* Posts by Peter White

61 publicly visible posts • joined 12 Mar 2008


Brown creates one UK.gov website to rule them all

Peter White

at least binning an email is green

"The next stage will be radical expansion and enhancement of two-way communication between service providers and homes"

means "The council will now email you instead of sending you a letter."

at least it is more green to bin an email than recycle the letter as bog roll

and easier to ignore, but yet again, the lack of security in unencrypted email , what happens if you use GMail that is scanned to provide adverts etc


Peter White

phishers dream

a single place like that would be a phishers dream, infect your pc with a nice little trojan and wait for you to logon to the mygov site and havest all the ID information they want

yet one more way to gather information about UK citizens, no doubt the site will be laced with all sorts of trackers like OMNITURE, flash LSO's etc

no thanks i would rather have face to face dealings with HM Gov, at least you can tell when they are lying (give away is their lips move :) )

I just do not trust HM Gov with security of my data as far as i could throw the pm's limo


Loud sex ASBO woman back on the job

Peter White
Paris Hilton

jealous neighbours

thing is are the neighbours complaining because their partners are not providing the goods as often or enthusiastically ??

plan B for the couple is go buy / rent a house away in the country or get better double glazing

paris as she knows how to be discreet when required


Barclaycard and Orange plot NFC Christmas

Peter White

many problems, little thought

Point 1

NFC is not attractive to me due to the issues of fraud, e.g anyone who has access to your card can spend up to £15 wthout your permission or needing to prove they have authority (by signature or pin input) eg daughter want a £10 top up for her phone, borrows my card get the top up and pays by waving it near the reader having carefully placed thumb over name on card so cashier does not see MR x instead of MISS x, replaces card in my wallet and i am none the wiser until i check my balance or get the statement

how does one then get a refund from the bank? as the card was used fruadulently!!

or will as i suspect the bank will say my problem due to physical security issue of the card?

point 2

the app for showing the nearest nfc accepting outlet

for this app to work there has to be a tracking device, eg gps enabled on your phone

how many phones or contract state that you have provided "informed consent " to this ability to track you??

i regard it as an invasion of privacy, and yet another covert method of being able to track and monitor people, and more data available to hm gov to label you a terrorist or stitch you up for something else as you "were in the area"

call me synical, but that is just the way big bsiness and the current hm gov have made me, i am a number to be tracked, marketed for money and genrally abused by anyone who has access to data or my "profile"

thanks but no thanks to NFC i prefer old fashoined method and value my privacy


mine is the coat with the faraday shieled pockets

Office 2010 fights Google with SharePoint bloat

Peter White
Thumb Down

M$ trying to get a bigger hold on your data??

so to use web 2.0 rubbish like twitter, facebook etc you now can put you credentials into a M$ app like outlook 2010?

and how many security holes does M$ try and plug each month on patch tuesday?

why not just post your account details on you facebook page or tweet them to everyone

social networking has enough security issues without adding M$ app's into the mix as well

how long before someone codes a malicious email to harvest them??


Spanish region teaches kids how to crack one off

Peter White
Paris Hilton

send some leaflets to the hmgov cabinet

oh sorry they are old hands at that, and probably wrote the leaflet

paris because she knows one when she sees one


Swiss roll Street View into court

Peter White
Paris Hilton

what have the swiss got to hide??

in answer to Smallbrainfield

could it be how the put the holes in swiss cheese ??

:) :) :) :)

Paris because SHE KNOWS


Last day for anti-snooping petition

Peter White
Thumb Up

still going strong to the last

nearly 300 more people signed up today on the petition

that goes to show the issue is not going away, it has been in the top 5 petitions for over 9 out of the 12 months

that has got to say something about what people think of this sort of invasion of privacy

thanks to el reg for all the coverage they have given to the whole issue of phorm, past present and future


Brit ISPs censor Wikipedia over 'child porn' album cover

Peter White

this debate illustrate the issues caused by the global nature of the net

i have not looked at the image and would not want to, but this debate raises some important issues with the internet as it stands

content (such as the image above), ISP processes (for instance phorm in the UK) or even if for advertsing / privacy options etc (some countries says has to be opt-in others opt-out to be legal) which are legal in one country may not be in another, so how should these situations be handled

this legal mess is a global issue and can't be resolved by a single quango or ISP unilaterally censoring bits of the net

but the issue is to try to get all governments / legal authorities to agree on a common framework and punishments for infringment, as some countries run on cash generated by black economies this will be a problem in itself, take medicines if you read some of the emails it seems to indicate canada allows online sales of prescription drugs, hence all the viagra adverts say canadian origin etc. take pron, what is deemed accepable images of consenting adults in one country are not acceptable in another

i do not see a sensible conclusion to this issue until there is international co-operation and a body with teeth and that is not afraid to use them enforcing any rules against the website owners and if required hosting companies. but then you have issues with hijack sites and various other issues as well that could lead to innocent sites being subject to penalties

as i say no sensible conclusion to this case, but it is yet again showing just how much tracking and invading of privacy the major ISP's are doing without telling their customers


BT silences customers over Phorm

Peter White

great PR BT

those of us on bt forums tried in vain to get some basic answers from BT regarding phorm, both in public via the forums and in private via E-Mail

total silence

i personally got banned, due to asking where my previous post had gone (breaking the 'dont query mod decisions' rule), before i recieved the email to say my post had been deleted due to breaking the rule of discussing another isp (ZEN)

i have since emailed the moderators twice querying the ban etc, guess what total silence, not even a curtesy reply to say "mod decission final" etc

very heavy handed is all i can say, out of what appears to be desperation to try and contain critisism of the whole webwise issue

but all it has done is move the debate out into many sites like this , nodpi, ispreview etc which many more will read and cause BT far more damaging publicity (nice own goal BT PR Dept)

much of this would have been headed off, if as phorms PIA and the ICO said about connecting and holding dialogue with the customers

bottom line is bt needs to get its head out of the sand (or other places) and talk to it's customers, and not via some vague poll which is rigged and bt not willing to publish saying everyone wants webwise

come on BT step up to the plate and talk to people


peter white

mine the one with the mac code in the pocket as soon as i can break my contract due to material change clause, will NEVER USE BT AGAIN

Tens of thousands of kids need to be protected from ContactPoint users

Peter White

nearly same odds as lottery

the national lottery has a average chance of 14,000,000 to 1 of winning the jackpot

so what are the odds of a single childs data not being shielded correctly and someone gaing access and causing distress, injury or worse to a vulnerable child

and why do the government want details of MY children, they are law abiding, well educated (at least the school report says) and most importantly i have not been asked permission as their parent / legal guardian for permission or please check this information is correct

who will be able to check the information or request a copy?

who will leave the logon details on a train or lose the CD / DVD copy of it

time to stop all this sillyness and data gathering, this is getting more out of hand than russia under stalin or various other dictatorships over the years


House key copied from photo

Peter White

remember the 80's

are there none here that remember the eighties when ford introduced a high security chubb key (a sort of hexagonal affair), people soon worked out you could copy the key from just looking at it

also nearly all, if not all cars in the last 5-10 years have an rf transponder in the key to activate the engine managment ECU (if you car has a factory fitted immobiliser it has this feature)

also it is all well and good copying a key, but you need to know where the lock is it fits, so no good taking masses of pics at the pub unless you know the addresses of the doors (work or home) they fit

i see no need to worry unless this becomes a mass market product / software

mine the one with the reality check in the pocket


BT's Phorm small print: It's all your fault

Peter White

beware the blacklist email address

there are numerous webmasters noting that they get read reciepts from upto 8 phorm.com email addresses when they send in a request to black list a site

then they also get a number of hits on the website including ones from russia

it is as though they are pre-profiling the site before excluding it, so they can still categorise visitors based on historical data



ISPs laud their data pimping services but refuse to use them

Peter White
Paris Hilton

BT are you watching and listening

the US is pulling behavioural advertising systems because of legal and privacy issues and yet you push ahead with phorm and BT WebWise.

wake up, smell the coffee, your customers do not want it, it seems BT employees are uneasy about it if you read cable forum (which i am sure you do) the only people who want it are board members on fat cat salaries linked to profits and targets.

carry on and watch both fail when you start losing customer base due to BT WebWise (Web Lies) the anti phishing was only added to TRY and comply with PERC so it has a "VALUE ADDED SERVICE" but what value is a service that current browsers and security software do better than BT WebWise???

the public are on to you BT,

for those not sure what i am on about look at www.phonecallsuk.co.uk/bt-webwise.html it is very informatative and answers the question BT will not tell you about

got to be paris as she knows a data pimp when she sees one


Fire at The Planet takes down thousands of websites

Peter White

oh dear, BT's webwise servers have gone down

oh dear, BT's phorm hosted / controlled server for the webwise system seems to have been a casualty as well, not a very resilient system BT


Phorm opponents to picket BT shareholders

Peter White
Thumb Up

perhap we can make main stream media

this is what is needed to make the general public aware of webwise / phorm and how invasive to privacy it is

up until now it has been in I.T. media like here on El Reg and forums, to make a difference we have to get the information out to the masses.

a good bit of prime time TV coverage of the demo outside BT's AGM would go a long way to that

unfortunately i personally can't make the demo

keep up the good work chris, and best of luck alex


Home Office backs e-crime overhaul

Peter White


i am trying to work out if you are talking about the police or BT/Phorm (my comments in brackets)

eliminate the negative. (baffle them with BS)

Step 1. Work out what crimes your police force are good at solving. (decide the data you want to pimp for the best profit)

Step 2. Create more offences in those categories (create more data to profile)

Step 3. Put up barriers to reporting, for crimes you're not good at solving (or that are too hard, expensive, unglamorous), so they don't get reported - see step 4.(deny secret trials until unable to)

Step 4. Reorganise the way crime figures are reported. Say, into 3 groups: reported, recorded and detected (claim to have reports and surveys that prove your point but never provide them)

Step 5. Choose whichever of these groups shows the biggest improvement, claim this is the most relevant measurement. (selective quote people out of context)

Step 6. Praise your officers for doing such a good job at reducing crime.(give the PR droids pat on back)

Step 7. At the same time you're saying crime is at it's lowest for years, claim there are new, hidden threats that mean you need even more officers (claim number of punters sorry victims of the spyware far higher than they actually are to try and boost profits)

Step 8. Instigate a process of continual improvement, so it's impossible to compare current and past performance as the rules get changed too frequently. ( time for mission creap and expand the range of data captured for yet more profit)

then we wonder why law enforcement agencies don't want to prosecute phorm and BT



ISP reporting network to pierce bandwidth smokescreens

Peter White
Thumb Up

we need these thing

we need these on VM, BT and TT lines to gather independant data before and if poss during the phorm / webwise trials (if we are lucky enough that a user invited into the trial has a box) to confirm any impact on browsing speeds

about time the claims of UPTO 8mbit when the average is 2-3mbit unless you are on a VM fibre line

Virgin Media distances itself from Phorm 'adoption' claims

Peter White
Dead Vulture

@why VM havn't just dumped phorm

the reason is simple.

there is still a possibility they could make a pot of cash IF they system goes live and not to many people vote with there feet

what all three ISP's are trying to do at the moment is gauge public opinion, work out how many will leave, how many will opt-in and the likely revenue from phorm

then it is a simple calculation,

if the overall balance is a loss due to lower income from phorm not compensating the the loss of revenue from customers leaving then no phorm

if the overall balance is positive, phorm income morethan covers the loss of income from customers leaving they will adopt phorm

the trick bit is working out the number of users leaving and the income from advertising on phorm, as OIX is an auction based system with a chicken and egg situation where you need buy in from website owners to provide space and advertisers to think there is enough traffic and advantage to palce the advert

also look at http://www.out-law.com/default.aspx?page=9090 an interesting legal opinion from pinsent mason's

also let put this argument re phorm / google to bed

web site owners allow google to profile their websites as google give something back (visitors) phorm does nothing for the site unless you are part of THEIR OIX adware ring. for no gain to me why should i allow these parasites to profit from me and visitor to my site(s)

got to be vulture as the closest thing to a dead parrot

Home Office defends 'dangerously misleading' Phorm thumbs-up

Peter White

could the hidden agenda be at no.10???

just think elections coming up, what an opertunity to get advertising for labour right into your home on the screen of your computer a lot cheaper then those expensive roadside hoardings, and they can target tory voters even more :P

perhaps thats why they wanted to rush it in so it was ready for the may 1st elections, hoping there asre would not be as badly kicked as it looks likely to be

:P :P :P

mines the coats as i can just see g.brown whiping out his government procurement card to pay for the advert


Peter White


wheres john cleese and a re-written parrot sketch when you need him

or the spam sketch re-written, mine the phorm,phorm,phorm, chips,phorm and phorm please

this stuff is just ripe for monty python

said if it was not so serious

oh, and don't forget ministry of silly walk re-written to be ministry of spineless gits


Peter White
Thumb Up


i had a advertising company email the the other day about space and it was one i recognised as being on the phorm client list,

they seemed suprised when i said i do not deal with a company using OIX / phorm even if the ad they wanted me to place was in a mag

they said they had not heard of phorm or OIX so i told them to google it. they emailed back and said they were reading with interest the debate and were shocked

i think badphorm have a list of advertisers known to be signed up to OIX

more need to take a stand like i did, if you can't kill the beast by direct attack , starve it out by cutting of it's supply of money.

no OIX adverts = no money = no phorm

Peter White

re the charles stanley article

one thing that seems to have been missed is the bit about options for the isp to get users to buy into this

discounts OR giving better speeds???

that shows the writer has no understanding of broadband etc as everyone quotes "upto 8mb" and the lines are usually running as fast as possible given the contention ratio and amount of traffic for times of day.

or is he suggesting packet shaping / throttling normal traffic for users who opt out, i would like to see user reaction to that one .

they think this is a backlash try tell joe public he is getting a poorer service because he does not agree to the isp flogging his preferences for no benifit to them

also the anti phishing filter is of no use to most users as they already

also as i have said in other forums what good is profiling and targeting adverts if you miss the most important bit of the profile (location?) it means you miss out on local adverts and get car ads for scottish dealers instead of your local one two miles down the road, so you still get generic adverts (unless they are scraping form pages for your address / postcode)

Peter White

cookies and cr@p

two points

one is of cookies, for every website you visit phorm will put a cookie addressed from that site with your ID (random number) on iton your pc, it does this by masqarading as the website you are visiting so as to get your browser to accept it and not treat it as a third party cookie which most block, this blow out the water any site that has a privacy policy that says "we don't drop cookies" as you will have one from them dated and time when you visited their site BUT with your phorm id on it

the other is the webwise antiphishing filter, this is what is going to be used to pursuad users to sign upas no one would sign up for a purely edvertising service.

the anti-phishing filter is the same as the one built into most current browsers and if not it is in your internet security software, and if you are stupid enough to not have either you deserve phorm

nuf said

Data pimping catches ISP on the hop

Peter White
Thumb Up

don't forget the petition

the petition is at http://petitions.pm.gov.uk/ispphorm/

it now has over 12,000 signature in just over 6 weeks

it is now at number 6 in the table due to number of signatures, and will be number 4 shortly when 2 others above it end in the next few weeks

BT's 'illegal' 2007 Phorm trial profiled tens of thousands

Peter White


i want the code for my own website, i am a contractor like yourself, i have no advertising on my site and would like it as a quick check for phorm as i am currently a bt customer (though not for long when the t's and c's change)

i would then view the webstats for my site to see how many hits i get on the phorm page and the ip's that hit it to see how far this sh!t is spreading

Peter White

@who was in the trail

BT and Phorm will not care about who was in the trial, the trials purpose was to prove the technology works, I.E. can they build a profile, does the profiler work, was there any complains of speed issues and could they inject the adverts

as to who the guinea pigs were, they don't care, all that mattered was proving the technology worked

Peter White

help wanted for webmasters

can we also have some code we can put in web pages that checks for a phorm opt-in cookie, that those none programmers can use to serve up a page that says "we do not supply pages to users who have opted into phorm" in big red letters

that should be interesting

Information Commissioner: Phorm must be opt-in only

Peter White

don't rejoice to quick

phorm have published their results for 2007, it is at


a couple of bits out of it make interesting reading

"Phorm, Inc. ("Phorm" or the "Company")

Preliminary Results

Phorm (AIM: PHRM and PHRX), the advertising technology company, today announces

its preliminary results for the year ended 31 December 2007.

Operational Highlights:

Year to 31 December 2007

* Reorganisation of the Company from 121Media, Inc. to Phorm, Inc


* Focus on preparation of OIX and Webwise technology and development

of relationships with ISPs, publishers and advertisers

* Successful $30 million equity fundraising completed

* Several senior appointments made

Q1 2008

* OIX and Webwise successfully launched in February 2008

* Exclusive agreements announced with ISPs BT, Talk Talk and Virgin

Media, representing nearly 70% of the UK broadband user base

* Consumer trials are expected to begin in the near term, followed by

roll-out across these networks

* Significant progress made with the advertising and publishing community

* Advanced talks with other ISPs both in the UK and internationally

* Independent report by Ernst & Young published, supporting Phorm's

commitment to privacy protection

* Positive initial feedback received from a number of regulatory bodies

* Successful $65 million equity fundraising completed

Executive Chairman's statement


During the year under review, Phorm made significant progress, both in terms of

its corporate development and in executing the Company's Internet Service

Provider (ISP) relationship strategy, providing a solid foundation on which to

take the business forward to the next stage of its development. As a result of

our hard work, I am extremely happy to report that on 14 February 2008, we

announced exclusive agreements with BT, Talk Talk and Virgin Media, further

details of which I have provided below."

"Furthermore, we continue to be in advanced discussions with a number of other

ISPs, both in the UK and internationally, and following extensive due diligence

we have moved into the trial phase with a number of them. It is worth noting

that we believe we are selected as the preferred partner by leading ISPs over

our competitors based on the capabilities of our technology, our team and our

approach to privacy. We will provide an update on these discussions in due

course, when appropriate."

"A key differentiator of Phorm's technology is our ability to dispel the myth

that in order to provide relevant advertising on the internet you need to store

data. The fundamental principles behind our platform support the highest

standards in user privacy and anonymity:

* Phorm will not and cannot ever store any personal information which can

identify a user

* Users will have a clear choice whether to turn Webwise on or off

* Our technology complies with all relevant data protection and privacy laws

including RIPA (Regulation of Investigatory Powers Act) and the

Data Protection Act

It is very pleasing to see that our commitment to these principles, and to open

and transparent disclosure, has been recognised by leading privacy advocate

Simon Davies, Managing Director of privacy consultancy 80/20 Thinking and

director of Privacy International. Mr Davies and 80/20 Thinking recently

conducted an interim Privacy Impact Assessment of our technology.

Also, as part of our commitment to the privacy of internet users, we

commissioned Ernst & Young to conduct an independent examination of our systems

and assertions. The following components of our privacy programme were examined:

* Phorm's privacy policy, controls and procedures

* Phorm's compliance with its stated privacy policy

* Phorm employees' privacy policy training and compliance

* Data retention, integrity and security policies and procedures.

The resulting attestation report we received from Ernst & Young confirmed that

our systems have been designed specifically to protect the identity and other

sensitive information of consumers - a great validation of our offering.

Furthermore, we have initiated a dialogue with the Information Commissioner's

Office who are pleased with the way that we have engaged with technical experts

and concerned individuals following the announcement of the service. We have

also met with many other leading stakeholders in the area of online privacy, to

share details of our technology and the response to date has been very


Finally, during the course of 2007, we appointed leading global professional

services firm Deloitte & Touche LLP as auditor to Phorm."

FIPR: ICO gives BT 'green light for law breaking' with Phorm

Peter White

some answers to question in this forum

@can anyone tell me

block cookies from www.webwise.com and it is a permanant opt-out (if you beleive them )

@ DPA and RIPA

DPA does apply as DPA applies to processing of personal data as well as storage and by default you have to process the personal information to remove it, so DPA does apply

peter white

Peter White

@money will flow

the problem is how would the website owner know if the traffic was being profiled (intercepted) as any change to the data that is returned to the client is performed inside the ISP network?

the only thing a site onwer can do is check for the opt-in cookie and display an alternate page that says "pages not supplied to users that have opted into phorm !!" in big red letters

Peter White

BT: 'We did not let anyone down over Phorm... it was not illegal'

Peter White

more coverage on bbc website


Technical analysis of the Phorm online advertising system has reinforced an expert's view that it is "illegal".

The analysis was done by Dr Richard Clayton, a computer security researcher at the University of Cambridge.

BT and Phorm secretly tracked 18,000 customers in 2006

Peter White

investors looking at phorm are wising up

from http://www.iii.co.uk/investment/detail/?display=discussion&code=cotn%3APHRM.L&threshold=0&it=le&pageno=2

read the full post to get the full argument

Mon 14:07 Re: People Lack Real Insight lautresteve 3

below is a few bits from the post

"It's so simple in fact, that I can't understand how they spent so much money developing it. If it were truly worth anything, I'd be on the phone to a VC right about now, but it isn't. And the internet ad experts don't think so either. Profiling for ad targeting has advanced far beyond what Phorm's key technology seeks to deliver. State of the art ad targeting does not simply collect ten facts about you and then match some ads to those keywords, and in fact, matching to categories that the user is already known to be interested in is not considered to be clever, and can be easily achieved without the additional overhead of Phorm/OIX. These days, the ad targeting people want to show you ads for stuff that you didn't know you wanted, which takes a little more inference than the 'ten keywords' approach really allows for,"

"So, their technology is lacklustre at best. It's not very complicated, it's easy to replicate (and improve on) without patent issues (happy to expand on this) and at a far lower cost, it doesn't deliver what the ad targeting people want."

"BT's own survey data suggests that users want less advertising. Given this, and the level of negative publicity surrounding the issue, it's hard to see how many of them would chose to opt in. Some might, of course, but it's not going to be anywhere near the 70% level.

So, no mass profiling, no value to advertisers and no big revenue stream for the ISPs.

Where's the value ? Falling, like the share price."

Peter White

person to email

perhaps the person to email to get the ball rolling about BT's previous trials of phorm is


as he oversees the entire legal systems

got to be the coat as the BT exec just checking in case the data CD's lost by the gov are in his pocket

Peter White

i wonder part 2

i wonder if verisign and co, are considering an advert campaign on OIX like this

"wondering how to protect your website from being profiled by PHORM?

get a cheap SSL cert for your site today and encrypt that data fast

contact ??? ???? ???? for details now"

(should have thought of that one yesterday (april fools day))

Peter White

i wonder

i wonder if the reason VM etc can't just dump this technology is the contract they have signed with phorm.

this is not a defense of BT,VM ot TT, (i am totally against phorm) but VM my not be in a situation where it can get out of it without some phorm (sorry just had to do it) of compensation or pay off to phorm to break the contract, unless they can prove poor opt in (up take of the service), there must be a get out clause but it may be they are working towards it but can't say so publically

looking at history 121 media tried a similar product, its share price hit the floor and went back to the drawing board, rebranded to phorm and webwise was built

what gets me is why people are buying shares in a company that made a 10,000,000$ loss last year, which amounted to about 10% of turnover, and a 4,000,000$ loss the year before

i would be curious to see who dumped shares as the sh1t hit the fan and the share price started to fall, could anyone at phorm or bt etc have insider trading added to the list of charges

this just reminds me of the monty python parrot sketch, with bt complaining to phorm the product is dead and phorm saying "its not dead , just tired and shagged out after doing a big pile of sh1te" then at the end phorm offering bt another dead duck

Peter White

lies, damn lies and then there is PR

the smoke, mirrors, spin and finally BS have failed, now they are down to the bottom of the barrel with trying to make El Reg appear worse than them!!

news for you Phorm not a hope in hell

about time you gave up and went back to punting spyware and crudware

and we will block that as well

Peter White

central resources needed

what we need is a central location to keep all the issues, websites, email addresses and places to write to, to complain so we can maximise and co-ordiate everything against phorm, is anyone aware of a site or blog like this?

we also need standard letters that list the issue we are complaining about to the relevant recipient of the complaint,

one to each of the following


to register your position on phorm and specifically remove permission for them to profile your data or pass it via profiler

info commisioner

to register a complaint with regards to BT, VM, TT and Phorm potentially breaking RIPA and the DPA, even if the user opts in


general complaint, plus info on their comms to constituants and researchers web activity being profiled if using one of the 3 ISP's etc

home secretary

as it involves BT's breach of RIPA last year during trails of webwise, and potential breaches of RIPA and DPA in the future, and possibly the national security implications of governmet officials web activities being profiled etc


as it could involve european law, in particular human rights act, as right to privacy would be infringed

local press

make more people aware of the potential issues

bbc watchdog

as local press but more national coverage

have i missed anything??

Peter White

opt in security broken

look at the link


it shows how a dubious website can opt you in without your knowledge, using standard cross site request forgery techniques

so if you visit a site it can put an opt in cookie on your pc without your knowledge

then it is down to whether webwise process the opt out or opt in cookie first

hmm looking more dubious and less secure all the time

MPs pile pressure on ISPs over Phorm

Peter White

phorm opt-in broken

look at the link


it shows how a dubious website can opt you in without your knowledge, using standard cross site request forgery techniques

so if you visit a site it can put an opt in cookie on your pc without your knowledge

then it is down to whether webwise process the opt out or opt in cookie first

hmm looking more dubious and less secure all the time

Peter White

central resources

what we need is a central location to keep all the issues, websites, email addresses and places to write to, to complain so we can maximise and co-ordiate everything against phorm, is anyone aware of a site or blog like this?

we also need standard letters that list the issue we are complaining about to the relevant recipient of the complaint,

one to each of the following


to register your position on phorm and specifically remove permission for them to profile your data or pass it via profiler

info commisioner

to register a complaint with regards to BT, VM, TT and Phorm potentially breaking RIPA and the DPA, even if the user opts in


general complaint, plus info on their comms to constituants and researchers web activity being profiled if using one of the 3 ISP's etc

home secretary

as it involves BT's breach of RIPA last year during trails of webwise, and potential breaches of RIPA and DPA in the future, and possibly the national security implications of governmet officials web activities being profiled etc


as it could involve european law, in particular human rights act, as right to privacy would be infringed

local press

make more people aware of the potential issues

bbc watchdog

as local press but more national coverage

have i missed anything??

Peter White

important question

does BT have any plans of rolling phorm out OR profiling the traffic of ISP's that buy web access from BT and resell it under their own brands

if they were to do this by changing the T's & C's to the smaller ISP's would the smaller ISP then have to change their customer T's & C's or would it go through quietly until someone noticed?

this seems to be a point that has been missed

Peter White

come on phorm techies lets have a real tech seesion if you have the nerve

phorm techies would you like to answer the list below (honestly) if you can, without resorting to spin and rubbish

point by point would be good

let me guess, there will be no response as you are to chicken (cluck cluck!!!) to answer with facts

prove me wrong if you can !!!!

peter white

Let’s start with what appear to be facts

• Both the profiler and the Phorm server sit in the ISP data centre, (this apparently enables the ISP to legitimately claim no data leaves there network)

• The profiler is owned and run by the ISP (while this is correct, what isn’t made clear is that the code running on the profiler is supplied by Phorm and the ISP has no access to the source code, nor can they verify 100% what it is actually doing,)

• Parts of the code for WebWise were written by a group of programmers in Russia, allegedly from a team that Kent Ertugrul used to create his “People on Page” spyware several years ago

• Phorm are also in talks with Sky Broadband and Orange to push this product out to yet more users in the UK

• Adverts will appear “in frame” and not as pop ups, so pop up blockers will not stop them

• Part of the weighting as to which advert is displayed is the amount the advertiser is willing to pay, it is in effect an auction of advertising space which reduces the advertising relevance to which advertiser in a category is will to pay the most for your screen area. Look at Phorms website at http://www.phorm.com/oix/ad_networks.php to get the picture

• Phorm Inc. was previously known as 121Media who were allegedly involved in adware / root kits before changing their name to Phorm Inc. and creating WebWise

• The profiler has a list of webmail and other sites not to be profiled, BUT there are no tools to check if your favourite site is on this list or a means for webmasters to submit a site to be excluded from profiling

• Phorm have remote access to both servers, for support and software upgrades (it is unclear if only on invite only or if it is full unrestricted access)

• The code has not been independently verified to ensure it does ONLY what it says on the tin, Phorm are looking at this and will consider independent verification so long as it does not affect there intellectual property (fat chance and what happens if they change the code straight after ???)

• The information commissioners office is talking to both Phorm and the ISP’s about how WebWise affects privacy and how this is being addressed, a response has not yet been posted

• The foundation for information policy research have published an open letter ( available at http://www.fipr.org/080317icoletter.html )to the information commissioner office setting out exactly why they believe WebWise and Phorm is open to legal challenge under UK and European law, even down to section and paragraph level of the relevant acts they think it contravenes

Let’s now look at what appear to be grey areas

• Your pc is reduced to a random number in a cookie to protect privacy

o Random numbers as AOL found out do not guarantee privacy

o Phorm (we have to take their word for it) say the Phorm server can not recreate the link from the cookie to a user / IP ,

o External websites which have the Phorm placeholder in can access the cookie, so how long before people start trading this information?

o By using a cookie they can serve games adverts to your kids and DIY adverts to the adults,

o if they just used IP addresses they would not get such granular stats

so a cookie is better for their sales of advertising relevance not the user

• WebWise / Phorm may be illegal under the data protection act

• WebWise / Phorm may be illegal under the section 1 of RIPA as it is being argued it is in effect an illegal wire tap as both parties ( the user and webmaster of the website) need to give permission

• Anti Virus and Anti Spyware companies are considering whether to flag the WebWise cookies for removal, AVG have announced they won’t Trend have said they are reviewing the option of removing it so long as it does not automatically opt the user in, others have not made public statements yet

• (from phorms website, ISP FAQ page) http://www.phorm.com/about/faq.php?_faqs=10,11,12,13,14,15,16,17,18,19#isp

o Q. How does the OIX use ISP data?

o A. The OIX uses data from ISP pipes to upgrade the generic advertising on websites with more relevant ads. These ads will be viewed by that ISP's subscribers who are most likely to be looking for the advertised product or service based on keyword patterns in their browsing behaviour. (This seems to suggest that Phorm advert will replace some other advertisers adverts as well as sites with Phorm place holders)

• How can the ISP’s claim to store no identifiable data when the system has to track you to be able track you to build a database of relevant sites and categories over the last 14 days and then serve you the relevant adverts, you are identified by a unique number and a cookie can be accessed by a website

• BT (my ISP) always gives me a vague answer which is carefully worded about opted out traffic not being profiled, they will not give me a direct answer about “will my traffic pass through the profiler and can they guarantee it is not profiled but no adverts served” come on phorm or BT a straight answer please

• Phorm and the ISP’s say the profiler ignores data with @ sign and strings of numbers over 3 digits long to prevent emails address and credit card details accidentally being profiled, but the security code on the back of a credit card is 3 digits long so could be profiled

And finally questions for which there seems no answer at the moment

• Virgin Media’s logo has vanished from the WebWise front page? (Have they had a change of heart due to public opinion??)

• The list of items included and excluded from profiling seems to change depending on who you talk to at the ISP, a detailed list would be good

• How does the system distinguish between web browsing and an application such as word or open office which has a internet explorer agent embedded

• How often is the Phorm / profiler software updated or patched, who then checks on what has changed and verifies it still conforms to the relevant laws etc

• Do Phorm still profile opted out traffic but just not server adverts, this would enable them to harvest information like common search words etc they could then sell to advertisers at a premium price

• Is the traffic between the profiler and Phorm server encrypted, if it is even the ISP hosting the system can’t verify (even by packet sniffing) what data is transferred and therefore could not guarantee end user privacy.

• Where is the value add of the Webwise anti phishing (which is what most ISP’s are using to persuade users to opt-in) it is a duplicate of internet explorer 7’s service, it is also a function of most if not all internet security packages, so I see no value add (smoke, mirrors and spin to confuse the customer)

• Are the adverts stored on the Phorm server or does the Phorm server just redirect the users browser back out onto the web to pick the advert up from elsewhere

• If the Phorm server does redirect the browser out to an external website to collect the advert there is the possibility for an advertiser or Phorm to externally make the connection between IP address, cookie and any other data to identify the user

• If you block the cookie are you registered in the statistics as opted out? Or just not counted, thereby skewing the stats in Phorm’s favour when it comes to deciding if the trial was successful

• Why is there no list of OIX customers so we can see the sort of companies we will be getting adverts from? Is it because they are not relevant to the UK Market? Are they companies that do not want to be publically linked to Phorm?

• How are the ISP’s going to be paid, flat rate for allowing the service, number of adverts served, pay per click or a percentage of revenue generated. I realise this may be classed as commercial in confidence information but a general idea without the full commercial details would help

• Research and debug logs are able to be held on a “different system” for up to 14 days, what information is in these logs and on what other server will they be held???

• The data collected can not be accessed by the ISP, so how can they verify what data has been collected

• If Phorm do not store personal data about people why do the have a dataprotectionofficer@phorm.com email address and offer to tell you what information they hold about you and the option to have inaccuracies corrected for a reasonable fee?

One final question which is probably the most important of them all

Kent Ertugrul no doubt still has contacts who are on the dark side of the web, the placing of the profiler and phorm servers directly in the data stream at the ISP’s data centre gives them a access to an absolute gold mine of information that all sorts of people would pay millions for. What is to stop a patch being temporarily applied to harvest the wrong information, encrypt it and send it off somewhere into cyberspace.

joke alart as the jokers at phorm have not got the balls to answer honestly

Peter White

anyone noticed where http://bt.webwise.com is hosted ??

so much for no data leaving BT's network

see below

bt.webwise.com (at fast hosts) then redirects you to webwise.bt.com (if i am reading it correct a server in HOUSTON???)

does the BT core network extend to both of these sites??

this is where you turn on and off webwise (phorm) and it puts the cookies on


bt.webwise.com = [ ]

(Asked whois.godaddy.com:43 about webwise.com)


Phorm Inc

Registered through: GoDaddy.com Inc. http://www.godaddy.com

Domain Name: WEBWISE.COM

Domain servers in listed order:



For complete domain details go to: = [ server88-208-248-102.live-servers.net ]

(Asked whois.ripe.net:43 about

inetnum: -


descr: UK's largest web hosting company based in Gloucester

descr: England

country: GB

webwise.bt.com = [ ] = [ ]

(Asked whois.arin.net:43 about +

OrgName: ThePlanet.com Internet Services Inc.


Address: 315 Capitol

Address: Suite 205

City: Houston

StateProv: TX

PostalCode: 77002

Country: US

Peter White

best anology i can think of

best anology for a MP,

postman pat opening their snail mail, reading it and putting additional "relevant adverts" in then resealing it so they don't know and delivering it to the MP

the first they realise something is wrong is when they open there bank statement and find it full of adverts for another bank

good enough to get their attention???

Peter White

share prices

just looked at phorm, bt and vm share prices, all seem to be heading for the floor over the last month since the unrest started :-)

trouble is, the bright ones will wait til it is realy low then buy bt and vm shares and wait for the announcement they have canned phorm and make a killing when it rises again (they hope)

is it the pessants revolting or the revolting pessants???? depends which side of the fence you are on

Peter White

update required to earlyday motion

the earlyday motion needs to add that opted out traffic is not passed via the profilers as well, not just it is an opt in to web wise

Peter White

at last some action


questions in parliment, surely something has got to happen now

people,keep emailing the mp to ask how they would like emails to and from constituants being intercepted, and how can conversations be classed as private

The Guardian ditches Phorm

Peter White

would you trust del boy with the keys to a giant warehouse

what phorm (and BT) don't get is the idea a customer has to trust the ISP and any company they partner with

its a bit like employing del boy to be a stock controller of a giant warehouse and not expecting to see a few bits appearing on a stall at peckham market or offered for sale in the nags head

its a trust thing, people just do not trust PHORM and also rapidly losing trust in BT, VM and TT as well now

anyone know where i can buy some data????

Peter White

the real issue

Kent Ertugrul no doubt still has contacts who are on the dark side of the web, the placing of the profiler and phorm servers directly in the data stream at the ISP’s data centre gives them a access to an absolute gold mine of information that all sorts of people would pay millions for. What is to stop a patch being temporarily applied to harvest the wrong information, encrypt it and send it off somewhere into cyberspace.

That is the biggest fear most people will have, be it real or not

let me guess, phorm have said to bt etc, we are good boys now and would never do anything like that, honest guv