back to article Wikimedia becomes latest to ban Phorm

The Wikimedia Foundation has asked Phorm to exclude all its domains and websites - including Wikipedia - from Phorm's BT trials, because it considers such scanning to be an infringement of its users' privacy. Phorm's automated reply said it was likely the ban would go into effect within 48 hours. Earlier this week Amazon took …


This topic is closed for new posts.
  1. Nick Palmer
    Thumb Up

    For once...

    ...they've done something reasonable - big hand for the Wikians

  2. Anonymous Coward
    Thumb Up

    I bet ...

    ... the phorm bots just loved that e-mail when they opened their inbox this morning.

    Well done wiki. Come on Facebook.

  3. Anonymous Coward

    One Question...

    ...has The Reg?

  4. Anonymous Coward
    Anonymous Coward



  5. Linbox

    Good idea...?

    Isn't this our anti-phorm answer? Don't we just encourage EVERYBODY to have their domains excluded? We can start petitions with leading sites (starting with the tech ones like ElReg and then move to the traffic monsters like BBC, etc) to convince them to apply to be excluded from Phorm to the point that their service has such low coverage that it becomes pointless?

    I've looked around the Phorm website to exclude my own sites and can't see an obvious "exclude my website from your illegal service" option. Where's the link?

  6. Anonymous Coward
    Thumb Up


    It would be good if the BBC and other news and media organisations could also do the same. Organisations such as yourself for example.. HINT HINT!

  7. bill
    Thumb Up

    What a great week it's been!

    That is all.

  8. Andy ORourke

    Phuck Of Phorm

    that is all

  9. MJI Silver badge
    Thumb Up


    So who will be next?

    I hope TheRegister has opted out?

  10. Greg

    Give us a link then!

    I'm sure some of the webmasters on here would like to get their sites taken off Phorm's scan list. How do we do it?

  11. 3x2


    While large organisations rejecting Phorm is always a good thing I still don't see why that organisation should have to register with a scumware vendor in order to avoid being wire-tapped.

    Registering your OPT OUT simply validates an illegal scheme. Can I opt out of being burgled?

  12. Whitter
    Thumb Up

    Et tu, brute?

    And how about El Reg?

    It only costs an email...

  13. Anonymous Coward

    So how do we...

    Submit our URLs to be excluded. If everyone submits their favorite domain via an automated system then very quickly it will become unmanagable... and once it is discovered Phorm ignore the request, then the time in courts will come.

    Of course it goes without saying that all El-Reg domains will be excluded. Perhaps someone should register the '' and '' addresses - and offer services like webmail and proxy browser sessions.

  14. Anonymous Coward
    Anonymous Coward

    I despair

    The ORG are complete simpletons, wiki and Amazon along with them. All they are doing is legitimising phorm and the unreasonable steps they are requiring to opt out.

    It wont be possible to verify that their pages are not being scanned, their content will still pass through phorm's boxes in any case and their cookies will still be tampered with/their domains spoofed or the system would not work at all.

    Do they REALLY trust the word of Kent and his bunch of spyware vendors? Cos I sure don't.

  15. Anderw Guard


    Has The Register aka Situation Publishing ban Phorm?

    If not that bad Phorm!

  16. Anonymous Coward
    Thumb Up

    What about...

    ...if someone were to, say, over a period of time (say one message per second, until finished), send one email to them, for every domain name registered on the internet? That would give them some work to think about, huh? ;)

    (and because they are dodgy types, you wouldn't trust them with your *real* email address or details, only a made-up one (unique per email?), sent from a spoofed IP address via an open relay (purely, to protect yourself from them, of course... ;) ))

    Just a thought.

  17. Chronos

    One little niggle:

    We have the same issue here as people opting out have: We still have to take their word for it that our traffic goes nowhere near their insidious L7 inspection boxes. Make no mistake, this is what we want, a verifiable opt-out which means our traffic goes nowhere near that cesspool of privacy fail. We (and the Phorm-stricken punters) just aren't getting what we want.

    And what's this "request" bollocks? DEMAND, not request. I ORDER you shits, with whom I have no contractual relationship whatsoever and an expectation of privacy with regards to my personal communications, not to route MY traffic anywhere NEAR your layer 7 spyware crap. That, and ONLY that is good enough.

  18. Sean Bailey

    All mine are out, have been a while


    Giving a list of all your domains and stating that they are to be excluded from the phorm system and scan.

    You'll get an auto response giving the 48 hour line, in my case back in November it took them 5 days to respond to say that they had been excluded.

    Interestingly it said in the auto response it said.

    'If there are no obvious grounds to doubt the legitimacy of the request the URL will be blocked as soon as possible, usually within 48 hours'

    Yet all my domains are set to private so no information proving that they belonged to me would show on a whois.

  19. Benny
    Thumb Up


    Website owners may implement any of the following methods:

    1. HTTPS: No HTTPS traffic passes through the system or is profiled

    2. Standard HTTP password-protection : Pages protected using standard HTTP password protection, as defined by RFC 1945, will not be profiled

    3. robots.txt: The Webwise system will observe the rules that a website sets for major search engines using the robots.txt method. If the website's robots.txt file is set such that "*" (any robot) is not permitted to crawl it, then Webwise will not profile its pages.

    Alternatively, you may request specifically that your website is not scanned by Webwise. To request that your website not be scanned by Webwise, please email:


  20. Sitaram Chamarty
    Dead Vulture

    enough with the wikipedia bashing

    especially when there's no indication that YOU have done the same yet...

  21. DaveB

    Its Easy

    Lets just get .com and excluded

  22. Anonymous Coward
    Thumb Down

    Isn't this what robot.txt files are for?

    They obviously know what would happen if they made it that easy!

  23. SImon Hobson

    RE: I despair

    I agree - ignore their opt-out process, otherwise you are legitimising it.

    Just stick legal notices on your websites to exclude such interception/profiling and then there is no doubt whatsoever that it's illegal. At present they can carry on pretending it's legal, if you xclude it in your usage terms then there's no doubt that it isn't.

  24. P. Lee
    Paris Hilton

    Don't opt out!

    Send them a legal letter telling them you'll sue. Don't legitimise their activity by following an opt-out policy.

    Icon: PHorms legal advisor.

  25. Steve

    Words fail me...... I'll leave it to my old friend, the Laughing Dog.

    Take it away.....






  26. Pete Foster

    A title is required

    Details for stopping Phorm can be found here:

    I think the bit about using robots.txt is interesting. They are essentially saying, "If we can't spider, then nor can anybody else."

  27. Anonymous Coward
    Anonymous Coward

    @AC - "I despair"

    The problem is that we have no way delegitimising Phorm because of the way the authorities have reacted ("la la, I'm not listening, la la")

    So the only way we have of "fighting back" is to make it that the major information sites that people go to are not scraped by phorm and so their user profiling and thus advert delivery system just doesn't give that targeted advert response. If the targeting doesn't work then the advertisers will walk away and the money will dry up.

    Of course I don't trust Kent and his slimy cronies and lets face it having Lamont on their board really says it all about the sort of unpleasant people they are.

  28. teacake


    "Website owners may implement any of the following methods:"

    They may also implement the following method:

    Place a notice on their website explicitly forbidding the interception of data from the site for advertising purposes. Then you're covered for any snooping outfit, not just Phorm.

    Why should website owners have to opt out, any more than ISP customers? If Phorm's business model works, there'll be dozens of these parasites to deal with.

    In any case, didn't early opt-outers find that a Phorm spider promptly catalogued their site as part of the opt-out process? Phorm will still be using data from your site to deliver advertising on behalf of your competitors, it'll just be out of date data.

  29. Anonymous Coward
    Anonymous Coward

    Phorm opt out

    Anyone any suggestions on a good mail to Phorm for site owners such that it is clear you do not consent to their interception without implicitly legitimising their activity?


  30. Tony Paulazzo


    If Google and Microsoft opt out Phorm will be nerfed. My homepage is Google, as are many of my customers and or MSN. If Phorm isn't opted out of a customers PC, just by profiling their home pages they'll be breaking the agreement, and whilst Phorm/BT may have British politicians in their pockets, they will be crushed by Google and MS. Hopefully.

    The news just gets better and better. Smiley for hope.

  31. Mike Cardwell

    What to send Phorm

    For an example of the sort of stuff you need to send to Phorm to get your domain excluded, see the exact transcript of the conversation I had with them about getting my own domains here:

  32. Trev

    Blocking only sorts part of the problem

    From what I know about Phorm, a lot of the problems are caused by it reading where you're going and logging that data, so even without scanning web sites it's going to be able to figure a lot about you. Just URL alone will help for keywords (like Google does).

    As for blocking the webwise system, what'd be useful is to know the IP ranges of the bots esp as their robots.txt knowledge seems to be essentially zilch, ie: not offering a user agent. Wonder what user agent they're going to use, eg: fake it?

    As a sidenote -,interesting to see they're trying to sell this as an anti-phishing system as well as advertising tracking. Can't imagine how that'll work, and there are so many better systems out there that we don't need another faked one. Oh well - hopefully they'll get closed down by the EU.

  33. Anonymous Coward
    Anonymous Coward

    @ GREG

    3. robots.txt: The Webwise system will observe the rules that a website sets for major search engines using the robots.txt method. If the website's robots.txt file is set such that "*" (any robot) is not permitted to crawl it, then Webwise will not profile its pages.

    nice try, what you mean is if we block google as well you wont spider us.

  34. Anonymous Coward
    Thumb Up


    That is a big loss of a potential data source to phorm, sure it makes them a LOT less appealing to advertisers.

  35. Martin Nelson
    Thumb Up

    Web Designer Power!

    I have just sent removal requests and advised all of my customers to do the same. After checking, I've managed to get 50....yes FIVE OH, removal requests sent.

    I'm doing my part....are you?

  36. Steve Renouf

    @ Pete Foster

    ' Details for stopping Phorm can be found here:

    I think the bit about using robots.txt is interesting. They are essentially saying, "If we can't spider, then nor can anybody else." '

    Indeed! Little shits! I WANT Googlebot to index my sites = I DON'T WANT Phorm profiling my sites!

  37. John Smith Gold badge
    Thumb Up

    To anyone with a commercial website

    Phorm is gunning for you. Either they want to grab your visitors data (all of your visitors keystrokes as well as the pages they are visiting) or pressure you into advertising with them otherwise "You'll be left out."

    Go to HTTPS pages now. With up to date procedures your customers won't notice. If you do a site layout change and introduce new products after the change which a Phorm sign up targets that would suggest they have scraped your site anyway. Class action suit time.

    As a shopper I want choice and the ability to do comparison shopping. I want a site which loads fast. I don't want some re-branded malware company snooping my data (which if I buy will include my bank or credit account details) which will be passed on to who-knows-who and sent to who-knows-where.

    I am not Phorm's customer. You are. Unless you tell them to get lost.

    Thumbs up as i welcome Wikpedia's ban.

  38. Anonymous Coward
    Thumb Down

    Something they apparently haven't thought of...

    When they are trying to sell this service to advertisers they obviously need to convince them that the targetting is accurate. However the traffic they see will only be identified by the source IP which will be the address of the firewall between the private network and the interenet. So at my house there will be three completelty different people with differing interests. If they hit my wife with adverts for cycling gear it will be wasted, or how about me with Thomas the Tank engine, or my son with card making stuff? That probably means that two thirds of their targetted ads will hit the wrong target. And if that wasn't bad enough how about those browsing from a corporate network? How long before potential advertisers figure out that their "targetted" advertising is more scattergun advertising?

    The there's the whole issue of all commercial sites who don't advertise with Phorm opting out, which of course they will because they don't want Phorm hitting their clients with adverts for the competition.

    Have they got anything that is, or could be, patented? If not and their service gets the legal green light then no doubt the big boys (OK, google) will step in and undercut them and they'll be out of business in no time.

    The more you look at this the more you realise their business model is flawed at all levels.

  39. Wortel

    How about

    Someone draws some packet sniffer data, so it becomes possible to signature these assholes and fence them off completely.

    They'll get bored pretty quickly if they have to keep avoiding blacklists every day.

  40. Dave

    El Reg

    I know I'm not the first to ask, but can we please have an official statement from El Reg?

  41. Sal


    I have sent an email to Google highlighting my concerns about Phorm/webwise abusing the robots.txt system which Google not only respects, but also depends on for quality search results.

    Perhaps everyone should do the same?

    Along with the other more obvious concerns, it may go some way in encouraging the Google folk to make a stand.

This topic is closed for new posts.

Other stories you might like