Posts by Peter White 61 publicly visible posts • joined 12 Mar 2008
"The next stage will be radical expansion and enhancement of two-way communication between service providers and homes"
means "The council will now email you instead of sending you a letter."
at least it is more green to bin an email than recycle the letter as bog roll
and easier to ignore, but yet again, the lack of security in unencrypted email , what happens if you use GMail that is scanned to provide adverts etc
peter
a single place like that would be a phishers dream, infect your pc with a nice little trojan and wait for you to logon to the mygov site and havest all the ID information they want
yet one more way to gather information about UK citizens, no doubt the site will be laced with all sorts of trackers like OMNITURE, flash LSO's etc
no thanks i would rather have face to face dealings with HM Gov, at least you can tell when they are lying (give away is their lips move :) )
I just do not trust HM Gov with security of my data as far as i could throw the pm's limo
peter
Point 1
NFC is not attractive to me due to the issues of fraud, e.g anyone who has access to your card can spend up to £15 wthout your permission or needing to prove they have authority (by signature or pin input) eg daughter want a £10 top up for her phone, borrows my card get the top up and pays by waving it near the reader having carefully placed thumb over name on card so cashier does not see MR x instead of MISS x, replaces card in my wallet and i am none the wiser until i check my balance or get the statement
how does one then get a refund from the bank? as the card was used fruadulently!!
or will as i suspect the bank will say my problem due to physical security issue of the card?
point 2
the app for showing the nearest nfc accepting outlet
for this app to work there has to be a tracking device, eg gps enabled on your phone
how many phones or contract state that you have provided "informed consent " to this ability to track you??
i regard it as an invasion of privacy, and yet another covert method of being able to track and monitor people, and more data available to hm gov to label you a terrorist or stitch you up for something else as you "were in the area"
call me synical, but that is just the way big bsiness and the current hm gov have made me, i am a number to be tracked, marketed for money and genrally abused by anyone who has access to data or my "profile"
thanks but no thanks to NFC i prefer old fashoined method and value my privacy
peter
mine is the coat with the faraday shieled pockets
so to use web 2.0 rubbish like twitter, facebook etc you now can put you credentials into a M$ app like outlook 2010?
and how many security holes does M$ try and plug each month on patch tuesday?
why not just post your account details on you facebook page or tweet them to everyone
social networking has enough security issues without adding M$ app's into the mix as well
how long before someone codes a malicious email to harvest them??
peter
nearly 300 more people signed up today on the petition
that goes to show the issue is not going away, it has been in the top 5 petitions for over 9 out of the 12 months
that has got to say something about what people think of this sort of invasion of privacy
thanks to el reg for all the coverage they have given to the whole issue of phorm, past present and future
peter
i have not looked at the image and would not want to, but this debate raises some important issues with the internet as it stands
content (such as the image above), ISP processes (for instance phorm in the UK) or even if for advertsing / privacy options etc (some countries says has to be opt-in others opt-out to be legal) which are legal in one country may not be in another, so how should these situations be handled
this legal mess is a global issue and can't be resolved by a single quango or ISP unilaterally censoring bits of the net
but the issue is to try to get all governments / legal authorities to agree on a common framework and punishments for infringment, as some countries run on cash generated by black economies this will be a problem in itself, take medicines if you read some of the emails it seems to indicate canada allows online sales of prescription drugs, hence all the viagra adverts say canadian origin etc. take pron, what is deemed accepable images of consenting adults in one country are not acceptable in another
i do not see a sensible conclusion to this issue until there is international co-operation and a body with teeth and that is not afraid to use them enforcing any rules against the website owners and if required hosting companies. but then you have issues with hijack sites and various other issues as well that could lead to innocent sites being subject to penalties
as i say no sensible conclusion to this case, but it is yet again showing just how much tracking and invading of privacy the major ISP's are doing without telling their customers
peter
those of us on bt forums tried in vain to get some basic answers from BT regarding phorm, both in public via the forums and in private via E-Mail
total silence
i personally got banned, due to asking where my previous post had gone (breaking the 'dont query mod decisions' rule), before i recieved the email to say my post had been deleted due to breaking the rule of discussing another isp (ZEN)
i have since emailed the moderators twice querying the ban etc, guess what total silence, not even a curtesy reply to say "mod decission final" etc
very heavy handed is all i can say, out of what appears to be desperation to try and contain critisism of the whole webwise issue
but all it has done is move the debate out into many sites like this , nodpi, ispreview etc which many more will read and cause BT far more damaging publicity (nice own goal BT PR Dept)
much of this would have been headed off, if as phorms PIA and the ICO said about connecting and holding dialogue with the customers
bottom line is bt needs to get its head out of the sand (or other places) and talk to it's customers, and not via some vague poll which is rigged and bt not willing to publish saying everyone wants webwise
come on BT step up to the plate and talk to people
WE DARE YOU
peter white
mine the one with the mac code in the pocket as soon as i can break my contract due to material change clause, will NEVER USE BT AGAIN
the national lottery has a average chance of 14,000,000 to 1 of winning the jackpot
so what are the odds of a single childs data not being shielded correctly and someone gaing access and causing distress, injury or worse to a vulnerable child
and why do the government want details of MY children, they are law abiding, well educated (at least the school report says) and most importantly i have not been asked permission as their parent / legal guardian for permission or please check this information is correct
who will be able to check the information or request a copy?
who will leave the logon details on a train or lose the CD / DVD copy of it
time to stop all this sillyness and data gathering, this is getting more out of hand than russia under stalin or various other dictatorships over the years
peter
are there none here that remember the eighties when ford introduced a high security chubb key (a sort of hexagonal affair), people soon worked out you could copy the key from just looking at it
also nearly all, if not all cars in the last 5-10 years have an rf transponder in the key to activate the engine managment ECU (if you car has a factory fitted immobiliser it has this feature)
also it is all well and good copying a key, but you need to know where the lock is it fits, so no good taking masses of pics at the pub unless you know the addresses of the doors (work or home) they fit
i see no need to worry unless this becomes a mass market product / software
mine the one with the reality check in the pocket
peter
there are numerous webmasters noting that they get read reciepts from upto 8 phorm.com email addresses when they send in a request to black list a site
then they also get a number of hits on the website including ones from russia
it is as though they are pre-profiling the site before excluding it, so they can still categorise visitors based on historical data
beware
peter
the US is pulling behavioural advertising systems because of legal and privacy issues and yet you push ahead with phorm and BT WebWise.
wake up, smell the coffee, your customers do not want it, it seems BT employees are uneasy about it if you read cable forum (which i am sure you do) the only people who want it are board members on fat cat salaries linked to profits and targets.
carry on and watch both fail when you start losing customer base due to BT WebWise (Web Lies) the anti phishing was only added to TRY and comply with PERC so it has a "VALUE ADDED SERVICE" but what value is a service that current browsers and security software do better than BT WebWise???
the public are on to you BT,
for those not sure what i am on about look at www.phonecallsuk.co.uk/bt-webwise.html it is very informatative and answers the question BT will not tell you about
got to be paris as she knows a data pimp when she sees one
peter
this is what is needed to make the general public aware of webwise / phorm and how invasive to privacy it is
up until now it has been in I.T. media like here on El Reg and forums, to make a difference we have to get the information out to the masses.
a good bit of prime time TV coverage of the demo outside BT's AGM would go a long way to that
unfortunately i personally can't make the demo
keep up the good work chris, and best of luck alex
peter
i am trying to work out if you are talking about the police or BT/Phorm (my comments in brackets)
eliminate the negative. (baffle them with BS)
Step 1. Work out what crimes your police force are good at solving. (decide the data you want to pimp for the best profit)
Step 2. Create more offences in those categories (create more data to profile)
Step 3. Put up barriers to reporting, for crimes you're not good at solving (or that are too hard, expensive, unglamorous), so they don't get reported - see step 4.(deny secret trials until unable to)
Step 4. Reorganise the way crime figures are reported. Say, into 3 groups: reported, recorded and detected (claim to have reports and surveys that prove your point but never provide them)
Step 5. Choose whichever of these groups shows the biggest improvement, claim this is the most relevant measurement. (selective quote people out of context)
Step 6. Praise your officers for doing such a good job at reducing crime.(give the PR droids pat on back)
Step 7. At the same time you're saying crime is at it's lowest for years, claim there are new, hidden threats that mean you need even more officers (claim number of punters sorry victims of the spyware far higher than they actually are to try and boost profits)
Step 8. Instigate a process of continual improvement, so it's impossible to compare current and past performance as the rules get changed too frequently. ( time for mission creap and expand the range of data captured for yet more profit)
then we wonder why law enforcement agencies don't want to prosecute phorm and BT
:-P
peter
we need these on VM, BT and TT lines to gather independant data before and if poss during the phorm / webwise trials (if we are lucky enough that a user invited into the trial has a box) to confirm any impact on browsing speeds
about time the claims of UPTO 8mbit when the average is 2-3mbit unless you are on a VM fibre line
the reason is simple.
there is still a possibility they could make a pot of cash IF they system goes live and not to many people vote with there feet
what all three ISP's are trying to do at the moment is gauge public opinion, work out how many will leave, how many will opt-in and the likely revenue from phorm
then it is a simple calculation,
if the overall balance is a loss due to lower income from phorm not compensating the the loss of revenue from customers leaving then no phorm
if the overall balance is positive, phorm income morethan covers the loss of income from customers leaving they will adopt phorm
the trick bit is working out the number of users leaving and the income from advertising on phorm, as OIX is an auction based system with a chicken and egg situation where you need buy in from website owners to provide space and advertisers to think there is enough traffic and advantage to palce the advert
also look at http://www.out-law.com/default.aspx?page=9090 an interesting legal opinion from pinsent mason's
also let put this argument re phorm / google to bed
web site owners allow google to profile their websites as google give something back (visitors) phorm does nothing for the site unless you are part of THEIR OIX adware ring. for no gain to me why should i allow these parasites to profit from me and visitor to my site(s)
got to be vulture as the closest thing to a dead parrot
just think elections coming up, what an opertunity to get advertising for labour right into your home on the screen of your computer a lot cheaper then those expensive roadside hoardings, and they can target tory voters even more :P
perhaps thats why they wanted to rush it in so it was ready for the may 1st elections, hoping there asre would not be as badly kicked as it looks likely to be
:P :P :P
mines the coats as i can just see g.brown whiping out his government procurement card to pay for the advert
:P
wheres john cleese and a re-written parrot sketch when you need him
or the spam sketch re-written, mine the phorm,phorm,phorm, chips,phorm and phorm please
this stuff is just ripe for monty python
said if it was not so serious
oh, and don't forget ministry of silly walk re-written to be ministry of spineless gits
:P
i had a advertising company email the the other day about space and it was one i recognised as being on the phorm client list,
they seemed suprised when i said i do not deal with a company using OIX / phorm even if the ad they wanted me to place was in a mag
they said they had not heard of phorm or OIX so i told them to google it. they emailed back and said they were reading with interest the debate and were shocked
i think badphorm have a list of advertisers known to be signed up to OIX
more need to take a stand like i did, if you can't kill the beast by direct attack , starve it out by cutting of it's supply of money.
no OIX adverts = no money = no phorm
one thing that seems to have been missed is the bit about options for the isp to get users to buy into this
discounts OR giving better speeds???
that shows the writer has no understanding of broadband etc as everyone quotes "upto 8mb" and the lines are usually running as fast as possible given the contention ratio and amount of traffic for times of day.
or is he suggesting packet shaping / throttling normal traffic for users who opt out, i would like to see user reaction to that one .
they think this is a backlash try tell joe public he is getting a poorer service because he does not agree to the isp flogging his preferences for no benifit to them
also the anti phishing filter is of no use to most users as they already
also as i have said in other forums what good is profiling and targeting adverts if you miss the most important bit of the profile (location?) it means you miss out on local adverts and get car ads for scottish dealers instead of your local one two miles down the road, so you still get generic adverts (unless they are scraping form pages for your address / postcode)
two points
one is of cookies, for every website you visit phorm will put a cookie addressed from that site with your ID (random number) on iton your pc, it does this by masqarading as the website you are visiting so as to get your browser to accept it and not treat it as a third party cookie which most block, this blow out the water any site that has a privacy policy that says "we don't drop cookies" as you will have one from them dated and time when you visited their site BUT with your phorm id on it
the other is the webwise antiphishing filter, this is what is going to be used to pursuad users to sign upas no one would sign up for a purely edvertising service.
the anti-phishing filter is the same as the one built into most current browsers and if not it is in your internet security software, and if you are stupid enough to not have either you deserve phorm
nuf said
i want the code for my own website, i am a contractor like yourself, i have no advertising on my site and would like it as a quick check for phorm as i am currently a bt customer (though not for long when the t's and c's change)
i would then view the webstats for my site to see how many hits i get on the phorm page and the ip's that hit it to see how far this sh!t is spreading
BT and Phorm will not care about who was in the trial, the trials purpose was to prove the technology works, I.E. can they build a profile, does the profiler work, was there any complains of speed issues and could they inject the adverts
as to who the guinea pigs were, they don't care, all that mattered was proving the technology worked
phorm have published their results for 2007, it is at
http://www.iii.co.uk/investment/detail?code=cotn:PHRM.L&display=news&it=le
a couple of bits out of it make interesting reading
"Phorm, Inc. ("Phorm" or the "Company")
Preliminary Results
Phorm (AIM: PHRM and PHRX), the advertising technology company, today announces
its preliminary results for the year ended 31 December 2007.
Operational Highlights:
Year to 31 December 2007
* Reorganisation of the Company from 121Media, Inc. to Phorm, Inc
completed
* Focus on preparation of OIX and Webwise technology and development
of relationships with ISPs, publishers and advertisers
* Successful $30 million equity fundraising completed
* Several senior appointments made
Q1 2008
* OIX and Webwise successfully launched in February 2008
* Exclusive agreements announced with ISPs BT, Talk Talk and Virgin
Media, representing nearly 70% of the UK broadband user base
* Consumer trials are expected to begin in the near term, followed by
roll-out across these networks
* Significant progress made with the advertising and publishing community
* Advanced talks with other ISPs both in the UK and internationally
* Independent report by Ernst & Young published, supporting Phorm's
commitment to privacy protection
* Positive initial feedback received from a number of regulatory bodies
* Successful $65 million equity fundraising completed
Executive Chairman's statement
Introduction:
During the year under review, Phorm made significant progress, both in terms of
its corporate development and in executing the Company's Internet Service
Provider (ISP) relationship strategy, providing a solid foundation on which to
take the business forward to the next stage of its development. As a result of
our hard work, I am extremely happy to report that on 14 February 2008, we
announced exclusive agreements with BT, Talk Talk and Virgin Media, further
details of which I have provided below."
"Furthermore, we continue to be in advanced discussions with a number of other
ISPs, both in the UK and internationally, and following extensive due diligence
we have moved into the trial phase with a number of them. It is worth noting
that we believe we are selected as the preferred partner by leading ISPs over
our competitors based on the capabilities of our technology, our team and our
approach to privacy. We will provide an update on these discussions in due
course, when appropriate."
"A key differentiator of Phorm's technology is our ability to dispel the myth
that in order to provide relevant advertising on the internet you need to store
data. The fundamental principles behind our platform support the highest
standards in user privacy and anonymity:
* Phorm will not and cannot ever store any personal information which can
identify a user
* Users will have a clear choice whether to turn Webwise on or off
* Our technology complies with all relevant data protection and privacy laws
including RIPA (Regulation of Investigatory Powers Act) and the
Data Protection Act
It is very pleasing to see that our commitment to these principles, and to open
and transparent disclosure, has been recognised by leading privacy advocate
Simon Davies, Managing Director of privacy consultancy 80/20 Thinking and
director of Privacy International. Mr Davies and 80/20 Thinking recently
conducted an interim Privacy Impact Assessment of our technology.
Also, as part of our commitment to the privacy of internet users, we
commissioned Ernst & Young to conduct an independent examination of our systems
and assertions. The following components of our privacy programme were examined:
* Phorm's privacy policy, controls and procedures
* Phorm's compliance with its stated privacy policy
* Phorm employees' privacy policy training and compliance
* Data retention, integrity and security policies and procedures.
The resulting attestation report we received from Ernst & Young confirmed that
our systems have been designed specifically to protect the identity and other
sensitive information of consumers - a great validation of our offering.
Furthermore, we have initiated a dialogue with the Information Commissioner's
Office who are pleased with the way that we have engaged with technical experts
and concerned individuals following the announcement of the service. We have
also met with many other leading stakeholders in the area of online privacy, to
share details of our technology and the response to date has been very
encouraging.
Finally, during the course of 2007, we appointed leading global professional
services firm Deloitte & Touche LLP as auditor to Phorm."
@can anyone tell me
block cookies from www.webwise.com and it is a permanant opt-out (if you beleive them )
@ DPA and RIPA
DPA does apply as DPA applies to processing of personal data as well as storage and by default you have to process the personal information to remove it, so DPA does apply
peter white
the problem is how would the website owner know if the traffic was being profiled (intercepted) as any change to the data that is returned to the client is performed inside the ISP network?
the only thing a site onwer can do is check for the opt-in cookie and display an alternate page that says "pages not supplied to users that have opted into phorm !!" in big red letters
Peter White
http://news.bbc.co.uk/1/hi/technology/7331493.stm
Technical analysis of the Phorm online advertising system has reinforced an expert's view that it is "illegal".
The analysis was done by Dr Richard Clayton, a computer security researcher at the University of Cambridge.
from http://www.iii.co.uk/investment/detail/?display=discussion&code=cotn%3APHRM.L&threshold=0&it=le&pageno=2
read the full post to get the full argument
Mon 14:07 Re: People Lack Real Insight lautresteve 3
below is a few bits from the post
"It's so simple in fact, that I can't understand how they spent so much money developing it. If it were truly worth anything, I'd be on the phone to a VC right about now, but it isn't. And the internet ad experts don't think so either. Profiling for ad targeting has advanced far beyond what Phorm's key technology seeks to deliver. State of the art ad targeting does not simply collect ten facts about you and then match some ads to those keywords, and in fact, matching to categories that the user is already known to be interested in is not considered to be clever, and can be easily achieved without the additional overhead of Phorm/OIX. These days, the ad targeting people want to show you ads for stuff that you didn't know you wanted, which takes a little more inference than the 'ten keywords' approach really allows for,"
"So, their technology is lacklustre at best. It's not very complicated, it's easy to replicate (and improve on) without patent issues (happy to expand on this) and at a far lower cost, it doesn't deliver what the ad targeting people want."
"BT's own survey data suggests that users want less advertising. Given this, and the level of negative publicity surrounding the issue, it's hard to see how many of them would chose to opt in. Some might, of course, but it's not going to be anywhere near the 70% level.
So, no mass profiling, no value to advertisers and no big revenue stream for the ISPs.
Where's the value ? Falling, like the share price."
perhaps the person to email to get the ball rolling about BT's previous trials of phorm is
correspondenceunit@attorneygeneral.gsi.gov.uk
as he oversees the entire legal systems
got to be the coat as the BT exec just checking in case the data CD's lost by the gov are in his pocket
i wonder if verisign and co, are considering an advert campaign on OIX like this
"wondering how to protect your website from being profiled by PHORM?
get a cheap SSL cert for your site today and encrypt that data fast
contact ??? ???? ???? for details now"
(should have thought of that one yesterday (april fools day))
i wonder if the reason VM etc can't just dump this technology is the contract they have signed with phorm.
this is not a defense of BT,VM ot TT, (i am totally against phorm) but VM my not be in a situation where it can get out of it without some phorm (sorry just had to do it) of compensation or pay off to phorm to break the contract, unless they can prove poor opt in (up take of the service), there must be a get out clause but it may be they are working towards it but can't say so publically
looking at history 121 media tried a similar product, its share price hit the floor and went back to the drawing board, rebranded to phorm and webwise was built
what gets me is why people are buying shares in a company that made a 10,000,000$ loss last year, which amounted to about 10% of turnover, and a 4,000,000$ loss the year before
i would be curious to see who dumped shares as the sh1t hit the fan and the share price started to fall, could anyone at phorm or bt etc have insider trading added to the list of charges
this just reminds me of the monty python parrot sketch, with bt complaining to phorm the product is dead and phorm saying "its not dead , just tired and shagged out after doing a big pile of sh1te" then at the end phorm offering bt another dead duck
the smoke, mirrors, spin and finally BS have failed, now they are down to the bottom of the barrel with trying to make El Reg appear worse than them!!
news for you Phorm not a hope in hell
about time you gave up and went back to punting spyware and crudware
and we will block that as well
what we need is a central location to keep all the issues, websites, email addresses and places to write to, to complain so we can maximise and co-ordiate everything against phorm, is anyone aware of a site or blog like this?
we also need standard letters that list the issue we are complaining about to the relevant recipient of the complaint,
one to each of the following
ISP
to register your position on phorm and specifically remove permission for them to profile your data or pass it via profiler
info commisioner
to register a complaint with regards to BT, VM, TT and Phorm potentially breaking RIPA and the DPA, even if the user opts in
MP
general complaint, plus info on their comms to constituants and researchers web activity being profiled if using one of the 3 ISP's etc
home secretary
as it involves BT's breach of RIPA last year during trails of webwise, and potential breaches of RIPA and DPA in the future, and possibly the national security implications of governmet officials web activities being profiled etc
MEP
as it could involve european law, in particular human rights act, as right to privacy would be infringed
local press
make more people aware of the potential issues
bbc watchdog
as local press but more national coverage
have i missed anything??
look at the link
http://www.ispreview.co.uk/talk/showthread.php?p=199729
it shows how a dubious website can opt you in without your knowledge, using standard cross site request forgery techniques
so if you visit a site it can put an opt in cookie on your pc without your knowledge
then it is down to whether webwise process the opt out or opt in cookie first
hmm looking more dubious and less secure all the time
look at the link
http://www.ispreview.co.uk/talk/showthread.php?p=199729
it shows how a dubious website can opt you in without your knowledge, using standard cross site request forgery techniques
so if you visit a site it can put an opt in cookie on your pc without your knowledge
then it is down to whether webwise process the opt out or opt in cookie first
hmm looking more dubious and less secure all the time
what we need is a central location to keep all the issues, websites, email addresses and places to write to, to complain so we can maximise and co-ordiate everything against phorm, is anyone aware of a site or blog like this?
we also need standard letters that list the issue we are complaining about to the relevant recipient of the complaint,
one to each of the following
ISP
to register your position on phorm and specifically remove permission for them to profile your data or pass it via profiler
info commisioner
to register a complaint with regards to BT, VM, TT and Phorm potentially breaking RIPA and the DPA, even if the user opts in
MP
general complaint, plus info on their comms to constituants and researchers web activity being profiled if using one of the 3 ISP's etc
home secretary
as it involves BT's breach of RIPA last year during trails of webwise, and potential breaches of RIPA and DPA in the future, and possibly the national security implications of governmet officials web activities being profiled etc
MEP
as it could involve european law, in particular human rights act, as right to privacy would be infringed
local press
make more people aware of the potential issues
bbc watchdog
as local press but more national coverage
have i missed anything??
does BT have any plans of rolling phorm out OR profiling the traffic of ISP's that buy web access from BT and resell it under their own brands
if they were to do this by changing the T's & C's to the smaller ISP's would the smaller ISP then have to change their customer T's & C's or would it go through quietly until someone noticed?
this seems to be a point that has been missed
phorm techies would you like to answer the list below (honestly) if you can, without resorting to spin and rubbish
point by point would be good
let me guess, there will be no response as you are to chicken (cluck cluck!!!) to answer with facts
prove me wrong if you can !!!!
peter white
Let’s start with what appear to be facts
• Both the profiler and the Phorm server sit in the ISP data centre, (this apparently enables the ISP to legitimately claim no data leaves there network)
• The profiler is owned and run by the ISP (while this is correct, what isn’t made clear is that the code running on the profiler is supplied by Phorm and the ISP has no access to the source code, nor can they verify 100% what it is actually doing,)
• Parts of the code for WebWise were written by a group of programmers in Russia, allegedly from a team that Kent Ertugrul used to create his “People on Page” spyware several years ago
• Phorm are also in talks with Sky Broadband and Orange to push this product out to yet more users in the UK
• Adverts will appear “in frame” and not as pop ups, so pop up blockers will not stop them
• Part of the weighting as to which advert is displayed is the amount the advertiser is willing to pay, it is in effect an auction of advertising space which reduces the advertising relevance to which advertiser in a category is will to pay the most for your screen area. Look at Phorms website at http://www.phorm.com/oix/ad_networks.php to get the picture
• Phorm Inc. was previously known as 121Media who were allegedly involved in adware / root kits before changing their name to Phorm Inc. and creating WebWise
• The profiler has a list of webmail and other sites not to be profiled, BUT there are no tools to check if your favourite site is on this list or a means for webmasters to submit a site to be excluded from profiling
• Phorm have remote access to both servers, for support and software upgrades (it is unclear if only on invite only or if it is full unrestricted access)
• The code has not been independently verified to ensure it does ONLY what it says on the tin, Phorm are looking at this and will consider independent verification so long as it does not affect there intellectual property (fat chance and what happens if they change the code straight after ???)
• The information commissioners office is talking to both Phorm and the ISP’s about how WebWise affects privacy and how this is being addressed, a response has not yet been posted
• The foundation for information policy research have published an open letter ( available at http://www.fipr.org/080317icoletter.html )to the information commissioner office setting out exactly why they believe WebWise and Phorm is open to legal challenge under UK and European law, even down to section and paragraph level of the relevant acts they think it contravenes
Let’s now look at what appear to be grey areas
• Your pc is reduced to a random number in a cookie to protect privacy
o Random numbers as AOL found out do not guarantee privacy
o Phorm (we have to take their word for it) say the Phorm server can not recreate the link from the cookie to a user / IP ,
o External websites which have the Phorm placeholder in can access the cookie, so how long before people start trading this information?
o By using a cookie they can serve games adverts to your kids and DIY adverts to the adults,
o if they just used IP addresses they would not get such granular stats
so a cookie is better for their sales of advertising relevance not the user
• WebWise / Phorm may be illegal under the data protection act
• WebWise / Phorm may be illegal under the section 1 of RIPA as it is being argued it is in effect an illegal wire tap as both parties ( the user and webmaster of the website) need to give permission
• Anti Virus and Anti Spyware companies are considering whether to flag the WebWise cookies for removal, AVG have announced they won’t Trend have said they are reviewing the option of removing it so long as it does not automatically opt the user in, others have not made public statements yet
• (from phorms website, ISP FAQ page) http://www.phorm.com/about/faq.php?_faqs=10,11,12,13,14,15,16,17,18,19#isp
o Q. How does the OIX use ISP data?
o A. The OIX uses data from ISP pipes to upgrade the generic advertising on websites with more relevant ads. These ads will be viewed by that ISP's subscribers who are most likely to be looking for the advertised product or service based on keyword patterns in their browsing behaviour. (This seems to suggest that Phorm advert will replace some other advertisers adverts as well as sites with Phorm place holders)
• How can the ISP’s claim to store no identifiable data when the system has to track you to be able track you to build a database of relevant sites and categories over the last 14 days and then serve you the relevant adverts, you are identified by a unique number and a cookie can be accessed by a website
• BT (my ISP) always gives me a vague answer which is carefully worded about opted out traffic not being profiled, they will not give me a direct answer about “will my traffic pass through the profiler and can they guarantee it is not profiled but no adverts served” come on phorm or BT a straight answer please
• Phorm and the ISP’s say the profiler ignores data with @ sign and strings of numbers over 3 digits long to prevent emails address and credit card details accidentally being profiled, but the security code on the back of a credit card is 3 digits long so could be profiled
And finally questions for which there seems no answer at the moment
• Virgin Media’s logo has vanished from the WebWise front page? (Have they had a change of heart due to public opinion??)
• The list of items included and excluded from profiling seems to change depending on who you talk to at the ISP, a detailed list would be good
• How does the system distinguish between web browsing and an application such as word or open office which has a internet explorer agent embedded
• How often is the Phorm / profiler software updated or patched, who then checks on what has changed and verifies it still conforms to the relevant laws etc
• Do Phorm still profile opted out traffic but just not server adverts, this would enable them to harvest information like common search words etc they could then sell to advertisers at a premium price
• Is the traffic between the profiler and Phorm server encrypted, if it is even the ISP hosting the system can’t verify (even by packet sniffing) what data is transferred and therefore could not guarantee end user privacy.
• Where is the value add of the Webwise anti phishing (which is what most ISP’s are using to persuade users to opt-in) it is a duplicate of internet explorer 7’s service, it is also a function of most if not all internet security packages, so I see no value add (smoke, mirrors and spin to confuse the customer)
• Are the adverts stored on the Phorm server or does the Phorm server just redirect the users browser back out onto the web to pick the advert up from elsewhere
• If the Phorm server does redirect the browser out to an external website to collect the advert there is the possibility for an advertiser or Phorm to externally make the connection between IP address, cookie and any other data to identify the user
• If you block the cookie are you registered in the statistics as opted out? Or just not counted, thereby skewing the stats in Phorm’s favour when it comes to deciding if the trial was successful
• Why is there no list of OIX customers so we can see the sort of companies we will be getting adverts from? Is it because they are not relevant to the UK Market? Are they companies that do not want to be publically linked to Phorm?
• How are the ISP’s going to be paid, flat rate for allowing the service, number of adverts served, pay per click or a percentage of revenue generated. I realise this may be classed as commercial in confidence information but a general idea without the full commercial details would help
• Research and debug logs are able to be held on a “different system” for up to 14 days, what information is in these logs and on what other server will they be held???
• The data collected can not be accessed by the ISP, so how can they verify what data has been collected
• If Phorm do not store personal data about people why do the have a dataprotectionofficer@phorm.com email address and offer to tell you what information they hold about you and the option to have inaccuracies corrected for a reasonable fee?
One final question which is probably the most important of them all
Kent Ertugrul no doubt still has contacts who are on the dark side of the web, the placing of the profiler and phorm servers directly in the data stream at the ISP’s data centre gives them a access to an absolute gold mine of information that all sorts of people would pay millions for. What is to stop a patch being temporarily applied to harvest the wrong information, encrypt it and send it off somewhere into cyberspace.
joke alart as the jokers at phorm have not got the balls to answer honestly
so much for no data leaving BT's network
see below
bt.webwise.com (at fast hosts) then redirects you to webwise.bt.com (if i am reading it correct a server in HOUSTON???)
does the BT core network extend to both of these sites??
this is where you turn on and off webwise (phorm) and it puts the cookies on
???
bt.webwise.com = [ 88.208.248.102 ]
(Asked whois.godaddy.com:43 about webwise.com)
Registrant:
Phorm Inc
Registered through: GoDaddy.com Inc. http://www.godaddy.com
Domain Name: WEBWISE.COM
Domain servers in listed order:
NS1.PHORM.COM
NS2.PHORM.COM
For complete domain details go to:
88.208.248.102 = [ server88-208-248-102.live-servers.net ]
(Asked whois.ripe.net:43 about 88.208.248.102)
inetnum: 88.208.248.0 - 88.208.248.255
netname: FASTHOSTS-UK-NETWORK
descr: UK's largest web hosting company based in Gloucester
descr: England
country: GB
webwise.bt.com = [ 207.44.186.90 ]
207.44.186.90 = [ ]
(Asked whois.arin.net:43 about +207.44.186.90)
OrgName: ThePlanet.com Internet Services Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US
best anology for a MP,
postman pat opening their snail mail, reading it and putting additional "relevant adverts" in then resealing it so they don't know and delivering it to the MP
the first they realise something is wrong is when they open there bank statement and find it full of adverts for another bank
good enough to get their attention???
just looked at phorm, bt and vm share prices, all seem to be heading for the floor over the last month since the unrest started :-)
trouble is, the bright ones will wait til it is realy low then buy bt and vm shares and wait for the announcement they have canned phorm and make a killing when it rises again (they hope)
is it the pessants revolting or the revolting pessants???? depends which side of the fence you are on
what phorm (and BT) don't get is the idea a customer has to trust the ISP and any company they partner with
its a bit like employing del boy to be a stock controller of a giant warehouse and not expecting to see a few bits appearing on a stall at peckham market or offered for sale in the nags head
its a trust thing, people just do not trust PHORM and also rapidly losing trust in BT, VM and TT as well now
anyone know where i can buy some data????
Kent Ertugrul no doubt still has contacts who are on the dark side of the web, the placing of the profiler and phorm servers directly in the data stream at the ISP’s data centre gives them a access to an absolute gold mine of information that all sorts of people would pay millions for. What is to stop a patch being temporarily applied to harvest the wrong information, encrypt it and send it off somewhere into cyberspace.
That is the biggest fear most people will have, be it real or not
let me guess, phorm have said to bt etc, we are good boys now and would never do anything like that, honest guv
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
