Disgrace
Unbelieveable that we have to use something like this!
The fact that its necessary is distasteful
Coding activists have developed an application designed to confound Phorm's controversial behaviour-tracking software by simulating random web-browsing. The folks behind AntiPhormLite says this means actual browsing habits are buried in noise. The app, which is available free of charge, is designed to poison the anonymised …
The vast majority of users aren't going to run this application so the Phorm business model is going to still work well for them! Key to kill Phorm and others is to ensure ISPs see their customers vote with their feet whenever this technology is deployed.
The best way to deal with Phorm is to migrate away from any ISP that uses the technology. Let the ISP know the reason for moving and send their senior managers / MD an email or letter that informs on your views about Phorm and their involvement in such a techology.
Sadly I believe your right. Most bog-standard users on an ISP don't know and even if they did, quite frankly they probably wouldn't care, the tired old "What have you got to hide?", would come out. In the end Phorm may still get in, and if/when they do they will still get enough meaningful data to make it worthwhile.
I think it's great that some people are dedicated enough to not take this lying down, even releasing the source so it can be ported, but much like ad blockers, how many non-geeks will use it? Like others have said, vote with your wallet. I jumped ship from Virgin to a) avoid Virgin's ludicrous costs and b) the Phrom debacle.
If enough people use this program then it will suck up extra bandwidth costing the ISPs that deploy this Phorm of spyware even more money than they will find it worth to screw their own customers who have been paying them in good faith.
Serves them right.
Paris, because she also likes sucking up people's bandwidth.
I'm on Virgin's Cable network rather than an ADSL connection (not that I ever signed up with them of course, when I took out a contract for a cable internet connection it was still Cable London, not even Telewest!) and there is no way I'd want to replace that wide, permanent pipe with a questionable ADSL connection over ancient copper. So I'm rather trapped at the moment thanks to the now monopoly that exists in cable.
Otherwise I'd leave Virgin immediately ...
AW
>"The application needs DirectX 9.0C or later installed."
Colour me boggled. DX9? For a trivial bit of socket-based code? Which doesn't even render the bleedin' html? This is why everything's so goddamn bloated these days.
Also, ....
>" It ignores bandwidth-heavy images, flash and video files in a bid to make sure that its doesn't eat through a user's bandwidth and thereby"
...gives its identity away and can be easily filtered by Phorm?
It is outrageous that we should have to consider something like this to protect our privacy. If my ISP go ahead with their Phorm snoop deal then I shall be taking my business elsewhere as I imagine most Reg readers would be inclined to do. Admittedly the numbers are against us with the majority of customers oblivious to what is happening.
However, in light of another Reg story today, "Government orders data retention by ISPs", I would still consider running AntiPhormLite or a similar obfuscation tool. Again it is all about the numbers. A few techies running such applications would be little more than an inconvenience to a government determined to goose step us towards a police/ surveillance state but it would make me feel a bit better!
VM has not signed a deal to include Webwise/Phorm, as is stated here: http://www.virginmedia.com/customers/webwise.php
and as previously noted in El Reg.
Antiphormlite is a neat idea, pity that it's XP & Vista only.
However I have just come across another weapon which should keep Ralph B happy, called Dephormation. It's a Firefox add-on and can be downloaded from here:
http://www.dephormation.org.uk/
Another good reason to dump IE &/or Safari in favour of FF, easily the most secure browser out there.
With this now installed I couldn't give two hoots whether my ISP signs a deal with Phorm or not. I had been seriously thinking of changing ISP, but the aggravation of notifying everyone of numerous email address changes was putting me off. Problem now solved.
I'm on Virgin Media, and aside from the nightly throttling, I'm pretty happy. I pay naff all and get better speeds than I can on ADSL in my area. I habve no BT line in my house whatsoever, so to switch providers I'd have to
1: Get a worse broadband connection
2: Pay a huge installation fee to BT (I mean really - £120 fo put in a wire?)
3: Probably have a hard download limit, as opposed to the current slowing down.
Phorm sucks, and its pretty bad you cant simply opt out (even for a fee), but the other options simply mean changing ISNT an option........
"in light of another Reg story today, "Government orders data retention by ISPs", I would still consider running AntiPhormLite or a similar obfuscation tool. Again it is all about the numbers. A few techies running such applications would be little more than an inconvenience to a government determined to goose step us towards a police/ surveillance state but it would make me feel a bit better!"
That's what I was thinking.
I dare say this is the start of a new approach to confounding the US Patriot Act and various other government regimes world wide. Binladen hand and shrimp.
Good-oh!
good idea, and one I keep hearing,
but for those of us stuck at the end of badly installed copper, at the extreme distance limit from the exchange with a top speed that makes RFC 1149 look attractive (and, with only one working pair left according to the last BT engineer who looked at it 15+ years ago, who then proceeded to make expensive sounding noises about us bearing the cost of any new cable run..at which point, we said hello NTL.), care to name any feasible non-BT copper alternative to VM cable ? (and as cheap as VM, which costs me £10 pcm at present)
I'd jump ship the morrow, if I could (I do not trust the public statements the VM marketing droids have come out with), but I've no alternative service in this area which would match the speed of their cable, e.g. Slackware 12.1 iso downloaded at a consistent 250KB/s overnight, other iso images on previous nights at 150KB/s, total data transferred over three nights; approx 19GB, the worst download speed over the past month being 110KB/s, btw, I don't hammer it like this every night, most nights, the only inbound traffic is NTP and ClamAV updates related (and the usual lame port scans), but I like to know the bandwidth is there when I need it.
So, any non-BT copper ISP suggestions gratefully welcomed..
Sorry but that thing is the biggest load of ... If you really think that browsing other websites is going to hide the sites you already visit, then you deserve phorm.
So you don't trust phorm but trust some unkown app, that pulls unkown URLs. All you will end up doing is slightly alter the ads you get served, your personal data is still intercepted by phorm. Just move ISP.
...Write my own software to counteract this sort of thing, but then again this has to be installed in large numbers of computers to be successful.
The requirement of directx 9 is just as bizarre as the language choice for this project, Dark Basic is mainly a games development tool.
It strikes me that the targetted advertising is something google has been doing for sometime, just being more obvious about it, and of course you have the choice not to use google. Well you would if every single application you installed wasn't offered a "free google toolbar!!!" with every download.
I remember when using the internet was about the free exchange of information, everybody helping everybody else and writing poems about their dead pets, not about selling you something around every corner.
On the whole I do not think this will make much difference over all to phorm, after all how many people will install the application.
It will make a big difference to the invester who does not understand technology, and thinks anything computer is scary.
If the invester thinks the revinue stream for Phorm will go down with this application, then that is a good thing. So lets all download it, just to clock up numbers of downloads, make it look like 1,000s of people have installed. Make a lot of noise and watch the share price tank.
The deterent effect may be all that is needed to stop the scum.
@Richard Cain
I wrote it. Your problem is not solved. You need to change ISP if you are dependant on Dephormation.
Dephormation was originally intended to demonstrate how daft Phorm's design is, on the assumption that someone in BT/Virgin would get slapped. Sadly, I was wrong.
I'm not with Virgin any more. When you need to take measures to fight your own ISP, the solution is staring you in the face. Get a new ISP.
Pete.
First, to make it clear, I hate Phorm and think it must die.
However, I'm sure that the ISPs probably believe there is a significant overlap between the group of people liable to be deeply upset by Phorms actions and the group of people who use the most bandwidth on their networks (ie the less profitable customers). Not only will Phorm make a profit for them, it'll shift people who they don't want off their network.
Doesn't make it right though. I hope legislation will kill this thing off permanently.
Jolyon
1. I trust software like this less than I do phorm.
2. It would require widespread adoption to affect phorm's income
3. Unnessecary costs to web hosts - waste of bandwidth
4. Risk of surfing to inaprropriate websites.
5. phorm could easily counteract this "ignore websites only visited once"
I would prefer a method where a database was built containing phorm cookies. Then a clientside app randomly changes your cookie for one contained in the database.
Job done
Oh!
Phuk!! And Double Phuk!
Does anyone know how to keep @ISP addresses live when changing over? It's law that telecom providers (land-line and mobile) allow porting of numbers, but I am uncertain of the situation with ISPs. I am pretty sure that it's impossible, but hope to be proven wrong by some kind Reg reader!
Richard
Phorm is most definitely adware and a particularly nasty, cunning, stealthy variant it is. What it's on the borderline of is spyware, but Intra-ISP Spyware (I2Spy) sums it up nicely.
As for AntiPhormLite requiring DX9, why, you have the source (http://www.antiphorm.com/page_software.htm) so go and have a butchers. It's probably just because it's coded in some odd IDE that links world+dog to your simple code. It's also possible that instead of using sockets it's using the DirectPlay API for network access. Use the source, Luke.
I got a reply... The very nice lady is signing the EDM in parliament and writing to both the secretary of state for trade and business as well as writing to the Ofcom chap for updates on the shenanigans.
So that is some faith restored in my otherwise anti parliment (They don't care about us) stance.
I am still hoping BT wake up and smell the doo doo, or get slapped big style by a guy in a wig that gets called "Me Lord". So that steps like this don't need to be used.
Has always been. I believe any people worried by facebook should take some of their time to create fake profiles also.
As for the "change ISP" brigade, yeah, easy when in Central London, not when you're in a less populated place with only 2 ISPs available on your POP.
If/when they agree on Phorm, you're screwed and only can counter by white noise, until they realise how much it costs them and stop logging.
Sad but unavoidable to counter Phorm's business case.
Whilst I don't know who your MP is (nor do I need to), I couldn't help remembering the old "joke"...
How do you tell when a Politician is lying?
Their lips move.
Only now, of course, they can do it over the 'Net too. Not saying yours is, but I'm just a little cynical when the NuLab Thought Police are pushing through so much anti-free thought legislation and nobody seems to be prepared to stand up nd say 'No' in case someone says "So you support [insert bad behaviour here] then"...
Don't worry, be happy. The State is your friend. And we can think for you. That dim glow in the corner? Oh, just your personal freedoms disappearing into the dim and distant past.
How about a good old fashioned grassroots FUD campaign? Viral videos (I've got a cat and he's willing to volunteer), making the whole Web 2.0 thing useful for a change and other such things. Using their marketing description it would sound like something not worth bothering about to most users; use a more accurate description and it sounds pretty evil. It is evil.
I'm not really interested in putting this sort of software on my computer. Maybe when a more professional version comes along, but not this. Dark Basic? Really?
Maybe I should have phrased it a bit better.
by Non-BT Copper ISP I meant any alternative ISP to VM which does not require the use of the BT owned copper (phone lines, exchanges &etc).
My situation is that as I'm so far out from the exchange and my line is in such a state that ADSL from any ISP using the BT infrastructure isn't a viable or credible alternative to VM in terms of bandwidth and/or cost.
It seems, from other comments, I'm not the only one in this position.
As far as I know, IP addresses are allocated en-bloc to ISPs, so you can't transfer an IP address if you move ISP. Also, the IP address 'belongs to' the ISP as is usually stated in their Terms and Conditions.
If you need a fixed internet Identity so that you and your friends/family can access your private webserver or whatever you're running, then go to dyndns.org who will give you up to five free 'dyndns-name' to IP address mappings, for personal use only. I use them for my personal webserver and it works fine.
You can map these indentities to any IP address you like (yours obviously) and you can also set up flexible web redirects and mail server configurations. They let you change the IP mapping every month so that should take care of any ISP hopping you want to do.
For more than five 'identities' and for more flexibility and features, you can have a paid account (not expensive) that lifts the limits of the free allocations.
For those of you outraged and offended by Phorm, save some of your energy for Comscore.
Comscore is a far more intrusive program than Phorm and DOES harvest all your personal information including, for instance, online banking transactions (passwords anyone?), and save it, and use it, and use 'forensic' tactics to fill in the gaps, and reconcile its ill gotten information with other sources, and disseminate it, and does not anonomise it, and can presumably pass it on to God knows who and where.
Bad though Phorm is, Comscore is so very much worse and, according The Register, IS happening to suckers who, for example, download a free screensaver but don't read the 54 pages of terms and conditions and thereby do actually opt in without realising what it is they've done.
PLEASE go here and read about it to see how vile Comscore is.
http://www.theregister.co.uk/2008/05/12/inside_comscore/
and then start to raise hell about it.
except that I have to set it to browse every 5 minutes; at once a minute I got blocked by google, saying that "it looks like you have malware making queries". Understandable. So set it to 5.
Re. DX9??????? hah!
Waiting for my complaint to Otelo to be processed, and made my subject access request to BT a fortnight ago.
I suspect there's a lot more people here willing to complain than do anything. Write to your ISP, write to your MP, use an advert blocker & encourage your mates to do so, change your ISP where poss., use tor etc.
Despite an offer of a fiver off broadband and free evening and weekend calls, I have left Virgin purely due to Phorm. Four weeks ago I emailed my MP through the they-work-for-you website about Phorm-Webwise. An assistant replied that the MP would take up the matter with Ofcom. Since when, zilch. Nada. Zero. Sweet Fanny Adams. I emailed him on two other matters and, no surprise, no reply! A look at his profile on the website shows that he always votes with the government and rarely asks questions. It is going to take a lot longer to change MP than ISP.
I'm in the process of trying to leave BT however I have been arguing with them for months about my existing contract - im only in month 6 of and 18 month contract. I have told BT I do not agree with the terms and conditions they will have to put in place to cover Phorm and have told them I want my MAC code. They are refusing to give this to me as they are claiming the changes made to the T's and C's are not "material" and as such they wont release me from the contract unless I pay a penalty. Anybody know where I stand? Surely if they change the T's and C's from the ones upon which I originally agreed they have to release me without penalty?
Robots.txt was intended for programs that recursively retrieve linked pages, Phorm intercepts user requests, it is not a webcrawler. Furthermore robots.txt is an exclusion protocol, while this may be appropriate for search engine bots because websites usually derive a benefit from being indexed (visitors are drawn to the site), websites derive no benefit from parasites like Phorm (visitors are drawn to other sites).
Parasites should therefore seek informed consent from the copyright holder of the website, to this end a new www standard "parasites.txt" has been proposed by a group of webmasters and other interested parties.
parasite.txt will allow websites to specify which parasites can exploit their content, which parts of their content may be exploited and what forms of exploitation are permitted.
By setting appropriate permissions webmasters can for example grant parasites the right to inject various forms of advertising into their website, or to identify the website's customers and what goods and services their customers look at and purchase, so that this information can be sold by the parasites to the website's competitors.
The parasites.txt specification has been published here: http://www.parasitestxt.org/
BT like all ISPs are required to be a member of an Ofcom approved arbitration service - I believe BT are a member of OTELO
One option after you've followed BT's internal complint procedure, is to ask BT for a deadlock letter so you can complain to Otelo. http://www.otelo.org.uk/pages/4howtocomplain.php
Just a thought , a pity one cannot set the browser security to purge all cookies in the pot so as to speak just prior to the next search , so the browser has no useful cookie pattern as it is always running on empty and at the same time warehouse the isolated phorm cookie so that it will never see more then the browser homepage at any given point in time !
AFAIK it is not possible to keep an ISP based email address when changing ISPs, and I don't think this is even desirable.
The answer is to register a domain name and keep it for life. Sure you may have to go through the pain of changing your email address but changing it once to your own domain is better than changing it every time you get hacked off with your current ISP.
I have recently moved from VM cable to ADSL I had a link to half price Line but have since heard thet BT are offering reduced line costs around £20/£30 pouind. I had the line fitted then went live with ADSL 5 days after the line was signed of as complete.
I joined Aquiss since they are an ISP that will not use Phorm. They have caps for peak time plus another 300gig offpeak.
I am happy and as all Aquiss customers have already said if Aquiss did implement Phorm we would move on.. Yes they did a customer vote to see what customers wanted.
Re: Contract law.
(Not a lawyer but I did do contract law a long time ago)
This is a complex point (sorry). You are entitled to end a contract if there is a substantial change to the terms and conditions under which the contract was originally brought into being. At the moment, BT aren't using Phorm, there has been no change to the T&Cs and so your entitlement to end the contract is not particularly strong.
HOWEVER, BT are planning to amend their T&Cs so that people will be opted in to Webwise/Phorm. Before this happens, all BT customers should be informed that there will be a change to their T&Cs.
If you disagree with the new T&Cs you can refuse to agree to them and argue a substantive change has occurred by BT unilaterally changing the contract to your detriment. At this point you are entitled to ask for the contract to be ended. BT could argue that there has been no change, but its case is weakened by bringing in new T&Cs, so it *SHOULD* (if it has any sense*) let you go.
HTH.
* ah I see the weakness in this plan.
on a couple of levels.
Why would anyone want to run this application?
1. Your browsing experience is going to be slower.
2. You are going to reduce net bandwidth for other users including yourself.
3. You may expose yourself to liability.
4. How many security experts read dark basic :)
Website owners are not going to be happy about it either.
This is a very ill thought out response, which does nothing to mask your tracks, instead it just makes a load of tracks.
And I wouldn't be so sure it can hide your actual tracks so well; I'm sure Phorm will give the source code a gander, they will probably be able to pull out some heuristics that then allow them to do data mining on the data obtained.
Actually this is exactly the style of thing that benefits Phorm, the people behind this need to go public to assure people they are not associated with Phorm.
At the moment this software is probably being classified as malware by most.
@jason bennett
BT have to give you a MAC within 5 working days of you requesting one. Being in contract or not is irrelevant. If they don't give you a MAC within 5 days complain to ofcom.
However you are still in contract and BT will quite rightly pursue you for the money you owe to buy out the contract (presumably 12 months subs).
If BT (materially) change the Ts&Cs you can leave without penalty. But BT haven't changed the Ts&Cs so far have they?
Virgin aren't going with Phorm without letting us know, apparently - they're trying to be transparent.
Also, they've said no-one will be forced to go with it if they don't want to (presumably it'll be opt out rather than opt in but better than nothing).
Thanks to Richard Cain for the link.
I bugged BT, they ignored me, I went to ISPA, BT ignored me until my 2nd letter to ispa then finally directed me straight to OTELO. I recommend doing the same, starting with BTs complaints procedure; it's slow but it gets results and it clearly demonstrates their unhelpfulness to ISPA/OTELO.
Here's my original ISPA complaint:
---
Hi, I came across a disturbing story of BT apparently collaborating with a company named phorm. Details can be found here <http://www.theregister.co.uk/2008/02/29/phorm_roundup/>.
I need to know if
* You have or will have any association with phorm or any other company for the purpose of mining personal details which goes beyond what is legal
*any of my details have already been passed to phorm or any other company without my knowledge
* whether what it is alleged you will pass to phorm (as per URL link above) or allow phorm to mine, is and has been done legally, as it seems the extent of this is extreme.
---
Note something I did by accident - I didn't ask them to not forward my details to phorm or anyone, but asked *have you done so*. I think that really bothered them.
I've also written them an SAR request. See <http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/subject_access_-_guide_for_data_subjects.pdf> which almost writes itself.
***Please write letters and generally be a nuisance!*** It takes little of your time but it certainly pressures them disproportionately.
And, I regret to say, it's fun watching the buggers squirm.
Incidentally you may also get a phone call from someone at BT head office. He's timewaster and a stonewaller. Don't lose your rag, ask politely for answers and when he doesn't give them, ask him where the next stage of the complaints procedure should go, and end the call.
I'm surprised BT didn't cancel the contract before Otelo became involved - If Otelo accepts the complaint for investigation, then win or lose the BT will have to pay Otelo for investigating the case.
I read a few years ago that Otelo charged ISPs about £350 per case, and the fees are likely to have gone up a fair bit since then.
That's interesting! I'm not sure cancelling the contract would get them off Otelo's hook though as it would hardly make the potential crime disappear, but by clearly and unambiguously telling me to go to otelo, well... that's odd. I wonder what it implies of BT's situation.
Thanks for that info.
"It ignores bandwidth-heavy images, flash and video files in a bid to make sure..."
Oh, well that'll really mirror real user activity!
So just subtract all those ips that viewed a page without downloading furniture and subtract from the phorm results, together with search bots etc...
Phorm will then just request a list of such ips from clients weblogs to clean the data, and they will cooperate.
How does this advance the cause?
Phorm is just a packaged name for things that already exist that few know about, and the world is still turning...
the line
"Phorm has signed deals with BT, Virgin Media and TalkTalk to deliver targeted ads based on a user's surfing habits. "
it should read
"Phorm has signed a 'memorandum of understanding' with BT, Virgin Media and TalkTalk to investigate the feasibility of delivering targeted ads based on intercepting, modifying and then categorizing user's surfing habits, the deployment of the Webwise platform is currently under review, BT's 'opt-in only' trials have still failed to materialize despite being scheduled for March"
I thank you.