now.

  136. Fruitloop

    At least my ISP have no plans

    As I said in a previous post I have emailed my ISP (Eclipse/Kingston Communications) to ask if they were signing up to this Phorm shit.

    This is their reply:

    Thank you for your email.

    Please be advised that Eclipse have no plans of signing up to Phorm. If you do have any futher worries about this please reffer to our Privacy Policy which can be found in the legal section on any Eclipse webpage.

    Please do not hesitate to contact us if you require any further assistance

    So at least myself and other Eclipse customers should be ok...for the time being anyway!

  137. Anonymous Coward
    Thumb Down

    Thats not the problem

    BTEE is the problem if they get in there they sit on the backbone. Make a agreement with them not you. Just sniff all the data on the wire who will know and if someone finds out just call it security issue like google red flaging people. Look at google now. Now they not only flag you they get it all.. Even web browsers looks up google to see if a site is safe.. Google thank you now I know every site/page you visit without you even on google. Desktop search anyone???? GEEmail we like a good read!! or CHECKITOUT we know your $. lots more there!

    Ha I bet they know more about you than you, all they need now is your DNA.. oops giving the game away again.

    Sorry between Google and MS and Mozila and Govs nearly have it all already!!

    They Futrure also looks bright.

    Once they realize they cant get all your info,, heavy research in how to make a copy of your mind will come forth. Then they crowds will run to have their minds backup under do it so your grandkids will know you. Then the goverments will want a scan for crimal checks or drivers licence say they want to see if you can drive, then they will sell that to other countrys and they will pass it on to marketers and a whole new market..

    Its normal others are trying to get on the information gravey train! I rather they dont. Its big money for them so as usal try try try try try try try try try until someone gives in and says OK. What ever happend to NO MEANS NO!

  138. Anonymous Coward

    @ Phorm is just one of dozens ....

    With respect the Phorm approach is currently unique - otherwise they wouldn't get a patent would they? They are trying to sell a story that says they can deliver personalised advertising without knowing your personal details. (Have cake & eat it)!

    An ISP sending your personal details to a third party without your consent is illegal in the UK (other than for law enforcement). This is the 'unfortunate' fact they are trying to circumvent. The other ad systems rely on you choosing to visit a particular site, which implies your consent.

  139. Paul

    EASY way to make phorm illegal... — Deny Phorm is a blog page running a campaign to raise awareness of Phorm and help to make what they do a criminal offence under Regulation of Investigatory Powers Act.

    By adding expressed terms to your website denying Phorm the right to intercept communications between your website and your users; any interception by Phorm is a criminal offence.

  140. Richard
    Thumb Down

    Bad Marketing, Bad Business Model, Bad Product

    How will the system differentiate different users of the same machine?

    A shared family machine, a school, cyber cafe, the infromaiton on browsing habits of one individual will be easily inferred by another based on the ads they are served. A user cannot opt in or out, only the person having the contract for Internet access.

    Its a bad product, using lies and spin to fill the pockets of the large ISPs and a morally corrupt company!

    Ahead, troubles I see, big ones me does......

  141. Peter Johnstone

    Have we been asking for it?

    When you take home a wage doesn't it feel like everyone seems to be queuing up to take your hard earned from you? Whether it's the tax-man, insurance companies that sell you a policy but don't want to pay out when you claim, or the financial companies that sell you products (like endownment polices) then write to you to say that they'll be unable to payout enough to cover your investments because they've invested in shares then watched the prices go down the toilet, but yet can still give their senior management humungous bonuses or pay rises!

    The vultures just see the internet as another tool that can help to relieve you of your cash.

    We've all contributed to attracting this attention by shopping on line.

    Spammers have known for years that they can send out millions of mails at the press of a key, and that even if less than one percent result in a sale, the numbers are big enough to make this a profitable endeavour.

    These guys are just providing a more sophisticated way of delivering spam, that doesn't clog up your in box, and that hopes to raise the percentages of mails that returns in a sale.

    I for one refuse to purchase goods from companies that resort to such tactics.

    If everyone did this then this would not be happening as there would be no profit in it for them.

    I queried my ISP (Virgin media) about this and got the standard BS reply about improving the internet experience and avoiding phishing before getting on to the real purpose of this system, which is to target adds.

    I for one am fairly happy with my internet experience.

    I avoid phishing by completely ignoring all emails that come from banks, building societies and paypal, whether genuine or not.

    I fail to see how inserting adverts that I will never dream of purchasing anything from improves my internet experience.

    Let's make this a loss making enterprise for everyone involved. Boycott all online advertising. Maybe then we can turn the net into the resource that it should be.

    Mines the one with the empty wallet in the pocket!

  142. Anonymous Coward

    Proof that Phorm are lying scum

    Over the past 2 weeks Phorm have worked very hard to say no personal data, yada yada is not collected.

    However the patent aplication tells a different story from the spin.

    Below is my post from the spy forum, and I would love to hear from Phorm and the PR people if they dont keep personal data, why have the spent the time and effort in papenting a technology that not only does keep personal data, but goes far wors into invading privacy then the public statements ever said.

    I am sick of Phorm and the misleading spin they are placing on this. As The patent application clearly shows . Too many lies have been told by phorm and the PR team. All of which can be proved to be deception to the community, a read of the patent application reveals the true facts.

    for example

    "where the script is configured to set a cookie in the browser, and where the cookie contains at least a portion of the browsing information. "


    "Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed "

    Again Phorm have been lying. The truth of the matter is in the patent.

    "Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client"

    So you are changing the data stream Changing the requested data. Lie number 3 Phorm.


    And you say you dont collect personal data do you. Er this is what your patent says

    "As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."

    Note the section

    "The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."

    Er whats that you say -"you dont collect IP addresses. Your patent says... YOU DO.

    You Lie Again Phorm

    Anonimous coward (aka bubblehelp)

  143. Mr Anonymous

    The Phorm story needs to be on the front page.

    Just a bit gleaned from the web.


    "Simon Watkin, a Home Office official working with the covert investigation policy team"

    The same Simon Watkin that has authority to release the Home Office document, to all interested, stating that Phorm was OK with RIPA.


    From: Watkin Simon <>

    To: "''" <>

    Subject: Targeted Online Advertising

    Date: Tue, 11 Mar 2008 18:02:53 -0000

    > On Behalf Of Nicholas Bohm

    > Sent: 11 March 2008 4:58 PM


    > I now have a copy of a Home Office note dated January 2008. My source

    > reports that Simon Watkin said that it could be distributed to

    > whomever the source thought would like to see it. It is not

    > uninteresting.


    > It is, however, in the form of a pdf of a scanned image, and is 1 MB,

    > so I don't propose to circulate it. If someone would offer to host it

    > somewhere, and better still host a version converted to text, I'll

    > provide a copy.

    It says this:



    Now only a cynic would think that, a free inteception system installed and operated for you in all major ISPs might influence your discision when it comes to calling on the legality of such a system, wouldn't they?

    The Phorm systems is great for covert investigations, it's cheaper than setting one up and running it yourselves with the bonus that "it's nothing to do with us, that's a normal part of the ISP network".

    Add a set of keywords like Palestine / America / help / fund / fight / support, setup an advert server, subscribe to the keywords and people using them will get served your ad, the ad server logs now have your IP address and they can find out who was assigned that IP from your ISP. Now in their mainds, they have a list of people who may have sympathies with the people of Palestine, in mine they might just have a list of people who read the Guardian online (Guardian use OIX).

    Now you might think that the security services tracking baddies is good, it may be, but if so, they should be doing it themselves, not let a third party spy on everyone's browing in order to sell them a new car or holiday, so security services can try and catch a terrorist.


    You might let this bloke know what you think too. Call free on 08081 560 099

    Michael Downs, service provider specialist at Telindus, network solutions and services provider, sees a bright future for all those involved:

    “The launch of Phorm’s Open Internet Exchange (OIX), offering targeted online advertising, is good news for ISPs as it offers them a new, invaluable revenue stream."

This topic is closed for new posts.

Other stories you might like