×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Amazon To Block Phorm Scans

Soulskill posted about 5 years ago | from the take-this-dpi-and-shove-it dept.

The Internet 140

clickclickdrone writes "The BBC are reporting that Amazon has said it will not allow online advertising system Phorm to scan its web pages to produce targeted ads. For most people this is a welcome step, especially after the European Commission said it was starting legal action against the UK earlier this week over its data protection laws in relation to Phorm's technology. Anyone who values their privacy should applaud this move by Amazon."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

140 comments

What the hell? (-1, Offtopic)

Anonymous Coward | about 5 years ago | (#27585315)

What the hell is going on with all my dinner napkins? When I bought them they were nice and square - now after a few washes they've turned into parallelograms or some kind of fucked up trapezoid. How am I supposed to fold these so the corners line up nicely?

How do I opt my website out? (4, Interesting)

jonbryce (703250) | about 5 years ago | (#27585345)

It doesn't say anywhere how you opt your own website out of this.

I suggest everyone does this, no-matter how small or insignificant your site it.

Re:How do I opt my website out? (3, Insightful)

fuzzyfuzzyfungus (1223518) | about 5 years ago | (#27585389)

SSL.

Re:How do I opt my website out? (4, Interesting)

Richard_at_work (517087) | about 5 years ago | (#27586167)

BT owns a top level cert, so they can do a man in the middle attack without any error messages popping up on your end.

Re:How do I opt my website out? (0)

Anonymous Coward | about 5 years ago | (#27586447)

Nobody makes you trust them as a CA. In fact, whether they're doing MitM yet or not, their very role in collaborating with Phorm is already a good reason to mark them as untrusted.

Alas, I went to delete BT and didn't see 'em on my list (FF3). I sure see a lot of people that I don't know, though. It's crazy that browsers ship with so many trusted CAs.

Re:How do I opt my website out? (0)

Anonymous Coward | about 5 years ago | (#27585399)

You don't. As far as websites go Phorm is opt-in.

Re:How do I opt my website out? (4, Informative)

Pop69 (700500) | about 5 years ago | (#27585517)

Perhaps RTFA would be an idea ? Novel one I know this being /.

In a statement, Phorm said: "There is a process in place to allow publishers to contact Phorm and opt out of the system, but we do not comment on individual cases."

This would seem to imply that unless you opt out you are in.

Re:How do I opt my website out? (1)

jonbryce (703250) | about 5 years ago | (#27585545)

I did read the article. In fact I saw it on the BBC before I saw it on slashdot, and would have posted it here myself if someone else hadn't already done so.

There's nothing obvious on Phorm's website about how to opt-out as a website owner.

Re:How do I opt my website out? (1)

LordKronos (470910) | about 5 years ago | (#27585797)

The guy saying "RTFA" was not talking to you, but the AC who claimed Phorm is opt-in, not opt-out.

In the AC's defense, though, the wikipedia article on Phorm says that UK Law requires it to be opt-in, and at least one ISP (TalkTalk) has implemented it in an opt-in manner. Other than that, though, it appears to be opt-out

What they don't tell you (4, Funny)

Nicolas MONNET (4727) | about 5 years ago | (#27586039)

Is that if you opt-out of Phorm, you are automatically entered, for free, in a program called Phorm2. But don't worry, you can opt out. For your convenience, in that case, you will automatically be entered in our new business web marketing program, Phorm++. If you're not interested in Phorm++, no worries, you can very easily opt-out. In fact, it's so easy, we'll do you a favour and give you free, automatic access to PhormDeluxe. PhormDeluxe is completely optional. Just send us a certified letter to opt out.

Re:What they don't tell you (4, Funny)

wisty (1335733) | about 5 years ago | (#27586261)

Can we offer to deliver them complimentary building materials through their windows, with an opt out clause?

Re:What they don't tell you (1, Funny)

Anonymous Coward | about 5 years ago | (#27586395)

Actually, if you opt out of PhormDeluxe, you'll be automatically entered for no charge into our basic Phorm program.

Re:How do I opt my website out? (3, Informative)

blackest_k (761565) | about 5 years ago | (#27586159)

Opting Out is a bit of a joke to these people it seems.

While the privacy safeguards built into BT Webwise mean that sensitive or private content on websites is not compromised, the system also offers a number of mechanisms by which website owners can prevent pages being profiled if they wish. Website owners may implement any of the following methods:

              1. HTTPS: No HTTPS traffic passes through the system or is profiled
              2. Standard HTTP password-protection : Pages protected using standard HTTP password protection, as defined by RFC 1945, will not be profiled
              3. robots.txt: The Webwise system will observe the rules that a website sets for major search engines using the robots.txt method. If the website's robots.txt file is set such that "*" (any robot) is not permitted to crawl it, then Webwise will not profile its pages.

        Alternatively, you may request specifically that your website is not scanned by Webwise. To request that your website not be scanned by Webwise, please email:
        website-exclusion{at}webwise.com.
            [X]
How are robots.txt files handled by Webwise?

        The Webwise system observes the rules that a website sets for the Googlebot, Slurp (Yahoo! agent) and "*" (any robot) user agents. Where a website's robots.txt file disallows any of these user agents, Webwise will not profile the relevant URL. As an example, the following robots.txt text will prevent profiling of all pages on a site:
        user-agent: * disallow: /

        The following example will restrict profiling of a directory named "images":
        user-agent: Slurp disallow: /images

        The system will request the robots.txt file from the root of the host e.g. www.domain.com/robots.txt. When requesting the robots.txt file, the system will follow up to 5 redirects. If no robots.txt file or an HTTP error is returned, if the returned file is not in single-byte ASCII (ISO-8859-x) format, or if the file size is greater than 50Kbytes, then the URL will be marked as allowed for profiling.

        Website owners should note the following aspects of the Webwise system's interpretation of robots.txt files:

                * Malformed robots.txt files will result in the URL being disallowed for profiling.
                * Any of the well-established line-termination tokens are interpreted as a newline, i.e. DOS, UNIX, old-style MacOS linefeeds. Multiple linefeeds are ignored.
                * Web-encoded URLs are decoded and handled as normal.
                * Variable capitalisation within the robots.txt file is converted to lower case and processed.
                * The system does not support Google extensions to the robots.txt standard.

So the options are https, or password protect your site, or use robots.txt to block google and yahoo from indexing your site or email them and ask to be opted out.
option a and b inconvenience visitors, option c will reduce visitors since it means your site isnt getting indexed by the major search engines.
option 4 seems the only practical way to get these jokers to desist.
option d) no phorm in the robots text doesnt exist.

Re:How do I opt my website out? (2, Informative)

jonbryce (703250) | about 5 years ago | (#27585569)

Phorm is only opt-in to the extent that you agree a contract with them to display Phorm ads on your site.

It is opt-out as regards Phorm traking what your visitors get up to on your site.

Re:How do I opt my website out? (4, Informative)

click2005 (921437) | about 5 years ago | (#27585695)

Also, as part of the BT trials, they replaced adverts (from a number of charities) on webpages with their own adverts.

Those sites/advertisers weren't given the chance to opt-out.

Re:How do I opt my website out? (5, Informative)

ebcdic (39948) | about 5 years ago | (#27585535)

Phorm claims to look at robots.txt, but it's unclear what exactly they mean. See http://www2.bt.com/static/i/btretail/webwise/help.html#how-do-i-prevent-webwise-from-scanning-my-site

Re:How do I opt my website out? (5, Insightful)

Anonymous Coward | about 5 years ago | (#27585673)

Kind of useless really. Crawlers using robots.txt are supposed to uniquely identify themselves, so that you may block specific crawlers. Phorm doesn't do this - instead, it processes directives intended for Google, Yahoo, and all crawlers.

Effectively, the only way to block Phorm with robots.txt would also block all search engines. That makes it effectively impossible to do, while still allowing them to claim that it can be done.

Bastards.

Anyway, if there were a way to block just Phorm using robots.txt, you can bet that as soon as a couple of major sites start doing it, Phorm will start ignoring it.

Re:How do I opt my website out? (0)

Anonymous Coward | about 5 years ago | (#27586675)

Kind of useless really. Crawlers using robots.txt are supposed to uniquely identify themselves, so that you may block specific crawlers. Phorm doesn't do this - instead, it processes directives intended for Google, Yahoo, and all crawlers.

This may not fall under any nations' anti-fraud laws, but it certianly is a form of fraudulent misrepresentation that violates some of the basic principles required for the Internet to function correctly (the Internet, like most forms of human communication, requires a certain level of trust between the various parties for positive and productive things to happen). Yes I know there are larger problems in the world, but there has to be a way to stop this, otherwise it allows even worse abuses of the Internet as we know it.

Could Phorm be open to civil charges some where, and/or could some international body spank them for not playing by the rules everyone else is expected to follow (e.g. ICANN revoking their domain name ownership)?

Re:How do I opt my website out? (4, Informative)

kramer (19951) | about 5 years ago | (#27585735)

Reading carefully, they'll obey any robot.txt rule for "*", googlebot, or (yahoo) slurp. They apparently didn't feel it necessary to have their own robots.txt identifier so you can block just them.

Phraudsters (5, Interesting)

Blue Stone (582566) | about 5 years ago | (#27585815)

Phorm are liars when it comes to robots.txt.

They say they respect robots.txt but their scraper will only respect it if it also blocks google and yahoo. If it allows Google and Yahoo, they say it's fair game for Phorm. That's not respecting it at all.

But what do you expect from the sort of people who would conduct illegal surveillance on people to test their spyware system and claim that letting opt opt out would have been impossible because it would have been too difficult for them to understand the complicated computery stuff they were doing.

Phraudsters.

Re:Phraudsters (1)

heffrey (229704) | about 5 years ago | (#27586195)

I guess you'd have to write some special processing to return a custom robots.txt to disallow all if the user agent identified the crawler as Webwise and otherwise to return the normal robots.txt.

I don't know but I imagine webservers can do this sort of thing.

Re:Phraudsters (0)

Anonymous Coward | about 5 years ago | (#27586923)

If you malform your Robots.txt in such a way that googlebot and slurp handle it correctly, then Phorm will not index your site but Google and Yahoo! will.

Re:Phraudsters (0)

Anonymous Coward | about 5 years ago | (#27587461)

It's quite easy to figure out the yahoo and google net ranges. If you want them to crawl your site, send them a sane robots.txt and a "block all" robots.txt for everyone else. (that's probably easier than trying to figure out where phorm hides every other week)

Re:How do I opt my website out? (1)

kalirion (728907) | about 5 years ago | (#27586035)

They mean that the contents of your site's robots.txt file will be used to generate robot ads.

Re:How do I opt my website out? (4, Informative)

xaxa (988988) | about 5 years ago | (#27585565)

I think you have to email them.
http://www2.bt.com/static/i/btretail/webwise/help.html#how-do-i-prevent-webwise-from-scanning-my-site [bt.com]

I've emailed them for my domains (they're very small and insignificant).

Re:How do I opt my website out? (1)

Canazza (1428553) | about 5 years ago | (#27585801)

From that page: "robots.txt: The Webwise system will observe the rules that a website sets for major search engines using the robots.txt method. If the website's robots.txt file is set such that "*" (any robot) is not permitted to crawl it, then Webwise will not profile its pages."

First person to capture the User-agent ID gets a cookie!

Re:How do I opt my website out? (3, Insightful)

fuzzyfuzzyfungus (1223518) | about 5 years ago | (#27585865)

Because sleazy bastards like Phorm would never, ever think of just impersonating an assortment of other people's legitimate User-agent IDs...

Re:How do I opt my website out? (3, Interesting)

Canazza (1428553) | about 5 years ago | (#27586219)

They've given us an 'all or nothing' ultimatum

Block all Search Robots (and effectivly remove yourself from Google/Yahoo etc) or e-mail them and hope they put you on their no-go list (and as with many hidden services, there will be no easy way of telling if they have)

We will obey the "*" from the robots.txt but we will disregard everything else.

Just keep a look out on http://www.botsvsbrowsers.com/ [botsvsbrowsers.com] and if you really want to block them do a user-agent Server-side script test and send them "FUCK YOU" Pages

Re:How do I opt my website out? (1)

Daimanta (1140543) | about 5 years ago | (#27586613)

Then you are stuck with one option:

iptables and known Phorm ips. DROP all packets originating from known Phorm addresses. This is ofcourse a pretty much faulty way of approaching it since they can quite easily switch IP-adressess and you will be stuck with outdated adressess on your list.

My thow at it:

any known ip-ranges for phorm and how does blocking phorm impact users(BT or otherwise).

Re:How do I opt my website out? (1)

MightyMartian (840721) | about 5 years ago | (#27587179)

The trick here is going to be identifying Phorm's IPs. That could be tricky, and if they are essentially impersonating other user agent tags, then it might get very very hard.

Re:How do I opt my website out? (2, Informative)

Timmmm (636430) | about 5 years ago | (#27587617)

Actually it should be quite easy to work out. I expect that phorm does a man-in-the-middle attack and pretends to have the user agent of the web browser that has been tricked. All you need to do is ask some people who are using phorm to add "PhormIP" to their user agents.

It's easy to see if you're using phorm because it does an HTTP redirect to webwise.net.

I've emailed them too (3, Funny)

Nicolas MONNET (4727) | about 5 years ago | (#27586203)

For real,

To: website-exclusion@webwise.com

Subject: Exclusion requested from your spyware system

I hereby request that you remove the following domains that I own or may own in the near future from your WebWise / Phorm system:
phorm-is-a-fraud.com
webwise-is-big-brother.com
bt-is-completely-retarded-for.allowing-this-phorm-nonsense-on-their-network.com
webmasters-shouldnt-have-to-opt-out.com
you-dont-respect-robots.txt-you-lying-scumbags.com

Fuck you very much!

Re:How do I opt my website out? (1)

dirvine (1008915) | about 5 years ago | (#27587233)

I think that telling them of your website or email address is akin to answering spam emails !

This seems nothing short of ID theft on a great scale and must be investigated at an EU level if the UK government are too incompetent to protect their own people from this kind of intrusion.

You're Starting at the Wrong End (4, Insightful)

eldavojohn (898314) | about 5 years ago | (#27585355)

Anyone who values their privacy should applaud this move by Amazon.

Thank you for telling me how to think. I believe we are approaching this from the wrong end (why start with websites?).

The article hints at two other points I would encourage Brits who care to be vocal about:

Jim Killock, executive director of the Open Rights Group, said: We expect more sites to block Webwise in the near future and also ISPs to drop plans to snoop on web users.

Write your ISPs. Threaten to change ISPs even if you're not able to. Let them know how this makes you feel.

The European Commission has described the technology as an "interception" of user data and wants UK law to reflect more explicitly the need for consent from users in order for the service to be implemented.

As always, contact your parliamentary representative and also EU representative and let them know how you feel about this.

These would be much more effective options than asking each website that exists to request Phorm not scan their site.

Re:You're Starting at the Wrong End (0)

Anonymous Coward | about 5 years ago | (#27585817)

Write your ISPs.

your ISPs.

Done. Not sure how that's supposed to help though.

Re:You're Starting at the Wrong End (1)

IndieKid (1061106) | about 5 years ago | (#27587547)

The European Commission has described the technology as an "interception" of user data and wants UK law to reflect more explicitly the need for consent from users in order for the service to be implemented.

Actually, I'm not sure that's quite true. The European Commission described the unauthorised trials that BT carried out with Phorm last year as unauthorised interception of user data; I'm not sure they have a problem with the proposed webwise service as such, although that may change.

So in other words... (-1, Flamebait)

palegray.net (1195047) | about 5 years ago | (#27585371)

This is basically what Google is doing with "interest based ads", which is fine, but it's not okay when someone else does it. Right.

Re:So in other words... (0)

Anonymous Coward | about 5 years ago | (#27585403)

you DO hate google

Re:So in other words... (0)

Anonymous Coward | about 5 years ago | (#27585499)

Yes exactly but Google 'does no evil' so they must be doing it for the betterment of mankind.

Re:So in other words... (0)

Anonymous Coward | about 5 years ago | (#27585577)

There's a big difference. Google doesn't hoover up ALL of your http traffic, Phorm, on the other hand, does!

Re:So in other words... (2, Insightful)

ji777 (1107063) | about 5 years ago | (#27585583)

It's actually been a while since I last heard about phorm. I believe that the general issue had more to do with phorm intercepting pages on the ISP's side and re-writing them to insert material before re-serving them to you. Google ads, on the other hand (since you brought them up) is a widget added by the site owner's permission.

Re:So in other words... (2, Insightful)

mrchaotica (681592) | about 5 years ago | (#27585763)

I believe that the general issue had more to do with phorm intercepting pages on the ISP's side and re-writing them to insert material before re-serving them to you.

WTF?! Even ignoring all the privacy issues everyone else is talking about, isn't that still blatantly illegal? It's copyright infringement! By modifying the web page, Phorm is creating a derivative work, and that requires permission of the copyright holder.

Re:So in other words... (1)

RalphSleigh (899929) | about 5 years ago | (#27586615)

I believe phorm acts like other advertisers in that you place areas on your site for ads and link to them, the scary bit is they do a deal with ISPs to DPI your web traffic to help profile you for these adverts, so the user has to opt-out of their profiling. This is the scary/illegal bit they are getting bashed for, and the EU is looking into.

Re:So in other words... (4, Informative)

hansamurai (907719) | about 5 years ago | (#27585589)

Except with Google ads, the people who actually own the website choose whether or not to serve them. Phorm ads are injected at the ISP level, completely ignoring whether the server wants the ads or not. Yes, they're still interest based, but they're evil for other reasons in my opinion.

Re:So in other words... (0)

Anonymous Coward | about 5 years ago | (#27585657)

AdBlockPlus Phorm Edition, anyone? :P

Re:So in other words... (0)

Anonymous Coward | about 5 years ago | (#27586289)

they're still interest based

Advertiser interest based. That has little to do with user interest. I haven't seen an ad I was interested in in years.

Re:So in other words... (2, Informative)

Heed00 (1473203) | about 5 years ago | (#27586417)

And don't forget the method by which they do their thing -- deep packet inspection. It's not the behavioural targeted ads that are the real problem with Phorm -- the real problem is that their DPI kit "gifted" to the ISP intercepts communication between two parties (the web surfer and the web page) without informed consent of both parties. In short, they spy on your web browsing in order to profile you.

Re:So in other words... (3, Informative)

ebcdic (39948) | about 5 years ago | (#27585607)

Google doesn't do anything unless you use Google. Phorm gets the information from your ISP.

Re:So in other words... (1)

bencollier (1156337) | about 5 years ago | (#27585679)

This thing is hard-wired and scoops everything, and the vast majority of people who are targeted won't even realise it's happening. I think it's considerably worse than what google gets up to.

Re:So in other words... (3, Informative)

Sockatume (732728) | about 5 years ago | (#27585693)

You opt into Google's ad service by visiting a site using it, and can opt out by simply stopping them from creating the tracking cookies. You automatically opt into Phorm when you use the internet and can only opt out by setting a special "don't track me bro" cookie on each profile of each browser used by each device in your home. I think that's quite a distinction. Phorm assumes that any of your web activity is theirs to track unless you specifically tell them otherwise.

Re:So in other words... (1)

iangoldby (552781) | about 5 years ago | (#27587557)

In fact, even if you do set the Phorm 'opt out' cookie on all browsers/devices/profiles that you use in your house, all of you HTTP requests still go through multiple redirects before getting to the intended destination.

If your ISP implements Phorm, then there is no way of opting out of having your HTTP requests being directed through Phorm's servers before finally redirecting back to the server you wanted in the first place.

All that the 'opt out' cookie does is to stop them serving up customised advertisments. You still have all your HTTP requests going through their servers. There is no way to avoid this, other than to change ISP.

I do hope the above is incorrect. Sadly I'm pretty sure it is accurate.

Re:So in other words... (1)

Xest (935314) | about 5 years ago | (#27585843)

Well no, because when Google does it you have to visit a site that uses Google's technology, you can easily choose not to, you can also just opt-out.

When Phorm does it they are searching through every single action you take on the internet, whether it's a site that has anything to do with Phorm or not. Phorm works at ISP level by watching all the data that goes in and out on your connection. There's no avoiding it, you just have to go through it no matter what.

You see the fundamental difference is this, with Google I have to effectively send the data to them, it is only what I allow to pass out of my connection to them that is effected and only if I haven't opted out.

With Phorm I have no choice, every single bit of data whether I want it to or not goes through their systems.

I don't like what Google is doing either, but at least they make it possible for me to avoid their systems. With Phorm, they get to look at every single bit of data I send or receive, they say I can opt out but that doesn't mean my data isn't still passing through their systems and that's assuming I can opt-out unlike the people who they tested it on covertly with no notice or chance to opt-out.

Re:So in other words... (1)

el_gordo101 (643167) | about 5 years ago | (#27586335)

What site owners need to do is to identify the HTML that Phorm is injecting and inject some JavaScript/CSS of their own to hide or deface these ads. Something like:

.phorm{display: none;}

or similar should do it. For extra bonus points, inject your own links and/or images into the ads. How long before advertisers pull out of Phorm if the goatse guy or something equally horrific keeps appearing in their ads? It is, after all, your content and you should be able to do with it what you please.

Re:So in other words... (1)

wordsnyc (956034) | about 5 years ago | (#27586735)

Right. I'm not seeing the difference, except that Google -- says -- they use the contextual system of adsense ads on a page to categorize it as to "interests," so they are only tracking your route between pages that carry Google ads, not the whole web. They wouldn't take note of your visit to a government agency page, for instance, supposedly.

A distinction without a difference in practical terms at best.

Re:So in other words... (1)

MightyMartian (840721) | about 5 years ago | (#27587237)

I'm no fan of AdSense, but Phorm's scheme is technically quite different. Google does not, nor can it, do the kind of packet inspection that Phorm is doing.

Stay er... evil??? (1)

h4rm0ny (722443) | about 5 years ago | (#27585383)

Well this is a good PR move on the part of Amazon as far as I'm concerned. Cancels out their "censorship" glitch from the other day and puts them back in a healthy credit again. Obviously keeping an eye out as always for loopholes such as allowing a different company to do the same as Phorm on their site, but currently Amazon is getting points from me for this. I despise Phorm. But apparently Phrom haven't been doing that well anyway. There was a bit of an exodus from their board a while back and I heard their shareprice took a bit of a whack after the original scandal. The EU investigating what the UK government refused to has just added to their woes, I'm guessing.

Re:Stay er... evil??? (4, Informative)

fuzzyfuzzyfungus (1223518) | about 5 years ago | (#27585475)

I suspect we'll see a fair bit more of this. Not because the world is full of fuzzy defenders of privacy(it isn't); but because the world is full of nonfuzzy violators of privacy and Phorm is trying to muscle in on their action.

One of Amazon's major selling points, beyond their good logistics, is their ability to use site analytics to make interest based recommendations to customers. Obviously, they have zero interest in letting Phorm piggyback on that, on their own site no less.

I suspect that many other major web presences will be in a similar place. Phorm is potentially lucrative for the ISPs, but it is a nontrivial threat to larger site and ad-network operators. The small guys are more or less resigned to outsourcing analytics and ad placement, so it won't be as much of a change for them; but the big independents will not be pleased.

Re:Stay er... evil??? (1)

h4rm0ny (722443) | about 5 years ago | (#27585635)


Ah, good insight. It's not like me to not look for the cynical angle first. Well at least Amazon are something I know what they are doing and I can (just about) opt in or out of it. Back on the subject of Phorm, I just created a graph of their share price over the last twelve months [iii.co.uk] which makes for some amusing viewing. I wonder how that's affected their balance sheet?

Re:Stay er... evil??? (1)

jonbryce (703250) | about 5 years ago | (#27585643)

Not only that, but phorm would be able to see Amazon's suggestions, and pass them on to Borders / Blackwells or any of their other competitors.

Re:Stay er... evil??? (3, Informative)

lorenzo.boccaccia (1263310) | about 5 years ago | (#27585727)

With the difference that with Google ads I get paid, with Phorm the ISP gets paid. This is a big difference even for little guys.

Re:Stay er... evil??? (2, Informative)

fuzzyfuzzyfungus (1223518) | about 5 years ago | (#27585827)

Please correct me if I'm wrong; but my understanding was that Phorm's plan was to pay the ISPs for the privilege of spying on their customers and then buy ad space on various websites in order to run ads targeted on the basis of the spying.

For a small site, then, having Phorm spy on your visitors via ISP, then having Phorm pay you to run ads, would not be considerably different than using a 3rd party analytics package, google analytics or similar, and then being paid to run ads from a third party ad network. Now, since, under Phorm, the ISP needs to be paid, the site operator would presumably see less money; but it would be a difference of degree rather than kind.

If my understanding of Phorm is wrong(if, for instance, Phorm were tempted to go with the super-sleazy tactic that one sees occasionally, of colluding with the ISP to strip ads from 3rd party websites and insert their own), then the above is of course irrelevant.

Re:Stay er... evil??? (1)

NoNeeeed (157503) | about 5 years ago | (#27586521)

I understand your argument, but I don't consider Amazon to be violating my privacy. I *choose* to use Amazon, and the data they collect on me is kept between me and Amazon. If Amazon were selling on your book buying habits and browsing history then that would be different, but as far as I'm aware this is not the case (and is unlikely to be in their interests anyway).

The problem with Phorm is that is monitors communication between you and a website without first asking you or the website operator if that is ok.

A dubious analogy....

Amazon - it's like me telling my girlfriend a secret and her not telling anyone else.
Phorm - that's like me telling my girlfriend a secret but having someone else eavesdrop on the conversation and then pass on the information to anyone willing to pay.

I also think the fact that Phorm modifies web pages to insert their own ads is the point where it goes beyond privacy invasion and steps well into fraud and possibly theft (of sorts). I run a website that has ads on it, and while I don't care if users block those ads (it's no different from making a drink during the ad breaks on TV) I do care if they are being systematically stripped out and replaced with someone else's ads, for which I will not be paid, and which the reader will assume were served by me.

Paul

Re:Stay er... evil??? (1)

fuzzyfuzzyfungus (1223518) | about 5 years ago | (#27586667)

Oh, I agree that Phorm is considerably more evil. I much prefer people who stick to gathering data on their own domain, as amazon largely does. I was just noting that amazon, and their ilk, don't oppose Phorm on principle; but because it represents a potentially dangerous competitor(by virtue of using eviler tactics than anybody else).

Re:Stay er... evil??? (1)

lena_10326 (1100441) | about 5 years ago | (#27585485)

Well this is a good PR move on the part of Amazon as far as I'm concerned. Cancels out their "censorship" glitch from the other day and puts them back in a healthy credit again

Your opinion regarding that company appears to be fluctuating by the minute. Mmmmm'kay. You've got no experience with large corporations, huh?

Re:Stay er... evil??? (1)

Kabuthunk (972557) | about 5 years ago | (#27586717)

Well this is a good PR move on the part of Amazon as far as I'm concerned. Cancels out their "censorship" glitch from the other day and puts them back in a healthy credit again.

If all it takes is a single incident... neither of which is overly 'good' or 'bad'... to sway your opinion of a company up and down like a yo-yo, then maybe you should look into being less of a sheep.

Not to nitpick ... (3, Insightful)

krou (1027572) | about 5 years ago | (#27585385)

... but they obviously didn't do it for privacy reasons. As a business, I can bet they weren't happy with the idea of something scanning their pages and then targeting adverts from possible competitors based on what users were looking at on Amazon.

Re:Not to nitpick ... (-1, Offtopic)

Anonymous Coward | about 5 years ago | (#27585777)

Let's see here. On the left hand, we have the people at Amazon claiming to make a secure site, and putting escrow into the encryption such that data can be seamlessly copied from the operating system to an unknown location. We witness Amazon as an incredibly corrupt entity, in nearly every possible way - from locking in hardware manufacturers to throwing lawsuits at everybody who even vaguely seems to threaten them. On the right hand, we have the code of Linux, FreeBSD, etc. available for the entire world to review, figures of authority are not chosen based on how much of a jackal they are, but how much their experience is worth. OpenBSD and FreeBSD have things like in-kernel crypto, chroot jails, are actually POSIX compliant, and seem to suffer from very little bloat due to the trend to make specific utilities as discrete as possible, and hence nearly as flawless as possible.

So let's just agree to disagree. Or I can just call you a fluckin' idiot. I'm fine with either, fella.

Re:Not to nitpick ... (1)

lena_10326 (1100441) | about 5 years ago | (#27585799)

They obviously did do it for privacy considerations or the perception of privacy, in addition to competition issues.

An online customer wants a product or service for a good price, fast delivery, and more importantly know that their transaction and personal information is safe from outsiders and abusive 3rd party companies. Anything that could possibly scare a customer away is going to be seen as a threat to amazon's revenue stream, so any privacy fear due to 3rd parties would be very high on the management's radar screen. Trust is a huge factor behind a customer's decision to buy on your website, so this decision is based on both the privacy issue as well as following a principle of not aiding your competitors.

Re:Not to nitpick ... (0)

Anonymous Coward | about 5 years ago | (#27586841)

You're saying that Amazon, who tracks every single thing you do on their website, and who owns Alexa, cares about privacy? Seriously?

Re:Not to nitpick ... (1)

Sockatume (732728) | about 5 years ago | (#27585983)

It is good to know that my privacy is actually importantto a powerful corporation for a change, even if it's for the wrong reasons. The enemy of my enemy is not my friend, but I'll take a temporary ally when I get one. So long as they don't push for some remedial action which will further disadvantage me (i.e. "users' browsing habits are trade secrets", which would block me from seeing my own browsing history, even under the FoIA).

Now if only Amazon (-1, Troll)

Anonymous Coward | about 5 years ago | (#27585419)

Can get rid of all the LGBT books on their service, I might actually start buying from that company.

Ha yes, real eKonomix strikes... (1, Insightful)

Anonymous Coward | about 5 years ago | (#27585469)

Who want to bet that Amazon is actually blocking them because they are not paying to do it?

Incidentally, why would a business let another business makes money out of it for free?

Simple economic strikes: THAT service isn't free.

Amazon is just pandering now (0, Flamebait)

wykell (1323665) | about 5 years ago | (#27585575)

figuring that any publicity to take the collective internet's minds off of the gay book fiasco (as I have decided to term it) is good publicity. They've probably been sitting on this one for 6 months and just not telling anybody. I still will think more than twice before ordering something from them again.

Re:Amazon is just pandering now (0)

Anonymous Coward | about 5 years ago | (#27585773)

"gay book fiasco" - get over it. It was a bug (and Amazon has admitted as such) not a conspiracy. It hit much more than gay literature (but since that does not satisfy the "gay bashing" story it conveniently got ignored).

"They've probably been sitting on this one for 6 months" - nope, the opt-out mechanism has not been available for that long so that's a impossibility.

"I still will think more than twice before ordering something from them again." - why? best prices, best support, best selection. What's your point?

Another reason for https (2, Insightful)

freelunch (258011) | about 5 years ago | (#27585681)

More sites should provide an option for https, like gmail does. Some still don't even provide it for authentication.

Once upon a time there were wimpy CPUs, and https was a more significant computational burden. Now, not so much. Especially when compared to the resource requirements of most dynamic page generation systems.

Re:Another reason for https (0)

Anonymous Coward | about 5 years ago | (#27585967)

You think they don't use https because they are wanting to conserve YOUR compute cycles!

AHAHAHAHA!

Re:Another reason for https (0, Troll)

u38cg (607297) | about 5 years ago | (#27586297)

Except BT has a top level cert. They can MITM you till the cows come home and you'd never know. This is one more reason browser security is flawed.

Re:Another reason for https (0)

Anonymous Coward | about 5 years ago | (#27587023)

Can't you (I mean mozilla/apple/microsoft) blacklist their specific cert?

Re:Another reason for https (0)

Anonymous Coward | about 5 years ago | (#27587143)

Except BT has a top level cert

It's completely irrelevant what they have if it's not trusted by client software which, may I add, isn't by any browser. I can make a "top level" certificate right now and use it to certify other certificates supposedly covering google.com etc. it means nothing if no one trusts it which is exactly the situation BT is in.

This is one more reason browser security is flawed.

If you know a way that one party can identify another (and sometimes vice versa) without trusted third parties then we are all waiting to hear it because I guarantee you if there was another way people would be doing it.

Re:Another reason for https (1)

willmorton (867939) | about 5 years ago | (#27587353)

I've seen this a couple of times in this thread. I have IE6 and FF3 on this desktop, and neither of them has a BT cert in their list of roots. Proof please?

Re:Another reason for https (1)

drspliff (652992) | about 5 years ago | (#27586625)

Yes, handling a few https connections is quite easy for your desktop computer, however on the server side you may have 300 SSL connections open, encrypting/decrypting on perhaps 100 of them at once ontop of the load generated by your web applications.

I'd like to see hardware crypto accelerators come as standard with all server chips, much like a math co-processor of years ago.

Re:Another reason for https (1)

Ash-Fox (726320) | about 5 years ago | (#27587043)

More sites should provide an option for https

I host near a few hundred websites on one of my servers, it has one IP address. A HTTPS cert does not support virtualhosts, not to mention, each subdomain/domain used requires a new cert that costs money, to work without popping up errors that scares users away.

If you resolve these problems, I'll gladly make HTTPS an option.

But how exactly does it work? (1)

91degrees (207121) | about 5 years ago | (#27585697)

Can someone provide an unbiased explanation of what Phorm is? Why is it an opt-out system? When did I or Slashdot give implied consent to anyone to inspect the packets for reasons other than routing? What data do they collect and what do they do with it?

Re:But how exactly does it work? (3, Insightful)

Jane_Dozey (759010) | about 5 years ago | (#27585905)

Phorm wants to inject ads into web pages at the ISP level. They want them to be targeted so not only do they want to alter web content without the owners or receivers consent, they also want to take a look at all web traffic first (deep packet inspection) and keep a history so they can better target the ads. It's opt-out because otherwise no-one would even touch it.

Now, I'm not going to even try to claim that I'm unbiased as living in the UK means that this monstrosity may well hit me but I think that's not an entirely inaccurate explanation. I really hope that the EC manages to step in and squash Phorm and maybe even slap BT with a giant fine.

My website content has been written to look how I want it to look. I block many ads as a policy as I don't want crap clogging up my screen or distracting me. Now they want to bypass both my content layout in my website *and* throw ads at me even though I have zero interest in them. Asshats.

Re:But how exactly does it work? (1, Informative)

Anonymous Coward | about 5 years ago | (#27586131)

Phorm wants to inject ads into web pages at the ISP level.

No they don't. They want to monitor all your web browsing (by tapping your ISP) to build up a profile of you. Then they want to sell targeted advertising space to advertisers in much the same was Google does: i.e. a website uses Phorm ads instead of Google ads and Phorm chooses what adverts to place based on the visitor's profile.

Monitoring web browsing is, as far as anyone can tell, illegal, but the govt refuses to enforce the law. That's what the EU is grumbling about. But the other part of the business model is just a standard advertising broker. They're not injecting ads.

Re:But how exactly does it work? (1)

Jane_Dozey (759010) | about 5 years ago | (#27586379)

Apologies if I've missed something. From what I can gather there were some complaints about ads being messed with in non-participating websites during some of the trials, hence the reason I thought this was a part of the main plan.

Do you know if the ads in participating sites will be there in the actual web page or if they'll be stuffed in during transit of the page to my browser? Curious as the latter might mean having to download the stupid things regardless of whether I want to or not.

Re:But how exactly does it work? (0)

Anonymous Coward | about 5 years ago | (#27586583)

Sorry, I don't know.

Re:But how exactly does it work? (0)

Anonymous Coward | about 5 years ago | (#27585931)

Phorm is an evil proxy which changes your pages, replacing ads, as it passes the pages to the browsers of people who subscribe to evil ISPs who use Phorm as an additional revenue source. It's like getting your newspaper with the ads cut out and replaced with other ads by the paperboy.

Re:But how exactly does it work? (3, Insightful)

threeturn (622824) | about 5 years ago | (#27586565)

Technical explanation in some detail [cam.ac.uk]

Q Why is it an opt-out system?
A Because they couldn't get away with providing no optionality control, so they went for the option which pushed as many users as possible to their system.

Q When did I or Slashdot give implied consent to anyone to inspect the packets for reasons other than routing?
A You didn't, but Phorm and the spineless UK government has decided you did.

Q What data do they collect and what do they do with it?
A Browsing habits to produce targeted advertising.

The scary part (3, Interesting)

RalphSleigh (899929) | about 5 years ago | (#27586777)

They claim to manage the user opt out via a cookie, from reading the FAQ it appears this cookie is injected into every domain you visit

As explained on the Customer Choice Process page, when a user opts into the BT Webwise service, a Webwise UID cookie, containing a unique random number is placed on the userâ(TM)s computer. This master cookie is held is the Webwise.net domain. When the user then visits other websites, the Webwise system stores a copy of the Webwise UID cookie within the browser in each the website domains visited by the user. The cookies are clearly labelled as belonging to Webwise as noted above and as a result can be easily identified as different to those cookies which may be placed by the website itself.

Since it claims to need no client software, I must assume they do this by injecting extra cookie headers into all the HTTP responses sent to my browser....

Was I the only one ... (0)

Anonymous Coward | about 5 years ago | (#27587425)

... who read "Amazon to block porn scams"?

scans... (1)

Anachragnome (1008495) | about 5 years ago | (#27587485)

"Anyone who values their privacy should applaud this move by Amazon" /golfclap

Supplication before our Robotic Overlord. Check.

Suspend free-thought. Check.

Check-out cart. Check.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...