come on phorm techies lets have a real tech seesion if you have the nerve
phorm techies would you like to answer the list below (honestly) if you can, without resorting to spin and rubbish
point by point would be good
let me guess, there will be no response as you are to chicken (cluck cluck!!!) to answer with facts
prove me wrong if you can !!!!
peter white
Let’s start with what appear to be facts
• Both the profiler and the Phorm server sit in the ISP data centre, (this apparently enables the ISP to legitimately claim no data leaves there network)
• The profiler is owned and run by the ISP (while this is correct, what isn’t made clear is that the code running on the profiler is supplied by Phorm and the ISP has no access to the source code, nor can they verify 100% what it is actually doing,)
• Parts of the code for WebWise were written by a group of programmers in Russia, allegedly from a team that Kent Ertugrul used to create his “People on Page” spyware several years ago
• Phorm are also in talks with Sky Broadband and Orange to push this product out to yet more users in the UK
• Adverts will appear “in frame” and not as pop ups, so pop up blockers will not stop them
• Part of the weighting as to which advert is displayed is the amount the advertiser is willing to pay, it is in effect an auction of advertising space which reduces the advertising relevance to which advertiser in a category is will to pay the most for your screen area. Look at Phorms website at http://www.phorm.com/oix/ad_networks.php to get the picture
• Phorm Inc. was previously known as 121Media who were allegedly involved in adware / root kits before changing their name to Phorm Inc. and creating WebWise
• The profiler has a list of webmail and other sites not to be profiled, BUT there are no tools to check if your favourite site is on this list or a means for webmasters to submit a site to be excluded from profiling
• Phorm have remote access to both servers, for support and software upgrades (it is unclear if only on invite only or if it is full unrestricted access)
• The code has not been independently verified to ensure it does ONLY what it says on the tin, Phorm are looking at this and will consider independent verification so long as it does not affect there intellectual property (fat chance and what happens if they change the code straight after ???)
• The information commissioners office is talking to both Phorm and the ISP’s about how WebWise affects privacy and how this is being addressed, a response has not yet been posted
• The foundation for information policy research have published an open letter ( available at http://www.fipr.org/080317icoletter.html )to the information commissioner office setting out exactly why they believe WebWise and Phorm is open to legal challenge under UK and European law, even down to section and paragraph level of the relevant acts they think it contravenes
Let’s now look at what appear to be grey areas
• Your pc is reduced to a random number in a cookie to protect privacy
o Random numbers as AOL found out do not guarantee privacy
o Phorm (we have to take their word for it) say the Phorm server can not recreate the link from the cookie to a user / IP ,
o External websites which have the Phorm placeholder in can access the cookie, so how long before people start trading this information?
o By using a cookie they can serve games adverts to your kids and DIY adverts to the adults,
o if they just used IP addresses they would not get such granular stats
so a cookie is better for their sales of advertising relevance not the user
• WebWise / Phorm may be illegal under the data protection act
• WebWise / Phorm may be illegal under the section 1 of RIPA as it is being argued it is in effect an illegal wire tap as both parties ( the user and webmaster of the website) need to give permission
• Anti Virus and Anti Spyware companies are considering whether to flag the WebWise cookies for removal, AVG have announced they won’t Trend have said they are reviewing the option of removing it so long as it does not automatically opt the user in, others have not made public statements yet
• (from phorms website, ISP FAQ page) http://www.phorm.com/about/faq.php?_faqs=10,11,12,13,14,15,16,17,18,19#isp
o Q. How does the OIX use ISP data?
o A. The OIX uses data from ISP pipes to upgrade the generic advertising on websites with more relevant ads. These ads will be viewed by that ISP's subscribers who are most likely to be looking for the advertised product or service based on keyword patterns in their browsing behaviour. (This seems to suggest that Phorm advert will replace some other advertisers adverts as well as sites with Phorm place holders)
• How can the ISP’s claim to store no identifiable data when the system has to track you to be able track you to build a database of relevant sites and categories over the last 14 days and then serve you the relevant adverts, you are identified by a unique number and a cookie can be accessed by a website
• BT (my ISP) always gives me a vague answer which is carefully worded about opted out traffic not being profiled, they will not give me a direct answer about “will my traffic pass through the profiler and can they guarantee it is not profiled but no adverts served” come on phorm or BT a straight answer please
• Phorm and the ISP’s say the profiler ignores data with @ sign and strings of numbers over 3 digits long to prevent emails address and credit card details accidentally being profiled, but the security code on the back of a credit card is 3 digits long so could be profiled
And finally questions for which there seems no answer at the moment
• Virgin Media’s logo has vanished from the WebWise front page? (Have they had a change of heart due to public opinion??)
• The list of items included and excluded from profiling seems to change depending on who you talk to at the ISP, a detailed list would be good
• How does the system distinguish between web browsing and an application such as word or open office which has a internet explorer agent embedded
• How often is the Phorm / profiler software updated or patched, who then checks on what has changed and verifies it still conforms to the relevant laws etc
• Do Phorm still profile opted out traffic but just not server adverts, this would enable them to harvest information like common search words etc they could then sell to advertisers at a premium price
• Is the traffic between the profiler and Phorm server encrypted, if it is even the ISP hosting the system can’t verify (even by packet sniffing) what data is transferred and therefore could not guarantee end user privacy.
• Where is the value add of the Webwise anti phishing (which is what most ISP’s are using to persuade users to opt-in) it is a duplicate of internet explorer 7’s service, it is also a function of most if not all internet security packages, so I see no value add (smoke, mirrors and spin to confuse the customer)
• Are the adverts stored on the Phorm server or does the Phorm server just redirect the users browser back out onto the web to pick the advert up from elsewhere
• If the Phorm server does redirect the browser out to an external website to collect the advert there is the possibility for an advertiser or Phorm to externally make the connection between IP address, cookie and any other data to identify the user
• If you block the cookie are you registered in the statistics as opted out? Or just not counted, thereby skewing the stats in Phorm’s favour when it comes to deciding if the trial was successful
• Why is there no list of OIX customers so we can see the sort of companies we will be getting adverts from? Is it because they are not relevant to the UK Market? Are they companies that do not want to be publically linked to Phorm?
• How are the ISP’s going to be paid, flat rate for allowing the service, number of adverts served, pay per click or a percentage of revenue generated. I realise this may be classed as commercial in confidence information but a general idea without the full commercial details would help
• Research and debug logs are able to be held on a “different system” for up to 14 days, what information is in these logs and on what other server will they be held???
• The data collected can not be accessed by the ISP, so how can they verify what data has been collected
• If Phorm do not store personal data about people why do the have a dataprotectionofficer@phorm.com email address and offer to tell you what information they hold about you and the option to have inaccuracies corrected for a reasonable fee?
One final question which is probably the most important of them all
Kent Ertugrul no doubt still has contacts who are on the dark side of the web, the placing of the profiler and phorm servers directly in the data stream at the ISP’s data centre gives them a access to an absolute gold mine of information that all sorts of people would pay millions for. What is to stop a patch being temporarily applied to harvest the wrong information, encrypt it and send it off somewhere into cyberspace.
joke alart as the jokers at phorm have not got the balls to answer honestly