back to article BT and Phorm secretly tracked 18,000 customers in 2006

BT secretly intercepted and profiled the web browsing of 18,000 of its broadband customers in 2006 using advertising technology provided by 121Media, the alleged spyware company that changed its name to Phorm last year. BT Retail ran the "stealth" pilot without customer consent between 23 September and 6 October 2006. The …

COMMENTS

This topic is closed for new posts.
  1. Dave

    Signed Numbers

    Of course, if improvements can be negative then it's perfectly possible to consider the privacy improvement provided by Phorm. No other (known) ad provider examines your browsing habits in quite the same way. I can choose to block other ad providers by barring their cookies and filtering out their URLs, whereas with Phorm that only stops me seeing the results of their snooping, at least according the public information on how they do it.

  2. Matthew Hepburn
    Unhappy

    April Fools....

    The biggest April phool around here is Phorm!!

    The sooner that crock of retarded Spyware merchants gets off our internets the better - i think right now Comcast seem to be a nicer ISP than BT

    Phorm = Phail

  3. Anonymous Coward
    Anonymous Coward

    now that's

    Now that's a novel use of an illegal law re RIPA

  4. Anonymous Coward
    Stop

    Revolving doors. Need a revolver.

    Nice one again El Reg.

    "At the time of this newly-revealed first trial, Stratis Scleparis was the chief technology officer of BT Retail. He hopped across to occupy the same position at Phorm in January 2007. BT has not addressed our question over whether it is comfortable with the role Scleparis has played in the deal."

    That accounts for a lot, though it doesn't make matters any better on either side, arguably it makes them worse.

    Major employers typically have a corporate policy on the recruitment of staff from suppliers, customers, etc. It isn't always necessary to rule out that kind of career move, but what is generally accepted as necessary is to rule out the possibility of dodgy dealings.

    Ben Verwayeen, what is your company's policy on recruitment from suppliers and customers? What processes were followed in the case of Stratis Scleparis's career move? Is any corrective action necessary?

  5. James
    Go

    It's quite simple...

    ...Just don't use an ISP that has had anything to do with Phorm. There are enough others out there to choose from, and *not* using Phorm might even become a selling point.

    If you are unlucky enough to be using BT you will probably appreciate the improved performance you will get from another ISP anyway.

  6. Aristotles slow and dimwitted horse

    Surely...

    Simply by being associated with this spyware company VMs image is already tarnished as they have exposed themselves as no different from the rest of the money grabbing corporates out there prepared to put profit before customer satisfaction... totally opposite as to how they want to be portrayed in the media.

    But then I'm presuming Branson needs all the funds he can get to finance his white elephant galactic project.

    My recent letter from VM clearly states they are currently progressing with an "opt-out" policy and that they will be as transparent "as possible" with their customers regarding this solution.

    Can we or the Reg come up with a list of non-Phorm broadband suppliers so when we all need to jump ship, we already have decent info to hand?

  7. Sceptical Bastard

    Pots and kettles

    Firstly, given your reportage to date, I accept this is not an April Fool story ;)

    The important point here is that BT deliberately sought to hide what it was doing. It cynically deceived its customers and was knowingly sailing close the wind in legal terms.

    BT cannot be trusted to tell the truth. The company has lied about this issue consistently; why should we accept anything BT says now as true?

    Furthermore, BT has shown no signs whatsoever of backing away from Phorm nor from the concept of traffic interception for commercial gain. At least both Carphone Whorehouse and Virgin seem to be re-evaluating their commitment to Phorm.

    As to Kent (with a 'u') Ertugrul and his PR people's spin:

    "We think it is unethical of the Register to seek to undermine a technology..."

    Bloody gall! Pots and kettles. How *dare* they accuse anyone of being 'unethical'

    "... that enhances online privacy..."

    Bollocks! In fact, it does exactly the opposite as K(u)nt well knows.

    "....Phorm's system ensures that ads are served with no data storage ..."

    Storage is irrelevent, a red herring. You bastards are intending to intercept my packets and spy on me.

    "... something that will benefit readers of the Register and other websites."

    No it won't. Not in the slightest. Not in any way imaginable.

    This whole sorry saga needs and deserves the widest possible media coverage. El Reg has done a sterling job so far but, sadly, ninety-five per cent of DSL-using Joe Public is technically illiterate and doesn't read The Register. A lot more coverage such as The Guardian's and the BBC's is needed to generate the deluge of complaint that BT so richly deserves; and wallet-voting by switching ISP is the best way to reinforce the point.

    Phuck off, Phorm. Do not want.

  8. James
    Coat

    So - if it's not legal .... we'll just change the Law!

    "BT has said it plans to change its terms and conditions accordingly to comply with the law."

    ... and I for one look forward to NOT accepting the change.

    So I'll just take my Mac (code), and leave.

  9. Man Outraged
    Flame

    Did I read this right?

    BT ran an experiment whereby it intercepted all web browsing to insert JavaScript into web pages, and god knows what else?

    Did I read this right? 18,000 customers? Sorry I really can't believe this article Chris. You must have got something wrong. I can't believe a household name would stoop to such aruably criminal lows in the search of advertising revenues.

    What are the implications? BT has been working with Phorm since 2006 we know from El Reg and The Guardian. Phuck me this seems really VERY serious...

  10. Cris Page

    Phorm Free ISP's

    There is already a list growing at http://www.badphorm.co.uk/e107_plugins/forum/forum_viewforum.php?11

  11. Alexander Hanff

    Wow, no really WOW

    The deeper we get into this the worse it gets. Even I never saw this coming and until the end of the second page I was beginning to believe it might be a very clever April Fool but now I am left staggering.

    I submitted a petition on the PM website on Friday evening to call for the PM to demand the Home Office initiate criminal proceedings against BT for the 2007 Trials which they recently admitted to and was shocked yesterday to find out it had been rejected for unfathomable reasons.

    You can see the petition text and the email I got from the PM web team on the following link:

    http://www.cableforum.co.uk/board/34518506-post1951.html

    I am also currently investigating the possibility of filing for a High Court injunction to prevent Phorm technology being deployed in the UK with any of the 3 ISPs under RIPA; anyone who has any feedback they wish to give on that please contact me.

    And in closing, Wow.

    Alexander Hanff

    PS.. You need a Gobsmacked icon ElReg

  12. Anonymous Coward
    Anonymous Coward

    As usual...

    It takes a Liberal Democrat to put forward a balanced view of the internet and to question the integrity of BT and the likes.

    Just a shame they'll never get in, we're stuck with either Corrupt Cameron or Zombie Brown.

    If only people would vote for parties that actually have some moral fibre and care more about the people that vote them in than the big companies that sponsor their campaigns and offer them silly money after they leave Parliament.

  13. Anonymous Coward
    Paris Hilton

    Erm...

    In light of the RIPA comments from legal experts, and even the offical gov advice suggests that this system will only be legal if users are opted in then I can't see how BT can fail to end up in court regarding this.

    Any legal peeps around care to enlighten those of us who regularly have to use "IANAL"?

    /Paris 'cus she knows about stickin' it up her...

  14. Jonathan

    I wish this were an April Fools joke...

    "We think it is unethical of the Register to seek to undermine a technology that enhances online privacy - Phorm's system ensures that ads are served with no data storage - something that will benefit readers of the Register and other websites.

    In the interests of balance, we would like the Register to reflect the improved privacy environment Phorm provides over the other major online ad targeting companies detailed in the attached table."

    /end

    You just cant make this up. El Reg being irresponsible by exposing a spyware scam to the Net? You know, attempting to portray your product in a positive light is one thing. This.... This is stupidity. This is from the mouth of Mr-I-Dont-Know-How-To-Do-PR (and my product sucks anyway).

    Seriously, we have two options - have our internet usage monitored for the sake of advertising revenue we will never see, or.... Nothing. Or no monitoring. Which sounds like its a better deal for privacy? The jury is out on this one.

    It still amazes me what people will do, and what they will convince themselves of, for the sake of money. This is a system that uses people like cattle to make more money for the ISPs and the advertisers by invading our privacy, and yet Phorm defends it as if it could cure AIDs and cancer. How? How can you not admit that your product is immoral at best, illegal at worst. How can that not make sense to you?

  15. Anonymous Coward
    Stop

    Kent

    Jesus Kent's comments make me want to bitch slap his face.

  16. Fluffykins Silver badge

    What is the implication on commercial confidentiality?

    There must be one or two folk out there who "work from home". OK, a lot will have VPN connections, but not all.

    Can somone from the cognoscenti please have a guess as to what the security implicaitons for a company and it's intellectual property are if one's outworkers are having their traffic intercepted to and from, say, internet and their company's internet accssible intranet sites (honest guv, we aren't actually reading anyfink)

    Just wondered.

  17. Anonymous Coward
    Pirate

    Self Undermining

    Typically, the arrogance we expect from these parasites, they assume they have some god given right to our data in the same way that the ad boys seem to think its ok to up the volume in ad breaks (leading to a universal muting of ALL ad breaks in our household), the sad thing is they cant see they are WRONG.

    From my reading in various places, side-stepping reasonable questions is standard practice for this company, just one more reason NOT to trust them. The fact that they have targetted the UK is significant given that Phorm pretty much have thier roots in the US, maybe they knew that was too big a market to try to fool first off with some very vocal privacy advocates - clearly the hope was to slip it under the radar here and then be able to point to its UK operations as proof of the "value" of this, and considering I have anti phishing in all my browsers Im still trying to work out how letting a proven malware provider anywhere near my traffic provides ME with any value.

    THEY have undermined thier own "product" by secrecy and deception. Im sure if the Reg staffers were minded to do a "hatchet job" on Phorm this would have been far worse for them

    Kreepy Kent can go Phormicate himself!

  18. Mr Jolly
    Alert

    FAO: Phorm Team

    Phorm team, can you please answer the following questions which I've asked of you a few times.

    If you don't store any browsing histories, how come the OIX website says:

    "...For example, Travel advertisers will be able to target messages to anyone seeing the keywords "Paris holiday" either as a search or inside the text of any page with timing of three times in an hour..

    ...Advertisers create customised channels using behavioural keywords - keywords derived from searches, URLs, and contextual analysis of pages visited, with recency and frequency"

    In order to know the frequency someone visits a page you are going to have to record the URL's visited against their profile complete with a list of times they visited it too, so you can tell if they visited it in the three hour example mentioned above.

    So how does your system know what time a page is visited and the amount of times a page is visited by someone if it doesn't actually store the URL of the page?

    Many sites have Terms & Conditions which explicitly deny data mining, extraction etc. of their content. Many of these sites are also copyrighted.

    Bearing in mind that some ISP's are in talks to crackdown on copyright theft (Virgin & the BPI) and it seems to be another big thing at the moment, could yourselves or the ISP's installing your system be held accountable for copyright theft? It could be argued that you are profiting by mining this copyrighted data which doesn't belong to you or the person viewing the page to build your profiles.

    If I was to own or have a website then I certainly wouldn't give you permission to mine my content so you can profit from it.

    Finally, can you guarantee that the data your systems hold or process will NEVER be able to identify a living person by any means whatsover?

    If so, how?

    Thanks Phorm - Phanks!

  19. Damian Gabriel Moran

    not being a legal bod...

    can BT customers demand to know (via freedom of information?) if they were within the trial that was not a trial but actually was and if they were can they then take legal action against BT and Phorm using RIPA as their consent was not given?

  20. Daniel Wilkie

    Just a thought

    Since the majority of ISP's are provisioned through BT Wholesale, and since they clearly have truth issues, what are the chances that, since all the data will have to through through BT exchanges and BT infrastructure to go via the ISP that all that will be profiled by Phorm too?

    Just a thought, I'm not sure of the technical aspects as I've never worked for an ISP.

  21. Anonymous Coward
    Flame

    Shocked and Appalled

    So BT ran a trial which involved intercepting the communications of 18,000 customers, and gifted the information that was intercepted to a third party adware/spyware provider without even seeking consent?

    Someone in BT and Phorm needs to spend time in prison to think this over.

    Its just appalling.

    If Virgin have done this, I'll be joining Alexander in demanding prosecutions against them too.

    Phorms claims not to identify users are obviously false. Their cookie is named 'UID', abbreviation for User Identifier... ie an identifier for a user. And the claim they don't store anything... of course they do... its called a profile and its linked to a specific user via a user id.

    Their note must be an April fools day gag.

  22. Anonymous Coward
    Anonymous Coward

    Guess what Mr Ertegrul...

    It's not The Register who is stirring the negative sentiment against you. It's US, free citizens, who prefer NOT to be profiled. Bollocks to your excuses, to your reasoning; you are trying to make money off my browsing habits, you pay ME, not my ISP. The cheek...

    Here's to a nice fat lawsuit against BT and Phorm for breaching RIPA in 2006.

  23. Anonymous Coward
    Stop

    It Gets Better

    How the hell can Phorm dare to lecture anyone after being dumped by The Guardian for a lack of values? We're talking about a company which has behaved unethically, unprofessionally and dishonestly.

    I'm stunned at the revelation that "That means all 18,000 test subjects were always opted-in without their knowledge."

    I always expected the unacceptable from BT but this leaves me stunned. There's often some degree of vested interests and old boys' network in business but this is obscene.

  24. Anonymous Coward
    Alert

    BT Broadband Contract

    The article states "BT has said it plans to change its terms and conditions accordingly to comply with the law".

    Can a customer refuse to accept the change and therefore terminate their contract and move to another ISP ? I'd move if someone could confirm. I'm not sure Zen Internet could cope with the demand though :(

  25. Anonymous Coward
    Anonymous Coward

    El Reg, don't let them off the hook

    Please please keep on them and don't let them fob you off. If they hadn't broken the law they would certainly be quick to say so. If they have broken the law then someone should be prosecuted for it - why should they get away with it? Please keep on them and don't take a sidestep for an answer.

  26. James McLean
    Paris Hilton

    time to make a stand

    Given the potential breach in law that has ocurred in 2006 where you could allege a wire tapping offence took place against 18,000 customers. Would it not make sense for some good lawyer type to effect a UK equivalent high class action case on behalf of those 18,000 people?

    There are more opportunities to make money for these people in suing BT than BT will make in the first year of operation of this insidious tool.

    Failing that all it will take is for one single victim to lodge a police complaint for alleged wire tapping offences to threaten this entire house of cards.

    I have never used BT so sadly it could not be me, otherwise Mr Plod would get a visit this afternoon (seriously).

    Somewhere our rights need to be honoured and somewhere people need to make a stand. why not here?

    Paris, because she knows money when she sees it.

  27. Anonymous Coward
    Anonymous Coward

    Phorm arrogance.

    Phorm really are quite the arrogant bunch. First they say they are going to education Sir Tim Berners Lee on the benefits of their system and now they complain about El Reg coverage of all this.

    Newsflash for you Phorm. You along with BT have broken RIPA. You have lied countless times. Even your PR team couldnt be honest and initially registered on the cableforum website as PhormTechTeam. You lack credibility and even the tiniest semblence of honesty. We dont believe you. We dont want your spyware. Go away.

  28. Anonymous Coward
    Anonymous Coward

    A bit ot persistence is required

    In the reports of people being arrested because someone thought their mobile phone or whatever was a gun and similar stories the police always say they have a duty to investigate complaints.

    Maybe someone based in the UK could call the police and make a complaint against BT. I recall someone already trying but if enough people did so then it might get a bit further.

    Similarly with the petition on the PM website especially in light of the 2006 trials.

  29. Anonymous Coward
    Flame

    Phorm site

    I..*shudder*.. went to the Phorce, erm Phorm website, had a luck at their press releases. It's amazing that El Reg has probably had more stories on this item than any other news site/paper, yet isn't mentioned once as a source for their Press Archive. In fact all the sources given are basically that sites rehash of the Phorm press releases and some even seem to think its A GOOD THING! IT ISN'T! Makes me worry about the sanity of the "tech" writers for these other sites!Or rather, wonder how much they are being paid!?

    It all boils down to what is relevant to the users interests. Or rather, what shit Pharce is trying to make relevant for them. Nothing like burying your head in the sand up to your arse eh Phorm? Hoping the opponents to this "innovation" will go away? Not while there is movement in the fingers of El Reg and it's readers!

  30. 3x2

    Page 1 section 1

    (RIPA)

    1 Unlawful interception

    (1) It shall be an offence for a person intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of—

    (a) a public postal service; or

    (b) a public telecommunication system.

  31. Anonymous Coward
    Stop

    BT Group publishes a code of ethics.

    http://www.btplc.com/Thegroup/Companyprofile/Ourcodesofethics/codeofethics.htm

    Based on their actions, maybe it should say "this space intentionally blank" but what it does say includes:

    "The Chief Executive Officer, Group Finance Director, the Director Group Financial Control & Treasury, direct reports to the Group Finance Director and the lines of business Finance Directors will:

    * act with honesty and integrity, including ethically handling actual or apparent conflicts of interest between their personal relationships or financial or commercial interests and their responsibilities to BT;

    * promote full, fair, accurate, timely and understandable disclosure in all reports and documents that BT files with, or submits to, the U.S. Securities and Exchange Commission or otherwise makes public;

    * comply with all laws, rules and regulations applicable to BT and to its relationship with its shareholders;

    * report known or suspected violations of this code of ethics promptly to the Chairman of the Audit Committee; and

    * ensure that their actions comply not only with the letter but the spirit of this code of ethics and foster a culture in which BT operates in compliance with the law and BT's policies."

    Etc,

    Ben, how does the Phorm work fit this ethical policy?

    In particular, what about "ethically handling actual or apparent conflicts of interest between their personal relationships or financial or commercial interests and their responsibilities to BT;"?

    How does Stratis's career move (which BT and Phorm presumably knew about when BT started trialling Phorm) line up with your ethical policy?

    The public want to know. In particular, your longsuffering stakeholders (employees and shareholders) want to know.

  32. Alexander Hanff

    re: Damian Gabriel Moran

    No, Freedom of Information Act only covers the public sector (and not even all of that). You could however send a Subject Access Request (Data Protection Act) accompanied with a £10 cheque or postal order asking if you were involved with the trials. You need to send the request to the BT Data Controller and I recommend you send it by registered post and print off the delivery notification from the Royal Mail website. They have 40 calendar days to comply with the request before they are in breach of the regulations at which point you can either contact ICO with a formal complaint -or- if you can prove damage you can initiate civil proceedings against them in the county court.

  33. Graham Wood

    @Various

    @Mr Jolly

    Wonder whether we can apply the 3 strikes to an ISP? E.g. three random customers each download an illegal mp3 via http.. Each has only one "strike", but phorm has three - can we therefore demand that they get unplugged? ;)

    @Damian Gabriel Moran

    The FoIA applies to government bodies, not private companies. However, under the Data Protection Act, you should be able to find out if you were within that trial, since they really should still have those records - there's an administrative fee associated with it, but it has to be "reasonable".

    @Fluffykins

    To some extent they may be protected by your lack of encryption... It's not illegal to hear something that people say in public if they shout it really loud ;) However, the RIPA doesn't seem to see an internet pipe as a "public place", so it probably isn't covered. No company should be using http/html for remote working without the "s".

    @Daniel Wilkie

    There's another article on the reg (can't remember the title at the moment) that includes details of how the infrastructure works. Effectively the data passes through a very small part of the BT network (from a data point of view, rather than physical), and goes immediately out on a dedicated pipe to the ISP. Therefore unless BT are putting the phorm stuff within that small section, it's not relevant... If they DO put it there, then they are likely to be really hammered by the other ISPs. If nothing else, they're increasing the data flowing over the pipe and that's what the other ISPs end up paying for...

  34. Alexander Hanff

    re: A bit ot [sic] persistence is required

    I am the one who tried to report the 2007 trials to Scotland Yard but they refused to issue a crime reference number because I was unable to provide them with an exact date and place where the criminal act took place (as I am not a BT customer nor ever will be).

    So yes, we need criminal proceedings to be initiated which is why I have just refiled the petition on the PMs website with the news of the 2006 trials and again asking the PM to demand the Home Office start proceedings.

    I have also started a facebook group to help publicise it here:

    http://www.facebook.com/group.php?gid=12430966276

    (And no I don't need lecturing on the privacy issues surrounding Facebook but thanks anyway).

  35. Ash
    Pirate

    Oh dear God...

    Anybody seriously wish that chemical neutering was legal practice?

    Someone with such questionable moral values to actually BELIEVE that this is, in any way, acceptable, legal, or even required, should not be put in charge of impressionable people, their own or anyone elses.

    I worry about the state of society.

  36. Grant Mitchell
    Happy

    Is it just the end users that can sue?

    Surely the owners of websites surfed to by the guinea pigs were also victims of interception? I guess you'd have a hard time proving (unless your logs go back that far), so just to make it easier, can we use the same formula's the recording industry uses to calculate damages to work out how much BT must pay ;-) ?

  37. Midnight_Voice
    Paris Hilton

    The cracks are appearing...

    Phorm say:

    We think it is unethical of the Register to seek to undermine a technology that enhances online privacy - Phorm's system ensures that ads are served with no data storage - something that will benefit readers of the Register and other websites.

    I say:

    This rather intemperate response means they are rattled.

    Keep up the pressure, El Reg, BadPhorm, DePhormation, and everybody else who cares about this.

    And if you need further encouragement, read:

    http://www.thespoof.com/editorials/index.cfm?eID=2564

    for a perhaps insufficiently satirical look at where this will all end up if we don't keep up the pressure....

    But I am sure we can. And I sincerely hope Kent Ertugrul's phlight back to the USA goes from Terminal 5.

    Paris, because her baggage will always follow her around, no matter what

  38. Anonymous Coward
    Thumb Up

    And on that bombshell..Phormgate

    Well done Chris & El Reg, real Watergate stuff - or should I say 'Phormgate'. Lets just keep focused on BT and the other ISPs who are the principal villains of this piece.

  39. Inspector_Morse
    Flame

    @ Alexander Hanff

    Good luck with the injunction; I think it's the only sensible way to stop this.

    As for the No.10 petitions route, does any reader have a single example of this tactic working (i.e. our beloved leaders - past and present - actually taking any notice)?

    You know, being democratic?

    No?

    I thought so.

    El Reg - keep it up.

  40. Alexander Hanff
    Thumb Down

    The only Trials BT should be involved with...

    Are criminal trials for the potentially millions of counts of breaches of RIPA in both 2006 and 2007. How many webpages do you think 18000 people visited over that 2006 trial period?

  41. 3x2

    Unethical?

    <..>UK equivalent high class action case on behalf of those 18,000 people?<...>

    They shouldn't have to. Breach of RIPA is a criminal act not a civil one.

    Either BT & Phorm have committed a criminal act or they have not. My reading of RIPA say's they have. Time for HMG to step up.

  42. Peter White

    opt in security broken

    look at the link

    http://www.ispreview.co.uk/talk/showthread.php?p=199729

    it shows how a dubious website can opt you in without your knowledge, using standard cross site request forgery techniques

    so if you visit a site it can put an opt in cookie on your pc without your knowledge

    then it is down to whether webwise process the opt out or opt in cookie first

    hmm looking more dubious and less secure all the time

  43. Jimbo Gunn
    Happy

    Dear HMG Home Office

    Dear HMG Home Office,

    I recently received details of your new initiative to create new legitimate business opportunities in the hi-tech sector, namely in the Data Raping arena, and I'd like to register my company's interest in the scheme.

    I own a conglomerate of small enterprises specialising in niche revenue opportunities. By profiling anonymous individuals we can identify those of high net worth whom we can target our product at. Out main product being simple letters offering our services, our main service being NOT writing to the press about profiles showing interest in our sister business selling a large range of man-on-man video materials.

    We also have ties to a large network of software developers who are keen to install 3rd party "applications" on our data-raping hardware. Many of these are enterprising individuals whom I'm sure will find great ways to increase revenue once we have total control over users data streams.

    Thank you for your interest,

    Frances James "Jimbo" Gunn

    Writer, TheSpoof.com

    http://www.thespoof.com/search.cfm?writer=7138

  44. Peter White
    Stop

    central resources needed

    what we need is a central location to keep all the issues, websites, email addresses and places to write to, to complain so we can maximise and co-ordiate everything against phorm, is anyone aware of a site or blog like this?

    we also need standard letters that list the issue we are complaining about to the relevant recipient of the complaint,

    one to each of the following

    ISP

    to register your position on phorm and specifically remove permission for them to profile your data or pass it via profiler

    info commisioner

    to register a complaint with regards to BT, VM, TT and Phorm potentially breaking RIPA and the DPA, even if the user opts in

    MP

    general complaint, plus info on their comms to constituants and researchers web activity being profiled if using one of the 3 ISP's etc

    home secretary

    as it involves BT's breach of RIPA last year during trails of webwise, and potential breaches of RIPA and DPA in the future, and possibly the national security implications of governmet officials web activities being profiled etc

    MEP

    as it could involve european law, in particular human rights act, as right to privacy would be infringed

    local press

    make more people aware of the potential issues

    bbc watchdog

    as local press but more national coverage

    have i missed anything??

  45. Gianni Straniero
    Black Helicopters

    @Alexander Hanff

    Look, there's no point in messing about with online petitions. If you are a BT customer and believe your traffic may have been intercepted, contact the Computer Crime Unit of your local police force. For example, if you live in London:

    http://www.met.police.uk/computercrime/index.htm#hacking

    Of course you will first need to provide evidence that your traffic has indeed been intercepted.

  46. Dave
    Paris Hilton

    Why didn't they come up with an excuse?

    BT also refused to reveal where in the national broadband network the thousands of guinea pigs were sourced from.

    Surely they could have claimed that they would have loved to reveal where the mugs came from, but they don't hold sufficient information to be able to identify the source?

  47. Hayden Clark Silver badge

    The powerpoint slide contains lies

    .. of course.

    It suggests that the "opt out" for major search engines is "deeply embedded". However, anyone who has an anti-malware package on their PC (or otherwise knows how to delete cookies) can "opt out" by preventing the storage of the tracking cookies needed by the other ad-targeting engines to work.

    Since the Phorm system is IP-address keyed, and occurs in the network, there is no way to opt out of tracking.

  48. Anonymous Coward
    Alert

    Are the BT Board Asleep on the Job?

    So the BT Retail CTO organises secret (and illegal!) trials using their customer's data, in conjunction with a notorious spyware outfit, and between them they perfect a scheme that they think they can get away with. Then when they think they might make a packet, he jumps ship to be CTO of the very company he has been sweethearting at BT's expense, leaving BT to carry the can if the legal implications blow up in their face (as they are doing). Nice move, but would you buy a used car from this man? Makes Nick Leeson look like an amateur!

  49. Alex
    Thumb Up

    One of the 18,000

    I was one of the people who was entered into the parasitic trial without consent.

    I am utterly appalled that the number of other people who also "wiretapped".

    This is a disgusting abuse of trust and faith.

    What I find most appalling that despite several emails to and from BT Directors I have still not received an apology, just belated confirmation that a test did take place despite being told at the time that there was no such thing happening.

    In the words of the mighty Tony Harrison: "It's an Outrage!"

    BT, looks like the sh17 is about to hit the Phan!

    DO.

    NOT.

    WANT.

    ...looks like we'll be seeing BT + Phorm in the dock then!

  50. Ian
    Stop

    Isn't this like

    BT having someone listen in to all your calls, taking notes - in case, say, you ask dear old dad what kind of garden shed you should buy? So they can inundate you with adverts for garden centres? I'm sure if that was forwarded as a legitimate business plan it'd get laughed out the office due to being incredibly illegal...

    Plus what is the security ramifications? Like online banking? They intercept your username and password, and which memorable information selections you made? Credit card details entered in online shops? Chat text on MSN et al? Could divulge all sorts of snippets on there... OK it is encrypted but that's not the same as "100% safe" is it. And if it is recorded you've got all the time you need to crack it.

    Ghastly situation, someone needs a right kicking over this.

  51. Anonymous Coward
    Stop

    Crimestoppers

    Anyone tried em?

  52. Alex

    Urgh...

    I'm meant to accept that because websites can see some of my data if I choose to visit them, a service that sees almost all of my data even if choose not to use it is tickety boo. This, I have 'reservations' over.

    However, I must say I'm impressed that Phorm is able to offer a time-travel service in offering the ability to undo previous participation. That is something that Google is sorely lacking.

    Furthermore, the magic power that means data held by Phorm can never be accidentally or maliciously disclosed is in contrast to every single data-holding device ever made ever. So credit where it's due.

  53. Anonymous Coward
    Anonymous Coward

    @ Alex

    If you were one of those involved in the secret trials either last summer or in 2006 then please make an official complaint to the Computer Crime Unit of the Metropolitan Police citing Regulation of Investigatory Powers Act 2000.

    if you are open to that possibility but need help drafting a letter then I am sure many would volunteer to help you. One place you may be able to get help is from the members of the cableforum website where there is already a thread regarding phorm which is fastly approaching the 2000 posts mark.

  54. Spleen

    I see the darkness coming

    "We think it is unethical of the Register..." Good God. This reminds me of the angry rantings of a dying villain in a Western or samurai flick. As the end approaches all pretense at civility disappears. Such as it was. Phorm Tech Team's sunny, cheery, one-of-you-guys attitude always reminded me of Doctor Pal from South Park. "We're very concerned about your concerns and we'd like to explain to you exactly how our technology enhances your privacy, so first off how about we take off our shirts and kiss?"

    These are not just people with a bad product. These are bad people.

  55. Anonymous Coward
    Anonymous Coward

    Way to go El Reg, keep up the good coverage!

    One minute it is a random number, the next minute it is a by definition non-random UID. One minute the system stores browsing data for 6 months, the next minute there is no data storage. One minute it is user profiles may be transferred to ISPs in other countries, the next minute it is no data leaves the ISPs network. We don't have servers in China (well, now... after you busted us). We voluntarily left the adware business (before various privacy/security orgs and US agencies caught up with us over the spyware/rootkit software we developed and distributed). This is a privacy story! Well, except for those we illegally snooped on in trials and anyone who is foolish enough to use an ISP that partners with us.

  56. This post has been deleted by its author

  57. Peter White
    Happy

    lies, damn lies and then there is PR

    the smoke, mirrors, spin and finally BS have failed, now they are down to the bottom of the barrel with trying to make El Reg appear worse than them!!

    news for you Phorm not a hope in hell

    about time you gave up and went back to punting spyware and crudware

    and we will block that as well

  58. Anonymous Coward
    Joke

    opt in security broken

    It wouldn't require a dubious website, you could for example be opted in remotely by a post in a forum that allows images to be posted.

    The problem is that just the act of navigating to the webwise opt-in URL deletes the opt-out cookie and retrieves an opt-in cookie with a unique ID.

    There is no security to break. Neither is it a browser flaw. If your browser opens the opt-in url, you are opted in, that's all there is to it.

    This means that a webpage could use perfectly standard HTML to opt you in.

    For example a hidden image

    <img height=1 width=1 src="http://a.webwise.net/services/OO?op=in">

    or

    an invisible iframe

    <iframe src="http://a.webwise.net/services/OO?op=in" FRAMEBORDER=0 SCROLLING=NO height=1 width=1 ></iframe>

    You should realise that all the opt-out does is store an "OPTED-OUT" webwise.net cookie on you PC.

    Now browsers don't allow cross-domain access to cookies for security reasons, so in order for phorm's system to check if you are opted out, your TCP stream would still have to be modified to trick it into accessing the webwise.net domain and sending the opt-out cookie.

    I don't know what the legal standing is, but in my opinion that is still interception.

    Another issue with opt-out cookies is anyone with access to your PC such as your children could opt you in, it should be down to the account holder to choose after verifying their identity.

    In my opinion a cookie based opt-out is totally worthless, perhaps even Phorm didn't think it was worth making it secure?

    Joke alert, because a cookie based opt-out is a joke.

  59. DM
    Coat

    @Alex

    Actually,

    Google have released several time travelling services...

    http://mail.google.com/mail/help/customtime/index.html

    http://www.google.com.au/intl/en/gday/index.html

    /Mine's the one with the mirror shades in the pocket, next to the mr fusion

  60. Aristotles slow and dimwitted horse
    Thumb Up

    Thanks

    For the link to the BadPhorm site earlier on in this thread. I'll transcribe and post the contents of the letter I received from VM regarding Phorm later today on the forum.

  61. Frederick Karno
    Flame

    Un berrrrrrr lievable !!!

    Big thanks to all concerned who showed BT up to be liars and unworthy of being capable of securely handling peoples data. We will see how toothless OFCOM really are ,this is a criminal case and people should face jail for knowingly allowing this to happen.

    I am not a BT customer and never will be now, but i would suggest all people who are, demand a refund ,and the ability to leave the company with no financial penalties.......You are not guinea pigs and you should receive recompense for being treat in such a way.

    Its unbelievable that they would lie to customers who had genuine concerns at the time that there business's were being put at risk.I would like to see this taken through the courts and an end put to this holier than though attitude many people have in this country to data protection.BT have proven themselves unworthy of our trust and should be severely spanked where it hurts........in the shareholders pockets !!!!!!

  62. Trevor Watt

    Surely

    by _quote_ "BT has said it plans to change its terms and conditions accordingly to comply with the law". _unquote_

    Surely the reciprocal of that is that by needing the opt-in BT accepts that what they have already done is not legal?

  63. Anonymous Coward
    Flame

    Phorm - when the truth is stranger than fiction

    "In the interests of balance, we would like the Register to reflect the improved privacy environment Phorm provides over the other major online ad targeting companies detailed in the attached table."

    I find myself agreeing with Phorm here. Shock. Horror.

    When I look at the data which FrontPorch claim to collect and are already collecting when the UK users of the free Hotspots click the Accept button on the T&C when they logon, then Phorm are making a point.

    As long a FrontPorch and NebuAd (any HSBC Premium users - USA only? - out there looked at the T&C when they login free?), et al stay with users having to accept terms each time they logon, then I can only say that 'user beware' should be the rule. As they all operate on a 'no cookie' and data packet 'script injection' model you only know what is happening when you read the terms or see the ads.

    Does anyone know who the UK ISPs are that are signed up to the services offered by these other ad/spyware providers.

    However, so far, the UK users of these other ad networks systems have the choice of using the connection or not using the connection. If they don't accept the terms then they don't get connected. Simple.

    Why can't Phorm / BT / VM / TT get the message that anyone who does not want the system should have the option of not being connected?

    In the US, is Virgin Media being open with its cellphone customers who are selling their soul in exchange for all those free minutes for viewing adverts? - targeted at 14 - 24 year-olds.

    A flame - because the more I read about how this 'technology' is spreading around the world, the hotter I get.

    Maybe, if the VCs of this world put their money into real property developments, ethical mortgage suppliers and educating farmers on protecting their soil and water resources rather than virtual money generating machines, the world economy would be balanced more on the 'fair' side.

    I see all those lovely blue BUYs are turning into red SELLs. No comments on the PHRM discussion so the shorters must be looking to make some more money on this news before the herds hear about it.

  64. William Morton
    Stop

    BT should email all the effected users

    Can I suggest to BT that they email all the users who where effected by this trial in July of 2007 to avoid being flooded by Data Subject Access Requests.

    With regard to the trial, I live in the Midlands and was one of the people who was spied upon, I understand that another exchange in the south was also pimping data, I would like to know which other exchanges were effected and which version of the PHORM was being used. No doubt PHORM have cleaned up their code since then and hence are more in line with the UK legal requirements, however this does not preclude the version of PHORM where they can "see all the internet".

    Given that when BT trialed the service they were looking specifically for EGG and Recruitment sites customers it suggests they were after people with money to spend and wanted to obtain their carreer details.

    That BT Privacy policy of that time forbaded access to third parties, I would like to know how BT sees PHORM and THELATHE as not being third parties, further given PHORM's malware history, BT could have shared this clearly sensative information.

  65. alistair millington
    Flame

    I like phorm's comments.

    Reg has undermined their data pimping shenanigans and the Reg is at fault for not pointing out the benefits of a data pimping system.

    EH?????

    But consider me to understand both sides of the argument in your coverage of the phorm debacle, I do feel you are being middle ground on this, middle ground as you can given only the NONE guilty come freely to an interview and those with stuff to hide issue statements and keep quiet.

    Phorm need to grow up.

    And why isn't someone making BT give out who were the 18000. I have an egg card and I will have been using that web site so I could be involved.

    The thing that gets on my goat... WHY TEST A FINANCIAL SITE IF THEY AREN'T BOTHERING WITH FINANCIAL INFORMATION. Egg do nothing but financial so you would think avoid that at all costs. Lunacy.

    Someone has to go to jail for this, how many laws were broken, 18000? surely 1 day for each offence? :)

    ...but this is fat cat britain and chief execs get away with it.

    I await new T&Cs so I can tell BT where to go.

    /rant

  66. Secretgeek
    Flame

    @Central Resources Needed

    I'd just add one more to that list.

    Every site signed up to the OIX

    (Come on El Reg...surely you can get a copy of that list).

    Just a quick email to them to say that whilst there is any possiblity that they're part of the OIX (and hence in league with Phorm et al) you will not use their products or services.

    I know it won't stop Phorm snooping but it'll certainly hurt them where it counts - in the pocket as their clients start pulling out (Let The Guardian' be just the first)

    Fighting snooping with a flamethrower.

  67. Slaine
    Paris Hilton

    the expigated version

    "one of the aims of the validation was not to affect their experience"... correct, it was to affect their spending habits.

    "18000" individually distinct instances of a breach of RIPA, lets hope the sentences run consecutively.

    "BT claims that when it launches, Phorm's technology will be legal" and by the powers of logical deduction are admitting that they knew damned well that it wasn't legal at the time, since the launch still hasn't happened.

    "to avoid any perception that their system is a virus, malware or spyware"... not to prove it isn't, but to make people perceive that it isn't, or in other words, as we all well know... IT IS, all of the above.

    "firing 'a revolution in online privacy'"... mmm yes, there again, Phormally one could also call it a 'firing squad against privacy'.

    And PHINALLY... it was NOT "El Reg" who sought to undermine this bastard child of manipulative advertising, it was we, the users, your target audience, in our tidal wave of venomous responses to your actions, your intentions and your abuse of our bandwidth... We don't view El Reg for a source of bullsh*t and spin, we seek the balanced, fair and open journalism that we have come to expect (well, that and lots of articles about Ms Hilton). You C**NTS chose to lie, to us, to government - even ti yourselves. At least Paris is honest about being a bit loose with her honour.

  68. Andy ORourke
    Joke

    Come on El Reg

    Give it up, despite your protests this has to be an April fool right, I mean a large organisation like BT wouldn’t possibly intercept traffic without notifying it's customers and they certainly wouldn’t allow one of their upper echelon staff to enter into negotiations with a company, set up a sweet deal and then move to said company?

    Good one El Reg but it really is time to give it up, this can't possibly be true............. Can it?

  69. Simplepieman

    @William Morton

    > No doubt PHORM have cleaned up their code since then and hence are more in

    > line with the UK legal requirements

    But that's just the problem. Software is notoriously hard to validate and police. It's what Phorm and their PR teams just don't get. It doesn't matter how careful they are with data, and many safeguards they *say* are in their software.

    It's illegal to intercept a communications stream without permission from both ends of the communication. It has to be - otherwise you have a situation where some companies are deemed "good" and are allowed access to intercept, whilst others are deemed "bad" and aren't. But who will police this over time? Who will regulate this? Is it worth setting up a regulatory body capable of daily oversight? Probably not - therefore intercept is banned end of.

    What the "secret" trials do is avoid the contested legal area on whether consent of a website can be assumed. In these secret trials, even the end user didn't consent, so plain and simple case one would hope.

  70. Julian
    Unhappy

    I Love Dissembling - Not

    "Phorm itself emphasises that it is firing "a revolution in online privacy" and that consent is a key part of its proposition"

    Bollocks! But we are served a lot of that these days!

    I WILL leave Virgin if they trial me or adopt Phorm.

  71. Aristotles slow and dimwitted horse
    Flame

    Interesting...

    Considering the noise that that beacon of impartial news reportage - the BBC, made over the government losing customer data recently it is interesting that the "technology" news, or should I say the "always very much out of date technology news" finds this story : un-newsworthy.

  72. Anonymous Coward
    Anonymous Coward

    Harming UK plc (Re: Unethical?)

    As well as BT needing an executive to talk to El Reg and the police, I can see them needing one to face a House of Commons Select Committee. This sort of behaviour harms the country’s economy. What other EU country is going to want to do electronic business with us, if we’re the EU country known for having an untrustworthy Internet infrastructure. It’s harmful in the same way that Northern Rock has been. Stratis Scleparis should get the same bollocking that Adam Applegarth got.

  73. William Morton

    @Simplepieman

    The whole point is that if the software was as they cry "anonymous" then why do it behind our backs. BT have admitted that they allowed what they agreed at the time to be malware to profile, "diety of your choice" knows what and where the profiled data went afterwards.

    Why are the goverment sitting on their thumbs on this? This is a clear case of an illegal wiretap and needs a criminal investigation.

  74. Anonymous Coward
    Thumb Up

    Now the House of Lords is asking questions

    http://www.publications.parliament.uk/pa/ld/ldcumlst.htm

    search the page for the Earl of Northesk. He has asked the government to clarify what they are doing about Phorm.

    Good on him!!

  75. Simplepieman
    Happy

    @Aristotles slow and dimwitted horse

    1.) The BBC hate us. They think the IT community and El Reg are a bunch of fist-thumping alarmist conspiracists and have been ignoring our pleas for weeks and the first story they put up about Phorm was a "good news - Phorm are great"

    2.) See point 1.)

    HOWEVER... Word on the grapevine is that a mainstream TV channel will cover a Phorm-related topic this week.

  76. Anonymous Coward
    Unhappy

    Call the Police

    Seriously.

    How does one go about it? No use calling the local plod.

    It's clear to me and others the law has been broken.

  77. Anonymous Coward
    Anonymous Coward

    <no title>

    Just let me know when they've all been banged up in gaol.

  78. Anonymous Coward
    Anonymous Coward

    Just had a look

    at BT's T&C's and point 22 is quite amusing:

    Using the service

    You must not use the service or allow the service to be used:

    in any way which breaks any law or the conditions of any licence or rights of others.

    So by the terms and conditions I cannot allow the service to be used in any way which breaks the law?

  79. Daniel Gould
    Boffin

    If they were genuine....

    BT could have just added a proxy service for all their customers to ensure they didn't hit unwanted pages. They could have applied this to any traffic from a customer's IP address, allowing the customer to specify if they wanted filtering, paying a fee to cover the service.

    But, no, BT have decided to ally themselves with Phorm to generate revenue by underhand methods, perhaps thinking that their customers wouldn't willingly pay for the filtering service in the first place. Well, BT, if you had actually consulted your customers, I think you would find that most customers with children would happily pay a small monthly fee to filter their connection to ensure their children were safe on the internet, giving you the revenue strem that you seek.

    I for one will be ensuring that I stick with an ISP that doesn't employ this technology.

  80. b shubin
    Pirate

    All your NDA are belong to Phorm

    in a world of ambiguity, this is a rare situation: the problem is very obvious, and very simple.

    if you do ANY work-related activity at home, the confidentiality that is usually assumed in employer/employee communication is broken, if your or your employer's packets pass through Phorm's "service", no matter how briefly, retained or not. same applies to any communication confidential to you or any other parties (financial, medical, personal...).

    whoever thought this was a great value-add (BT's CTO? i would take my business elsewhere on that basis ALONE), has ABSOLUTELY NO UNDERSTANDING of how communications links are used. maybe BTCTO was hypnotized by the "shiny" (which makes him a dweeb, technically, as no true geek would fail to see the bright "biohazard" stickers covering every surface of this idea).

    or maybe he's just stupid and/or greedy (seems rather likely, but i'm cynical, and have dealt with far too many C-level officers).

  81. Anonymous Coward
    Anonymous Coward

    Glad I left

    I am even more glad that I have just left BT internet now.

  82. Peter Stone

    A thought......

    If I've understood the article correctly, then this time BT are going to make this new trial an open one. This SHOULD allow people to opt out of the trial.

    So, if you know anyone who uses BT as their ISP, then point them to the artices on Phorm here & elsewhere & suggest that they say no thanks if they're made part of the trial.

    10,000 users saying no should drive the point home. :)

  83. Anonymous Coward
    Unhappy

    @Cris Page - badphorm.co.uk

    Good heavens! I just tried to have a look at the link Cris posted to http://www.badphorm.co.uk/

    However, I'm using the Defence Fixed Telecommunications Service, which tells me: "The page or file you have requested has content which is not allowed according to MoD Security Policy...

    Served By: [redacted].igs.r.mil.uk/10

    Request: GET http://www.badphorm.co.uk/ HTTP/1.0

    01/Apr/2008:17:03:01 +0100 "

    Furthermore it says: "Delivering DFTS - DE&S and [wait for it....] BT".

  84. Anonymous Coward
    Anonymous Coward

    Computer Misuse Act as well?

    From the article:-

    "The early iteration inserted JavaScript ..."

    So they inserted program code into a computer system without authorisation and which would be executed without the users (or owners) knowledge?

    That would be a virus - if I did it to either BT or Phorm you can bet it would be considered a section 3 breach - and I think that can carry up to 2 years.

    It would take a braver man than I to talk to the pigs though, assuming you made it through without either a beating or a court appearance they wouldn't understand anyway.

  85. RW
    Jobs Halo

    The Spirit of L. Ron Hubbard Lives On

    "We think it is unethical of the Register to ..."

    Sounds like a scientologicalistical double-curve counterattack to me. Accuse your accusors of precisely what they are accusing you of.

    Are there any known links between Phorm and Scientology, "the most ethical organization on earth" (except when their moles are stealing government records)???

    As for violating RIPA, seems to me that the executive officers and directors of both Phorm and BT need to do some serious jail time. Nothing else will draw their attention to the criminality of their actions. Something like having to hit a mule with a 2x4 to get its attention.

    A hefty fine in the tens of millions (pick your currency) would add a certain piquancy to the proceedings.

    Note: not criminal conviction of the corporations, but of those controlling them. Big diff.

    Why is there no L. Ron Hubbard icon? I had to use someone else with a fake halo as a substitute. (That is Ballmer, no?)

  86. Andrew

    Phorm's Advertisers

    If i understand it correctly in that advertisers are paying phorm to deliver their ads, Then what is needed is a list of the companies that are advertising using phorm. If enough people avoid these companies and go elsewhere they will hopefully get the message and not use Phorm.

  87. Anonymous Coward
    Anonymous Coward

    Would anyone else...

    ...trust their data with a company called Phorm no matter what the circumstance? The whole use of "Ph" in place of "F" to make the same sound stinks of script kiddie cowboy naming to me. I half expect their press releases to say "lol h1 m8s w3 ar3 teh l33t ph0rm hax0rs p1mp1ng j00r d4t4".

    Even if they were a professional data backup company and I needed a backup solution the name alone would put me off because it just stinks of unprofessionality. What makes our ISPs think I'd be happy to be forced into using such a company when I wouldn't even volunteer to them? If they can't even show a decent level of maturity and professionalism in deciding a company name then they can't exactly be trusted to be mature enough to manage personal data.

  88. Slaine
    Coat

    oops

    ...sorry about that, I think I'd better go and have a little lie down.

    And NO that doesn't mean I want to see an advert for Slumberger or Silent Night. I'll just hang my dressing gown up.

  89. Alexander Hanff

    re: .mil.uk

    Maybe .mil.uk have blocked anything with the word "Phorm" in it to prevent all their secret web browsing habits being profiled by Phorm?

  90. Andy
    Pirate

    Data dumps

    I am on VM and I am now running tcpdump and wireshark and dumping all packets to file now. If anyone is going to the plod about this then you will need hard evidence, or at least something that looks like it. Perhaps a letter from bt stating that you were part of a trial (that didn't happen, at least not until they got found out) then you have a case.

    As for Vm, I am looking at other ISP's. If my money isn't enough for them (£18 for 2MB, the M package) then it's time to go elsewhere. O2 look good, I have an O2 PAYG phone so £5 off for me. Only £7.50 for up to 8MB, unlimited usage (fair usage policy). Even the 20MB is only £15, cheaper than what I'm paying now. I am just trying to find out if they are going to use Phorm or anything similar.

    Perhaps the only way to get something done about Phorm is to get big business behind the movement. I am sure there are plenty of business's out there who have people working form home, most if not all should be using encryption of some sort, but if some of the data is not encrypted then there could be commercially sensitive data being sniffed by Phorm.

    Bones, 'cos that is what should be happening to Phorm. Can't we get a gun or bomb symbol on here? Cos that is what Phorm needs.

  91. Piers

    "a revolution in online piracy"

    is how I first read "a revolution in online privacy", which is MUCH more accurate. Oh, I've now started to hesitate to recommend any of the Phorm associated ISPs when friends ask my advice about changeing their broadband connection from <some crap service>.

  92. Julian
    Unhappy

    An Alternative Viewpoint

    I just listened to Kent on Radio 4. He was very persuasive that the proposed technology is benign and protects, rather than invades, privacy.

    But whilst I was not really convinced, if this is true, I wondered what else the technology could be used for in the future and how we might feel about that use.

    And my conclusion is that I still have very serious privacy concerns, and that it is a quantum leap to move forward the 'Big Brother' scenario which most of us seriously deprecate.

    However, since the Phorm technology has already been developed, even if it is not adopted now, it will rise again in perhaps a way that we really don't like. In fact I think that this is almost inevitable.

    One more step towards the life style portrayed by Ray Brdabury in the 1950's science fiction novel 'Fahrenheit 451'

    I have the feeling that a door has been opened that can never be closed again.

  93. Dave
    Unhappy

    @Andy

    IIRC O2 is the trading name of what used to be called BT Cellnet.

    Choose with care

  94. Anonymous Coward
    Thumb Up

    Good to see Phorm back in the headlines...

    .... even though we really need to see the mainstream media pick up on this:

    The Sun: BT pimps your data for cash!

    Hopefully that will happen soon!

    Phorm and BT are now in my mind crooks, the way BT present this as a service that you should bloody well be glad they are providing for *FREE* makes me sick. Check out the page:

    http://webwise.bt.com/webwise/index.html

    "BT Webwise is completely free — and you don't have to download or install any software for it to work."

    They've gone a step too far this time, if it's not stopped in its tracks how many more ISPs will jump on the band wagon? As it is I can see this being an ongoing fight as other systems become available which probably have 'even better technology and privacy' - I think this is going to be an long-term war between technical facts and marketting bullshit.

  95. b166er

    Poor Phorm

    Virgin seem to have allied themselves to Google as of this morning, with their joint proposal to provide Mars based habitats ;~)

    I hope BT get massive PR fallout from this, maybe they will then have to DO SOME FUCKING WORK for a change (FTTH) and LLU might also get a shot in the arm.

  96. StillNoCouch
    Paris Hilton

    It's my lunch time now ...

    ... so I have a few minutes.

    I've been following this closely since it's beginning.

    I've read the comments posted before me on this as well as the other articles in this series.

    I'm still curious:

    A) If all the ISP's have to do is change the terms of their EULA, why don't they just do it ? To hell with whether or not it's right or wrong ? After all, many of us are stuck with pretty much only one ISP to choose from (discounting/not-counting Dial-up).

    B) Apprarently, PHORM's stock isn't much of anything here (where I am) so I'd love to see a link to a semi-real-time stock ticker. Suggestions from commentors appreciated.

    C) These are relatively large companies, right ? I can understand a Mom-n-Pop shop being taken in by 121Media, but not large ISP's. WTF ?

  97. Bob Starling
    Happy

    This amused me

    Phoned BT Broadband support to complain about possible interception of my web browsing by Phorm. They didn't have a clue what I was talking about and they suggested that I call BT's internet abuse support team.

    Some unintentional honesty there?

  98. J.Butler
    Stop

    I presume....

    .. the information commisioner will be bringing a prosection against BT for breaking privacy laws ?

  99. Waldo
    Thumb Up

    Well done El Reg

    I am pleased and impressed by your coverage and continued persistence in revealing the gory details of this saga

    I trust the story is well affiliated to other members of the press and media.

    B.T. need to be brought to Earth on this little breach of trust.

    Excellent journalism boys

  100. system

    RE: Did I read this right

    There's still plenty of evidence of what they did lying around the net. Search for "sysip.net 2006"

    They also carried out a trial in 2007 using the same domain name.

    http://www.ispreview.co.uk/talk/showthread.php?threadid=26640

    For some reason I find it hard to imagine that they will be held legally accountable for either trial though. Maybe I'm just cynical.

  101. Bobby
    Unhappy

    This is so disgusting

    Omg the shit's hit the fan now...

    I mailed this to my mp this morning and just had a reply saying he's forwarded it to the minister;;;;

    The Phorm Webwise terms should consider the following;

    It must be one time ‘opt in’ option and not include a drive by install of anything that alters the users computer or internet browser settings.

    Users must be warned that their own browser settings include a perfectly adequate phishing filter by default and that adding a 3rd party phishing filter of dubious origin should be very carefully considered.

    Targeted advertising is an unfair practice and ‘opt in’ users must be given a more random freedom of choice. If I search and purchase an object in the course of an hour or so then I do not want to be bombarded with useless adverts for the same product day after day as this would immediately become a nuisance. If one accidently clicks on an ad and finds it repugnant then one should not be subjected to bombardment of similar repugnant ads day after day. Also users should be subsidised for the wasted bandwidth this costs them.

    Users must be made aware that Phorm Webwise hide behind invisible 3rd party proxy servers and that their private internet data is being sent to undisclosed locations throughout the world.

    Finally, users must be warned that Phorm were recently called 121media with roots in adware, spyware, trojans and rootkits before being asked to ‘opt in’ to this service. The Federal Trades Commission (FTC) have been investigating 121media since 2005.

  102. tom

    wtf! Srsly!

    Please clarify. This *isn't* an April Fools joke?

    No icon, because I don't know whether to laugh or... well laugh, but ironically.

  103. Ivan Headache

    @dave @andy

    O2 is wholly owned by Telefonica of Spain. They acquired it from BT in January 2006.

    I'm sure there must be more than 1 person here who is a BT shareholder. Wouldn't it be a good idea to bring this whole illegal caper to wider attention at the next AGM?

  104. Anonymous Coward
    Thumb Down

    sysip.net injection in forum post

    Interesting - nice to see that forums can be used as evidence - time stamped and all

    http://www.bikegirl.co.uk/forum/forum_posts.asp?TID=2418&PN=1

    "Posted: 22-September-2006 at 09:46 | IP Logged

    < =text/>var PSpc="I.287303.1",PSsize="none"; I don't know, Sooz, seems to be happening on all my posts. Do you think I should see a doctor? Would you hold my hand, I'm a bit scared.

    Tech bods on the forum, any ideas? Bit of a Luddite on computer stuff < src="http://ntp.sysip.net/tag/2.js" =text/> "

  105. James O'Brien
    Dead Vulture

    @!#* Phorm

    "We think it is unethical of the Register to seek to undermine a technology that enhances online privacy - Phorm's system ensures that ads are served with no data storage - something that will benefit readers of the Register and other websites.

    In the interests of balance, we would like the Register to reflect the improved privacy environment Phorm provides over the other major online ad targeting companies detailed in the attached table."

    Ok first I want to say that I love in the States sadly. (still looking for a new mommy and daddy for moving to UK) I have been keeping up on this Phorm, BT and Virgin thing but havent commented until now since it doesnt affect me. The way Im reading it is that they will benefit "ME" as a regular reader of TheReg by serving "ME" ads? Not going to read through over 100+ comments but I want to be the first from my side of the pond to say this:

    FUCK YOU PHORM THE DAY I GET ADS FROM YOU, BEING IN THE STATES I WILL SUE!!!

    Sorry about the anger expressed its been a long last couple days.

    /We have a thumbs up and thumbs down icon where is the international sign for "Your #1 with me"??

    this bird chosen since its the closest thing to a bird I can put up

  106. Anonymous Coward
    Joke

    Oh dear Phorm

    Who said there was no such thing as bad press. :-)

    http://news.bbc.co.uk/1/hi/technology/7325451.stm

    You deserve to be hung drawn an quartered BT. Also the fact that Phorm, this honest and totally "private with your data organisation" was involved in this sneaky interception shows everybody the weasels they are.

    Least said about BT the better!

    Of course BT could claim that their CTO at the time Scleparis was the culprit but he no longer works there. - Over to you Phorm, perhaps your CTO could explain? Oh they are one and the same !!!!

  107. Anonymous Coward
    Anonymous Coward

    PHORM & BT

    Within BT all is not well senior experts have warned that PHORM is untested and a very high risk undertaking. Those asked are qualified IT professionals - Their concerns have been ignored probably because of the pound signs flashing before the board members eyes and those greedy little senior managers, who unfortunately are not qualified to decide what PHORM realy is and does. There are already a number of exploits which can be used to caused a little mayhem. The other problem is that with browsers being asked to re-submit the page request as the first is intercepted for profiling. This will cause an extra overhead in bandwidth which will possibly result in reduction of users download allowances, this will result in theft of your available bandwidth, an artificial way of reducing your downloads. Tie this in with DRM (digital rights management) and eventually users will be prevented from doing certain types of downloads.

    Solution write to BT chairman Michael Rake with a complaint asking for information and details. Until thousands complain in this way BT and the other iSPs will ride rough shod over their users.

  108. Slaine
    Thumb Up

    deal of the millenium

    for sale, guaranteed safe and secure habitat of excellent quality based on a gorgeous little beachfront on Mars. (next door to amanfrom....)

    Disclaimer: the property is only available for as long as you are prepared NOT to try and visit it.

  109. Paul Stimpson
    Coat

    Spin, spin, spin...

    "The current version, being promoted to BT, Virgin Media, and Carphone Warehouse customers as "Webwise", does not use JavaScript in this way. BT's report identified that it makes consumers more likely to be aware that they are being profiled as they browse."

    Why would it be a problem that users could detect that they were being profiled if Phorm is an opt-in system? They agreed to it; They already know. It would however make it simple to stop the system from working by disabling JavaScript.

    "121Media [Phorm] will take action (both technical and public relations) to avoid any perception that their system is a virus, malware or spyware and to show that in effect it is a positive web development,"

    'In effect'... That does tend to imply that isn't the purpose of it.

    "BT also refused to reveal where in the national broadband network the thousands of guinea pigs were sourced from."

    No **** they wouldn't! In order for someone to bring a criminal complaint someone has to be able to prove they have been the victim of a crime and when that crime occurred. BT and Phorm are relying on people not being able to bring complaints because they can't prove they were victims. The last thing they'll do is hand 28,000 (assuming the 2006 and 2007 victims were different people and every account was only one victim) the bullet to shoot them in the a*** with.

    "...owing to the legal position, direct cookie dropping could not be trialed and should be verified once the legal position is clearer." = We know what we're doing is dodgy and could land us in a world of trouble.

    Watkin wrote:"Targeted online advertising services should be provided with the explicit consent of ISPs' users or by the acceptance of the ISP terms and conditions." = We don't give a flying **** about the privacy of the public. Just send out a 4 page update to your Ts&Cs (which most ordinary people can't/don't have the time to read and understand), hide it in there and we won't touch you. In fact we may even want to buy the data in future to help us identify terrorists/kiddie fiddlers or anyone else that we may decide is undesirable or might stop us getting re-elected.

    "We think it is unethical of the Register..."

    "First they ignore you, then they laugh at you, then they fight you, then you win." –Mahatma Gandhi. Looks like El Reg is progressing nicely down that path then,

  110. Anonymous Coward
    Pirate

    Once again, wow

    After reading through all of the posts several times (as of 19:45 EST), I have several questions:

    1) Websites that are hosted in BT address space, through direct or second parties, are they automatically required to submit to Phorm "inspection" of their content?

    2) Since most EULA (thank you for that acronym MS (bastards!)) contain intentionally misleading information that the owner of the "property" has the "right to change the terms and conditions, at any time, with out warning or notification" of the users; since BT didn't warn the 18,000 test subjects, wouldn't that make both companies, whom I will refer to as 'the defendants" guilty of illegal interception of private data?

    3) .mil.* sites and any company that does business with the Royal Forces should be exempted from digestion of Phorm systems, simply because when they're hacked (which if Google, Yahoo, eBay, and countless big content providers can, it's not a matter of IF but WHEN), wouldn't it be quite plausible that any adversarial government or military (rhymes with shina) could build queries that would possibly link unclassified components to potentially classified and higher modules or platforms?

    4) Based upon the rather harsh reaction of Phorm and the mechanical response of BT, either Phorm is scared shitless and using the infamous "go on the attack when attacked" strategy and BT's plan is ignorance to the law until they can bribe an official to get an exemption, OR they actually have a snowflake's chance in hell of stalling this until it's just unprofitable enough to be not worth the hassle.

    5) Has anybody attempted about writing letters to major shareholders of each company, kindly informing them that their ISP customer base is abandoning them, and there's a really good chance that any of the advertisers who make use of Phorm, will be promptly ignored or boycotted?

    6) For those of us in the states, I'm probably wasting efforts but based on the fallout of this genius plan and awesome pr, I'm already drafting letters to my members of congress, providing they haven't been paid off by a telcom, ISP or web content provider... Yeah, I know I tried to keep from laughing, too. But what the hell, it's mankind's last stand against the complete usurping of individual rights and privacies over making for a .5% return on corporate investments.

    7) If all else fails, it's back to analog for me, baby.

  111. Quirkafleeg
    Boffin

    Re: PHORM & BT

    “The other problem is that with browsers being asked to re-submit the page request as the first is intercepted for profiling.”

    Packet sniffing will be sufficient for that; no need to cause a re-request. At least, not a repeat HTTP request.

    I find it reasonable (for Phish's purposes, which I don't find reasonable) if the propagation of the intercepted packets from the web server is delayed "a little" to allow for analysis of the page content. (That might cause re-requests, i.e. sending of duplicate packets, something which is normal in TCP/IP communication in the absence of a sufficiently timely response.)

    Think of the eyes in the icon as those of Big Brother Pharm. Privacy is exposure.

  112. Anonymous Coward
    Black Helicopters

    Government Contracts?

    Any government depts us BT as as internet provider?

    Can't see it going down too well if parts of the government involved in "covert" ops find that their browsing has been profiled by Phorm.

  113. Anonymous from Mars
    Pirate

    Lying by Omission is Admission of Guilt

    Lying by Omission is Admission of Guilt. If Phorm had just answered The Register's question with a one word answer, "No," then there wouldn't be any flak.

    Instead, they got defensive, and proved themselves guilty.

  114. Adam Foxton
    Coat

    A solution to the problems!

    Phorm could surely solve all these woes by forwarding on the increased ad revenue to us- the customers- in the form of cash or money into Paypal accounts or suchlike (so your actual details are obfuscated from them)

    But as they'll not do that...

    Couldn't we just all share a single UID cookie?- share a common one out via torrents, rapidshare, wherever. You'd be a small % of a large pool of "unidentifiable" data and since there was one there, you'd never download a new one. And if you did, it'd be clear that they were trying to personally identify you.

    Or they could just sell off this hackproof database technology they seem to be claiming to have.

    What's that in the icon? Oh, my! It's Phorm looking through my wallet :P

  115. Anonymous Coward
    Anonymous Coward

    Keeping track of Phorm participants

    Hi. I run Phormwatch: http://phormwatch.blogspot.com/

    I'm trying to keep an eye on Phorm participants, including ISPs, PR agencies, and participating websites and ad-agencies. So far, here is my list:

    List of participating ISPs

    * BT Internet, * TalkTalk, * Virgin Media

    List of participating PR companies

    * Citigate Dewe Rogerson, * Freud Communications, * John Stonborough, * Manning Gottlieb OMD

    List of participating websites and advertising agencies

    * Financial Times, * Guardian Unlimited - No Longer Participating!, * iVillage, * MySpace - No Longer Participating!, * The Telegraph, * The Times (UK Newspaper), * Unanimis, * Universal McCann

    If you have any information to add, please email me at: phormwatch at fastmail dot net

  116. Anonymous Coward
    Thumb Up

    Bring it on...

    I love malware, oops, I mean 'direct marketing opportunities'. Send me more crap, I just love being spoiled for choice.

    Do you need my inside leg measurement as well?

  117. Frumious Bandersnatch
    Unhappy

    re: Dear HMG Home Office

    I think your plotline has a definite ring to it... ah, yes, ... <a href="http://www.bignothing.co.uk/">Big Nothing</a>.

    dec

    parasamgate

  118. Anonymous Coward
    Flame

    @Aristotles slow

    By Aristotles slow and dimwitted horsePosted Tuesday 1st April 2008 11:41 GMT "

    My recent letter from VM clearly states they are currently progressing with an "opt-out" policy and that they will be as transparent "as possible" with their customers regarding this solution.

    Can we or the Reg come up with a list of non-Phorm broadband suppliers so when we all need to jump ship, we already have decent info to hand?"

    heres the thing though, given there are millions on the VM cable that cant easly get a BT line even if they wanted too, is it time to force Virgin Media to open its cable to better providers ?

    VM and c&w/ntl/tw befor them have been very good at making bad choices ,but npt picking the obvious stuff, avc for the stb, giving users far better upload rates that any adsl can manage on all the cable packages,.

    hell they dont even allow you to rent more thant one single cable modem per account, but you can have 3 stb's without a problem.... but you cant use their internel cable modem's even though the stb's plug into the exact same ubr's,their powered and ready to use.

    you might think vm cant run these internal CM's, you would be wrong, the exC&W baguley(hub for the NW) usera use these samsung and older stb's internal modems TODAY, mad VM managers ...

    so, it's clear we need to alow 3rd partys on the vm cable unrestricted and un phorm style profiled in any way shape or form, the old AOL did contract for an en user cable rebadge so that proves it could be done, how can thereg and the users get a Be* cable of the future in the UK....!

  119. Robbie
    Unhappy

    Well done El Reg et al

    This is the thin edge of the wedge and if BT (and other ISPs) get away with this, who knows where it will end.

    Sadly I'm a BT customer, so as soon as BT change the T&Cs I'm off to another ISP.

  120. Anonymous Coward
    Anonymous Coward

    VM Take note

    BT are too far embroiled to get any good out of this. But here is an idea.

    Virgin Media why don't you state your not going to continue with this half baked idea.

    Tell the public the truth that your not happy with the intrusive 'none privacy' aspect of the system.

    Tell everybody that Phorm hoodwinked you.

    Pick up loads of BT dissatisfied customers.

    Become a hero!

    Increase your profits respectfully.

    Now that's marketing!

  121. Leslie Bush
    Alert

    Breach of R.I.P.A.

    If it is proposed that users have to 'opt in' (by displaying an opt in page), then surely it is necessary to intercept the first call in order to display that opt in page? If that is so, then the technology automatically breaches the Act by unlawfully intercepting traffic.

  122. Anonymous Coward
    Anonymous Coward

    Change the law - :-)

    Dear BT,

    "I think I have committed a crime. Its very serious and everybody's up in arms about it."

    BT: "Don't worry all you have to do is change the T&C's of the law. That should make it OK again".

    "But its really serious.... it could be murder"

    BT:"Don't worry, all you have to do is change the T&C's and everything will be OK again. We do it all the time".

    "Cheers, I was worried for a second there".

  123. Sceptical Bastard

    BBC follows El Reg

    Nice to note that the Beeb is running the story today in its RSS top news stories under the headline " BT advert trials were illegal"

    See:

    http://news.bbc.co.uk/1/hi/technology/7325451.stm

    At this rate, the dreadful PR and (and its consequences for Phorm's share price and capitalisation) will render K(u)nt's business unviable.

    Congratulations to El Reg for the lead it has taken on this issue.

  124. Peter White
    Joke

    i wonder

    i wonder if the reason VM etc can't just dump this technology is the contract they have signed with phorm.

    this is not a defense of BT,VM ot TT, (i am totally against phorm) but VM my not be in a situation where it can get out of it without some phorm (sorry just had to do it) of compensation or pay off to phorm to break the contract, unless they can prove poor opt in (up take of the service), there must be a get out clause but it may be they are working towards it but can't say so publically

    looking at history 121 media tried a similar product, its share price hit the floor and went back to the drawing board, rebranded to phorm and webwise was built

    what gets me is why people are buying shares in a company that made a 10,000,000$ loss last year, which amounted to about 10% of turnover, and a 4,000,000$ loss the year before

    i would be curious to see who dumped shares as the sh1t hit the fan and the share price started to fall, could anyone at phorm or bt etc have insider trading added to the list of charges

    this just reminds me of the monty python parrot sketch, with bt complaining to phorm the product is dead and phorm saying "its not dead , just tired and shagged out after doing a big pile of sh1te" then at the end phorm offering bt another dead duck

  125. Wayland Sothcott

    Distorting the truth

    When you view a web page, the web server sends you the data it wants you to see. 18,000 people viewed web pages that had been distorted by Javascript secretly inserted by BT Phrom.

    Secretly intercepting and altering communications, changing the message, as it passes from sender to reciever is not exactly novel or difficult. Quite easy for the carriers of the data since it's sent unencypted.

    The fact is we *trust* the data carriers not to peek at the data and not to alter it.

    In the case of BT, the biggest carrier of data, THAT TRUST HAS GONE!!

    The only way a website can be sure that their page arrives at their customers computer without been peeked at or altered is to encrypt it. HTTPS for all websites.

  126. Anonymous Coward
    Paris Hilton

    I love it

    So the reg is being less than ethical in opposing this huge new benefit to us in terms of privacy enhancement eh?

    I propose I collect all the details of everyone in the uk and keep them very safe in my shed in order to make the uk much more secure than it is now. Any takers??

    Paris because the general people seem to be as deep thinking and easily led as she is.

  127. Secretgeek
    Coat

    BBC not acknowledging sources.

    Just as an aside really but the BBC website doesn't have a link to El Reg on it's latest Phorm story. Do we really think that they're not getting a lot of their info from here?

    I'll take the jacket with all the real news in thanks.

  128. Peter White
    Joke

    i wonder part 2

    i wonder if verisign and co, are considering an advert campaign on OIX like this

    "wondering how to protect your website from being profiled by PHORM?

    get a cheap SSL cert for your site today and encrypt that data fast

    contact ??? ???? ???? for details now"

    (should have thought of that one yesterday (april fools day))

  129. Spleen

    Re: Peter White

    Actually, the $10m loss was on $1m turnover, so it was a 1000% loss, not a 10% one.

    Obviously that doesn't actually mean anything, technology startups will usually have a few years of losses before their product comes out (I actually wonder where that revenue came from). But it leads to the point about why people are buying shares that value the company at over £200m, which is: because they're idiots. If you're buying shares in a technology company with no proven revenue then it's critical you understand the technology. These people don't and know they don't, yet they still invest. There may be some people playing the graph, buying low and selling high without caring about whether Phorm ever turns a profit or not, but that relies on other people being idiots. It amounts to the same thing.

  130. Dave

    @Andy

    Andy

    O2 broadband is actualy provided by Be Broadband, who I went to after dumping Pipex/Tiscali.

    In an earlier Phorm story comment a Be customer posted a responce from them saying they arent trialling and have no intention of ever trialling.

    Which makes me happy because they have a bloody marvelous service .... and fast too :D

  131. Wayland Sothcott

    @Alexander Hanff

    I like the idea of those petitions. They give a real feel of democracy. However they are only one of the things we have to do. Clearly it will take a lot of persistance to get BT arrested.

    The problem we have is that BT is now part of the 'government'. Their data snooping plans fit in well with the governments law enforcement policy. You may have noitced how the law seems to be enforced on you by your suppliers or your boss at work. Think of the smoking ban, it's not the police who tell you to smoke outside, it's your pub land lord and your boss. Similarly with parking, it will be NCP who fine you for not parking in their car park (see Brighton).

    Phorm is an ideal system to enforce DRM. Currently they don't track your IP address for advertising, but when the ISP's, think Virgin, start looking for people violating copyright they will use Phorm. I am not talking copyright vilations where someone steals your artwork from your website to use in their movie. It will be when you download the movie where they stole your artwork.

    BT and Phorm are on the side of the government so you can't expect the government to arrest them with the same zeal as they would arrest an ordinary person found breaking the same laws.

    I do believe that if we manage to win this one it may slow them down abit.

  132. Gavin Maxwell

    Not just BT, also BBC

    "Stratis held senior technology management roles with leading firms Orange UK plc (formerly Freeserve/Wanadoo), AOL Europe and the BBC"

    Does this account for biased reporting on te BBC website?

  133. bobbles31
    Stop

    Perhaps

    From what I have seen the system uses a 302 response to redirect the user so that they can hijack your session and insert their cookie.

    It can't be that difficult to write a plugin that will call up a site that it knows doesn't redirect and checks the response to see if a 302 has been received.

    Once this is detected you could warn the user that they are being profiled and how to opt out.

    Better still, if there is a page to go to opt out of profiling then automatically make the call and opt the user out.

    If this could be made slick and quick and be sold akin to a phishing filter, maybe we could lobby to have it included by default in the browser and attack them by getting the browsers modified to prevent their profiling.

    Anyway, its just an idea, I could write the software but alas have no knowledge of writing plugins. Perhaps I'll read up this weekend.

  134. Kane
    Paris Hilton

    Terms and Conditions

    "BT has said it plans to change its terms and conditions accordingly to comply with the law."

    So that means they will update the terms and conditions so that it won't be illegal for them to intercept data traffic. They will make it an integral part of the terms, so that when you *click* accept, you are automatically giving your consent for BT to monitor the traffic.

    B@*stards!

    Paris, cos she knows when to stop.....

  135. citizenx

    Moving forward...

    ..I was a BT Broadband customer at the time.

    I have contacted someone in BT high level complaints requesting confirmation as to whether i was part of the trial.

    If I was I'll be reporting this to the police and take it from there.

  136. Lester Wade

    Huh?

    Is this why I recieved phone calls about 6 months ago from BT offering me a credit card? I asked them where they got this information from and they declined to tell me ...

  137. Anonymous Coward
    Heart

    Dont even think about it

    Just switch..

    Dont think about it!!

    The longer you stay with these clowns the longer they think they in the OK.

    After everyone switched a leason for any other ISP.

    DONT MESS WITH THE CONSUMER!

    Love to see who thinks up this garbage ideas.. Would love to see their face when it all goes pear shape... Run Hide.!

    Love to see what they put on their CV

  138. Anonymous Coward
    Anonymous Coward

    Raised with BTs ombudsman + chat with BT management bod

    Hokay, several written compaints to BT got nothing, first ispa complaint likewise, 2nd ispa complaint got phone call and email from someone in chairman's office at BT, whom I shall refer to as TP.

    Email said in essence "complain to OTELO", which is BTs Ombudsman.

    The phone call was a bit surreal. TP (who lives in the chairman's office, recall) said he'd never heard of phorm (go on, read that again.He actually said that). He also stonewalled and fudged, repeatedly asking for proof that data had been shared with phorm (I was contacting BT exactly to try and determine the truth behind the rumour, as I explained, but that didn't faze him), and was generally unhelpful.

    He did say clearly that no private data had been intercepted or used but told me I wouldn't get anything in writing saying so, then went back to demanding proof and generally stonewalling.

    So, I did as he suggested and raised complaint with OTELO.

    I suggest that others here complain and keep pushing.

  139. AndyB
    Black Helicopters

    Re: Terms and Conditions

    ***"So that means they will update the terms and conditions so that it won't be illegal for them to intercept data traffic. They will make it an integral part of the terms, so that when you *click* accept, you are automatically giving your consent for BT to monitor the traffic."***

    If they do that I'll be off to another ISP.

    In any case, consent has to be obtained from *both* parties in the conversation, so if I am visiting The Register and The Register hasn't given explicit consent to be 'Phormed' then, IMHO Phorm (and BT) are still contravening RIPA.

    As far as I can make out, the only time it would be legal for Phorm to profile would be when a BT customer who has opted-in to Phorm visits a Phorm partner website.

  140. Eddie

    We may not notice the consent agreements

    Virgin have changed the terms of my account before (turning my Blueyonder bundle into separates so I don't get the discount for multiple services) with a neat little trick of saying in the small print (this is a paraphrase, I don't have my bills here) "If you don't get in touch your consent will be assumed"

    Check every page of all your receipts/bills very, very carefully from now on.

  141. Anonymous Coward
    Thumb Down

    New petition attempts

    Several of us are currently attempting to get a new petition going calling on the Prime Minister to ask the Home Office/Crown Prosecution Service to investigate bringing criminal charges against BT/Phorm for the illegal trials in 2006 and 2007 but so far we keep getting rejected. I cant help wondering who is behind these attempts to protect BT. Does anyone know if any senior members of the Labour Party sit on BTs board?

  142. Peter White
    Coat

    person to email

    perhaps the person to email to get the ball rolling about BT's previous trials of phorm is

    correspondenceunit@attorneygeneral.gsi.gov.uk

    as he oversees the entire legal systems

    got to be the coat as the BT exec just checking in case the data CD's lost by the gov are in his pocket

  143. Anonymous Coward
    Stop

    WTF is going on

    Why is PHRM.L going up in price ?

    Some simple people out there still buying

  144. bobbles31

    Petitions

    Keep attempting the petitions, as a form of protest we could keep raising petitions as a form of signing a rejected petition.

    If you search for Phorm in the petitions system rejected petitions are shown with the accepted petition.

  145. poh

    members of the labour party

    > Does anyone know if any senior members of the Labour Party sit on BTs board?

    Patricia Hewitt.

    And slimeware supremo Ben Verwaayen was knighted yesterday at Lancaster House (unless this was an April fool).

    http://www.publictechnology.net/modules.php?op=modload&name=News&file=article&sid=14985

  146. Mark Simpson

    Response from BT...

    I emailed BT to ask if I had been part of the trial. This is the response.

    "A small number of customers on one internet exchange were randomly selected for the test and were completely anonymous. Absolutely no personally identifiable information was processed, stored or disclosed during this test. BT has no way of knowing - because the trial was completely anonymous - which customers were part of the test."

  147. Anonymous Coward
    Unhappy

    @ New Petition - Patricia Hewitt is on BT Board

    see http://www.theregister.co.uk/2008/03/13/hewitt_joins_bt/

    I have seen your attempts to start a new 'more accurate' petition but personally think it would be better to just encourage people to sign the original petition. They are very wary of people submitting multiple petitions in support of a cause, which is obviously easily abused.

    That being said BT do have many massive Govt contracts, most notably much of the NHS NPFIT programme and as value-added carrier for most HMG networks.

    It could be argued that the Govt would be pleased to see Phorm used to 'soften up' citizens by getting them used to the idea of having their browsing spied on, prior to forcing ISPs to monitor for terrorists, kiddie porn, copyright violation, etc. (Actually any one of these would be a much more justifiable use of the technology than advertising, even though it would still be an illegal invasion of privacy at the moment). Paradoxically it is BT and other ISP's who do not want to be responsible for monitoring surfers habits who have always argued that it would be unfair / impossible for them to inspect and police everything that their customers are doing. So it could be hoisted petards all round then.

  148. b

    This is a title

    "If you don't get in touch your consent will be assumed"

    It's very hard to see this tallying up with the explicit consent that's required in the DPA and RIPA. It'll get ripped apart in court.

  149. Andy Barber
    Pirate

    My MEP...

    ... has said he will raise this matter in the EU parliament.

  150. Anonymous Coward
    Boffin

    Advice for BT (take it or leave it)

    I must admit that I would have thought BT upper management would have started distancing themselves from this technology by now. In fact the original document disclosing how the network was setup so there was no way to actually opt-out was leaked with the intention of saving BT from themselves (believe that or not but them's the facts).

    From a personal point of view I've moved on and have other work prospects in the pipeline for slightly more ethical companies, it's a shame BT haven't come to their senses. However, they seem to be taking an awful risk, as even if individual people cannot raise a legal case for their information being tapped in the trial that was covered up, then I personally could put the whole matter into the public eye by taking them to an industrial tribunal for unfair dismissal. I believe there are provisions in the PIDA (Public Information Disclosure Act) that protects whistleblowers, even when the disclosure was made to a media outlet (as there was evidence that an internal disclosure would have been covered up - see the El Reg articles detailing the admission of their potentially illegal acts from last year being covered up).

    Personally, I've suffered enough and not really interested in a crusade. My original intentions have been mis-read and punished enough by BT management - even after a personal apology for the difficulties it obviously would have caused internally within BT. Unfortunately BT's actions since have only served to re-inforce the original decision made to disclose to the media as they have shown absolutely no integrity in this matter whatsoever.

    This will probably be my last word on this matter, suffice to say - Shame on you Ben Verwaayen. Get a clue, put some distance between yourself and this issue for a few days and try and think about it from your customers' point of view. This isn't about a vendetta against BT or even Phorm, it's about the law and justice and keeping your customers' trust.

    You have some catching up to do Sir Ben.

  151. steve hayes

    Power currupts ? Sorry about the politics

    So Patricia Hewitt is on the BT board. Surely only a corrupt government would allow something like this to influence legal issues to act in the favour of the wrongdoer.

    I have been a solid Labour supporter for many years and it would sadden me considerably if they were to not act properly on this issue. So much so they would lose a vote that has never ever gone any other way than Labour's.

    I fully demand and expect BT and Phorm to be severely treated in this issue with the full impact of the law brought down on them. This is not Robert Mugabe's Zimbabwe where people in power have in the past protected each other. This is Great Britain where citizens rights and laws should be upheld.

    It is obvious to anybody within IT that Phorm and BT have acted totally irresponsibly.

  152. Peter Johnstone

    @Alexander Hanff

    Well done, good reply. Its a pity we couldn't get a list of the BT users that were spied on and conact them, surely out of that lot we could find one willing to sue.

  153. Anonymous Coward
    Anonymous Coward

    "your consent will be assumed"

    As far as I know, that kind of thing isn't legally enforceable under UK consumer contract law, whatever the cowboys may try to kid you. In particular it is prohibited by the stuff which deals with unfair terms in consumer contracts. IANAL, but ask a Trading Standards bod or someone with appropriate legal background. If your contract changes, you have an excuse to get out, regardless of "assumed consent". Threaten them with court and they'll give in, as the cowboys know it's easier to settle quietly with the few folks who raise a fuss, rather than be dragged to the courts and have a public precedent set against them and have their (unenforceable) Ts+Cs changed.

  154. Man Outraged
    Happy

    If the trials were to show Phorm did not affect customer experience..

    If the trials were to show Phorm did not affect customer experience..

    Then why in the 2007 trials did the customer support reps act clueless when the aggrieved customers phoned up to complain about dodgy redirects and cookies?

    Surely if you are testing the water, you brief the customer support people to give you a heads-up to stop you jumping head-first into the boiling pool?

    If the first trials were in 2006 - THEN WHY WAIT UNTIL JANUARY 2008 TO GET PRIVACY IMPACT ASSESSMENT AND DATA SECURITY REPORTS!!!

    SURELY DATA PROTECTION AND PRIVACY SHOULD BE CORE TO THE SYSTEM, DESIGNED IN FROM THE START AND NOT AN AFTERTHOUGHT.

    This just STINKS and BT will get what they deserve. Piss the staff off, they WILL get you back. Piss the customers off, they WILL have the last laugh.

  155. Humph
    Joke

    I had to laugh

    Just had a 'phone call from BT Broadband offering me a £4 per month discount if I sign up for another year. One can't help but wonder if this was precipitated by a wish to retain customers in face of the unfavourable coverage they have received recently.

    I did, however, get the opportunity to "educate" the poor phone-peon in why I was unhappy with BT. Poor fella hadn't heard of Phorm, Webwise or "Targeted Advertising". To his credit he did agree with me that profiling was a bit off.

    Needless to say I indicated that I found BT's behaviour in this regard despicable and that under no circumstances would I be willing to enter into another twelve months' contract.

    I have my eyes on www.fast.co.uk, who look like thoroughly decent folk who (bizarrely) seem to be labouring under the impression that they are there to provide a service to their customers!

    Joke 'cos I did actually laugh when I found out who was calling me!

  156. Pete
    Heart

    @Peter White

    I'm no lawyer but if VM signed a contract with Phorm for an activity that is illegal, and if VM did not know that said activity was illegal at the time of signing the contract, then I don't see why they couldn't tear up the contract and use for toilet paper. The truth of the matter I imagine is more that the guys on high at VM are just standing back and monitoring the situation, still sorely tempted by the carrot of Phorm-based revenue.

    Almost every decision in life is made on a cost-benefit basis. You weigh up your projected benefits, measure them against your projected costs, and if the benefits outweigh the costs (with suitable certainty) then you go for it. At the moment, the costs associated with a handful of IT-related folks such as ourselves leaving for another ISP, and of the effort of lobbying for a change to the law (or even easier a relaxed interpretation of current law) to make future Phorm-related interception activities legal, are still far less than the rewards to be reaped. So VM and partners are biding their time...

    A heart, because in the end love is all that counts.

  157. jtech
    Alert

    @Mark Simpson

    i can tell you who..

    http://www.bikegirl.co.uk/forum/forum_posts.asp?TID=2418&PN=1

    or

    http://pwcforums.co.uk/wiz/printer_friendly_posts.asp?TID=10304

    or

    https://www.bluffmagazine.com/forum/forum_posts.asp?TID=4108&PN=1&get=last

    or

    http://www.raisingkids.co.uk/forum/display_topic_threads.asp?ForumID=72&TopicID=17698&PagePosition=1&ThreadPage=2

    or

    http://www.angelways.co.uk/forum/forum_posts.asp?TID=326&FID=3&PR=3

    or

    http://www.pwcforums.co.uk/wiz/forum_posts.asp?TID=10314

    badphorm.co.uk

  158. steve hayes

    I've cracked it

    Pardon me if someone else has already spotted this but PHORM is an anagram for MORPH . Same person different 'form'.

  159. Anonymous Coward
    Thumb Up

    BBC - get ready to follow up

    Thursday morning BBC Breakfast will have an interview (sorry, I don't have the link, can anyone else get into Cable Forum at the moment?)

    We need to subsequently ask the Beeb to follow this up. There is a link to the Newsnight programme here :-

    http://news.bbc.co.uk/1/hi/programmes/newsnight/default.stm

    The 'contact us' link is on the left hand side.

    E-mail them asking that they follow this up. Put Kent in front of Paxman! Keep the BBC rolling on this one.

    Well done the Register for helping to keep this issue alive.

  160. phormwatch
    Joke

    BT also attempted to bribe me

    After complaining to BT Customer Services about Phorm Spyware, I got this letter back:

    ----------

    Thank you for your e-mail dated xx/x/08 about I want to complain - I have a complaint about my service.

    I am sorry it took so long to get back to you.

    Im sorry about the issue your having at the moment.

    Your broadband contract expires on the xx/04/08

    If you are wanting to remain with bt for your broadband you are entitled to a £5 per month discount for a further 12 months now you are coming to the contract.

    If you want to take up this offer than dont hesitate to get in touch, and i will arrange it for you.

    Thank you for contacting BT.

    Yours sincerely,

    Dean Lee

    eContact Customer Service

    --------

    If they are instituting a policy of bribing customers to stay, they're obviously having one big customer retention problem.

    - phormwatch

  161. Anonymous Coward
    Alert

    That would be a great laugh

    Seeing Paxman lay into that bloke whose name I can never pronounce properly, it often seems to come out sounding like an obscene word.

    It took at least one snotty e-mail to Newswatch to get the BBC website to give some light to the latest BT lowlife revelations (not that they would ever admit that, of course).

    I can't get into cableforum either. Hope it's just down for routine maintenance or something like that. There's some excellent stuff on there, I hope it's not lost.

  162. Mark

    The real problem

    While I'm in complete agreement with most posts here re phorm, I can't help but feel a sneaking admiration (for desperate want of a far more approriate word!) for the sheer on-message relentlessness of phorms PR push, which simply ignores all truth or reality and attempts to spin the required myth for public consumption. They just don't blink.

    Sadly, it's working, and the reason this has not become much of an issue in the mainstream press is largely down to the on-tap access to phorm staff to "explain" to less tech savvy media types what the "truth" is. Unfortunately, they're swallowing it, and I shudder when I see some of the fairly positive write ups phorm are getting. A "hey thats not a bad idea" editorial in Macuser chided readers not to get hot under the collar about this till they'd cut up theeir (far more dangrous apparently) supermarket loyalty cards. Huh? The most amazing thing is that the idea of "more relevant advertising" - a ridiculous idea - seems to be going down better than I would ever have imagined.

    Phorms strategy has risks; if people like the Macuser retard start thinking about it rather than regurgitating fantasy phorm-speak, the public awareness of phorms true nature will kill the idea stone dead. But until there is a co-ordinated opposition campaign that provides accessible geek-lite counter arguments to each and every phorm argument on demand, every time, in the main media outlets, it will remain easy for phorm to dominate the limited awareness of Joe Public and dismiss El Reg and other tech forums as niche paranoic ranters. For gods sake we have black helicopter icons.

    The mistake if to dwell on the tech issues; it's simply about privacy and retaining the rights to what amounts to your intellectual property. If the principle of what is private and what comprises consent isn't urgently clarified, legally redefined and toughened, phorm will just be the start of a world of data-pimping pain without apparent end.

  163. Anonymous Coward
    Anonymous Coward

    BT and BBC

    The BBC reporting is a sham, they are claiming that by deleting your cookies everything will be ok, and nothing is recorded

  164. Anonymous Coward
    Anonymous Coward

    Mention on Breakfast TV

    Just saw a brief mention on Breakfast TV of the developing BT scandel.

    Phorms name wasn't mentioned but the BT representative look unconvincing when she said they had all legal advice etc. B***cks!!! I say.

    I doubt BT's legal team even knew in 2006 what was going on between their TCO at the time and Phorm (Sorry 121 Media as it was then known - You know - that rootkit spyware company).

    What I want to know : since the TCO of Phorm now was the TCO of BT then. Was his move to Phorm, as it is now known, related in any way?

    Smacks of something really bad but the word escapes me!

  165. Simplepieman
    Jobs Horns

    @Pete

    > Almost every decision in life is made on a cost-benefit basis. You weigh up your

    > projected benefits, measure them against your projected costs, and if the benefits

    > outweigh the costs (with suitable certainty) then you go for it.

    The problem is that all young buck management and execs think they’ve cracked this, think they understand this and press ahead on a "cost/benefit" grounds.

    BUT - many fail to properly factor in costs and benefits that only occur over a longer period of time, e.g. staff goodwill and brand image/brand damage. Research and Development is another good example.

    Short-term thinking is encouraged by the stock market, where execs are hired to provide "shareholder value". But the stock market is inherently short-termist, so shareholder value comes from short-term measures which inevitably lead to a stagnation of share value or a spiral of decline.

    This whole sorry tale smacks of short-term or flawed thinking:

    1.) Targeted advertising has limited value. For ubiquitous products in a saturated market maybe, but some of the best results come from adverts that catch their viewers unaware or introduce them to products they hadn't even thought about.

    2.) Targeted advertising already exists. Advertisers compete for space on websites based on the topic of that website. Phorm is not offering anything unique - it is trying to gatecrash a party, so why is their product deemed so valuable?

    3.) Whilst customers (and staff) oppose the tie-up with Phorm, the ISPs risk damaging their long-term value.

  166. 3x2

    completely anonymous?

    <...>"A small number of customers on one internet exchange were randomly selected for the test and were completely anonymous. Absolutely no personally identifiable information was processed, stored or disclosed during this test. BT has no way of knowing - because the trial was completely anonymous - which customers were part of the test."<...>

    Where exactly in RIPA does it say it's OK to wire-tap so long as you don't look at the results too closely? RIPA say's it is illegal to intercept any communication. What you did or didn't do with the results or that you didn't know who you wire-tapped is irrelevant.

    Where are HMG in all this? There is more than enough evidence to at least investigate. I'm still searching RIPA for the safe harbour BT think they have and I still can't find it.

  167. Anonymous Coward
    Stop

    Don't they realise...

    ...who they're messing with?

    "technically adept [men] older than 30 who [have] trouble fitting in at work and in social situations (...) also own a stockpile of weapons."

    You just can't f*ck with people like that.

    For some of us (not all of course) the neighbours would say (after the 'incident') "He seemed so normal, he just kept himself to himself", see the danger they're putting themselves in?

    (Can't we have a gun-toting-socially-inept-30-something-living-with-mum-nerd-possibly-bearded icon?)

  168. Peter White
    Heart

    investors looking at phorm are wising up

    from http://www.iii.co.uk/investment/detail/?display=discussion&code=cotn%3APHRM.L&threshold=0&it=le&pageno=2

    read the full post to get the full argument

    Mon 14:07 Re: People Lack Real Insight lautresteve 3

    below is a few bits from the post

    "It's so simple in fact, that I can't understand how they spent so much money developing it. If it were truly worth anything, I'd be on the phone to a VC right about now, but it isn't. And the internet ad experts don't think so either. Profiling for ad targeting has advanced far beyond what Phorm's key technology seeks to deliver. State of the art ad targeting does not simply collect ten facts about you and then match some ads to those keywords, and in fact, matching to categories that the user is already known to be interested in is not considered to be clever, and can be easily achieved without the additional overhead of Phorm/OIX. These days, the ad targeting people want to show you ads for stuff that you didn't know you wanted, which takes a little more inference than the 'ten keywords' approach really allows for,"

    "So, their technology is lacklustre at best. It's not very complicated, it's easy to replicate (and improve on) without patent issues (happy to expand on this) and at a far lower cost, it doesn't deliver what the ad targeting people want."

    "BT's own survey data suggests that users want less advertising. Given this, and the level of negative publicity surrounding the issue, it's hard to see how many of them would chose to opt in. Some might, of course, but it's not going to be anywhere near the 70% level.

    So, no mass profiling, no value to advertisers and no big revenue stream for the ISPs.

    Where's the value ? Falling, like the share price."

  169. Jimbo Gunn
    Happy

    What BT have just done...

    And I'm being serious now - is, by coming out fighting, without acknowledgement of customers' concerns, just alienated the customers who felt uneasy about this and enraged those who are baying for blood.

    Well done Emma Sanderson of BT, my hat off to you. You have just made things much much better, honest.

  170. Anonymous Coward
    Paris Hilton

    Hmm to peter white

    Trouble is users wont opt-in, but thats the whole premise, Bt are saying you can opt-out.

    No-one opts out unless they have a specific desire, and as yet the issue is not up in front of them.

    Paris because she has specific desires and I would like to help her opt-in.

  171. Chris
    Paris Hilton

    Response from BT

    I received a phone call from a nice indian lady this morning asking me why I was complaining that I did not want adverts in my BT email account.

    I explained to her very carefully all about Phorm/Webwise, and she had never heard of it. She called the "Broadband Department" and they claimed never to have heard of it either.

    Eventually she gave me an address to write to, which I am going to do;

    BT Plc

    Correspondance Centre

    Durham

    DH98 1BT

    ps: Paris, because this is the only nice picture of her. What?

  172. alphaxion

    the iii.co.uk link

    Ugh, it's posters like those present on that site that make me think the first person to invent SoIP (stab over IP) will be immensely rich.

    The fact that they are trying to claim that information relating to the legality of the business practices of a firm they are investing in is not relavant to an investment site is astounding - do I have to trot out the "pride cometh before a fall" line?

    It's of critical importance, otherwise the company would face punative fines and have their business model destroyed.

    Their complaining about the links to technical sites when the firm in question is a technology company is just coming across as a person who simply can't get their head around the information being presented to them.

    I hope those who a burying their heads in the sand lose a sizable chunk of money for being so ignorant.

  173. David Pollard

    @Mark 'The real problem'

    "... it's simply about privacy and retaining the rights to what amounts to your intellectual property..."

    Though contentiously more favourable towards Phorm, Guy Kewney takes a broadly similar view: http://www.whatpc.co.uk/itweek/comment/2213127/enemies-privacy-3907973.

    "The one party that should be officially and vigorously banned from accessing and storing user data of this sort is government. Government oppression needs little help from powerful database technologies showing user preferences and habits; it’s all too easy already."

    The problem is that, as the Information Commissioner tried to tell us with "Sleepwalking into a surveillance society?" (http://www.statewatch.org/news/2004/aug/08uk-info-commissioner.htm) and as Bill Thompson recently pointed out (http://news.bbc.co.uk/2/low/technology/7226016.stm), it may already be too late.

  174. Dam

    Please not the legal crap again

    "Written by civil servant Simon Watkin, it argues that the system will probably be legal if consent is obtained from users."

    Oh will it ?

    A client consents to his data being spyed upon.

    Said client connects to *my* servers, logs in a *restricted* area and receives *my* data (say a tech article).

    Phorm *intercepts* said data without *my* consent and falls foul of RIPA, despite having the end user's consent.

    Despite of what BT and Phorm may think, a user can't give them consent to intercept intellectual that belongs to me.

    Phorm can't be legal because it'd need consent from every site admin and publisher everywhere.

  175. Anonymous Coward
    Anonymous Coward

    @ response from BT

    "A small number of customers on one internet exchange were randomly selected for the test and were completely anonymous. Absolutely no personally identifiable information was processed, stored or disclosed during this test. BT has no way of knowing - because the trial was completely anonymous - which customers were part of the test"

    That can be loosely translated as: "We knew what we were doing was illegal so we made the trial anonymous so that it would be difficult to prove what we were up to"

  176. David

    BT correspondence

    Re. Chris and his correspondence address for BT.

    All I can say is - don`t hold your breath. I moved house a mere 600 yards down our country lane and, despite me telling BT that the line passed by the new property (I was a BT maintenance engineer for this rural patch where I now live for 20 years, when it was a public service, so I do know what I`m talking about) and would just need a simple physical diversion (i.e. connecting two wires together on the pole outside), thereby retaining my broadband and making life easy for all concerned, they managed to make the biggest foul-up imaginable, cutting everything off in the exchange, providing a brand new line right the way through the system, as if it was a new installation (this tied up their engineer for some six hours in the pouring rain, about which he was not best pleased when I told him that there was no need for all the extra work he`d carried out) and chopping my broadband in the process, despite me retaining the phone number that it was originally provided on. There was also the "small" problem of making my neighbour`s phone line faulty in the process, but that`s another story. The "engineer" (I use the word loosely) told me that I would have to contact my ISP to have my broadband re-activated, which they would when I spoke to them, but at a cost of £47.00! I fail to see why I should have had to pay this when it was BT that had cocked-up. Luckily (in a way) the line had also been de-tagged, so I started afresh and took my business elsewhere to an ISP with no set-up fee. I tried ringing BT to complain, but, like Chris, got diverted to India. I`m not the slightest bit racist but it has to said that they were totally useless and I too, was put through to "The Broadband Department", even though BT were not my ISP and got the run-around with suggestions that it was normal procedure to cut everything off on a house removal. I wrote to BT at the address that Chris has, suggesting that maybe they hadn`t got it quite right (!) and what were they going to do about my lack of broadband for several weeks, but never, ever, got any reply, either by phone, snail-mail, or e-mail. They are an absolutely despicable company these days in my opinion.

  177. Anonymous Coward
    Anonymous Coward

    @alphaxion re iii link

    I am one of the people posting on that site trying to wake some of the investors up to the technological and legal ramifications of Phorm and their system. Its like banging your head against a brick wall but I intend to keep at it.

  178. Anonymous Coward
    Anonymous Coward

    @@alphaxion re iii link

    Why? You're only protecting them from themselves in the end. Let them pay in cash for their own stupidity.

    If you want to go for phorm's weakness, it's its legality, and its public perception of legality and snooping. Attack those, the rest will follow.

  179. nargh

    @@alphaxion re iii link

    Why? You're only protecting them from themselves in the end. Let them pay in cash for their own stupidity.

    If you want to go for phorm's weakness, it's its legality, and its public perception of legality and snooping. Attack those, the rest will follow.

  180. Anonymous Coward
    Anonymous Coward

    ISP's wake up OR reap no rewards

    As I step back just a little from this Phorm BT, VM talk talk spyware sordid story (of which I am very angry and have been vociferous about) I wonder if the ISP's who so far have been 'conned' by Kent and the rootkit mob realise the basic law of customer relations.

    a: Good relationships take some time to form.

    b: Bad news travels fast

    c: Bad relationships can be achieved very quickly.

    d: When the internet is involved, good and bad news travels at light speed.

    (Unless its slowed down by Phorm and their illegal interception)

    The point!!!

    Unless some of the ISP's involved with the rootkit gang do some backtracking fast, no amount of bribery will restore either good faith or customer relationships.

    Once trust has gone, you can never get it back by the vary nature of what it is. TRUST.

    No amount of spouting about what is legal or what is not legal matters. What matters is TRUST - get it?

    Get rid of Phorm! WISE UP.

  181. steve hayes

    Richard Clayton in the BBC headlines again

    After visiting Phorm, He says it is still illegal

    http://news.bbc.co.uk/1/hi/technology/7331493.stm

  182. Anonymous Coward
    Anonymous Coward

    Read Richard Clayton's full report on Phorm

    http://www.lightbluetouchpaper.org/

  183. alphaxion

    iii

    I would have given plenty of caustic commentary to them, if it wasn't for the fact that I can't be bothered to waste my time on the sign up system.

    I appreciate people trying to educate others about how bad things are, but I am left wondering how many of the chumps trying to defend phorm on there are actually sat with their fingers in their eyes while chanting "na, na, na, I can't read you".

    I wonder how many of them would have complained about someone informing them about nick leeson's activities on the barings bank page had the site existed back then >.<

  184. Anonymous Coward
    Black Helicopters

    Privacy Issues

    This privacy intrusion has caused me start thinking about the way I conduct all my business.

    Being a regular guy with little "nothing" to hide, why does this bother me so much?

    Must be the absolute and total intrusion into my time and the things I do.

    I work for an ISP, but am now considering not bothering with the Internet at all.

    Interesting that I'd give up the resource that enabled me to become aware of the issue in the first place.

    Also, considering getting rid of the credit cards, shop cards, and what not.

    I don't feel as though I need to be tracked and have information about the things I do and buy shared amongst various corporate behemoths.

    Maybe that's what we need, a really major change in the way we do things. No maybe about it.

    Do you think that's short sighted of an ISP employee?

  185. Anonymous Coward
    Anonymous Coward

    Phorm issued notification of holding

    I noticed Phorm issued a notification of holding yesterday. I seems that one of the larger investors has reduced their share level to an amount that requires Phorm to issue a statement.

    What is the significance of this?

  186. Anonymous Coward
    Anonymous Coward

    Richard Claytons new artlicle today (another one) - ISPs PLEASE READ

    I suggest all the ISP owners read this one fast. (I suggest you Pack away your tooth brush and get the wife to learn to cook cakes with files in them)

    http://www.lightbluetouchpaper.org/2008/04/05/adding-webwisenet-into-the-cni/#more-316

  187. Anonymous Coward
    Coat

    Richard Clayton's report

    This bit worried me:

    "Phorm explained the process by which an initial web request is redirected three times (using HTTP 307 responses) within their system so that they can inspect cookies to determine if the user has opted out of their system, so that they can set a unique identifier for the user (or collect it if it already exists), and finally to add a cookie that they forge to appear to come from someone else’s website."

    So if they can forge a cookie and are using 307 reponses what is to stop the injecting ANYTHING into the stream being returned to the end user.... maybe its adverts, maybe its adware, maybe its malware. But the end user thinks that the site they are visiting is sending it to them

    They say they wont do anything like that but do you believe the lying scum?

    I'm waiting to see the first time the phorm technology is used to inject malware and then of course the court case where the original website owner sues the arse off the ISP and Phorm.

    Mines the one with "Fuck Phorm" printed in big letters on the back

  188. Kevin Jeal
    Happy

    Must be illegal!

    Here is a statement from the present BT terms and conditions

    "WE DO NOT STORE INFORMATION REGARDING YOUR TELEPHONE NUMBER, ACCOUNT OR PAYMENT DETAILS IN THE COOKIE, AND THIS INFORMATION CANNOT BE ACCESSED USING IT.

    BT´S COOKIES DO NOT COLLECT ANY INFORMATION REGARDING THE USE OF YOUR PC OR YOUR INTERNET BROWSING IN ANY WAY.

    PLEASE NOTE THAT AS THE COOKIE IS BASED ON YOUR PC, WE WILL NOT FIND IT IF YOU VISIT OUR WEBSITES USING A DIFFERENT PC TO THE ONE YOU REGISTERED ON."

    Nuff said!

  189. Anonymous Coward
    Thumb Down

    Richard's report

    His report doesn't seem to address the fact in point 79 that the anonymiser and profiler, whilst owned by the ISP, are in fact boxes that contain phorm software (they were the 'gifted' equipment). so in effect Phorm COULD if it wanted to, alter teh software there to Gain you IP address and link it to your UID and you would be non the wiser (nor would the ISP know about it).

    The robots.txt parts are telling as well. Phorm seems not to want website woners to be able to block them without blocking googlebot etc (they wont tell anyone what useragent they pick up on), if they were so honest, why don't they look for a specific "phorm" useragent and respect that?

    point 37 of his report shows that phorm has little interest in protecting users wishes..how many sites use basic authentication? i would say over 99% use application logic to set a session cookie to which you're authenticated (PHP based sites mainly do this, as does all our email webmail sites). so in effect phorm is really saying that they, in most cases, scan privileged information [webmail aside where they say they they dont read it--but won't even publish which sites are blacklisted!]

  190. Anonymous Coward
    Anonymous Coward

    Let's not beat around the bush

    I will never accept Phorm!

    I don't trust Phorm

    My past experiences with Phorm are negative [Spyware and other nasties I have removed from other peoples PC's]

    I really find it difficult to believe that ISP's, who in the past have been so keen to advocate PC security, are involved with this outfit. It really takes the p$$s

    No amount of assurances will change that sobering thought.

    The bottom line is that if this system comes in [and I find it hard to believe it can - legally], I will leave my ISP and take all my other value added services with me.

    I have values and those values don't include Phorm. I hope many others feel the same way.

    Lots of people will reformat PC's if that was the only option available to remove spyware. Changing broadband providers is a lot easier option in a relative comparison. Phorm is spyware - no doubt in my mind!

This topic is closed for new posts.

Other stories you might like