×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

EU Investigates Phorm's UK ISP Advertising System

timothy posted about 5 years ago | from the ebay-bids-from-cubicle-81773(d) dept.

Privacy 90

MJackson writes "The European Commission has opened an infringement proceeding against the UK after a series of complaints by Internet users, and extensive communication with UK authorities, about the use of Phorm's behavioural advertising system, which uses Deep Packet Inspection (DPI) technology, by internet service providers. Phorm works with UK ISPs to monitor what websites you visit for use in targeted advertising campaigns, though its methods have raised more than a few fears about invasions of privacy. Similar services in the USA have caused an equal level of controversy."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

90 comments

Google (2, Interesting)

b0ttle (1332811) | about 5 years ago | (#27571097)

Isn't that almost what google do?

Re:Google (-1, Offtopic)

BadAnalogyGuy (945258) | about 5 years ago | (#27571155)

Yes it's very similar to what Google does.

Re:Google (4, Insightful)

MindKata (957167) | about 5 years ago | (#27571445)

"Yes it's very similar to what Google does."

Businesses (like Google and Phorm) are mercilessly exploiting personal data on us all (for their own gain) to the point now its turning into a feeding frenzy and the law isn't changing fast enough to keep up and close down these relentless power grabs. (Also it is about power, as monitoring and profiling like this is a very powerful way to abuse so much information on so many people. Thats why governments also want to be part of this feeding frenzy for personal data, as they also gain by exploiting data on people for their own gain. Its also why they are very reluctant to make laws to ban such merciless exploitation. It takes time to force governments to listen to their people. In the mean time, businesses are showing they have utter contempt for peoples personal data.

Re:Google (1)

DJRumpy (1345787) | about 5 years ago | (#27577211)

Yes, but with Google, you willingly submit that information. With Deep Packet Inspection, you have no choice and no opt-out option.

The two scenarios are totally different cases of rape...

Re:Google (1)

sopssa (1498795) | about 5 years ago | (#27571163)

Its nice to know that some nerd in backroom on his bored hours can follow the urls where people have visited.

Re:Google (5, Insightful)

oobayly (1056050) | about 5 years ago | (#27571227)

Ah, the most common argument for Phorm.
Difference is that you can chose not to use Google. If your ISP decides to do this you'll be opted in by default, and every time you delete your cookies, you'll be opted in again. We're not even sure that by opting out makes your traffic bypass Phorm's servers.

What's even worse is that the tax payer will pay the fine, not BT & Phorm. As usual the Criminal Protection Service, ahem Crown Prosecution Service has fucked the general public in favour of keeping Ministers friends on-side.

Sad this is that Brussels is better at looking out for us than Westminster.

Re:Google (1)

Rogerborg (306625) | about 5 years ago | (#27571749)

Also, I'd lay good money that attempting to opt out of Phorm will get you put on a Watch List. I mean, if you don't intend to do anything wrong, what have you got to hide?

Re:Google (0)

Anonymous Coward | about 5 years ago | (#27573629)

"if you don't intend to do anything wrong, what have you got to hide?"

Try reading this, then say that again. Everyone has something to fear from this and its why Phorm style spying on everyone needs to be stopped before it spreads to every country...
http://yro.slashdot.org/comments.pl?sid=989785&cid=25306989 [slashdot.org]

Re:Google (1)

bombastinator (812664) | about 5 years ago | (#27572671)

You can choose not to use google in much the same way as you can choose not to be bitten by mosquitoes in the middle of the Minnesota woods.

You are free to swat at will. You may occasionally miss, You can wear bug repellant but it is imperfect and tends to wear off. You may be unable to swat at all. On many systems (such as say my treo 680) because the script and cookie handling functions are not advanced enough to be able to do more than simple global on/off you are more or less stuck with it. Almost everything I use on the internet requires scripts/cookies these days. Even with firefox+noscript/cookiesafe google has an annoying habit of staying on unless specifically killed every time.

In the end if you walk into the woods you get bit. The only question is how often.

Re:Google (1)

onedotzero (926558) | about 5 years ago | (#27572795)

Or, you could add the known Google advertising URLs to your hosts file, with the added benefit of adwords javascript not loading at all. Personally I do this as well as block cookies from the google.com domains.

Re:Google (1)

bombastinator (812664) | about 5 years ago | (#27573047)

and you do this on a treo 680 running t-moblle how?

Re:Google (1)

onedotzero (926558) | about 5 years ago | (#27573981)

Well, to be fair, your Treo was just an example you gave. Do you use Firefox, NoScript and Cookiesafe on your Treo?

Re:Google (0)

Anonymous Coward | about 5 years ago | (#27583631)

Use a different phone/palmtop/whatever and stop constructing contrived examples in a pathetic attempt to "prove" you're "right"?

Re:Google (5, Insightful)

AmiMoJo (196126) | about 5 years ago | (#27573653)

Someone should go to jail for this, but no-one will.

Someone should go to jail over the guy being shoved, beaten and eventually dying near the G20 protests, but no-one will.

Someone should go to jail over the Jean Charles De Menezes murder, but no-one will.

Someone should go to jail over the various rail crashes due to poor maintenance or negligence, but no-one will.

Someone should go to jail over the war started on the basis of a dossier compiled from plagiarised articles on the internet, but no-one will.

The list goes on, but somehow no-one in a position of responsibility is ever responsible.

Ian Tomlinson (1)

PSdiE (643639) | about 5 years ago | (#27605451)

Ian Tomlinson was pushed to the ground by a police officer after strolling into the scene of the biggest violent protest in recent London history. He died of a pre-existing heart condition soon after, likely caused by the stress of the incident - this was tragic, and the officer involved should feel guilt at his actions.

However, where the hell do you get that he was "beaten"?! It helps no one to muddy the facts.

I was going to moan about the description of De Menezes death as "murder" based on my understanding of the circumstances (terror suspect running from police on day of bombing), but I've just read Wikipedia's coverage [wikipedia.org] of the evidence. Bloody hell, that really was a scary cock-up, even if it's difficult to hold one individual culpable.

Re:Google (1)

Patch86 (1465427) | about 5 years ago | (#27600277)

Sad this is that Brussels is better at looking out for us than Westminster.

You say that like it's a strange thing. The politicians at Brussels are just the same as the politicians in Westminster, just with different friends and different interests.

Where one fails, the other might do us a service.

Re:Google (2, Informative)

onion2k (203094) | about 5 years ago | (#27571491)

With Google you can block it by switching off cookies if you don't trust Google's opt out option. With DPI at the ISP level you can't. You have no control over what they're monitoring (save for doing something like using an encrypted tunnel to a proxy outside of the ISPs view). That's a pretty significant difference.

Re:Google (1)

L4t3r4lu5 (1216702) | about 5 years ago | (#27571845)

You have no control over what they're monitoring (save for doing something like using an encrypted tunnel to a proxy outside of the ISPs view). That's a pretty significant difference.

I don't use TPB for torrents, but i'll certainly use their IPREDator VPN service to get around this.

Re:Google (5, Informative)

arkhan_jg (618674) | about 5 years ago | (#27571633)

Google only records what information you give them when you use their services directly; when you search on google or use gmail or the like. The EULA for the service explains what is done with your data. This is explicitly allowed under the Data Protection Act (as it should be - otherwise apache logs would be illegal!) once you leave their site though, the logging ends.

Phorm collects detailed information on all your browsing traffic without your knowledge or consent, and then shares it with third parties, again without your knowledge or consent - take the BT trial, where people didn't even know it was running, let alone opt-in.

There's a good argument that Phorm breaches the Regulation of Investigatory Powers act here; as a non-governmental body (i.e. not specifically authorised to intercept traffic) they don't have the right to intercept and record the traffic of users without it being explicitly opt-in - it can even be argued that such recording requires the opt-in of both parties, i.e. the websites that people visit need to agree too.

Depending on what they do with the data specifically, and who it gets passed to, they may well be in breach of the Data Protection Act too.

ISPs have to record certain communications information under the Interception Modernisation Program, to be provided upon request to local and national governmental bodies. Phorm definitely doesn't qualify under that either.

Re:Google (1)

daveime (1253762) | about 5 years ago | (#27576231)

Only if "using their service directly" includes loading doubleclick* and google* cookies, and the gs.js javascript tracking system, which you have no control over unless you actually install some kind of blocking mechanism on your browser. And bearing in mind that these two tracking devices are included on just about every major website in the world ?

They have records of probably everywhere you visit, not just when you make a search on google.com.

Re:Google (1)

jesset77 (759149) | about 5 years ago | (#27578235)

On top of the ads don't forget their nearly ubiquitus "Google Analytics" feature that so many website silently use these days.

After Google's recent behavioral tracking push, they warned me via email that I would need to update one of MY WEBSITE'S privacy policies [blogspot.com] to avoid legal liability following their new improprieties.

Now I use Adblock and a peppering of few other measures to resist profiling.

Oh so now it's controversial? (2, Insightful)

Anonymous Coward | about 5 years ago | (#27571341)

Don't get me wrong, I am completely against Phorm's practices. But it seems like it's completely ok for the government and the EU to question companies and individuals about this kind of practice. But when it comes to individuals asking the government about wiretapping etc. it's a completely different thing?
 
I'm sorry, I know the government is just trying to protect our kids from those drug-dealing maffia-involved sexual predator terrorists.

Re:Oh so now it's controversial? (1)

Red Flayer (890720) | about 5 years ago | (#27571489)

I'm sorry, I know the government is just trying to protect our kids from those drug-dealing maffia-involved sexual predator terrorists.

FTS:

about the use of Phorm's behavioural advertising system, which uses ... [DPI] technology, by internet service providers.

I'm sorry, I just have a problem with a company called Phorm using DPI. Phorm is obviously short for chloroform, which is used by the sexual predators to abduct our childrens.

DPI probably involves two predators, if the "DP" part of that is what I think it is. It sure as hell doesn't mean dots-per-inch.

Based upon this irrefutable logic, we should consider Phorm to be predators, and thus make any of their technology illegal -- in the UK, in Europe, and in the US.

Re:Oh so now it's controversial? (1)

Paul Pierce (739303) | about 5 years ago | (#27571549)

FTA: "However interception is considered to be lawful when the interceptor has "reasonable grounds for believing" that consent has been given."

I think the European Commission should win this even though the ISP will probably argue that consent has been given (small print they put somewhere).

I agree with the government comment - the government will probably say well anyone that lives here gives us consent - says us.

Re:Oh so now it's controversial? (1)

L4t3r4lu5 (1216702) | about 5 years ago | (#27571943)

Would changing the user-agent of my browser to I-DO-NOT-CONSENT-TO-PHORM-PROFILING count as not giving consent?

Re:Oh so now it's controversial? (0)

Anonymous Coward | about 5 years ago | (#27575817)

When the situation is as follows:

  1. You have known, since even before the web existed, that communications on the internet can have a very arbitrary path and are pretty much guaranteed to sometimes pass through systems and networks, perhaps even legal jurisdictions, who have no accountability at all to you.
  2. PGP came out in 1991(?). HTTPS has been mainstream since the mid 1990s. The RSA patent expired in 2003, and there were unpatented PK systems before even that. Cryptography is very mature, not even slightly leading edge, it has been that way since before Phorm existed, and there's no reason it shouldn't be the default way for most people to communicate normally. Encrypting is best practices, and it's assumed to be normal practices whenever you have a private message. Signing is best practices, and assumed to be normal practices whenever you want something to not be modified.

then one might say that whenever you send plaintext on the internet, neither encrypting nor signing, that you implicitly consent to anyone reading or modifying it.

If someone tosses a message in a bottle into the sea, hoping that it eventually gets where they want it to, then it's pretty ridiculous for them to complain that someone opened it, read it, wrote some other stuff on it, and then tossed it back into the sea.

It is so trivial to opt out of Phorm, that not doing so is indistinguishable from opting in.

Re:Oh so now it's controversial? (1)

91degrees (207121) | about 5 years ago | (#27571901)

But it seems like it's completely ok for the government and the EU to question companies and individuals about this kind of practice. But when it comes to individuals asking the government about wiretapping etc. it's a completely different thing?

The key difference is that we elect the government.

Phorm according to the BBC (2, Informative)

auric_dude (610172) | about 5 years ago | (#27571441)

The BBC has potted history of Phorm & BT's actions in the UK. http://news.bbc.co.uk/1/hi/technology/7619297.stm [bbc.co.uk] http://news.bbc.co.uk/1/hi/technology/7959099.stm [bbc.co.uk] http://news.bbc.co.uk/1/hi/technology/7988154.stm [bbc.co.uk] http://news.bbc.co.uk/1/hi/technology/7998009.stm [bbc.co.uk] and on top of that my ISP has stated that they will not use Phorm or anything Phorm like.

Horrible implications (4, Insightful)

tygerstripes (832644) | about 5 years ago | (#27571501)

Allowing Phorm to do their thing has awful consequences. We're already in the process of having every phone call, text and email logged in a massive "just looking for terrorists, nothing to worry about" database.

Once a private company is able to execute DPI without your explicit consent, purely for profit, what's to stop the government from doing the same "for everyone's protection"? Surely that's a more worthy abuse of your right to privacy...?

Slippery slope? We're about to hit bottom, ladies & gentlemen.

Re:Horrible implications (0)

Anonymous Coward | about 5 years ago | (#27571839)

Once a private company is able to execute DPI without your explicit consent, purely for profit, what's to stop the government from doing the same "for everyone's protection"?

And that's why the UK government have no major issues with Phorm. UKGOV will want to do the same thing as soon as Phorm is 'accepted' by the UK Internet populous.

Invasions of privacy? Is that a new thing? (1)

MikeOtl67of (1503531) | about 5 years ago | (#27571557)

Fearing invasions of privacy is dated 1948 when Orwell wrote his most famous book. There are even other examples before. Is it now not too late? Otherwise we should roll back Google, Facebook and a lot of other daily friends.

Re:Invasions of privacy? Is that a new thing? (1)

L4t3r4lu5 (1216702) | about 5 years ago | (#27571997)

You can choose not to use Google, Facebook, and other "social networking" sites. Good luck ensuring your data isn't profiled by servers hosted at your ISP, though.

If Tor were faster, I'd use that. In the absence, VPN out of the country will do.

Investigate what? (1)

Wowsers (1151731) | about 5 years ago | (#27571613)

The UK government are with the whipped ISP's collusion, intercepting all websites anyone visits for their log files to prove you're a "terrorist" (by whatever convenient definition they used for terrorist yesterday or decided on today or tomorrow). Phorm are intercepting all your web traffic and serving up different advertising content.

How long before the two join forces and your web pages you looked for are re-written on the fly by the government for more favourable coverage, and to kill off opposition?

The EU is really the EUSSR / Moscow 2.0. The EU are too asking European Internet service providers to log everything. Europe is not free, they just pretend they are fighting for the consumer of the UK, the people with ISP's that have or will use Phorm, but they are all in collusion with each other to snuff out opposition.

The Internet is under attack because of the power of people who can search for what they want, and bypass the whipped and paid for traditional media serving up biased news (BBC bias springs to mind).

Re:Investigate what? (1, Interesting)

Anonymous Coward | about 5 years ago | (#27574329)

This is how the EU works.

They create problems to which they are the solution. In this case the problem is the EU Data Retention Directive 2006. As faithful servants of the EU, the UK government have implemented this in such a way that the 'national' government looks like the bad guy. The European commission come along and say 'Now that's not very nice. We're going to use soft power on you (fines, news stories to the people so so everyone thinks yay EU, etc).

The EU pulled the same trick countless times to grab power, most recently with the British postal service, Royal Mail. The news was full of stories about Peter Mandelson (EUrocrat) saying RM would have to be part privatised as it wasn't profitable any more, etc. The truth is quite different.

In 1997 EU directive 97/67/EC introduced the EU-wide postal service which obviously clashes with the Royal Mail. Initially it allowed German firms TNT and DHL to cherry pick Royal Mail's profitable areas.

Directive 2002/39/EC gave yet more of Royal Mail's profitable business to private companies, and article 14 of this directive has 2009 as the year to complete the EU wide postal service. Like clockwork Mandleson appears on the scene in 2009 to start the sell off.

It's all a con. National identity is to be wiped out for the EUSSR to take over every country in Europe, and every national government is part of the treason.

Re:Investigate what? (1)

swjenner (1133629) | about 5 years ago | (#27582673)

This is how the EU works.

They create problems to which they are the solution. In this case the problem is the EU Data Retention Directive 2006. As faithful servants of the EU, the UK government have implemented this in such a way that the 'national' government looks like the bad guy. The European commission come along and say 'Now that's not very nice. We're going to use soft power on you (fines, news stories to the people so so everyone thinks yay EU, etc).

The EU pulled the same trick countless times to grab power, most recently with the British postal service, Royal Mail. The news was full of stories about Peter Mandelson (EUrocrat) saying RM would have to be part privatised as it wasn't profitable any more, etc. The truth is quite different.

In 1997 EU directive 97/67/EC introduced the EU-wide postal service which obviously clashes with the Royal Mail. Initially it allowed German firms TNT and DHL to cherry pick Royal Mail's profitable areas.

Directive 2002/39/EC gave yet more of Royal Mail's profitable business to private companies, and article 14 of this directive has 2009 as the year to complete the EU wide postal service. Like clockwork Mandleson appears on the scene in 2009 to start the sell off.

It's all a con. National identity is to be wiped out for the EUSSR to take over every country in Europe, and every national government is part of the treason.

This poster knows what he is talking about!! At the heart of everything that is wrong with the UK is the dead hand of the European Commission giving our corrupt politicians the opportunity to goldplate some invasive buch of drivel.

just out of curiosity (1)

markusre (1521371) | about 5 years ago | (#27571711)

what about taking counter measures like producing senseless traffic? most people (at least the kind of ppl i know) do have a 6-16mbit connection. it shouldnt be too hard to script a spider that just gets page after page from random servers. or to avoid punishing innocent hosters with useless traffic just let it get pages from the isps using phorm.

Re:just out of curiosity (0)

Anonymous Coward | about 5 years ago | (#27584953)

If you do this for long enough, some of those random pages will probably happen to point to sites on the IWF blacklist. Your attempts to access them will lead to (at least) your computer equiuptment being seized for a search for illegal material. On the other hand, if you repeatedly access pages from particular ISPs, you'll probably be done for attempted Denial or Service. Meanwhile the relatively small amount of random activity a few people might generate will have no impact at all on the overall situation.

Repeat after me .... (1)

Archangel Michael (180766) | about 5 years ago | (#27571719)

The INTERNET isn't private. It is PUBLIC. What you do on the internet, what sites you go to, what you look at, what you listen to, what you do, what information you send, what you receive is ALL PUBLIC.

You want privacy? Encrypt everything you don't want anyone else to see. And you better trust the person on the other end to keep your info private, and good luck with that.

Re:Repeat after me .... (1)

drinkypoo (153816) | about 5 years ago | (#27571875)

The INTERNET isn't private. It is PUBLIC. What you do on the internet, what sites you go to, what you look at, what you listen to, what you do, what information you send, what you receive is ALL PUBLIC.

If the people want privacy, they'll pass laws "protecting" it. All this really does is raise the bar for those who would violate your privacy, but that does indeed promote privacy for the majority of the population, which is the best you can ever really do without violating one's right to liberty.

Re:Repeat after me .... (1)

Archangel Michael (180766) | about 5 years ago | (#27572241)

Nothing like promoting a false sense of security. We don't need more laws protecting stupid people from being stupid. If people don't understand the consequences of their actions why should that affect me and what I choose to do?

We can write all the laws we want to protect people from getting burned, but the reality is, that gas and matches are dangerous.

Re:Repeat after me .... (0)

Anonymous Coward | about 5 years ago | (#27572399)

There's an expectation of privacy at the carrier level, otherwise we wouldn't have laws against unauthorised interception of communications. Phorm say they'll honour robots.txt yet it's not applicable since they're directly intercepting user sessions -- distinctly not publicly availiable content.

Unless the entire world migrates to IPv6 overnight, SSL isn't a realistic solution for the majority of web sites. Even then, I get the impression that Phorm and BT wouldn't want to pay for the migration and it's only to avoid their snooping I'd bother. Add to that the fact that with their flagrant disregard for the law and internet standards, these fuckers probably wouldn't think twice about forcing users onto MITM SSL proxys.

Don't repeat after parent (2)

whoever57 (658626) | about 5 years ago | (#27572981)

The INTERNET isn't private. It is PUBLIC. What you do on the internet, what sites you go to, what you look at, what you listen to, what you do, what information you send, what you receive is ALL PUBLIC.

You are arguing a false dichotomy here. While it may be true to say that the Internet is not private, it is not public either. Public means that anyone can gain access to your Internet activity. I cannot see what websites you visit -- only your ISP can see that and a subset of your Internet activity can be seen by other entities that carry the packets to/from the websites you visit.
As has been said before, the nearest real life equivalent is sending postcards, and I don't think people consider postcards to be public -- just not private.

Re:Repeat after me .... (1)

ObsessiveMathsFreak (773371) | about 5 years ago | (#27573043)

The INTERNET isn't private. It is PUBLIC. What you do on the internet, what sites you go to, what you look at, what you listen to, what you do, what information you send, what you receive is ALL PUBLIC.

That's news to me. I haven't a blind brass notion of what anyone else is doing online. In fact, I don't even know how I would go about finding out.

Doesn't sound very public to me.

Re:Repeat after me .... (1)

jonbryce (703250) | about 5 years ago | (#27574859)

Walking around the streets is PUBLIC. But if some person follows you around to note which shops you visit, and then uses this information to put billboards in front of your face as you walk around, that's stalking, and is illegal.

Google actually has consent... (2, Insightful)

nweaver (113078) | about 5 years ago | (#27571723)

The big difference between Phorm and Google is Google has consent of the WEB SITES.

Neither really have "user" consent, but Google will only track you on pages which are either hosted by Google itself or derive content from Google (adwords, analytics), which specifically excludes porn etc.

Thus although both have the same objective, they have vastly different mechanisms and Google does have one-party consent, vs Phorm's no-party consent.

Re:Google actually has consent... (1)

whoever57 (658626) | about 5 years ago | (#27573013)

The big difference between Phorm and Google is Google has consent of the WEB SITES.

Neither really have "user" consent,

One can argue that Google has implicit consent. Nothing is forcing me to use Google's services. I could use alternative search engines, etc.. Phorm, on the other hand, the only way to opt out is to use a different ISP.

Actually, you can't... (1)

nweaver (113078) | about 5 years ago | (#27573431)

Actually, you can't without serious browser hackery:

Its not google recording your searches that are your problem, its that EVERY page with Google Analytics or AdWords or Doublclick on it tells google what you are viewing.

Re:Actually, you can't... (0)

Anonymous Coward | about 5 years ago | (#27578713)

I'd hardly call it serious browser hackery, that phrase overplays the difficulty of blocking the monitoring, the easiest way is add a few entries to your hosts file. On the other hand you can't block Phorm's monitoring without using a secure proxy or a VPN because they monitor at the ISP level.

Re:Google actually has consent... (1)

Caetel (1057316) | about 5 years ago | (#27581549)

And in the case of Adsense, Analytics or Doubleclick? The average person has absolutely no way of knowing whether a page contains those before it loads.

Looking at it that way, at least you have the option to move to another ISP with Phorm.

Vote with you feet (1)

Mercodus (413585) | about 5 years ago | (#27571833)

The answer is simple really... if your ISP is involved with Phorm then move to one that isn't. The more people that leave the ISP will [hopefully] make them reconsider their involement with Phorm.

Re:Vote with you feet (1)

u38cg (607297) | about 5 years ago | (#27572827)

Agreed with this. BT tried selling me net service, and I told them outright that they would never be considered again due to Phorm. The guy didn't sound surprised.

I wrote to my MP... (4, Interesting)

mccalli (323026) | about 5 years ago | (#27571879)

Quite some time ago, i wrote to my local MP regarding this. Specifically, I asked him to back an early day motion opposing Phorm (The Register were running the details at the time).

He wrote back saying that many people didn't realise exactly how the system worked and that supporting this motion would do no real good, but that instead he would question the Cabinet directly. As a result, some time later I had a reply from the Cabinet Minister under whose remit this fell.

And that reply was awful.

Essentially it was Phorm's press release. Not even regurgitated - the documents were straight from Phorm. There was clearly no understanding from the Minister involved what was actually being proposed, and the whole attitude smacked of "there there little one, look - the nice company here has promised they're not doing anything wrong". They'd clearly never even really considered it properly. The Information Commission too was at that time pushing the notion nothing was wrong, a stance they've clearly had to back-pedal on in the face of the E.U. pressure.

Next time I think I'll cut out the middle man and go to the Commission directly. Says nothing good about the state of our democracy, does it? An unelected quango in the Commission does the investigative work, whereas the actual democratic representatives completely ignore voter's enquiries and fob them off with press releases.

Mind you, well done to my local MP for taking the correct action in getting me a response from literally the highest level available on the subject in the UK.

Cheers,
Ian

Re:I wrote to my MP... (1)

whoever57 (658626) | about 5 years ago | (#27573133)

Mind you, well done to my local MP for taking the correct action in getting me a response from literally the highest level available on the subject in the UK.

Was it the correct action? I don't see what it achieved. Perhaps a successful early day motion would have made the relevent minister do a little more research. Frankly, it sounds like your MP just passed the buck.

Re:I wrote to my MP... (1)

arkhan_jg (618674) | about 5 years ago | (#27576097)

I think that was traditional british sarcasm at the MP going to the body with the most knowledge on Phorm for an answer - Phorm itself.

Reminds me of a tech support joke:

There's a man hovering over a field in a hot-air balloon. He spys another man walking down below, and calls out:
'Hello there - I don't suppose you can tell me where I am? I'm lost!'
The reply is shouted back,
'Why yes - you're floating in a hot-air balloon above a field of corn.'
The man, somewhat disgruntled, shouts back,
'Let me guess - you work in tech support. Your answer was absolutely technically correct, but utterly useless to me.'
The man below yells back,
'And you must be in management - you don't know where you are, or where you're going, but now it's my fault.'

Re:I wrote to my MP... (0)

Anonymous Coward | about 5 years ago | (#27573567)

I wrote to the EU Commission directly. They came back with a very good, clean response.

Re:I wrote to my MP... (0)

Anonymous Coward | about 5 years ago | (#27583511)

The attraction of Phorm to a government is that it adds a snooping layer between the ISP and the users. Make this "service" mandatory for all ISPs. and you have control of the Internet from one place.

A cycnic would say that Phorm is in the government's control, perhaps a government agency. Who knows?

Reality (1)

cdrguru (88047) | about 5 years ago | (#27571925)

Nobody likes advertising. The world would be a better place with out it, completely. No more billboards cluttering up highways and ghetto streets. No more web banners for porn on children's sites.

Is there anyone that doesn't agree? OK, except people getting paid for advertising.

So it's settled then. No more advertising and we'll all be happy.

Re:Reality (2)

jeremyp (130771) | about 5 years ago | (#27572429)

As long as you understand that most of the "free" services on the Internet e.g. Google are funded by advertising. No advertising, no search engines, no free web mail, no Sourceforge etc etc etc.

gn44 (-1, Offtopic)

Anonymous Coward | about 5 years ago | (#27572025)

the project arrogWance was

Now they can be held liable for content? (2, Interesting)

British (51765) | about 5 years ago | (#27572357)

If this ISP is doing what it does with advertising injection, are they now officially liable for any illegal content sent through it? I know it's not in the USA, but it seems to me if you have your hand in the content delivery(web data, and so forth), the ISP could be sued for pirated mp3s, illegal content, etc.

Re:Now they can be held liable for content? (1)

jonbryce (703250) | about 5 years ago | (#27574929)

As I understand it, the ads appear on pages where the site owner has chosen to use phorm for their ads, rather than for example doubleclick or google adwords. But the difference is that phorm will display ads based on the profile it gets from BT, Talk Talk or Virgin.

AOL UK is owned by Carphone Warehouse who also own Talk Talk. Anyone know if AOL is involved in this?

As the owner of a website funded by adverts (4, Informative)

buro9 (633210) | about 5 years ago | (#27572509)

I'm extremely concerned by Phorm.

Effectively it gives the ISP the ability to remove the adverts that fund 60% of our costs and replace them with adverts for which they would receive the entire revenue stream.

My site is funded by adverts (60%) merchandise (30%) and donations (10%).

I'm fairly sure that the community would step up and purchase more stuff and donate more, but I don't think it's realistic that this could be sustained, whereas the advertising revenue is reasonably constant.

I believe that if Phorm becomes ubiquitous that I would have to question seriously how to find the website, and would probably have to remove all adverts and to seek to have the costs covered exclusively through other means. As I'm unsure of the feasibility of this, I would have to say that in my case the loss of that revenue would threaten my ability to continue running the site, especially under the risk of redundancy in the near/mid future.

I've already implemented the Phorm opt-out cookies, and written to my local MP (who couldn't care less from the generic response I got), so it's great to see the EU step up where the UK seems to have failed.

Re:As the owner of a website funded by adverts (1)

Blue Stone (582566) | about 5 years ago | (#27572895)

This is a relatively common misunderstanding of what Phorm does.

Phorm does NOT replace adverts on websites, it only places adverts where a website owner has signed up for Phorm as an advert provider, it then uses its spying data to decide which adverts are provided to which visitor.

So you have nothing to worry on that account.

Phorm is an evil, but it's not that kind of evil.

Re:As the owner of a website funded by adverts (1)

John Hasler (414242) | about 5 years ago | (#27573527)

> Phorm does NOT replace adverts on websites...

Yet.

Re:As the owner of a website funded by adverts (0)

Anonymous Coward | about 5 years ago | (#27585139)

And it won't, without permission. Because that would be an instant recipe for a flurry of lawsuits and injunctions from all the businesses whose websites were being interfered with and whose paid adverts were being wiped out. Those businesses, some indivdually and the others collectively, would have more money, political clout and lawyers by a massive factor than Phorm and its allies. How do you think (say) Disney would react to having their websites altered? Or Microsoft to having their ads replaced with those of another company?
I suppose if Phorm got the overwhelming majority of large companies to sign up to their service, it might get away with it. But why should very large companies effectively allow themselves to be bullied by small fry like Phorm, especially when Phorm will also be in bed with their most deadly rivals?
They may get away with violating 'consumer' rights; when it comes to big companies, they'd get squished.

Re:As the owner of a website funded by adverts (1)

arkhan_jg (618674) | about 5 years ago | (#27573253)

While it's indeed worrying what phorm means for privacy and the ability of third parties to snoop on our traffic without our knowledge, I don't think what you're worrying about is the problem.

Phorm doesn't replace adverts already in place on websites. What it does do is this:

User A goes to website W.
Phorm listens in on this, records it and classifies that user as a website-W sort of person - phorm pays your ISP to let them do this.

User A goes to website X. They have phorm-supplied ad bars. User A now sees an advert, on site X, intended to appeal to website-W sort of people, so that User A is more likely to click on it and give website X their kickback for the clickthrough.

User B sits down at the keyboard afterwards, and visits website Y with phorm ad bars. They get adverts based upon websites W and X, and get a nasty surprise based upon user A's interesting hobbies.

User B then goes to website Z, with normal ad-bars, and gets their website-Z approved adverts as usual.

User A comes back, and gets adverts based upon websites X,Y and Z and also gets a bit of a surprise.

User's A and B have their privacy violated, websites X and Y, with their targeted adverts, get more clickthroughs, and phorm makes a crapton of money as the middleman, website Z sobs at their low clickthroughs with ordinary ads and buys phorm advert bars.

This is the pernicious thing; it's targeted advertising based upon your whole browsing history, so that if you go to golf sites a lot, you'll start seeing a lot more golf adverts, even on non-golf sites. Or horse porn adverts, if that's what your other family members get up to.

Opting-out is done on a per-browser per-machine cookie basis; and even if you opt-out, your data still passes through phorm's systems, they just 'don't act on it'. That plus the trials they did at BT without telling anybody about them is frankly disgusting.

Re:As the owner of a website funded by adverts (1)

John Hasler (414242) | about 5 years ago | (#27573615)

> Phorm listens in on this, records it and classifies that user as a website-W sort of
> person - phorm pays your ISP to let them do this.

Why doesn't it pay the user?

> Or horse porn adverts, if that's what your other family members get up to.

Why doesn't each of your family members have a seperate account on the machine?

Re:As the owner of a website funded by adverts (1)

arkhan_jg (618674) | about 5 years ago | (#27574583)

Why doesn't it pay the user?

Because the users are a commodity for the ISP to sell to advertisers. What, you thought this was for YOUR benefit?

Why doesn't each of your family members have a seperate account on the machine?
AFAIK from previous statements, it doesn't use a local browser cookie for tracking (too easy to mess with), only for opt-out - I believe it's based upon IP/mac address outbound; if you're all behind a single NAT router, it'll combine you all together.

Hey, I didn't design the thing.

Re:As the owner of a website funded by adverts (2, Insightful)

whoever57 (658626) | about 5 years ago | (#27575201)

AFAIK from previous statements, it doesn't use a local browser cookie for tracking (too easy to mess with), only for opt-out - I believe it's based upon IP/mac address outbound; if you're all behind a single NAT router, it'll combine you all together.

Firstly, we should all remember that what is known about Phorm comes from Phorme's employees and they have not been models of accuracy and full disclosure.

But the use described opt-out mechanism implies that people will have to keep opting out. IP addresses: what happens when your IP address changes? You have to opt out again? MAC addresses? Not seen past the first router. Why use a cookie? Cookies can't be used for a total opt-out, since they require the tracking mechanism to interact with the PC -- in other words, the web traffic has to be redirected to Phorm so that Phorm can check the cookie.

My guess is that, even with an opt-out mechanism, Phorm will make it sufficiently intrusive to opt-out so that people will eventually tire of opting out and will find themselves opted-in.

Re:As the owner of a website funded by adverts (2, Informative)

arkhan_jg (618674) | about 5 years ago | (#27575599)

Opting out is done via browser based cookie according to the ISPs that have implemented it so far. Every single browser you use on every single pc on every single account will have to be opted out manually, and re-opted out every time with changes.

*All* webtraffic you send via your ISP (that's not say, in a vpn) will go through phorm's systems at the ISP, overhead and all. If there's an opt-out cookie set, they suppposedly ignore that traffic for classification purposes. They also supposedly ignore personally identifiable information like bank websites, but that's bound to have flaws.

My guess is that, even with an opt-out mechanism, Phorm will make it sufficiently intrusive to opt-out so that people will eventually tire of opting out and will find themselves opted-in.

Yes, I believe that's the idea.

Here's [wikipedia.org] the diagram of how phorm supposedly works, by basically masquerading as the website you actually want.

Note, the UID assigned to you does not come from a local cookie in the initial request - it's assigned by phorm. They then give you a tracking cookie based on your UID or the opt-out cookie, process the request and dump it to the profiler (where it's used or not based upon the opt-out) then remove the tracking cookie at the end. Next request, they give you a new tracking cookie based upon your phorm ID - the phorm ID itself is assigned outside the cookie mechanism, so can't be user account/browser based.

Re:As the owner of a website funded by adverts (1)

jonbryce (703250) | about 5 years ago | (#27575001)

Phorm doesn't know which machine account you are using, or even which machine you are using. It just knows what traffic is going down the phoneline.

So if you have one person in the house looking at horse porn, and his daughter looking at OMG Ponies! sites, it can't tell them apart.

Re:As the owner of a website funded by adverts (1)

MightyMartian (840721) | about 5 years ago | (#27574109)

Sounds like it's time for encrypted VPN. If I was subscribed to one of these ISPs, and couldn't find an alternative, that's what I'd be doing. It would slow things down a bit, unfortunately.

Re:As the owner of a website funded by adverts (0)

Anonymous Coward | about 5 years ago | (#27574157)

This is how the EU works.

The EU create a problem to which they are the solution. In this case the problem is the EU Data Retention Directive 2006. As faithful servants of the EU, the UK government have implemented this in such a way that the 'national' government looks like the bad guy. The European commission come along and say 'Now that's not very nice. We're going to use soft power on you (fines, news stories to the people so so everyone thinks yay EU, etc).

The EU pulled the same trick countless times to grab power, most recently with the British postal service, Royal Mail. The news was full of stories about Peter Mandelson (EUrocrat) saying RM would have to be part privatised as it wasn't profitable any more, etc. The truth is quite different.

In 1997 EU directive 97/67/EC introduced the EU-wide postal service which obviously clashes with the Royal Mail. Initially it allowed German firms TNT and DHL to cherry pick Royal Mail's profitable areas.

Directive 2002/39/EC gave yet more of Royal Mail's profitable business to private companies, and article 14 of this directive has 2009 as the year to complete the EU wide postal service. Like clockwork Mandleson appears on the scene in 2009 to start the sell off.

It's all a con. National identity is to be wiped out for the EUSSR to take over every country in Europe, and every national government is part of the treason.

switch to ssl (0)

Anonymous Coward | about 5 years ago | (#27576435)

If you are so concerned, do yourself and your users a favour and switch to https. All website owners should do it.

If only Phorm really replaced website owners ads (it does not), then they would be much more willing to switch to https. As it is now the hurt is only for the users so there is not enough incentive for the website owners to make the switch.

Re:switch to ssl (0)

Anonymous Coward | about 5 years ago | (#27578891)

How would https help? Phorm will still get the URL and could request the pages themselves if they need to see the content and it isn't unique to the user.

Get an ISP with no Phorm (1)

shin0r (208259) | about 5 years ago | (#27572601)

Here we go again:

Unlimited connections on static IPs. Secure VPN exit in Switzerland. No download or upload limits. No content filtering. No port blocking. No packet shaping. No transparent web caches. No fair usage policy. No Phorm. No IWF. No censorship. No small print. No call centres. No lock in period.

I'll get me coat.

Re:Get an ISP with no Phorm (1)

daybot (911557) | about 5 years ago | (#27574447)

Unfortunately, Super Awesome Broadband would be Super Slow Narrowband where I live - i.e. in a city, but unable to see the telephone exchange from my bedroom window.

After a year of struggling over the ethics of switching to a monopolistic, Phorm-supporting, bandwidth-throttling FTTC cable [wikipedia.org] supplier [virginmedia.com] instead of my morally superior [ukfsn.org] DSL connection, I finally gave in. Goodbye 800Kbit/s, hello 20Mbit/s.

Now I do have trouble sleeping at night, but I can just stream HD video to wile away the time.

Confuse 'em (1)

python4062 (1486137) | about 5 years ago | (#27575181)

Learn to use your computer software. Use a browser such as Firefox or SeaMonkey that supports an ad blocker extension, selective cookie blocking and accepting temporary session cookies. Clear out cookies regularly. If your Internet service is ADSL or similar with shared IP addresses, reset the modem periodically to get another IP address assigned to your account. If everybody were to do this, it would turn Phorm's database into a pile of garbage and they'd stop doing it.

Re:Confuse 'em (0)

Anonymous Coward | about 5 years ago | (#27579103)

No it wouldn't. The whole problem is that Phorm is working with certain ISPs, which means (if you are with an ISP Phorm partner with) they can tie your IP address to your account no matter how many times you change it and the only way they give you to opt out is using one of their cookies which most likely means they monitor everything regardless.

Re:Confuse 'em (1)

jesset77 (759149) | about 5 years ago | (#27579933)

Fair idea, but in Phorm's case it falls apart for clients on Cable connections or any connection where they don't own the demarc and thus cannot change the mac address. Since Phorm tracks by IP, all the cookie/browser/adblocker related measures would do naught to protect you from traffic analysis, or to prevent Phrom from profiling you.

A better approach might be using a VPN, tor, i2p, perhaps even running a Tor exit node to put a firehose of varietal bandwidth through their filters.

Re:Confuse 'em (0)

Anonymous Coward | about 5 years ago | (#27585435)

Learn to use your computer software. Use a browser such as Firefox or SeaMonkey that supports an ad blocker extension, selective cookie blocking and accepting temporary session cookies. Clear out cookies regularly.

Don't see how any of this helps with Phorm. All your traffic is passed to them by your ISP. Clearing your cookies actually 'gives permission' to Phorm to monitor you. Blocking the ads stops you seeing the ads Phorm choses (or any at all), but in no way stops them monitoring and profiling you.

If your Internet service is ADSL or similar with shared IP addresses, reset the modem periodically to get another IP address assigned to your account.

In lots of cases you'll get the same IP assigned. In any case, it probably doesn't matter since whatever IP you use, your ISP still knows you're the same user - *they* assign the IP - and they are collaborating with Phorm to track you.

As per other posters, when your ISP is collaborating with the spy company, the only solutions are a different ISP or an encrpyted connection through your ISP to a proxy. Those *would* actually leave Phorm with no or useless data.
However, my most optimistic estimate of the number of people willing and able to take one of these actions is about 1% of the ISP's customers. Probably a lot less.

Pay Me! (0)

Anonymous Coward | about 5 years ago | (#27583467)

My browsing habits have value - whether it is Google tracking my searches or Tesco tracking my transactions with a loyalty card.

However, I think Google gives me great value in exchange for my browsing habits: a fatastic search engine and the best web based email browser. Tesco send me money off coupons, and I can collect points for even better stuff.

Phorm steals my browsing habits and offers me nothing. If they want to make money from my browsing habits, which have value to advertisers, then I want a slice of the pie. Intercepting my web traffic for personal gain seems immoral and unethical.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...