back to article BT's third Phorm trial starts tomorrow

BT will invite thousands of its broadband subscribers to voluntarily participate in a third trial of Phorm's advertising targeting system starting tomorrow, the two firms said this morning. The trial was originally scheduled to begin in mid-March, but has been repeatedly delayed amid technical problems and legal controversy. …

COMMENTS

This topic is closed for new posts.
  1. Hegelworm Messerchmitt

    I don't like...

    Mondays. I want to shoot the whole day down.

    This is so depressing. It's like standing by and watching an accident happen in slow motion and not being able to do a thing to warn the victims. Phuck Phorm. Again and again.

  2. Bobby
    Stop

    It must be stopped...

    It's astonishing that every country has come down hard on these forms of spyware yet the UK government have promoted it and similarly the British police have endorsed it as criminally exempt.

    It's even more sickening to discover Bt/Phorm are considering involving national charities to assist them in peddling their wares to the public in exchange for generous donations.

    I have read the sample Bt/Phorm Webwise interception page and it clearly conflicts with the ICO's requirements, it is not transparent, it is not sensitive to users wishes and it is most ambiguous in stating the correct terms in smallest print.. To me it is identical to every other known spyware scam on the internet that has plagued us for so many years and caused so much harm to everyone.

    It must be stopped.

  3. Anonymous Coward
    Stop

    Brishit Telecom.

    Will you please just Phuck of now, already.

    Please, Phuck OFF.

    Just Phuck off.

    It's like some cheeky tw*t at school or something.

    Just Phuck off. Right off.

    For Phuck's sake, leave us alone and Phuck off.

  4. Vincent

    Well, at least they're actually asking this time...

    Now all they have to do is sort out everything else. There's still the problem with copyrighted content on websites, and I know that some people have issues with it being cookie-based.

    Still, it'd be nice if they just Phucked off and stopped shoving marketing spin down peoples throats.

  5. Alex
    Thumb Down

    Good bye BT Broadband

    can someone recommend a good ISP, preferably that offers TV with a HDMI output?

    is it worth making the move over to, dare I say it, Sky?

    BT can go phuck themselves, I know at least 20 people who will now be leaving BT because of the adoption of this invasive technology.

  6. Ash
    Stop

    BOYCOTT

    If you see this page asking you to join the service, PHONE ACCOUNTS AND TERMINATE YOUR CONTRACT. There is no other way to get these corporate whores to listen than by taking away your business EN MASSE.

    I can promise you now, should I EVER find Virgin joining up with this service, i'll drop them like a hot potato covered in anthrax.

  7. N

    No way

    Being as our own spineless government wont take action, perhaps the Eurocrats will, or are they in cahoots with Kunt & his chums as well?

  8. Sooty

    so how does this work?

    I admit i've not used bt internet, but is it relying on a portal page to show this invite or is it already intercepting traffic and redirecting people to this invite page?

    I imagine if the latter then anyone who blocks the cookie will effectively lose their access to the web as every request for a page will get redirected to invite them to take part?

  9. Anonymous Coward
    Thumb Up

    Browsing profiling is now legal?

    So if someone collects the browsing information from the Chief Exec of BT and publishes it that's OK? No criminal procedings will ensue? Knock out, lets go for it!!

  10. Paul Gomme

    Move to someone else

    As soon as the Phorm story broke, I dropped BT and moved straight to Be. Much better service all round.

    BT's response was "If we could give you a better price, would you stay?" Shows that they simply don't understand the issues here...

  11. Anonymous Coward
    Anonymous Coward

    (untitled)

    "If the cookie is deleted at any point, the invitation page will be displayed again."

    So the cants will keep nagging you if you remove unwanted cookies ? Isn't harassment against the law either ?

  12. This post has been deleted by its author

  13. Anonymous Coward
    Stop

    Anyone know how to confuse the damn thing??

    Anyone know what would happen if I wrote a script to randomly open a close websites (100's per hour whilst I'm at work on my home computer) to confuse or overload Phorm?

    What would happen if 1000's did this at the same time?

    My theory is if you feed false info, nobody's going to take phorm seriously after a few months.

  14. Anonymous Coward
    Black Helicopters

    Pah

    "voluntarily participate" & "invited". Interesting that they NOW use these phrases/words.

    After all, it was all LEGAL wasn't it? Oh sry i ment to say ILLEGAL but acceptable in the grand scheme of things for "backdoor" brown. ID Cards anyone?

    Really interesting that you can opt out with a cookie... So does this mean BT/Phorm still intercept the traffic to see if the cookie is Opt IN or or Opt OUT ??? Dont bother answering, we already know the answer.

    After all this is all LEGAL init ?!

    as per the title - Pah

  15. Richard
    Stop

    Re: Boycott

    I'm with you on this one. If Virgin start Phorm trials, I will also be leaving them and have made my concerns clear to their CEO although I didn't get a reply...surprise...surprise.....

  16. Mat

    Charities..

    If everyone wrote to these charities and let them know that they would no longer donate to them if they accepted money from Phorm - I'm sure they'd soon re-think their stance.

  17. Anonymous Coward
    Anonymous Coward

    RE: Spybot & lavasoft

    I have emailed both of those to ask. I will of course pass any response on to El Reg should I receive one.

    Doubt its gonna happen tho

  18. Marc Davison
    Stop

    How do they prove the account owner has agreed to use "webwise"?

    Surely they should be seeking my permission as the account holder. What if my 5 year old daughter clicks Yes when it pops up...

  19. Jon Green
    Stop

    If you gave BT a clue, they'd raise a support ticket for it

    "BT Webwise uses a cookie stored on trial customers' computers to remember their preference. If the cookie is deleted at any point, the invitation page will be displayed again."

    So, if you have your browser set to reject cookies from non-trusted sites (or to reject them unconditionally), this effectively performs a denial of service for Web use. Nice.

    Likewise, if you use non-browser retrieval (for example wget, to retrieve pages automatically for repurposing or caching), that makes the broadband functionally useless. Outstanding, BT, truly outstanding.

    And, for your next trick, how about injecting full-page adverts into the user's browsing, with a tiny "Go to the URL you actually asked for>>>" link at the bottom?

  20. Steven
    Stop

    Just emailed this to all employees at our company:

    If anyone uses BT Broadband you may get an email asking you to join BT Web Wise.

    Please make sure you DON’T do this. The system is being fronted as a security tool, but in actuality monitors ALL of your internet usage and uses it to target you with advertising. This includes but is not limited to all websites you view, any details you enter into websites (including passwords, bank details etc) messages sent via instant messaging clients such as MSN and your personal emails.

    The system is currently under investigation by the European courts and the Information Commissioners Office for breaches of the data protection act and wiretapping laws.

    Please forward this email on to anyone you know who uses BT Broadband and feel free to sign the downing street petition against Phorm (the company behind Web Wise) here:

    http://petitions.number10.gov.uk/ispphorm/

    Thanks.

  21. Nick Palmer
    Thumb Down

    So, basically...

    ...BT and Phorm will STILL be non-consensually intercepting your traffic, even if you opt out; what they do with that intercepted traffic is hardly the point - they shouldn't be intercepting it to start with. And they are STILL (despite what the lying little shits said) using cookies to determine whether you've opted out or not. So they're STILL a bunch of lying scumbags, except that in the face of the supine acquiescence of those incompetent, ineffectual wastes of oxygen at the City of London Police, they have a LICENSE to be lying scumbags. One hopes that the judicial review of the CLP's decision to not prosecute will reach an appropriate conclusion, but one doubts it. Once again, it's clear that RIPA is a weapon to be used against the individual, not a means of protecting them.

  22. Anonymous Coward
    Thumb Up

    Re: Anyone know how to confuse the damn thing??

    Especially if they are BT's and Phorm's own sites!! Why break other peoples??

  23. Tony Green

    Catching the bastards at it

    Anybody know if there's a way my CGI scripts can detect if requests are coming through Phorm's servers?

    I reckon if we can spot it and use that to print "you are being spied on" warnings on pages that might bring it home to people what's going on.

    And since every page on my sites carries a header stating that I don't consent to traffic being intercepted, I'd then know they're still doing it, so I can kick them.

  24. amanfromMars Silver badge

    An Alternate Reality ....... with Probability Perspective ....... .Alt Per

    Re It must be stopped... By Bobby Posted Monday 29th September 2008 09:34 GMT.

    Move On, Bobby, it is Far too Late for that to be Either a Viable or an Available Option.

    Sign Up for IT and BetaTest Available WAIres, is AI SMARTer Derivative Benefit Revealing Needs for Feeding ..... Source Driving.

    Now where is that dotted line on which One Signs :-)

  25. Alex

    Tell everybody

    Stunning development - not. BT are simply relying on the majority of their users being clueless about the invasion of privacy and so are trying to normalise it. They clearly don't hold the interests of their actual customers over their shareholders, so they are, scum. Bottom feeding scum. Of course they could hold the belief that their shareholders as their real customers and their subscribers as simply a resource to be milked. Still makes them scum. The only way to educate a company like this is through customers walking. More publicity is the key.

  26. Mike Crawshaw
    Stop

    Not really an opt-out, is it?

    "BT chief press officer Adam Liversage confirmed that opted-out traffic will pass through the system during the trial, but said it "will not be mirrored or profiled".

    So if you opt out, your data still goes through the system, but they promise not to do anything with it. Well that's ok. After all, they're both reputable, trustworthy companies who would never lie to us.

    Oh, wait....

    Not In Any Way, Shape or Phorm!!!

  27. Anonymous Coward
    Unhappy

    Charities?

    Anyone know which charities are in bed with Phorm?

    I'd expect they'd be quite sensitive to being named and shamed.

  28. Ben Boyle
    Stop

    Goodbye BT

    Anyone know where I can find a list of "decent" ISPs that don't plan to Pharm my browsing habits?

  29. Anonymous Coward
    Paris Hilton

    Invoice awaiting BT

    I've got a nice counter on my sites so I can invoice BT for royalties if any of these infected fellows come into contact with them.

  30. John Edwards
    Paris Hilton

    Phorm

    Please will one of the BOFH who read El Reg devise some way to screw BT. So help me, I'm on Virgin Broadband and would love to swamp Phorm with searches for donkey sex or whatever would best foul up this despicable trial.

  31. Jason
    Thumb Down

    I wonder......

    How fast the Internet could be if there wasn't all this Deep Packet Inspection going on.

    Its bad enough when you pay for a service and don't get the speed advertised

  32. BlueGreen

    Anyone got contact details for Mr. Hanff? Also a note on BT routers

    I'd appreciate them.

    Now, BT routers (that white box). Just in case someone else is having problems - this router has played silly buggers just about since the day I had it, repeatedly rebooting, dropping connections and generally being an utter sod. Many, many contacts with BT support got me let's test the line again/swap the microfilters and monitor it/reboot the router; that kind of thing. Didn't help any...

    ... until one day while doing some networking stuff i swapped the USB connection from the router for ethernet. And it worked consistently thereafter.

    So I phoned the support people again and when I asked about this I was told there were known problems with USB connections, and not to use them. Poor guy just kept apologising.

    I don't understand BT's business model.

    Anyway I've stuck with BT while I chased them re phorm. If I left I was concerned they'd use it as an excuse to 'lose' info on me. Now we've hit the brick wall of government/police indifference and they're tooling up to phorm us again, time to change ISP. Today. Right now in fact. I'll keep chasing on the legal side, so once again, contacts for Alex welcome, or if he's reading this I'm on <pinger666777(@t)gmail.com>

  33. Jason
    Thumb Down

    Signed

    http://petitions.number10.gov.uk/ispphorm/

  34. The BigYin
    Stop

    What about legalities?

    Interesting post at the bottom of this page (#179). No replies as yet, but genuinely interesting.

    Anyone any ideas?

  35. Chronos

    Phishing

    Ah, the old redirect to a fake domain trick. Isn't this what phishers attempt to do? And this is legal? Looks like you'll see this in courts soon:

    "But BT and Phorm do exactly the same thing, so it must be legal!"

    Before anyone starts with the "consent" rejoinder, the invitation page is clearly making the most noise about the anti-phishing "feature." To my mind, that is NOT informed consent. Anything short of "We will be logging and recording the contents of every HTTP URL you visit through this ISP and, even if you opt-out, your packets will still pass through the system to be examined for the opt-out cookie. If you block the Webwise IP, you'll get bugger all service to anyone else's port 80 because we redirect everything destined to anyone's port 80 through Phorm's system and, until we detect the opt-out cookie, we remain hopeful that we can make money out of you." is less than honest.

    Perhaps we should all just replace our index.* pages with "Protesting BT and Phorm's destruction of Internet privacy on Tuesday 30th September - complain to them, not me" and stay off the Internet tomorrow as a protest?

    As an aside, isn't it funny that most of the things that fuck the Internet up for the sane happen in September?

  36. Anonymous Coward
    Anonymous Coward

    Can that really be considered opt-in?

    The page seems designed to confuse and misdirect. The 'turn on' is a nice bright green button, the decline a standard link adjacent to a 'learn more' link. Surely this doesn't meet the spirit of requiring an opt-in for a service?

  37. Andy ORourke
    Unhappy

    @Catching the bastards at it

    I think dephormation.org had some kind of script you could use to detect phorm infected visitors.

    @ amanfromMars. As much as I never usually understand you, let alone agree with you I sadly have to admit you may be right:

    "Move On, Bobby, it is Far too Late for that to be Either a Viable or an Available Option."

    I fear that whatever happens, BT (and the others) have gone too far down the Phorm road to back out now.

  38. Anonymous Coward
    Pirate

    Anyone look at webwise.com? No mention of Virginmedia

    I clicked through to look at webwise.net, which redirects to webwise.com. And was interested to note that there is no Virginmedia logo on that page. There is only logos from BT and TalkTalk.

    Does this imply that Virgin are already getting cold feet and stepping back from this?

    (As a Virginmedia user I do hope so :))

  39. Louis

    Leaving BT

    Dear chaps, how about a little practical help here. BT advisors will claim (and have done to at least 2 people I know) that this substantial alteration to their terms and conditions is not a substantial alteration, even though we all know it is. This is quite important, as it is the difference between paying up the rest of your contract with BT, or not.

    Anyone have specific pointers or advice on what to say to them to get this sorted with as little hassle as possible? I will disseminate this info to everyone I know and actively encourage anyone I know still with them, to leave BT.

    thanks,

    Louis

  40. Lloyd
    Thumb Down

    Hold on now

    What happens if you have multiple laptops across your house and some of them are used by children?

    Will the children be asked if they wish to join up as they don't have a cookie on their machine? Surely this is illegal?

    There should be a flag on the account with user preferences, not cookie based on the client browser, BT stick it where the Sun don't shine (same goes for Carphone Whorehouse and Tiscali when they start using it).

  41. Steve Kay
    Stop

    Advertising Standards

    The "Consumer Protection from Unfair Trading Regulations 2008" has the clause on unfair commercial practices - quote:

    "information...likely to deceive the average consumer in relation to any of the matters in that paragraph, even if the information is factually correct"

    ...which by the look of that sample invite page, this falls right into.

  42. Sir Runcible Spoon
    Thumb Up

    @BlueGreen

    You can get hold of Alex on his website pretty easily - https://nodpi.org

    I've already switched to a Zen business line - much better reliability and great support.

  43. Boris the Cockroach Silver badge
    Thumb Down

    Just needs a clever programmer

    To create the phuck off phorm program

    Basically to bombard the phishing sniffer gear with multiple web page requests completely at random in order to make the data gathered completely worthless

    Thumbs down... because phorm deserve the chop

  44. Anonymous Coward
    Paris Hilton

    Love to see it happen....

    that they get it in the ass by the EU.... dont think it will though!

    I think its time to start on the old virtual pc and fill it full of click ads and once its completely infected, see how much data gets passed back to BT, should be nice to see random websites appear and their respective 3000 ad's! I wonder how much capacity they have if everyone does this?

    http://www.theregister.co.uk/Design/graphics/icons/comment/paris_hilton_32.png Paris... cause if theyre going to phuck with you you might as well moan and take the money!

  45. alan

    el reg in bed with phorm?

    say it aint so ......

    using dephormation flirefox plugin (available from http://www.dephormation.org.uk - use this if you are stuck with BloodyTerrible) it says "Dephormation has found a link to a Phorm / WebWise / OIX site"

    please tell me its wrong / one of those crap ads (which I'm blocking btw)

  46. Mr Jolly
    Flame

    Are they taking the piss?

    '..BT chief press officer Adam Liversage confirmed that opted-out traffic will pass through the system during the trial, but said it "will not be mirrored or profiled"...'

    May I refer BT, Phorm (and also the ICO as they seem to have forgotten this, useless fuckers) to the Data Protection Act 1998. Specfically:

    11. (1) An individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing for the purposes of direct marketing personal data in respect of which he is the data subject.

    Note the use of this part 'cease, or not to begin, PROCESSING'

    The Data Protection Act 1998 defines 'Processing' to be:

    '“processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data'

    Bearing in mind unencrypted http traffic can and often contains a person's name, address and telephone number, which also by definition is 'identifying personal information' if someone wants to opt out of Phorm/Webwise then it seems pretty clear that they're breaking the law if it still passes through their system but they promise not to peek at it.

    Note to BT & Phorm in moron speak as you don't seem to understand. Just because you're not 'doing' anything with the data that passes through your system (so you say) the mere fact that it passes through and might contain identifying information means you have to adhere to the DPA and customers wishes.

  47. Chris Williams (Written by Reg staff)

    Re: el reg in bed with phorm?

    It ain't so.

    See the release notes for the plug in here: http://www.dephormation.org.uk/?page=19

    One of the domains that trips an alert is Phorm.com, which is where the stock exchange statement I link to in the story is hosted. Simple as that.

    - Chris Williams

  48. Anonymous Coward
    Stop

    Leaving BT Today

    This is the final straw, I will be leaving BT today and heading over to an Entanet reseller, who provide much better service and don't monitor my communications.

    I've been a customer of BT Business Broadband for just over 2 years now, initially it was good however during my contract they stealthily changed their Terms and Conditions so that my unlimited connection was no longer so unlimited. I was rate limited down to 512kb/sec, after over half an hour on the phone with them they finally checked if I had been rate limited. It turns out this operation is outsourced to a firm in Germany and is based on percentages - no hard figures. At the time, the quota to be limited down to 2mbit as a puny 20GB and 512kbit/sec at just 60GB. I gave them an earful for this and it seems they made an exception. However, I presume many others are also unknowingly in this situation. With the prevalence of digital media these days, it's very easy to consume *reasonable* amounts of data. 20GB is not what I would consider a reasonable amount of data.

    Now they persist on continuing this absurd scheme. Enough is enough BT - I will not be snooped on in an insecure fashion (or any fashion for that matter) to increase your executive bonuses. Goodbye BT, I won't miss you, rest assured.

  49. The BigYin
    Stop

    Legalities?

    I'll try that again *WITH* the link!

    Interesting post at the bottom of this page (#179).

    http://www.talktalkmembers.com/forums/showthread.php?s=9bb1a01d1473b8b0ed61ce8415047a95&t=740&page=18

    No replies as yet, but genuinely interesting.

    Anyone any ideas?

  50. Anonymous Coward
    Black Helicopters

    @Alan and his dephormation firefox plugin

    Alan, I think your dephormation firefox plugin is just reacting to the fact that this El'Reg story about Phorm includes information about blocking webwise.net. IMHO that firefox plugin will be confused by the "webwise.net" words within the body of the story text.

  51. Anonymous Coward
    Anonymous Coward

    Phorm IS illegal

    Until a full legal hearing and investigation proves otherwise, I will regard Phorm's "product" as illegal. Neither Phorm nor BT have ever published their alleged "legal advice" claiming their are acting within the law despite public challenges to do just that.

    Anyone doubting me should go to http://tobymeres.net and see the arguments put forward by Dr Richard Clayton and Alex Hanff. Nowhere have Phorm provided a convincing legal rebuttal.

    I dumped Virgin Media because of their association with Phorm and because they failed to understand the issues behind the growing user dislike of Phorm. Right to the end they tried to spin Phorm to me, they seriously believe that Phorm is something users want.

  52. Anonymous Coward
    Pirate

    WebWise

    Sooo presumably there is some tag in a webwise advert... making them easy to block?

    yet to see how adverts stop phising??

    perhaps if someone is phised and they were relying on webwise then webwise is at fault??

  53. Anonymous Coward
    Anonymous Coward

    bigg balls

    Seems to me that BT has a big pair or inside info from the EU. The idea that an it tech gave the go ahead for this with out upper managment knowing about it is silly. Considering that the British Goverment is only now giving answers to the EU on the orginal Tests on the question of legall or not? It would seem to me to that either BT have got the go ahead from Goverment to conduct such a test even though such tests advertised or not are under the EU microscope.

    For BT to go it alone with such a small company as phorm, in defienence of possible and ongoing EU actions is either the crazy misdirection of a CEO or the ability to have prior knowledge of a UK goverment stance. Given the UK goverment stance, of not charging BT, when BT have themselves have adimitted criminal acts. I think inside info has provided BT with the brass balls it needs to commence with this. In cases like this and brazen behaviour like this, when people get so condifient, that they can do or say as they please with countless others, in the name of profit, all you have to do is follow where the money goes. I have not seen it so far. I hope they do in future.

    In the days of Cesar, goverments, had spies, reporting back to middle level officials, about what Tom, Dick and Harry where doing with their neighbour. You knowthe case history, that peoples rights, didn't count as long as it made us as a little comunity with our own little civil task masters, safe in the despots, eyes.

    BT comitted a criminal act, not the first one in their history I guess.They have aslo commited credit card fraud. An act they admitted to. Show me Justice. Social well being is not indulged by a class system, of have and have nots. In todays credit crunch, Goverments are no longer pushed or pulled into power by the sway of industrial money. They are either voted in or out.

  54. Mike Gravgaard
    Unhappy

    Great

    I wish BT would do what they are paid to do - supply a service and leave it at that..

  55. Anonymous Coward
    Stop

    Their "no cookies" option doesn't seem to exist

    Tried following their suggested link to switch it off without cookies (to see how they intend to do it), but I can't find anything. Does it only appear for BT customers, or are they hoping nobody will be able to find it?

    If my ISP attempts this kind of crap, I'll be off like a shot. I'm also concerned that BT will intercept the advertising on my websites and replace it with their own.

  56. Anonymous Coward
    Anonymous Coward

    @Anyone know how to confuse the damn thing??

    1) Change the Phorm UID in your Phorm cookie each time you (or your bot script) makes a web request, thus polluting the data pool.

    2) Click on OIX adverts (or get your bot script to do so) but don't follow through with a purchase or signup, thus decreasing the effectiveness of Phorm in an advertisers view.

  57. PugRallye

    Either it is or it isn't....

    So, if it's not illegal that they did this already without asking permission, why ask now?

  58. Anonymous John
    Unhappy

    What next?

    Phonewise

    You're invited to switch onto BT Phonewise.

    As a BT customer, you can try an exciting new BT service called BT Phonewise.

    When switched on, BT Phonewise will monitor your calls, and interrupt them with selected adverts tailored to your interests.

    Letterwise

    You're invited to switch onto Royal Mail Letterwise.

    As a Royal Mail customer, you can try an exciting new Royal Mail service called Royal Mail Letterwise

    When switched on, Royal Mail Letterwise will open your letters, and send you selected junk mail tailored to your interests.

  59. Anonymous Coward
    Anonymous Coward

    A number of problems with this

    1. It is common security practice to clear cookies at the end of the browsing session. This mean every single time a new round of browsing starts, the opt-in page will be displayed. That will become very annoying very quickly. I suspect add-ons for the likes of Firefox will appear which take care of this page invisibly.

    2. In a shared household, each computer will see the opt-in page if no preference has been set on that computer. How can a minor give consent for this activity? Is there not a legal issue here?

    3. More broadly, when sharing computers, BT have no way to discern consent from individuals, only from computers. They are making an unwarranted assumption that one computer equals one person.

    4. The data is still being intercepted in this trial. It is still illegal to intercept my data if I have not agreed to this. BT have no way to know whether I have agreed or not, due to point 3.

    5. An observation - I've yet to see an end-user of this technology make a positive comment about it. BT appear to be relying on apathy and a large amount of spin to present this as a benefit.

    6. How will this affect utilities like wget and apt-get? I seem to rememer that the user-agent will be parsed to prevent the page from being returned to them. But in that case, are they opted in or out? If the latter, changing the user-agent string in the browser might provide a temporary workaround to having to put up with the page.

  60. JCL
    Stop

    Alternatives

    I've about had enough and my 12 months is up this month.

    Soo, I'm emigrating in 6 months, know anyone that will provide a similar service to BT but without Phorm, and not require a 12 month sign-up?

  61. Rob
    Alert

    On the positive side, at least this sorts out the P2P debacle.

    After all, one of the main the ISP arguments has been "What if it's not the subscriber, but one of their kids or a stranger using their open WiFi."

    Well, it would appear to be fine with BT for your kid, or even a stranger using your open WiFi to opt you in to Phorm.

    So, under the well known legal principle of what's sauce for the goose is sauce for the gander, should we expect BT to introduce 3 strikes you're out in parallel with this scabrous bag of puss?

  62. michael

    cokies?

    so if I have 2 diffrent borwerses and I say yes on 1 and no on the other will they only profile my browsing on the one I say yess on ?

  63. b
    Flame

    Clear informed consent?

    How can that page possibly be construed as giving a user any idea of what's happening to their web traffic? I realise that BT are above the law but they might make some kind of effort.

  64. Mr Jolly

    Just a thought

    According to the technical analysis of Phorm at http://www.cl.cam.ac.uk/~rnc1/080404-phorm.pdf (point 15+16) At some point in the redirection process, a request will get redirected to webwise.net which sits inside the ISP's network.

    webwise.net is the bit that checks to see if you've got a cookie or not, if not it issues a UID then does a 307 redirect to point you to the real page.

    What would happen if someone in the trial resolved webwise.net to a local address and started issuing their own cookies in the Phorm format and doing their own 307 redirects? Would it be possible to generate random UID's every time or completely bypass their redirection system?

    Or would their system get stuck in a loop referring you between the ISP's webwise.net and your own local webwise.net?

  65. Scott McMeekin
    Thumb Down

    Do NOT want!

    BT, what part of this sentence do you not understand?

    First time I get this opt-in page, I'm switching to another provider. I mean, I could understand (and tolerate) a system like this if I was getting a free service, but I'm not. I'm paying a service fee for a clearly defined and pre-agreed service. It's a bit like the cheeky b'stards at Sky who charge me a fortune for several hundred channels of crap laced with incessant adverts every few minutes.

    Marketing/advertising executives - the first against the wall when the revolution came.

  66. amanfromMars Silver badge
    Alien

    For SMARTer Enabling of Deserved Choice

    "I fear that whatever happens, BT (and the others) have gone too far down the Phorm road to back out now." ..... By Andy ORourke Posted Monday 29th September 2008 10:59 GMT

    What they have dDiscovered may be Nothing to Fear, Andy. Can you Imagine a Virtual Search Engine which dDelivers Dream Needs to Feed and Propogate Dream Feeds? Is that Good Phorm and AIGreat British Service?

  67. FoolD
    Pirate

    A 3rd illegal trial - brave or stupid ?

    As many have noted, with the opt-in being cookie based the consent is irrelevent - data is still intercepted, just not 'processed', even if opt-ed out. This means that this 3rd trial still intercepts traffic without consent - a clear creach of EU privacy laws, if not UK ones. In fact now things will be worse as the data of users who *explicitly* do not to give consent (by clicking no) is still intercepted, just not profiled.

    BT are opening themselves up for even more legal problems by rushing this trial before the non-cookie based system is active (where traffic not opt-ed in would not go through the profilers).

    One wonders why the rush to push the trial through now - maybe afraid of future EU policy changes or are they just simply running out of cash ?

    Pirate icon cos they like taking what doesn't belong to them too.

  68. Sir Runcible Spoon
    Happy

    MAC code shennigans

    "BT advisors will claim (and have done to at least 2 people I know) that this substantial alteration to their terms and conditions is not a substantial alteration, even though we all know it is. This is quite important, as it is the difference between paying up the rest of your contract with BT, or not"

    They can claim all they want. A contract is between two parties, you only need to assert your view that there has been a change to the contract and that, as they say, is that. They are welcome to take you to court for breach of contract, but considering they that

    a) they have changed the contract and

    b) they won't do this

    I don't think it will be a problem.

    I think there are more details on the https://nodpi.org website about successfully getting your MAC code.

    @JCL : Not sure about the others like 'Be' internet, but Zen is on a monthly basis.

  69. fords
    Thumb Up

    Vote with your wallet folks

    We did - we joined o2 who don't throttle and want nothing to do with Phorm.

  70. Andrew Culpeck
    Flame

    Im with Ash

    If I catch Vigin doing the same I am off. Its bad enough the govenment wants to spy on my internet access but my ISP can get stuffed.

  71. alan
    Happy

    @Chris Williams - and Joe :)

    Yey! reg = win XD

    Hoped it would be something like that, thanks for the link - should've read them myself beforehand :S

  72. Ed Blackshaw Silver badge

    Am I the only one thinking

    that now would be a great time to short-sell BT shares? Maybe a sharp drop in their share price would be the only message that their board would understand?

  73. Anonymous Coward
    Anonymous Coward

    RE Anyone know how to confuse

    well you can try trackmenot a plugin for firefox

    but best answer is to leave any ISP supporting phorm

    this way they are bound to loose :)

  74. Mark H
    Go

    Don't see what all the fuss is about?

    Well if I were a BT customer I'd just opt in. There are far more important issues to worry about at this current time.

    Do all of you complaining about this not use Google then - as they store far more about you than this Phorm server ever will? From what I've read in the past this data is stored anonymously and used by the Phorm system to serve what it thinks is relevant advertising. No one is going to be searching through this data, and even if they did it's anonymous.

    There really isn't much to get worked up over in my opinion.

  75. Anonymous Coward
    Boffin

    Interactive

    I've said it before and I'll say it again -

    There is a clear assumption that ALL http protocol traffic is interactive web browsing. There are a lot of applications, including web-hosted services and tools which use http as well you know. Surely this interception and meddling of traffic is going to cause problems with these?

    At the very least, its going to have access to senstitive data related to the internals of these applications, even if Phorm do say they filter out certain stuff.

  76. Richard Tobin

    How do I opt my site out?

    I don't use BT, so my web browsing won't be tracked. But I have a web site. How do I opt out of having acesses to it tracked?

  77. Eponymous Cowherd
    Joke

    @Mark H

    You are a troll and I claim my free El Reg Troll-hunter t-shirt.

    Troll Hunter t-shirt. Actually, that's not such a bad idea. How about it?

  78. Tony

    Consumer's Association

    For what it's worth, I sent an email to the Consumer's Association (the group behind Which?) I had the following reply.

    "Thank you for your email to Which? of 22/09/2008 concerning Phorm.

    Thank you for expressing your concerns over BT and Phorm. This is something Which? researchers have an interest in and it is great to receive such considered feedback and opinion from members. I have passed your email forward to our Computing Research Team for their interest and consideration.

    For your interest, we have mentioned Phorm in a few articles, namely in Which? Computing. "

    Basically anything that hepls get the message over has to be A Good Thing.

  79. Anonymous Coward
    Alert

    @JCL : Not sure about the others like 'Be' internet, but Zen is on a monthly basis.

    yes 'Be' is no contract month by month...

  80. Andy ORourke
    Unhappy

    ISP - New definition

    ISP - Internet Subscriber Profiler?

    @ amanfromMars - Glad to see you back to your old self

    @MarkH - I'll bite. If I use Google it is my choice to do so given that I know what they do with my data (like I choose which "loyalty" cards to use) if BT is my ISP then I get NO choice in the matter, if I opt out using the current system all my traffic still gets deep packet inspection, they just dont act on the information (honest Guv)

  81. Anonymous Coward
    Paris Hilton

    @@Anyone know how to confuse the damn thing??

    Akshully it may be moot rather soon. Given the dire economic situation that seems to be unfolding like a slow, black flower I wonder how viable the business of advertising is going to be. Amongst many other businesses.

    Not a pretty thought. Let's see what today brings.

  82. Anonymous Coward
    Thumb Down

    Word of mouth..

    As a direct result of their involvement with Phorm, I have for the last few months been actively advising new broadband subscribers to avoid BT and the other ISPs that have a declared interest in Phorm.

    It may be only a drop in the ocean, but a lot of little drops from all of us will soon become a river.

  83. Anonymous Coward
    Thumb Down

    @Mark H

    If I do happen to use Google, it's through freely-exercised choice on a case-by-case basis. Sure I have a choice of ISP, but typically only after a pre-defined contract period - so the choice is no longer free.

    If you want to give away your browsing habits for free, feel free - my habits are my business and I don't broadcast them widely (as will inevitably happen with Phorm as sure as CDs go missing in the post)

  84. Dave Stark

    Injection

    Anyone up for replacing the UID in their cookies with:

    '; DROP TABLE uids;

    ? Also, anything to look out for in the Apache logs? After all, consent is required from both sides of a tapped conversation if the tap is to be legal.

  85. RobMc
    Pirate

    website "optout"

    from http://www2.bt.com/static/i/btretail/webwise/help.html

    I own a website which contains private/sensitive information which I don't want to be scanned by Webwise. What can I do to achieve this?

    <snip> silly nonsense</snip>

    Alternatively, you may request specifically that your website is not scanned by Webwise. To request that your website not be scanned by Webwise, please email:

    website-exclusion@webwise.com

    That's going to be a busy email address lol.

  86. Mark H

    @ Andy ORourke

    Your ISP currently logs all of your internet activity. The Phorm server looks at this anonymously to see which of it's advertising criteria you may fit into. It then serves a relevant ad if you happen to be browsing a web site which uses the Phorm system (I use Adblock so never see any adverts anyway).

    It isn't storing every website you've ever visited, every email you have sent through a web mail interface etc. It's simply having a quick glance and ticking some internal 'ad preference' boxes - all anonymously. If you opt out it doesn't even do this.

    Seriously now and all accusations of trolling aside, what is the problem with this?

  87. Adam Foxton
    Thumb Down

    @MarkH

    The point is that you _CHOOSE_ to let Google see what you search for.

    Does this only work on HTTP? Or would it also record SNMP/FTP/Torrents/other such protocols?

    To a lawyer:

    Does this mean that BT just lost their Common Carrier status and can from tomorrow be fined for every byte of kiddie pr0n/terrorist stuff/"extreme porn"/pirated software that passes through their network? I mean it's not common carrier now, is it?

    To all sys admins:

    Please enforce the use of HTTPS at the very least on your servers.

  88. Anony mouse
    Pirate

    T&Cs

    changes to t&cs from 16th June 2008 to new webwise enabled ones

    para 11. "your material disadvantage" becomes "your significant disadvantage"

    para 14. "at least five working days before" becomes "at least seven days before"

    para 18. The biggy.. all new para 18 and 19 deals with webwise including the award winning

    19. We will endeavour to keep our list of suspected fraudulent or illegal sites as up to date as possible and to warn you about any sites on this list if you attempt to view them However, we do not accept any liability for any loss you incur in the event that the BT Webwise service fails to warn you about a fraudulent or illegal site.

    so fucking useless then

    other changes seem to be correcting spelling mistakes and grammer.. apologies for anything i've missed

  89. JCL

    Ta very much

    Cheers Sir Runcible Spoon and AC, I'll look them up this afternoon.

    JCL

  90. Anonymous Coward
    Anonymous Coward

    Cookie Opt Out

    Isn't that a sh*te system?

    Now maybe I'm being cynical, but could it be that this is a way of pestering people to opt in? Opt out and you get the opt in page frequently. Opt in and you never get the page again. So what happens? People opt in just to stop the page appearing all the time.

    Especially annoying for those who delete their cookies after every session to keep things tidy.

    Block cookies from the webwise domain? That's hardly a solution for the non technical user is it? I doubt they've considered their poor helpdesk staff when they designed this process. I'll bet the poor sods are innundated with calls from tomorrow onwards. I wonder if they've even bothered warning their call centre about this.

  91. Piers
    Alert

    "Virgin" on the Websie site...

    "Plus, all of our data processing for our clients BT, Talk Talk and Virgin

    will be done in the UK. The system has been built from the ground up to

    ensure that there is no way user data can be accessed or stored in any way."

    From here:

    http://www.webwise.com/how-it-works/faq.html

    So watch it folks!

  92. Anonymous Coward
    Happy

    @ JCL - Alternatives

    >> Soo, I'm emigrating in 6 months, know anyone that will provide a similar service to BT but without Phorm, and not require a 12 month sign-up?<<

    The majority of ISPs now operate on only 1 month contracts - you pay for the month in advance and cancel whenever you want to.

    The only possible issue with signing for only 6 months is that they will probably charge you for the connection fee - minimum of 12 months and the connection fee is waived.

    badphorm.co.uk have a section on various ISPs that are currently phorm-free. Take your pick.

  93. Anonymous Coward
    Anonymous Coward

    It's all

    The reason the government and filth arn't making a whimper about Phorm is becouse they don't want to jepadize their own spying plans. Once we're all used to phorm spying on us so we can have "better adverts" why would we not allow the government to watch everyone - so they can capture terrorists and peadophiles?

    Why wouldn't you want it eh? Terrorists and Peadophiles running rampent, hiding under your bed, living in your street? Maybe you're one of them eh? Anti-Phorm then you must be Pro-Peadophile/Pro-Terrorist. That's how it'll work. Anti-NuGov Silo, Anti-Nugov Gestapo? Then you must be Pro-Peadophile and Pro-Terrorist.

  94. Eponymous Cowherd
    Thumb Down

    @Mark H

    ***"Your ISP currently logs all of your internet activity. The Phorm server looks at this anonymously to see which of it's advertising criteria you may fit into. It then serves a relevant ad if you happen to be browsing a web site which uses the Phorm system (I use Adblock so never see any adverts anyway)."***

    This is *not* the way Phorm works. I suggest you do some research before commenting.

    ***"Seriously now and all accusations of trolling aside, what is the problem with this?"***

    Again, I suggest you do a bit of research into how Phorm works, how it is different to Google and why it is considered by many (me included) to be illegal. As a starter I suggest you read Richard Clayton's analysis:-

    http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/

    http://www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf

  95. Anonymous Coward
    Thumb Down

    Umm..

    "Alternatively, you may request specifically that your website is not scanned by Webwise. To request that your website not be scanned by Webwise, please email:

    website-exclusion@webwise.com"

    So how exactly do they prove that the person sending this email is the owner of the site in question?

    Surely someone could grab a list of every single site available on the Web and email it to them for exclusion? *snigger*

  96. Anonymous Coward
    Anonymous Coward

    Privacy

    Where's International Rescue... er er Privacy International when they are needed

  97. Paul Buxton

    What if I don't opt in or opt out?

    If I don't opt in or opt out when prompted and simply browse away from that page (which I assume is an option as there is the text "You may have left this page without choosing to switch BT Webwise on or off last time, so we are showing it again to ensure we record your choice." on the options page), will my defaulted option be opted in or opted out?

    Will my data still be passed through Phorm servers? What will Phorm do with the data? Parse it or not?

    I'm asking here because you're bound to have more of a clue than BTs technical helpline, even if you have absolutely no clue whatsoever.

    BT are already aware that I'll cancel if they bring Phorm anywhere near me. I don't think I'll have any issues with early termination fees. If I do, I'll sue. :-)

  98. Anonymous Coward
    Anonymous Coward

    website-exclusion@webwise.com

    Auto response from this address:

    "Thank you for your submission to the Phorm website exclusion list. If there are no obvious grounds to doubt the legitimacy of the request the URL will be blocked as soon as possible, usually within 48 hours.

    To ensure that this request is from the legitimate owner of the domain Phorm will contact the domain administrator by email for confirmation of this request. If the request is not confirmed within 10 days the url will be removed from the exclusion list and an email will be sent informing you of this decision.

    Please ensure that you Administrative Contact details for this domain are up to date.If you need to update them please resubmit your request when the amended details are visible in the WhoIs database - (use a public whois service such as http://who.godaddy.com/whoischeck.aspx if you are unsure it has been updated)"

    Read receipts tell me that 12 people have read the e-mail I sent to the website exclusion address. Wonder if they're real names or fake ones to hide the guilty?

  99. Anonymous Coward
    Anonymous Coward

    Up to the website owners

    and copyright holders to stop Phorm then.

    An addition to the terms and conditions preventing Phorm or BT from using copyrighted material to profile should do it, then one hell of a class action over mass copyright infringement.

    Someone must be doing something about this, if not then in the next week or so, I will put something up so people can band together.

    The user's data is quite small in all of this, the actual main copyright infringement is happening to the website owners, whose copyrighted material is now being devalued by the actions of Phorm and BT.

  100. The Other Steve

    @ Mark H of CDR

    "Seriously now and all accusations of trolling aside, what is the problem with this?"

    It isn't anonymous, and it's illegal, being a prima facie violation of both RIPA and the DPA as well as various EU legislation. (See the links provided further up this thread)

    The mechanism for gathering consent is insufficient to determine whether consent has been granted by the account holder, and giving such consent constitutes entering into a new contract with BT.

    The description of the service given to potential consumers is extremely misleading.

    The company providing the service to BT is a spyware outfit best known for installing rootkits on consumers machines without their consent, an activity for which it was under investigation by US federal authorities in a previous incarnation. To my mind, they are also Reg S scammers, although clearly that didn't work out for them, and nor is it likely to now, but that's just an opinion.

    So take your pick, really.

    And your "it's like google" argument is factually incoherent (it isn't like google in any way shape or form) and logically fallacious even if it weren't, because just saying "it's OK because someone else did it" makes it OK to murder people.

    m'kay ?

  101. GettinSadda
    Thumb Down

    Need IP address range

    Anyone know the entire BT customer IP address range. I currently plan to exclude all BT customers from all of my websites until I can find a way to only exclude those in the trial.

    I do not want my website (or its users use of it) profiled - and it is my choice to prevent it!

  102. Tom

    BT?

    Big Tits, and we seem to be the bra...

  103. The Other Steve
    Thumb Down

    @tinfoil hatted AC

    "The reason the government and filth arn't making a whimper about Phorm is becouse they don't want to jepadize their own spying plans. Once we're all used to phorm spying on us so we can have "better adverts" why would we not allow the government to watch everyone - so they can capture terrorists and peadophiles?"

    For starters, ISPs are already required to store user's traffic data so that plod can have a butchers hook should you end up in the frame for whatever the favourite evil of the month is.

    The government and it's various TLAs can already surveil you all they want, should they feel the urge, and data mining to provide information for "intelligence led" investigations already happens thanks to the fact that every BT exchange is the country is wired directly to everyone's favourite Cheltenham based supercomputing facility.

    The government don't need Phorm to do that for them. Weather or not this is a Good Thing (TM) depends on just how hysterical you are about terrs and pedos.

    You aren't seeing the result of a conspiracy, just evidence of massive apathy, ignorance, and incompetence on the part of those whose job is supposed to be to serve the public coming into contact with naked profiteering. Look at your news site of choice to see how that usually works out, unfortunately.

  104. Anonymous Coward
    Anonymous Coward

    @ GettinSadda

    Current IP ranges of ISPs in bed with Phorm, NebuAd and the like can be found at http://dephormation.org.uk/?page=7

    My websites are now blocked to BT Internet users with a nicely worded page explaining why.

  105. Mark

    Full disclosure

    The interstitial is not exactly forthcoming about what phorm ar about to do to your privacy, is it? So much for the idea of 'fully informed consent' that gets bandied around from time to time. Time to fire up the ban of BT's network to my sites.

  106. George Forth

    Don't moan - do something!

    I'm not a BT Broadband customer so I am not party to any of this, so all I can do is harumph and grumble in the background. However, all of those people who are customers should remember that it is them (and them alone) whose personal data is being misused and should all complain to the ICO.

    Complaining on here (and other forums) only draws attention to the situation - it won't resolve it. Use the powerful rights you have - don't squander them on hyperbole.

  107. Anonymous Coward
    Anonymous Coward

    Response from spybot

    Hello Anon,

    I don't think we will add them.

    Please have a look at this link on our homepage:

    Why do other anti-spyware applications detect so many more tracking cookies?

    http://www.safer-networking.org/en/faq/37.html

    --

    Best Regards,

    Sandra

    Team Spybot

    at least they responded.

  108. Rachel

    damn this title nonsense

    Reply received from Webwise website exclusion email (very promptly I must say):

    Thank you for your submission to the Phorm website exclusion list. If there are no obvious grounds to doubt the legitimacy of the request the URL will be blocked as soon as possible, usually within 48 hours.

    To ensure that this request is from the legitimate owner of the domain Phorm will contact the domain administrator by email for confirmation of this request. If the request is not confirmed within 10 days the url will be removed from the exclusion list and an email will be sent informing you of this decision.

    Please ensure that you Administrative Contact details for this domain are up to date.If you need to update them please resubmit your request when the amended details are visible in the WhoIs database - (use a public whois service such as http://who.godaddy.com/whoischeck.aspx if you are unsure it has been updated)

    Weirdly, this coincided with a whole flurry of visits to a pretty strange website which normally gets no visitors from the following:

    Moscow, Moscow City, Russian Federation

    Hosting Telesystems Network (78.110.48.130)

    Phorm Ipv4 Assignment (89.145.113.4)

    Phorm Ipv4 Assignment (83.223.97.97)

    Optimum Online (cablevision Systems) (67.84.165.13)

    Verizon Internet Services (71.249.206.7)

    British Telecommunications (86.164.110.57)

    Thought it may be of interest.

  109. Anonymous Coward
    Anonymous Coward

    Use Firefox People

    I am using Firefox (well have done for years now).

    And I am on Virgin Broadband and happy to say that its been reliable and my speed has been upped this month from 4mb to 10mb (woohoo).

    Ok Virgin will too probably try to do these "trials" - and thank God we have a government which cares about data protection - eh (after all it has plenty of security for the data it stores on our behalf).

    So back to Firefox -> there is an addon called Dephormation (do a google search for it) - this addon prevents the Phorm nerks from interfering with your web browsing.

    And there is some useful advice for all those concerned on the dephormation web site.

  110. Anonymous Coward
    Anonymous Coward

    @Anony mouse

    Thanks for the changes to the contract.

    Since I haven't seen a BT contract since last year and I certainly haven't agreed to anything since then, I assume I'm still bound by the old T&C.

    In which case, it's time to say 'bye bye BT'.

  111. Anonymous Coward
    Anonymous Coward

    To stop this

    developers need to come together in small groups. There is already badphorm.co.uk, and everyone can do their bit to stop this.

    There appears to be four groups adversely affected by this:

    1. BT ISP users.

    2. Website/copyright owners who BT ISP users connect to.

    3. BT associated website owners.

    4. People connecting to BT associated sites.

    We are hearing a lot about the BT ISP user lot, and the solution there is get another ISP - but of course this goes a lot deeper.

    2, & 4 are perhaps the major concerns for most people, you cannot just opt out.

    3 are going to be full of corporates - and that is the Achilles' heel, if those customer's jump because of it then it hurts BT and it makes headline news.

    There are lots of things that can be done to confuse the system, but it requires some technical know how and a lot of people. With enough people protecting themselves through various mechanisms Phorm and BT won't be able to keep up, and the administration cost of the system will dwarf any revenue potential, that is perhaps one way at the moment to beat this thing.

    Information needs to be shared around as well, IP blocks do need to be know, and they have been posted here before:

    217.32.209.188 - 217.35.105.91 looks like BT.

    213.123.21.243 - 213.123.27.211 also looks like BT.

    You should obviously check these things yourself, compiling a list is a good idea. Writing plugins to various firewalls could also be appropriate. One thing is for sure the numpties have very little idea that Phorm and BT are happening, or what it actually means.

    Another answer to this is to go all encrypted, but that is a cost everyone else bears because of Phorm, which is unfair to us, and just case in point - el Reg is not running with https enabled, so we cannot even send information encrypted in this channel. Though I notice badphorm.co.uk is not SSL aware as well.

    In fact that is not a bad idea, what we need to do is to allow sites to use SSL without paying for a certificate, on a browser request for SSL, so in effect to run with a couple of certs, but that is a little bit of time off in the making, as others start to twig we need encryption all over, and to place the main processing burden of encryption onto the client in some instances.

    So what can you do, well if you can look over at the dev next to you, and a nod, is as good as a wink to a blind man, that is where the fight back and protection begins.

  112. Anonymous Coward
    Anonymous Coward

    @@tinfoil hatted AC

    Ahh they may currently store such information however what phorm opens up is real time profiling of information.

    Where as with all the data stored at your ISP first the fuzz need to become suscpicous before they go through the effort of getting access to data. With their future phormesque peado/terror/hardcore pronz/warez/music/media/bad word/threat to the state/nanny alerts your data will tell them to come pick you up.

    ding ding ding Mr Smith at 52 evergreen terrace is a potential malcontent - please send someone around to investigate. All the while the CoP is mongling his daughter, the Prime Minister is shooting heroine into his penius and the army is eating babies in Afghanistan.

    Slope, slippery, half way down, can't stop, inevitable bad end.

  113. Mark H

    @ Eponymous Cowherd

    I've read all of the technical details many months ago (have you?) and it *is* the way it works. It's not the way most people believe it works but that's a different matter.

    I've just read the technical document you linked to and it confirms that the data held by Phorm is completely anonymous and gathered in the way that I alluded to.

    You may not like the idea of targeted adverts but I believe that your personal privacy will not be compromised by opting into this system. The links you provided do not change this fact.

  114. RW
    Flame

    A New Principle

    Alex spoke: "BT are simply relying on the majority of their users being clueless..."

    It seems to me that Alex's simple statement clearly enunciates a new principle that should govern business behavior: "No exploitation of stupidity and ignorance." Once we cure them of their habit of telling lies and half-truths in fine print, that is.

    More and more I detest corporations and those who run them. Who do those people think they are? By their lying, weaseling, dishonest actions, they have forfeited their position as members of society. Time to get rid of them, though I can't decide if they should be made inmates of brothels after appropriate surgery, shipped one-way out beyond territorial waters, or merely sold as slaves.

    I wonder if it's possible for El Reg's spies to find out *who* is responsible for all this crap so they can be named and shamed?

  115. Anonymous Coward
    Thumb Up

    SSL

    Free SSL certificates. http://www.cacert.org/

  116. Quirkafleeg
    Black Helicopters

    Munching on your cookies

    http://www.lightbluetouchpaper.org/2008/04/22/stealing-phorm-cookies/

  117. Schultz
    Boffin

    Waylaying your data...

    for those extra valuable bits and bytes. Virtually nothing on a million screens transformed into real money, creation of values out of the clear ether. Don't get annoyed, it's only an ad, virtual pollution of the visual cortex isn't evil, it's phrigging genius, innit?

  118. QuiteEvilGraham
    Unhappy

    So...

    Nah, just tell 'em what you think. An example...

    Point 1

    If you use technologies like phorm to snoop on internet packets which I pay you to route correctly to their destination, I shall consider you in breach of our contract and terminate forthwith. It is EXACTLY as if you suddenly decided to listen in in on any phone call I make.

    Point 2

    Your "your account" page. If for any reason an email from you is bounced by my email provider you present me with a page to update my email address.

    If I enter the same email address, you return an error. Pretty fucking dumb, excuse my french. Lots of reasons an email account can disappear then reappear. Sort it out, it makes you look like idiots.

    Point 2 would not be so, shall we say, vexed, if it were not for point 1.

    Obviously whoever receives this mail is not the intended recipient of the vitriol. My apologies. Please pass it along.

    Best regards.

  119. SImon Hobson Silver badge

    RE: website-exclusion@webwise.com

    Oh what a laugh - so if someone requests one of my domains be added to their exclusion list, they'll email me as administrative contact for the domain to ask, I had to laugh at that !

    Whois on my domains says "The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service.", so they can't email me without somehow getting access to the registrar's database. How they gonna do that then without breaking more laws ?

    Hmm, there's an idea - if I knew someone who was in the trial, I could send in my exclusion request, wait till they get no response to the emails they can't send, then access my sites from the users account and capture the illegal access in the server logs. Be interesting to see how they spin illegal interception of a transaction between their customer who didn't consent, and a website who's terms of use exclude their access, and where they have been explicitly told that they are forbidden to access/intercept it ?

  120. aManFromEarth
    Stop

    Alert the uninPhormed masses

    It seems most tech savvy Reg readers are well inPhormed enough to choose not to go near Phorm with a bargepole. But what about the uninPhormed masses? What would it cost to buy up the whole of the Phorm ad system for a day or maybe even a week and fill it with ads inPhorming the uninPhormed that Phorm is in bad phorm? How many of you would be willing to put your money where your mouth is and pledgebank your financial support?

  121. Anonymous Coward
    Thumb Down

    @Mark H

    If you'd read the various documents *and understood them*, you'd realise that, regardless of what Phorm may or may not do with your browsing history, the broken design enables any website to grab your unique Phorm ID.

    Because that ID is unique, reasonably permanent and tied to you, it is a straightforward matter for any website to identify *exactly* who you are just from a single visit.

    You have no control over this.

    The presence of Phorm at your ISP absolutely compromises your online privacy.

  122. Hegelworm Messerchmitt

    SSL Red Herring?

    Sure it's been brought up before, but I was just wondering how much (or little) it would take for Phorm to add another port to the profilers, e.g., 443 for SSL. Is this once again based upon their word alone? If so, it's a huge concern.

    This is, after all, a former spyware company. One could be forgiven for thinking this might just be one huge cyberscam with BT itself and all their customers the victims.

  123. Anonymous Coward
    Flame

    @Mark H

    You are completely missing the point.

    It doesn't matter how anonymous it is; they are still intercepting the packets. It is the act of interception which is illegal, regardless of whether they do anything with the data.

    I shall repeat, as you seem either unwilling to understand or are simply incapable of understanding :

    IT IS ILLEGAL.

  124. Anonymous Coward
    Stop

    Stop Phorm - Its easy

    Every single one of you who is with any ISP that has intimated they will use webwise/phorm should request their MAC codes and find an ISP who is not using Phorm.

    There are a number in the UK who are not doing this and the only way to stop it (now that there is no criminal challenge) is to hit them in their pockets.

    Even if it turns out there’s no real data breach, the underhand and arrogant way in which this has been handled needs addressing. The ISP market has been shafted for far too long now by these numbers game ISp's who don't give a shit about you or me and it is about time consumers stood up to them.

    Hit them where it hurts and seek an ISP who really does care about its customers there are a few still left.

    I've joined one - you do the same and watch them flush this where it belongs.

  125. Chronos

    Re: SSL Red Herring?

    It would take quite a bit. First they'd have to find a way to pretend to be the host in a way that they can hand off seamlessly to the real host for their spyware system to work transparently the way it does with insecure HTTP. Then they need to find a way to serve the correct key to the correct request, something I don't even want to think about right now as it is hellishly complex. Apache itself can only associate one keypair to an IP. Vhosts need their own IP if they're going to be using SSL. A MITM attack on a single domain is trivial by comparison, even though it needs a trusted (by the browser) CA to be convinced you control the domain to work without throwing up warnings. Ultimately, this means that without the private key they're buggered and they'd be spotted immediately.

    Naturally, forget the above if you're one of these users that clicks "continue" and "forever" on any SSL warning; you're ripe for harvesting.

    Oh, and FORMER spyware company? They're still at it, AFAICT.

  126. dave
    Thumb Down

    Guaranteed

    now that BT are going forward with this that we will read within a week that Talk Talk and Virgin are to follow suit with its trials. How can they refuse such a cashcow when BT are making money off of it and the city of london police have sold us out claiming that nothing illegal was done hence its ok to SCREW your customers.

    I am lucky. I paid my BT bill to the wrong account, i have both phone and DSL with them, and got an agreement to defer payment for 30 days in written PHORM. They still disconnected me after having paid the bill as well as having an agreement to defer payment. So now that i am free to go, just in time as well, i have asked for my MAC code two days ago. Talk about good timing.

  127. dave
    Stop

    How on earth is that notice

    telling you anything about your privacy being snooped on unless you dig deeper. This should be upfront and clear otherwise it is obvious you are trying to hide something buried deep in the terms of the agreement. If i were to take that front page as it is now i would suspect that i am getting something good. BT is really going down the wrong path and i have asked for my MAC code already.

  128. Mark
    Gates Horns

    re: website-exclusion@webwise.com - NO, NO, NO!!!

    Think people!! Sorry, but I don't think any website owners should be using this to opt out of having their sites phormed. If you use this as a method of avoiding phorm, you are simply doing their work for them and reducing the collective case we all have for for copyright infringement.

    There are established methods of letting bots know (politely) that they are unwanted; i.e. robots.txt. Why should we bend over backwards to let them know by email FFS. What happens when every ISP decided to pimp their client base? Are you going to meekly go cap uin had and email every single data pimp and ask them nicely not to visit? It's up to THEM to ask permission/establish consent, NOT the other way round.

    Ban the IP ranges and set a custom error page, or use them to flag a notice for customers of those ranges letting them know what their ISP is up to, bugger their cookies - whatever, but lets stick together and not play the game the way THEY wish it to be played on their terms. If users do opt in because they dont understand then WE need to educate them through our sites - after all we are in the best position to do so by far.

    A decent branded "anti phorm" banner/logo/notice that is standard across all sites that object to this being done. This gets both the message and the scale of the opposition across as users see it on site after site. Link it to a well worded clear and concise explanation of what is being done and why it is wrong, couched in laymans terms, pointing out the "Daily Mail" aspects, you know; kids consent, multiple users, Russian malware writers, illegal interception, babies on pitchforks (OK, OK) etc etc

    Phorm has used PR extensively, hammering home a consistent, simple corporate message - every time they are asked it is unwavering. We need to stop acting like a bunch of individuals and work together using the same kind of tactics - but tactics we and not phorm dictate.

    Stick together and we can make phorm like behaviour unsellable and unacceptable; run around like headless chickens as we are now and DPI ad-targeting will be the norm in 12 months.

    Don't blink!!

    Devil Bill, cos he would if he could.

  129. Anonymous Coward
    Anonymous Coward

    @Simon Hobson

    I have asked that very question of "Webwise" (which e-mail address forwards to a number of people at Phorm). If I get a response I will post it here.

  130. Mark H

    Re: IT IS ILLEGAL

    Is it though? The police have already looked into it and decided even the secret trial wasn't illegal. Do you really think the company the size of BT would get involved with an illegal activity?

    You might not like this system but it simply isn't illegal. You really need a different approach if you are to discourage it's widespread adoption. I think the 'performance' angle would be a better approach as this Phorm tech must slow down page requests to a certain degree. Also if their server ever goes down would this stop pages being served at all?

  131. Mark H

    Re: the broken design

    'the broken design enables any website to grab your unique Phorm ID'

    And do what with it? It still doesn't map to your actual name and address etc. so it's still anonymous. What nefarious purpose could this Phorm ID be used for exactly - spell it out to me in big writing please because I really am not getting this.

  132. Andy ORourke
    Unhappy

    Ironic or coincidence

    I use BT and logged on this morning to make sure I wasnt part of the trial, I opened the browser (I.E) and got a Symantec security response page telling me it had removed an adware threat which attempts to change my start page. The name of the threat - adware.mop, a quick google on this shows a result from viruspool.net:

    ADSPY/Agent.BT.2

    Aliases:Adware.Agent.PF SOFTWIN BitDefender BDSCAN 1.01 15-Feb-2008

    W32/Adware.MOP Frisk Software FPCMD 4.4.3 14-Feb-2008

    Detected by: Avira AntiVir/Win32-Console Version 7.4.0.15 15-Feb-2008

    Irony 1, the name of the Agent

    Irony 2, the Norton anti-virus I use is supplied by BT!

    So, not sure if I am part of the trial because I had to re-boot to let Norton work it's magic and I had to leave for work. I will try this again tonight and see if I am in the clear

  133. Adrian Waterworth
    Pirate

    @Mark H

    If you have indeed read the documents mentioned, you will have seen that they highlight the fact that - regardless of anonymity issues - Phorm represents an invasion of privacy that is both unwarranted and unacceptable. Other people have already discussed some of the technical concerns about just how "anonymous" things will be in practice and, at the end of the day, you only have Phorm's word as to what they will or will not be doing with all that data. While the Webwise servers may well be within BT's network, they are still essentially controlled by Phorm - a company with which I have no contractual relationship and which I do not - and would never - trust.

    Pirate icon, 'cos I reckon that's appropriate for the bunch of scurvy knaves that we're talking about here...

  134. Anonymous Coward
    Heart

    Great news

    Ha ha ha! You lost the war!

    Why don't you go crying into your mummies' skirts, you sad, self-important little techie nerds.

    And get some sense of proportion while you're at it.

    Love,

    Phorm Inc.

  135. Anonymous Coward
    Flame

    @contacts for Alex welcome

    stop arseing about and just go to his https secured web site/mesage board,sign up, and post there if you want to talk, the simple things are best.

    https://nodpi.org/forum/index.php

    i heard on IRC that people are thinking about hacking the BT supplyed wireless routers and putting a your being wiretapped by BT Broadband and Phorm on the routers pages ;)

    come to that, if your so worked up about BT and phorm,why dont all your BT wireless customers remove your passwords and security and open it up for the week so anyone local to you can log in and you can inform them all about this by installing a simple web server adn a web page on your local PC easy enough.

    ask any web tech to put something together and explain why and they may help you out.

  136. Anonymous Coward
    Stop

    @Mark H

    Any site that has your details (e.g. a web store) and is displaying Phorm adverts will be able to cross-reference your Phorm UID to details they hold about you, e.g. name/address/phone number.

    *Any* site.

    If Phorm is supposed to be the new paradigm in web advertising, this means that in a few years all sorts of people would be delivering Phorm adverts and would be able to make this association between Phorm ID and user details. How long before lists of UID-to-user mapping are for sale? It would take just one rogue employee to dump the database and flog it off to whoever.

    I for one am not happy with my supposedly anonymous details being used in this way.

    Phorm is technically correct in saying a users browsing habits are kept anonymous, but it completely misses the point since the data can leak so easily from other places, and Phorm is making this possible. The front door is locked but the back door and all the windows are wide open.

  137. Anonymous Coward
    Coat

    @Mark H Re: IT IS ILLEGAL

    "Re: IT IS ILLEGAL

    By Mark H Posted Tuesday 30th September 2008 08:22 GMT

    Is it though? The police have already looked into it and decided even the secret trial wasn't illegal. Do you really think the company the size of BT would get involved with an illegal activity?

    You might not like this system but it simply isn't illegal.

    "

    its illegal enough to convict high ranking UK businessman and founder of the ISP Demon Internet stanford on RIPA, and set the standing case law, so its good enough to convict all the Bt executives that signed off on this phorm wiretaping too, if and when it ever gets to court.

    rememeber webmail is a very common thing for customers to use today and BT will not be placing anything near enough of these http web email sites in their blacklists.

    its just a law of averages that some Uk judge with BT at home/work has and will be wiretapped/intercepted and they will relish the chance to inPhorm these BT executives about the criminal law.

    "Stanford Loses Criminal Appeal

    3 February 2006

    Stanford Loses Criminal Appeal

    Cliff Stanford, the Internet pioneer has recently had his appeal to quash his criminal conviction for intercepting emails denied. Stanford pleaded guilty last year to intercepting emails from his

    former company Redbus Interhouse – he argued in his appeal that the trial judge had misunderstood

    the law.

    Stanford was the founder of the ISP Demon Internet in 1992 but sold it to Scottish Telecom for £66

    million in 1998. It is reported that Stanford made £30 million from the acquisition. Shortly

    afterwards Stanford was a co-founder of the co-location and data centre company Redbus Interhouse.

    However, Stanford resigned from the company in 2002 after disagreeing with the Chairman Jonathan

    Porter.

    ...

    The Regulation of Investigatory Powers Act 2000 provides a defence to an individual who intercept

    a communication in the course of its transmission from a private telecommunication system, if they

    can establish:

    a) that they are entitled to control the operation of the system; or

    b) they have the express or implied consent of such a person to make the interception.

    Stanford relied on the position that he had gained access to the emails through a company

    employee. The employee apparently was given access to usernames and passwords on the email server.

    Therefore, Stanford argued, he was entitled to access the emails as “a person with a right to

    control the operation or the use of the system”.

    Geoffrey Rivlin QC, the trial judge had a different view. He pointed out that “right to control”

    did not mean that someone had a right to access or operate the system, but that the Act required

    that person to of had a right to authorise or to forbid the operation.

    Stanford appealed the judge’s decision. However, the Court of Appeal upheld Rivlin’s view. It

    pointed out that the purpose of the law was to protect privacy. Therefore Stanford’s sentence of 6

    months imprisonment (suspended for two years) and a fine of £20,000 with £7000 prosecution costs

    were upheld.

    Daniel Doherty

    "

  138. OFI
    Thumb Down

    Dropping BT

    A lot of people here saying "Ask for your MAC code" "Drop BT now!"

    But it's just not that easy, Bt haven't been proven to be doing anything wrong (yet!) so leaving them is going to cost serious money if you are still within a contract.

    I'm only a month into my contract and the TOS say I must pay any outstanding months if I quit.

    £25/mo x 11 remaining months + £25 for the BT Homehub.

    This is not cool though would be nice to make a move over to O2.

    I also don't want to be blocked from peoples websites :-(

  139. michael

    re:Dropping BT

    "A lot of people here saying "Ask for your MAC code" "Drop BT now!"

    But it's just not that easy, Bt haven't been proven to be doing anything wrong (yet!) so leaving them is going to cost serious money if you are still within a contract.

    I'm only a month into my contract and the TOS say I must pay any outstanding months if I quit.

    £25/mo x 11 remaining months + £25 for the BT Homehub.

    This is not cool though would be nice to make a move over to O2.

    I also don't want to be blocked from peoples websites :-("

    bt have changed your Tearms and conditions of your contract it is now not the same as the one you agreeed on before you started so you are relesed form your agreement unless you agree to the change so even if phorm was giving away free mony in exchange for a night with paris you could say no thanks and get a diffrent isp a change to t&c is a change to t&c regardless of how benifacle

  140. Eponymous Cowherd
    Paris Hilton

    @OFI

    IANAL, but if BT introduce Phorm then that is a *major* change to your Ts&Cs and therefore invalidates your contract. BT may argue against this but a lot of people still locked in are going down the "sue me if you dare" route and moving to ISPs that treat their customers with less contempt.

    The question remains as to *why* you signed up with BT only a month ago given the bad publicity over Phorm and their reputation for poor service.

    Paris, 'cos she agrees to stuff without checking the consequences, too.

  141. Sir Runcible Spoon
    Boffin

    @ofi

    they have changed (materially) your t's & c's. Grounds for termintating your contract immediately with no penalty.

    If you are in doubt, have a read of the badphorm or nodpi sites.

    And to the muppet crowing about losing the war, this was a battle. The war isn't over by a long long way. In a technical environment such as the internet, you underestimate the 'self' importance of the people who know how it ticks.

  142. Anonymous Coward
    Thumb Down

    Re: Great news

    ***Ha ha ha! You lost the war!"***

    Oh no, the war has just started. Now that Phorm is 'in the wild' we can analyse exactly how Phorm operates.

    This knowledge will enable us to develop *reliable* techniques to detect and block visitors to our sites who are being tracked by Phorm, develop browser plug-ins and proxies that can disrupt and forge Phorm's UIDs and develop applications to pollute Phorm's profiling so that the data they gather is worthless.

    Now the gloves come off.

  143. Mark H

    Re: IT IS ILLEGAL

    So an individual looking at another individual's emails without permission is the same as a computer searching for keywords through web pages served to an anonymous individual?

    Okaaaay then... :-S

  144. Mark H

    Re: Lists of UID-to-user mapping for sale

    'How long before lists of UID-to-user mapping are for sale?'

    Well if I were in the market for such a list I'd tell them to drop the useless Phorm UID out of the spreadsheet and to just make sure that they include the credit card details.

    A Phorm UID is not going to be worth anything on the open market as it doesn't gain you any valuable extra information.

  145. Anonymous Coward
    Thumb Down

    bribery, corruption or just hotair

    The title says it all as a shareholder of BT i think this needs to be answered and shareholders all deserve to know the truth. In the light of a post in the Phorm discussion by gibberish who has admitted he uses hamsterwheel in other forums. (Kent)

    Since Phorm have record losses yet again for the first half of this financial year when they have had no product to sell.

    Operating loss widened to £25.58 million from £16.36 million in the first half a year ago.

    Sales and administrative expenses for the period was £21.53 million, up from £14.4 million in the year-ago period.

    So large amounts of money has been used then posted on Phorm by Gibberish.

    ""Phorm's engagement in Brussels with European Union audiences, Commission officials and key

    European Parliamentarians has also been

    high-level and comprehensive. This process has helped develop a better understanding of

    Phorm's technology and the role it can play in the

    future by helping to raise online privacy standards. "

    I know that the EU was the last hope for some of the anti's, so this really shows how slow they are off the mark. Phorm have already engaged the EU and will have it on side.

    All that sales and marketing dosh will have been wining and dining and bribing the Eurocrats - money well spent ;-)"

    http://www.iii.co.uk/investment/detail/?display=discussion&code=cotn%3APHRM.L&it=le&action=detail&id=4233527

    Has BT managment taken any bribes to start this trial?

    Curious that the start date of the trial falls when it was due the intrim half year report for Phorm was there a reason for this to help Phorm have some good news on this date instead of all losses?

    Just how many BT customers are asking for MC keys due to Phorm as a whole or partly phorm and poor tech support from India?

    How many will be ending contracts early?

    What will this do to the BT share prices once customers start to leave?

    Why has BT's page that is meant to inform customers about Phorm not telling 100% of what is happening as per ICO directive to help customer give informed consent?

    Why has BT failed to comply to ICO directive that buttons have to be same size?

    If any court cases start over copyright of websites how will this affect us the shareholders?

    What function creep has BT agreed to with Phorm apart from advertisements?

    quote from Phorm intrim report

    In parallel with the current developments of OIX and Webwise, we are also looking at the strategic development of Phorm's technology that we believe has applications beyond advertising.

    /end quote

    Why did BT not release the results of the survey they had saying customers wanted Phorm as promised at the AGM?

    There are many questions BT have fudged at the AGM which is where this should have been discussed as shareholders we could lose if BT is brought to justice over any anomolies in following ICO directive.

    Sorry for long posts but in light of what is happening all BT shareholders and prospective ones need to be allowed acces to the truth and direction BT plan to move on with this product. In view of the unstable market at present shareholders need to kow what is going or this stock coudl be hit hard.

  146. Anonymous Coward
    Pirate

    Re - Phorm inc

    You can gloat now, assuming you’re not just a troll. But just in case, guess who’s going to be one of the first out of the door when those ISP's who implement Phorm start to lose subscribers? And they will!

    It does not matter if customers are tied into 12 or 18 month contracts today as the sensible ones will vote with their feet and leave when they can. What's that saying? Oh yes "an elephant never forgets".

    My contacts in a certain Telco's retail division are already starting to see Mac requests going through the roof.

    Phorm for me isn't the issue although that in itself is bad enough. It's the arrogant way that Some Telco's (Let's face it they are not ISP's) seem to think they can just do what they like and supported by regulators and officials who appear to also have a vested interest in seeing this work. I wonder why? Ch Ching!

    Well you are not getting rich off my money or browsing habits!

  147. michael

    re:Re: IT IS ILLEGAL

    " So an individual looking at another individual's emails without permission is the same as a computer searching for keywords through web pages served to an anonymous individual?

    Okaaaay then... :-S"

    IANAL

    in tearms of the law yes it is the mail is intercepted and then searched weather by hand or mechene and rember we only have the word of these pepol they are not copying it and looking for jucy bits later

  148. Anonymous Coward
    Alert

    Phorm Site Visit Confirmations

    Just wanted to confirm that within 15 mins of submitting my website exclusion request I was visited by all the same IP's that the poster "Rachel" mentioned yesterday.

    Quote:

    --------------------------

    Weirdly, this coincided with a whole flurry of visits to a pretty strange website which normally gets no visitors from the following:

    Moscow, Moscow City, Russian Federation

    Hosting Telesystems Network (78.110.48.130)

    Phorm Ipv4 Assignment (89.145.113.4)

    Phorm Ipv4 Assignment (83.223.97.97)

    Optimum Online (cablevision Systems) (67.84.165.13)

    Verizon Internet Services (71.249.206.7)

    British Telecommunications (86.164.110.57)

    ----------------------------------

    In fact not just visited but pretty much ever page spidered!!!!

  149. Mark

    re: Phorm Site Visit Confirmations

    >In fact not just visited but pretty much ever page spidered!!!!

    Perhaps this is their workaround for opted out sites? URLs requested for pages on opted out sites are profiled from a cache of the page held by phorm, which perhaps sticks to the letter of the opt out, but not the spirit. Obviously such pages might change over time, but I suppose they could have a 'third party' scan the pages and use them for profiling, or simply produce pre-canned profiles.

    Since phorm have demonstrated such a great fondness for twisting words/outright lies, it would seem a solution they would be comfortable with.

  150. Anonymous Coward
    Black Helicopters

    re: re: Phorm Site Visit Confirmations

    You couldn't make it up could you.

    BTW I've had no warning screen today so I guess I'm not part of the trial*

    Yippeee!!!!!

    * But according to speed trap on www.dephormation.org.uk

    "This page was intercepted!"

  151. Marco
    Go

    Google could help?

    Wouldn't it help if Google submit a website exclusion request, surely this would mean that the first place everyone goes on the web to search for stuff would draw a blank for Phorm?

    I dunno, it might work!

  152. Anonymous Coward
    Flame

    @Mark H

    <twat-o-tron>

    OK, either you are a troll or a Phorm shill. Irrespective of the evidence presented you persist in half-baked arguments in favour of Phorm that have all the strength of a piece of well pissed-on bog roll.

    I sure as *hell* hope that you aren't in any tech IT role as your ineptitude is utterly astounding. In big writing (as requested):-

    PHORM IS ILLEGAL. IT INTERCEPTS PRIVATE AND COPYRIGHT MATERIAL OWNED BY WEB SITES WITHOUT THEIR CONSENT. CONTROL OF INTERCEPTION OF WEB SITE DATA IS OPT-OUT ONLY (BY EMAIL OR ROBOTS.TXT) AND THIS CONTRAVENES RIPA.

    "WOULD A COMPANY THE SIZE OF BT BE INVOLVED IN ILLEGAL ACTIVITY"? EVER HEARD ON ENRON? WORLDCOM? AND THEN THERE'S PHORM'S HISTORY AS 121MEDIA AND THE CONTEXTPLUS ROOTKIT. WHY IS A 'COMPANY THE SIZE OF BT' DOING DEALS WITH A FORMER SPYWARE PUSHER?

    </twat-o-tron>

  153. Florence Stanfield
    Thumb Down

    re: Phorm Site Visit Confirmations

    Once you have recieved the email saying you are on the list update your webasite but block the IP that visited and crawwled it. Not sure if what they did is legal perhaps an email complaint to ICO to show how untrustworthy phorm really is. If nothing else it mmight make Phorm have to spend more money sweetening up the ICO again.

  154. Anonymous Coward
    Anonymous Coward

    RE: Phorm Site Visit Confirmations

    To me it looks like Phorm still has ties with the Russian hackers who created their Spyware kit from 121Media days.

    Have any of the pages that have been spidered have denied access set in robot.txt or have Phorm just completely ignored it?

  155. Anonymous Coward
    Anonymous Coward

    No sign of Phorm here

    Though if any Reg reader does get the invitation of a lifetime, the lovely folks at SpyBlog would love to know more about how the system works and you could help:

    http://spyblog.org.uk/

  156. Someone

    Re: RE: website-exclusion@webwise.com

    Simon Hobson commented, “Whois on my domains says "The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service.", so they can't email me without somehow getting access to the registrar's database. How they gonna do that then without breaking more laws ?”

    One would hope that Phorm will accept that the website belongs to a private individual and they should not be intercepting traffic to and from it without the explicit consent of the owner. Alternatively, they could have the email forwarded to you through your registrar. If Phorm are going to go via your registrar, I think they need to allow longer than ten days for your reply.

    However, as Mark put in his response to the original comment, no business should be expected to have to do this, let alone schools, charities, clubs, associations and private individuals.

  157. Anonymous Coward
    Thumb Down

    "Have BT management taken any bribes"

    Maybe you're not aware of this: the Chief Technical Officer at BT Retail (parent of BT Broadband) at the time of the (allegedly) illegal trials was Stratis Scleparis who is now the Chief Technical Officer at Phorm.

    http://www.phorm.com/about/exec_scleparis.php

    Whether you call it "taking a bribe" or not would seem to be a matter of terminology because the facts seem remarkably clear.

    If Stratis uses the same PC on the same BT Broadband connection as his fellow residents (let's call them Carol and Sophia [1]), are they each individually responsible for providing informed consent for Phorm's activities? How does that work when they share one PC with one common account? Who is responsible for ensuring that Carol and Stratis and Sophia don't get their data confused at Phorm, which would be in contravention of DPA rules?

    [1] www.192.com gives the names for free, but their address costs money (unless you have access to Directors Reports from the usual places).

  158. Aortic Aneurysm

    I'm with BT...

    Or Rather, my parents are, and refuse to change. Luckily, due to my less and less frequent browsing habits ( I only browse maybe 4 sites, including this one, the other is a social networking site I help run, so it will be blocking Phorm) and more game playing on the xbox, I won't be affected by Phorm. First time however, the page comes up, I'll be getting the old man to cancel the contract.

    Interestingly, the Home Hub has my MAC address on it - meaning I could sign up with a new company right now.

  159. Metalattakk

    Sorry for being blunt, but...

    > Interestingly, the Home Hub has my MAC address on it - meaning I could sign up with a new company right now.

    Media Access Control ≠ Migration Activation Code.

  160. Anonymous Coward
    Thumb Down

    SLOWNESS

    I haven't been provided with the webwise page as it was suggested it would be (if I were part of this trial), and if I visit the webwise site, it says I am not part of the trial, but my connection slowed down massively in last 24 hours....

    Tracroutes show me now passing through what seems like a plethora of new IP's "inside" BT before I get outside of their network, strange that those IP's never showed up last week when I did a few tracroutes?...I wonder if this trial is about seeing what the lag is, with these extra machines crunching my data...

    Throws another lag Log on the fire to keep the heat up

    More to the point I wonder if this "so called" trial is nothing more than market manipulation, its timing is too much of a coincidence BT and Phorm are nothing more than "spivs".

    How long before BT wake up and "short sell" Phorm down the drain, and purchase the technology rights for peanuts, implement it themselves fully in house and run their own OIX (sounds like pigs eating) network themselves.

  161. Aortic Aneurysm
    Happy

    being blunt but...

    Touche. Only noticed this briefly, so shouldn't have posted it making me look like a mungo.

  162. Stephen Baines

    Whoops

    >> In fact not just visited but pretty much ever page spidered!!!!

    >Perhaps this is their workaround for opted out sites? URLs requested for pages on opted out

    >sites are profiled from a cache of the page held by phorm, which perhaps sticks to the letter of >the opt out, but not the spirit. Obviously such pages might change over time, but I suppose they

    >could have a 'third party' scan the pages and use them for profiling, or simply produce

    >pre-canned profiles.

    That's going to work well, then, if it's true. Those IP addresses are blocked at my firewall, so how are they going to make that work?

  163. dephormation.org.uk

    Responding to those visits from Moscow etc...

    Add the following address ranges to .htaccess;

    deny from 78.110.48.0/20

    deny from 89.145.64.0/18

    deny from 83.223.96.0/19

    deny from 67.84.160.0/20

    deny from 71.240.0.0/12

    deny from 86.128.0.0/10

  164. Florence Stanfield

    Try again

    @ Sorry for being blunt, but...

    By Metalattakk Posted Wednesday 1st October 2008 11:28 GMT

    > Interestingly, the Home Hub has my MAC address on it - meaning I could sign up with a new company right now.

    Media Access Control ≠ Migration Activation Code.

    Wrong MAC that is so BT knkow wo you are online a mac key would look something like

    LZSL*******/GJ**T the * would be numbers it also only has 30 days then you have to get a new one.

    Visit http://www.howdoigetamaccode.co.uk/

  165. Anonymous Coward
    Anonymous Coward

    Has anyone read BT plc's Corporate Values?

    http://www.btplc.com/Careercentre/Aboutus/Ourculture/Ourculture.htm

    ...we’ve set ourselves our five key values, which define the sort of company we want to be. These are:

    Trustworthy: we do what we say we will (I wonder who they say it to - they've rarely done anything they've promised me)

    Helpful: we work as one team ("I'm sorry, I can't deal with that I'll put you through to the team that can" - who then also can't help)

    Inspiring: we create new possibilities (uh huh)

    Straightforward: we make things clear (is this why I'm the only person in my extended family that knows how to decode the phone bill now?)

    Heart: we believe in what we do (oh dear)

  166. Jay_Kay
    Stop

    To the owner of 'Dephormation.org.uk' and for that matter, anyone else.

    RE: Site Access Denied.

    My ISP is Post Office Broadband, which although I am aware is basically reselling one of the BT Wholesale IP ranges, have advised me that the Phorm trial and any future deployment is fully opt-in only.

    I've also been advised this only applies to customers that are BT Retail customers and not customers of other service providers that use BT Wholesale.

    All this in writing, from a human being, at Post Office towers, amazing or not?

    Of course if you have proof positive that BT Wholesale is using other providers/customers data without expressly provided consent, I'd be very interested to see proof of it....

    Stop, because indiscriminate blocking of innocent third parties doesn't help your cause.

  167. Anonymous Coward
    Flame

    wait wait wait

    Are they SERIOUSLY allowed to TRICK people into this by starting out with the deception- nay, outright LIE that this is somehow completely for the customer's benefit?

    They should have to spell out exactly what they're doing. Not just, oh hey friend ! We're such nice people that we were wondering if you'd like some free online protection...? Plus, we'll throw in a little afterthought to our safety package which is just, oh, you know..a different kind of advert, you know so you get cool ones instead of ones that will probably annoy you.

    Of course people are not going to say no to (what they are being tricked into thinking is) FREE online PROTECTION! Who in their right mind would turn it down? The fact is that modern browsers and anti-virus software already cover the BS that phorm claim to be pioneering. They should have to point this out. Phorm is also the exact opposite of how to browse safely and privately, something that is most people's priority. If they knew the half of what was going on they would not touch Phony's opt buttons with a barge pole. They would be switching ISPs

    What can be done?? I'm not with BT, but I want this dealt with for many reasons. One of which is the risk of this kind of behaviour spreading (to my ISP and elsewhere) and becoming the norm.

    Their system is still opt out. Opting out is not supposed to be hard and you're not supposed to have the burden of keeping an eye on anything or continually opting out. You say no once or maybe a couple of times at most, and that's supposed to be the end of it.

    I want them to address why they are now asking for permission, if they did nothing illegal with the trials in the past? I also want them to explain about the people who specifically opt out of this trial; what about the trial they did before on them? Presumably they do/did not consent to that either, which means that Phorm have broken the rules in any case.

    I think they're digging themselves deeper

This topic is closed for new posts.

Other stories you might like