back to article Congress accuses American Phorm of 'beating consumers'

When US Congressman Ed Markey asked NebuAd CEO Bob Dykes whether his Phorm-like ad targeting system should require an opt-in, Dykes refused to answer. "Do you support a policy where the consumer must say 'yes' before you roam through all their personal data and then turn it into an information product that is then sold to …


This topic is closed for new posts.
  1. yeah, right.

    tar and feather?

    Tar and feather is too good for them. Let's make the tar boiling hot, and let's sharpen the feathers and stick them in.

    I'm starting to see a need for encrypted communication between my browser and ALL websites I visit. SSL all the way. Not impossible to break, but at least it puts a pause on the deep packet inspection. Speaking of which, isn't that considered an illegal interception of communications these days?

  2. Bryce Prewitt

    Dog and pony show.

    As I said in the recent BT AGM comments, this is nothing but a glorified dog and pony show. What's really on trial here is deep packet inspection, how it all ties in to privacy in more important ways than advertising, and the immature view which most politicians still hold of the internet.

    Here's my take. Can *any* entity read your mail or tap your phone? No. Only the government can legally do that, and most often under the guise of national security, organized crime or narcotics. Most states even have laws against civilian parties recording phone conversations they hold with one another. Private detectives illegally tapping the phones of citizens has been a hot topic thanks to Anthony Pellicano. Yet, ISPs have begun to inspect packets and identify copyrighted material. Anonymous or not, the ISPs, as carriers of *my* data, have no right to examine that which they are only transporters of. Just as the telephone companies are only carriers of *my* phone and what I *say* is protected - a protection only broken by judge and warrant. Who determines where deep packet inspection begins and ends? I might have dirty little secrets that are mine and mine alone that the ISPs have no right to know nor utilize - blackmail's a dirty thing.

    I view these hearings, held under the guise of "advertising" and "opt-in/opt-out" and "privacy" in the most superficial way imaginable, as a mostly Quiz Show-esque red herring. What's really on trial here is, again, deep packet inspection on a whole. Nothing will come of them except a big ole rubber stamp on the whole shebang. Legal deep packet inspection will become de facto law with few, if any, limitations. The ISPs will make money hand over fist just as the telcos have with the warrantless wiretapping scandal while the tattered corpse of privacy is raped and burned. Google's a second rate imitator compared with the crafty heads of old telephone and new fiber. The J Edgar Hoover comparison is damn right; he's just being compared with the wrong people.

    Outlaw the whole fucking deal or await the consequences. Ever downloaded an mp3? Watched a copyrighted video on youtube? Written a dirty story? Dirty e-mail? Booked a second hotel during a business trip to spend time with a mistress? Looked at porn? Either carriers of our information - be it mail, voice or data - are forced to act as deaf, dumb and blind mailmen, only able to see, hear and comprehend when compelled to by warrant, or every bit of information we possess is going to be used against us.

    Don't agree? Wait until the United States outlaws "explicit" porn like the United Kingdom and teenagers and sad men start getting letters from the FBI notifying them of their activities, simply for watching a bangbus video. It's a very, very real world. Or do we really think corporations and our government have our best interests at heart? They're all in it together. It's about time we opened our eyes and started calling the flea circus out for what it is.

  3. Werner McGoole

    "arbitrage of privacy law"

    Brilliant phrase! It's what they're all up to.

    And isn't an increasingly embarrassing gap emerging between the way the US is handling this and the ***TOTAL INACTION*** by anyone in authority in the UK?

  4. James Butler
    Paris Hilton


    Scott Cleland is a paranoid blowhard. His stock in trade is rumor and innuendo, with precious little fact to back him up. I was more impressed with the legislators' understanding of the issues than Cleland's, and that's saying a lot for the US legislature.

    Opt-in is the only way to go, and that's the way it looks like it's going, here.

    Cleland can try to scare people with his uber-Google ranting, but without any facts to back him up, he'll be taken as seriously as Paris. What a dickhead.

  5. Guy
    Thumb Up

    But google is opt-in

    All that talk about google.

    Yes they could hold all that information, if you use their services, there's no one forcing you to use any of the google services, there are alternatives (Unless Google buys Yahoo of course, then your just left with Microsoft Live Search, which is a punishment I wouldn't want anyone to have to suffer)

    The only part of google that could be possibly considered opt-out is when you visit sites hosting google ad's (The opt-out being to install adblock)

  6. Tom Chiverton

    one way has of IP address

    A one way hash of the IP address doesn't help - it's trivial to make a 'rainbow' table for something as complex as Windows LAN password hashes, so how long does it take to do md5sum( to md5sum( do you reckon ?

  7. tom

    Oh, a one-way hash. Well, I guess that's all right then...

    Wait, if you can take the IP address or cookie, run it through a one-way hash, and locate all of the user's unique identifying information... couldn't you do that again any time you want? Or just set up a trigger waiting for someone's incoming request to trigger this profile again, or...

    Wait! I just described two ways of getting around the foolproof anonymizer system, making me guilty of spreading hacking-enabling information. Me pirate hacker. *sigh*

  8. Watashi

    Surrendering your family's human rights

    Some rights are too important to leave up to idiot citizens to protect, and the right to internet privacy is one. Look at it this way: you're 18 years old and you live with your parents, then one day your dad gets a letter from BT explaining how all traffic through the BT broadband will now be monitored for advertising reasons.

    However, you happen to be secretly born-again Christian / young Conservative / Mac fanboy / etc and really are not happy with giving your ISP the right to release your personal browsing habits to anyone, even if there is only the smallest risk that your personal secret will be somehow be revealed to other users of the broadband. You tell your dad that you don't want BT analysing the websites you visit and the forums you post to. 'Why?' asks your anti-Christian, New Labour voting Microsoft employee dad 'what have you got to hide?'.

    This situation is absolutely unacceptable. No adult should be put in the position of having to surrender their right to privacy out of social obligation or family pressure, and that's exactly what Phorm will do. It doesn't matter if there is a blatant warning, or even an opt-out, because there will always be situations where individuals will have to choose between allowing their ISP to monitor their personal info against their wishes, or telling the person who pays the bill exactly why they don't want their privacy invaded. It's quite likely that some will only be able to protect their privacy by stopping using the internet altogether... and all this just to feather the beds of ISP company directors.

  9. Andy Bright


    "Opt-in is rare. It's just for situations involving sensitive information, personal information that can harm or embarrass somebody. We've made a particular point of not having any personally identifiable information, not having any sensitive information."

    All it will take is for one of those unconstitutional bills to pass that insist on ISPs making all their data available to whatever government agency demands it, and every single piece of information this software collects will be in the hands of someone you probably can't trust.

    The data airlines collect includes all kinds of confidential information, including credit card numbers (which therefore facilitates the tracking of your credit card purchases). This information is supposedly collected for national security reasons. How many people would be happy knowing this information ends up in the hands of direct marketing corporates? And while this isn't necessarily the end of the world, after all they're only manipulating it to send you junk mail, what is troubling is the complete lack of care taken when it comes to personal information. Whether it's a government agency or private industry, no one spends the money needed to protect your data, because there's no reason for them to do it.

    I predict that all this information, including that collected by ISPs, will end up going missing sooner or later. And that's the real issue. Until there's some kind of serious penalty for its loss (preferably long jail time for the owners and board of directors of companies that hold the data), none of our data will be safe.

    At the moment there's no incentive whatsoever to spend the money to make it safe. Worst case scenario? Send out a few million emails to tell people their personal information is now in the hands of data thieves.

    What this guy has facilitated ought to be illegal. In fact I'm very surprised it isn't covered by anti-hacking and anti-spam laws. Tell me how this is different to me breaking into his house and making a copy of everything I want from his hard drive? If I promise not to sell anything personal, would he be fine with me grabbing everything I could from his computer? Tell you what, I'll break in, make a copy of his data, and then offer him an opt out after I've done it.

  10. Ian Michael Gumby

    Regarding the Bootnote...

    Google collects the information when you go to Google's site and use Google's search engine.

    If you used Yahoo!, then Google wouldn't track your searches.

    This is different from NetbuAd aka "American Phorm" which the ISP will track everything that you do over their networks, without your consent.

  11. Anonymous Coward
    Anonymous Coward

    Just as pointed out... is Dykes who doesn't understand. Regardless of the security/privacy issues, if a user doesn't want to be tracked, then that's the end of it. If I recall correctly, their system is given all of the packets going thru the ISP, and supposedly disregards the packets of those who opted-out. Their system should never have any access to any packet except those handed to them by the ISPs under the condition that the user has given explicit consent/opted-in to have their data redirected/copied to Dykes' system.

    The fact that they can not garner enough people to opt-in w/o forcing people and/or doing under-handed tactics means their business model is as good as dead. Does it have to reach the point of having to have a law explicitly stating that dead-end business models should never be used and anyone trying to do so should not only be imprisoned, but also be brutally @n@l-fisted.

    Darn it. Somebody bring intelligent people to those meetings and not only slam reality to the face of government officials but also expose the con Dykes is pulling.

  12. Dave

    Opting Out

    I agree with the others that Google is a different case. I can see that at some point they will become an issue, but at the moment I've got Firefox with NoScript and AdBlock configured to block most known Google ad traffic. It's interesting to see how many sites use googleanalytics and other stuff. Those who think that not passing their data to Google is a matter of avoiding Google's public sites need to look a bit more carefully.

    As for NebuAd, if my personal information is that valuable then perhaps I'll sell it to you if you're prepared to pay me enough money, where the ISP is your agent, not mine (i.e. you pay the fee, not me). Taking it without my permission is theft and you definitely don't have that. Making sure that my information is not passed to your servers should not require me to do anything or store anything on my computer.

  13. Andy

    Google is different..

    At least google provides something in exchange which is more useful than advertising alone (completely useless anyway imho, I haven't seen an ad I didn't want to see for over 2 years now and counting)... going under the guise of being a benefit is just corporate bollocks.

    Sod them all as they know fuck all. I bet the CEO of NebuAd has been the victim of adware from the CEO of Phorm at some point. Throw them to the lions if the lions can stomach eating sub human scum for breakfast.

  14. Jeff
    Thumb Down

    How is this different from...

    Say, a couple of guys hiding in the bushes outside my house peering through my window at the travel section of the newspaper I'm reading and then running to the front door, knocking -interrupting what I was doing - and trying to sell me a Florida vacation package?

    "Quick, he's on to the sports page... go try to sell him some golf clubs before he turns the page!"

    Maybe they don't know your name. Maybe they didn't need you to tell it to them as they've already aggregated your data with that from other "providers."

    But they're still observing and profiling my behavior for the sole purpose of profiting from the sale of something that's not theirs.

  15. James O'Brien
    Paris Hilton


    "Do you support a policy where the consumer must say 'yes' before you roam through all their personal data and then turn it into an information product that is then sold to other companies?" asked the chairman of the House Subcommittee on Telecommunications and the Internet.

    "Mr. Chairman," Dykes replied, "you're forcing me to answer one of those Have-you-stopped-beating-your-wife-recently questions."

    "No," Markey said. "The question is 'Have you stopped beating the consumer?'"

    Ya know what? I normally dont care for politicians but GOD DAMN Mr. Markey is one I could definately begin to respect if he keeps going with hits like those.

    /Paris because she likes a good beating from time to time.

  16. Bobby

    Well done..

    Looks like we are getting to grips with these notorious spyware merchants at long last. The evidence is clear so let the prsosecutions begin.

  17. Anonymous Coward
    Anonymous Coward

    Message to UK Governemnt.... Take a leaf out of Mr. Markey's book and do the same to Phorm.

  18. John F***ing Stepp

    Well it took us a while.

    I mean all of a sudden a lot of business apps went south.


    But not for every one, and I am doing tracroutes and pings and sacrificing fcuking chickens to try to solve this and suddenly we learn about theses assholes.

    Hey guys; SSL all around.

    Got to go secure server because some bunch of stupid fcuks have found out how to steal your business model.

    Steal is the operative word here, as in walk in with a gun; stick it in your face and take your money. Steal.


    Cut off their hands. (oh no; we don't do that crap over here that's barbaric) then line them up against the wall an shoot them.

    But do something even if it's wrong.

  19. Andy ORourke

    Opt In

    Of course if these companies use opt out and rely on users reading lengthy T&C's to discover what they want to do with users data they are onto a winner. How many average users read T&C's, I dont most of the time, like most user's I'm lazy and I figure that most of the T&C's consist of phrases like "you dont have any rights" "we dont promise to deliver what we say at any time" there are no guarantees" and the always laughable "this does not affect your consumer rights"

    I would prporse the following message to users prior to opting in to these systems:

    "We are about to monitor every single web site you ever visit (except secure sites, honest)"

    Good luck with getting people to click the "OK" button!

  20. Anonymous Coward

    Opt out

    "I don't think opt-in or opt-out is nearly as important as robust notice to the consumer"

    Dykes doesn't think the freedom to choose to opt out is important.

    I always thought that being in a democracy meant you had freedom to choose whether or not to give up your privacy.

  21. Steven

    Shut the doors...

    Its a sad day when I have to set up my email with full SSL encryption and set up an offshore Netherlands proxy server just to protect my privacy.

    "Please leave your privacy at the door as you enter..."

  22. Paul

    Phorm to users:

    All your Datas are belonging to us.

  23. /\/\j17

    Says it all really...

    "What Dykes didn't say during today's hearing is that if NebuAd is opt-in only, relatively few will likely give their consent - and the company will struggle to pull in the dough."

    Or to put it differently - the customer doesn't WANT this.

    If your getting a free broadband product then I don't personally have too much of an issue with services like NebuAd/Phorm - they are the ISPs was of making money in exchange for offering you a free service.

    When your actually paying the ISP for the service then I DO have an issue with it. I see no reason why I should pay someone to make money out of me!

  24. Adam Foxton

    Google doesn't count

    They're nowhere near the same- the only time they get hold of the data for (for example) your bank would be if you were using gmail and sent it in an email or stored it somewhere on one of there servers.

    This NebuAd- and all other phormlike- system will capture my bank details and everything else. Even if it's encrypted, they've still got it and they've still tried to read it. Even worse they'll still be able to determine when I've requested a new page (traffic's stopped, now traffic starts again. So user has just requested new page, so lets slot another page down the wire first with a link to their intended page) so they'd be able to just slide "advert" pages into my traffic. And imagine the security risks that poses- browsing through the Lloyds bank, they insert a new page into your traffic, page is filled with malware designed to get the previous page. If a previous page is a banking page, the "ad" page presents the user with an official looking bank login/password request form.

    If they collect any business traffic they risk breaking the law. If they collect any government traffic they risk breaking the law. If they try to break any encryption or password-protection they will be breaking the law.

    And as someone said above it's not exactly difficult to sort of reverse the one-way hash.

    Opt-out is very, very wrong. The system should be opt-in, and they shouldn't be allowed any disclaimers (i.e. the adverts they put up there should be properly managed to prevent phishing / malware-laden sites, etc or they bear the full brunt of any legal stuff that happens.). The opt-in should also have to be in cookie form so you can recind your opt-in if you wish. Oh, and no traffic should go through their systems that isn't from an opted-in user.

    long story short ,NebuAd sucks and Phorm sucks. Yaa boo sucks to them!

  25. Anonymous Coward
    Thumb Up

    @ Chairman Markey

    Sire, I doff my cap in recognition of a sharp mind and rapier wit. Might I offer my services as ammo-man when you pull out the machinegun?

  26. Anonymous Coward

    Clearly a conspiricy

    These firms (google, phorm etc) only exist as a back door so government does not have to set up its own agency to spy on all communications. It is much easier if all comms are concentrated in a few organisations for apparently commercial reasons.

    Yar wheres my paper and pen :)

  27. John Robson Silver badge
    Black Helicopters

    one way hash of IP?

    There aren't very many IP addresses, creating a hash table would take moments - OK, you might end up with two possible IP addresses per hash, but they're likely to be from completely different networks, and so easy to eliminate all but the correct one.

  28. Alex
    IT Angle

    @"If I don't want Google to see my data, I don't use Google" arguments

    How does Google Analytics fit into this? How many websites using it clearly tell you they pass data to Google's servers? How do you know how anonymous the data being sent them is or what that data even consists of?

    Sure, it's more easily circumventable than Phorm/Nebuad but still...

    (Corrections welcome where I'm mistaken. However, corrections sourced from the Wikipedia article will be ignored - check it out, it's pretty much an ad for GA)

  29. Glenn Charles
    Gates Horns

    targeted ads

    Unfortunately, with the mass of information available on the Internet, it's becoming defensible. As far as behavioral analysis of English and American citizens, the notion started in the 60s and started test implementation in the 70s. I didn't have access to what organization(s) or individual(s) were being targeted or what the expansion factor was.


  30. Anonymous Coward


    A Post I want to give a high 'review' to.... but, but.... Where is the option to set my 'opinon' on this article? hu?


  31. Anonymous Coward
    Paris Hilton

    Unique way to Opt Out




    Paris because she can only land with her feet in the air.

  32. Colonel32
    Thumb Up

    Colonel in '10?

    I have long contemplated running for U.S. Congress on my own platform. This is one of the things I can use to land myself in D.C.

    I promise that if given an answer like Dykes provided I would ask him again and advise him that he better cut the horseshit this time or I'll stop his testicles flat. Let's see some other politico say that.

  33. IR

    The real question

    "Do you support a policy where the consumer must say 'yes' before you roam through all their personal data and then turn it into an information product that is then sold to other companies?" asked the chairman of the House Subcommittee on Telecommunications and the Internet.

    "Mr. Chairman," Dykes replied, "you're forcing me to answer one of those Have-you-stopped-beating-your-wife-recently questions."

    "No," Markey said. "The question is 'Have you stopped beating the consumer?'"

    -> The real question is "Do you support beating the consumer?". Or is Dyke saying that they don't go through personal data and turn it into an information product? That is Phorm's business plan.

  34. Mark

    The L word

    "It's a legitimate desire on the part of [ISPs] to increase the amount of ad dollars they receive to help fund the internet,"

    The minute they start wheeling out 'legitimate', beloved of suited wankers everywhere, you just know they're on the defensive.

  35. Anonymous Coward
    Anonymous Coward

    @ The L Word

    Some how I was expecting some thing very different . Maybe I should ask Ms Bee.

    Any ways, I almost expected him to say I'm legitimate business man.

  36. Anonymous Coward

    ... and you believe there are no conspiracies

    These people make and arbitrate law. Are y'all comfortable now? Hmmmm?

  37. Martin Usher

    Its not just these guys

    One of the advantages of using Firefox as a browser is its easy to see what crap's being loaded with your web pages. Increasingly web sites are trying to probe your web usage, to collect stats about users, to help monetize their content. I wouldn't mind it so much except that their lame attempts to made Javascript boldly go where no Javascript has any right to be tend to cause extended load times and even crash the browser if you've got the wrong combination of pages up. (You know when that page's JS code is suspect when you see it sporting patent numbers along with the copyright information.) Phorm and NebuAd are just taking this to a logical conclusion (and, no, they don't need your IP address -- the link between them and you is tunneled point to point so its as if their crap's sitting on your system).

    I'm old enough to remember the early days of the net, before these smartassed types invented BS like "push" technologies. It wasn't that much different then, just a whole lot cleaner and faster. I'd welcome a return to that kind of web. Maybe the key is to get rid of Javascript.

This topic is closed for new posts.

Other stories you might like