Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK ISP Admitted to Spying on Customers

ScuttleMonkey posted more than 6 years ago | from the don't-worry-sir-we're-from-the-internet dept.

Privacy 163

esocid writes "BT, an ISP located in the UK, tested secret spyware on tens of thousands of its broadband customers without their knowledge, it admitted yesterday. The scandal came to light only after some customers stumbled across tell-tale signs of spying. At first, they were wrongly told a software virus was to blame. BT said it randomly chose 36,000 broadband users for a 'small-scale technical trial' in 2006 and 2007. The monitoring system, developed by U.S. software company Phorm, formerly known as 121Media, known for being deeply involved in spyware, accesses information from a computer. It then scans every website a customer visits, silently checking for keywords and building up a unique picture of their interests. Executives insisted they had not broken the law and said no 'personally identifiable information' had been shared or divulged."

cancel ×

163 comments

Sorry! There are no comments related to the filter you selected.

An ISP? (5, Informative)

26199 (577806) | more than 6 years ago | (#22968566)

BT is not "an ISP". British Telecom was for a very long time monopoly holder on telephone lines in the UK and still the gatekeeper for all ADSL access there. They have a market cap of 35 billion [google.com] and their revenue just about puts them in the top ten telecoms companies [cnn.com] in the world.

In my personal experience their service has been bad enough that they're almost as bad as their competitors. Given their history, it's not surprising if they've overstepped their bounds ... they're used to being in charge, after all.

Re:An ISP? (0)

Anonymous Coward | more than 6 years ago | (#22968600)

From what I have been hearing, when it comes to 'spying' on general public, it goes something like this:
UK > USA > Europe and other developed countries > developing countries > underdeveloped countries.

I may be just wrong, of course.

Re:An ISP? (0)

Anonymous Coward | more than 6 years ago | (#22968656)

You probably are.

Re:An ISP? (0)

Anonymous Coward | more than 6 years ago | (#22968816)

He is.

Re:An ISP? (0, Offtopic)

Torvaun (1040898) | more than 6 years ago | (#22969554)

What's the chart look like for having members of the general public shot?

Re:An ISP? (0, Offtopic)

JohnBailey (1092697) | more than 6 years ago | (#22970222)

What's the chart look like for having members of the general public shot?
Not that common, but not unheard of either.

Mod parent up (2, Informative)

InvisblePinkUnicorn (1126837) | more than 6 years ago | (#22968636)

The parent is correct. BT was the state-run telecom monopoly in the UK, and was converted into a private monopoly in 1984. Not much of an improvement, but at least it finally allowed for the possibility of competition arising, however slim.

Re:Mod parent up (2, Informative)

gormanly (134067) | more than 6 years ago | (#22969276)

and used to be part of the Post Office, an even bigger monopoly.

Re:Mod parent up (1, Informative)

Anonymous Coward | more than 6 years ago | (#22970598)

and bought a US company called International Network Services for its US services branch. That company was in turn involved in some dirty finances in illinois with a well known storage vendor, and some people went to jail. fun fun fun. now you know who to do business with. and - apple, tree, ... I piss on that tree.

Re:An ISP? (2, Insightful)

Ashe Tyrael (697937) | more than 6 years ago | (#22968692)

Actually, this is a misstatement these days. As part of the deals that mean BT didn't get truly hosed by the monopoly stick, it's ISP division and wholesale (lines) division have some very hefty chinese walls in place.

Re:An ISP? (4, Informative)

arkhan_jg (618674) | more than 6 years ago | (#22968996)

BT broadband has about 27% of the UK market, and is the largest single ISP in the UK last I checked. There are fairly strong walls between the broadband business (BT retail/openworld) and the phone line last mile business (openreach), and the trunk network (BT wholesale) these days due to regulation by OFCOM since privatisation, though they are all part of BT group.

The information commisioner, who ensures the data protection act is followed, is investigating BT [telegraph.co.uk] to see if the law has been broken - there's a strong possibility it has been.

Re:An ISP? (3, Insightful)

unlametheweak (1102159) | more than 6 years ago | (#22969280)

From the article:

Executives insisted they had not broken the law and said no 'personally identifiable information' had been shared or divulged.
If in fact no laws have been broken, then the laws need to be changed (and made retro-active in this case) to punish and make an example of this type of behaviour. People need to be put in jail for this.

Average people I will allow some lenience towards. Leaders I have no sympathy for; they all too often make excuses for their behavior and have the power (lawyers, political, etc) to get away with it.

Re:An ISP? (5, Informative)

TheLink (130905) | more than 6 years ago | (#22970358)

I believe the UK Computer Misuse act 1990 covers it.

http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1.htm [opsi.gov.uk]

See:
* Unauthorised access to computer material
A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
* Unauthorised modification of computer material
A person guilty of an offence under this section shall be liable--
(a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both; and
(b) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both.

I don't see how the Act does not apply to the people involved.

If someone wrote malware or sniffed your keystrokes, the same law should apply whether the perpetrator is BT or some "Evil Hacker".

Re:An ISP? (0, Redundant)

growse (928427) | more than 6 years ago | (#22969004)

Yes they are. You can pay them so much a month and they will provide you with broadband down your phone line. Fits the definition of "Internet Service Provider" I think. Just because they happen to own all the phone lines / exchanges / equipment as well doesn't mean they don't provide the internet...

Re:An ISP? (0, Redundant)

26199 (577806) | more than 6 years ago | (#22969086)

That's why I said:

BT is not "an ISP".

As opposed to:

BT is not an ISP.

The latter disagrees with the fact, the former disagrees with the phrasing.

Re:An ISP? (0, Redundant)

growse (928427) | more than 6 years ago | (#22969126)

Fair dos.

Re:An ISP? (1)

anythingwilldo (1035904) | more than 6 years ago | (#22970008)

Fair? It was anything but.

Re:An ISP? (1)

Anonymous Brave Guy (457657) | more than 6 years ago | (#22969070)

British Telecom was for a very long time monopoly holder on telephone lines in the UK and still the gatekeeper for all ADSL access there. They have a market cap of 35 billion and their revenue just about puts them in the top ten telecoms companies in the world.

Yes, but they're also an ISP, in the normal "we connect your computer to the Internet" meaning of the term. Though goodness knows what convoluted name that part of their organisation goes by since all the Yahoo mess; I switched away from them years ago.

They don't have a monopoly (1)

goldcd (587052) | more than 6 years ago | (#22969092)

Cable customers get phone and internet without even going near BT. If you're using BT last mile for your ADSL, then you're probably: a) Using a third party ISP (i.e. BT does last mile, but from DSLAM you go to ISP switches) b) Using an unbundled ISP (DSLAM itself doesn't belong to BT). BT owns a lot of copper, but doesn't actually have that many direct ADSL customers - they're not cheap and has been mentioned service is fucking gash (yes I dialled 13 different numbers in one day just to get me away from them). Tend to be used by people who 'trust the BT name' - and therefore frankly get what they deserve.

Re:They don't have a monopoly (2, Funny)

I confirm I'm not a (720413) | more than 6 years ago | (#22970440)

>Cable customers get phone and internet without even going near BT.

Not every area has cable. Until last year I lived in deepest, darkest Glasgow (a small hamlet in Scotland). We couldn't get cable in our area (another part of Glasgow I lived in previously got NTL cable). Interestingly, Cable & Wireless had a call-centre just down the road from us; a friend of mine worked there and said that neither C+W or NTL had any intention to roll out more cable to "old" areas; they were consolidating and the only new connections would be to newbuild apartments.

>they're not cheap and has been mentioned service is fucking gash (yes I dialled 13 different numbers in one day just to get me away from them).

Pah, that's nothing! I spent 2 hours in a queue once when I was moving to a new house with cable (in the NTL area mentioned above) and wanted to be rid of BT forever. Eventually I got to the top of the queue, and they dropped me back to the start. Long after I'd moved - having settled my bill completely - they sent me a final demand for line-rental for the 3 months *after* I'd moved; I sent them a shitty letter back, and bizarrely they sent *me* a cheque... I have no idea why they suddenly decided they owed me money.

Dupe! (0)

Anonymous Coward | more than 6 years ago | (#22968580)

Re:Dupe! (5, Informative)

moderatorrater (1095745) | more than 6 years ago | (#22968626)

Not a dupe at all. The article you reference is about an ISP that tracks for the purposes of advertising and lets the customer know. This, on the other hand, is the ISP snooping on traffic without notifying anyone and lying to someone when they ask about it. It's the difference between consensual sodomy and what happens in prisons. It's also a dumb move on the ISP's side, because they're doing something to people that is rightly linked with illegal and shady practices.

Idiots... don't do it client-side (5, Insightful)

sd.fhasldff (833645) | more than 6 years ago | (#22968590)

Why on Earth wouldn't BT just do this on their side of the connection? EVERYTHING that the user gets goes through their pipes, their routers. Just install some monitoring hardware+software and be done with it. There doesn't seem to be any logical reason to do this on a users computer. That's just plain stupid.

The only difference is that you don't have access to encrypted data and "other applications" installed by the user. The stuff they claim to have logged and analyzed is more easily obtainable from their own side.

Re:Idiots... don't do it client-side (2, Insightful)

FliesLikeABrick (943848) | more than 6 years ago | (#22968678)

I would guess that it is easier/cheaper for them to use 3rd party software on client machines than to spend quite a bit of money on network hardware that can filter/cateogrize/inspect every packet that flows through their infrastructure. Having a bit of software on tens of thousands of machines report condensed data back is likely to be much, much cheaper to do.

Even doing simple L3 inspection on the dataflows that ISPs like BT deal with would require insane amounts of hardware, let alone inspection on the application (5/7) layer.

Re:Idiots... don't do it client-side (1)

nighty5 (615965) | more than 6 years ago | (#22969984)

Even doing simple L3 inspection on the dataflows that ISPs like BT deal with would require insane amounts of hardware, let alone inspection on the application (5/7) layer.
Not if they know what they are doing. You can easily segregate the network routes for inspection based on the customer by putting them into a different virtual network based on their credentials. The inspection part is even easier, with in-line products to do everything you'll ever to need to know about what's going on.

Re:Idiots... don't do it client-side (4, Informative)

joebp (528430) | more than 6 years ago | (#22968680)

The body of this story is misleading. Phorm *does* work on the ISP's side of the connection. It basically does a MITM attack on HTTP traffic to insert tracking cookies.

Re:Idiots... don't do it client-side (2, Informative)

LiquidCoooled (634315) | more than 6 years ago | (#22968780)

There *IS* a client portion however:

You can set an opt-out cookie on your computer which is meant to disable the processing of your web history and to tell the advert server at the far end that you do not want personal adverts.
However this does not stop them still being sat in the middle and every page I open is still given to a spyware firm who have given a vague promise that they will not use my data for advertising if I opt out.

It also does not help with multiple computers or browser configurations each with or without their own cookie handling.
Aren't we meant to clean down our cookies etc on a regular basis, is there such a thing as a permanent cookie?

I have Virgin media for my internet and they are also involved in this phorm tracking and I am pissed off about it.

Re:Idiots... don't do it client-side (1)

Inda (580031) | more than 6 years ago | (#22968930)

I too am with Virgin Media. Any idea how we can defend against phorm?

I had my connection throttled down to 25% last night - the first time I've noticed it happen. You're not the only one getting pissed off with them. I expect more from the most expensive UK ISP.

Re:Idiots... don't do it client-side (1)

LiquidCoooled (634315) | more than 6 years ago | (#22969158)

I believe the throttling occurs if you download "a lot" during the normal daytime hours.

I have noticed late evenings that my speeds are occasionally down to 60-80kb/s on specific files with hours to go, then after midnight they speed back up and are completed minutes after.

However I haven't been getting much recently (playing a great game called 'Linux' for my n810 is better) so it may be that I am just staying under a cap.

I do not think there is anything that can be done from within Virgin to block phorm unless we start encrypting traffic and using a server out of the country.

Apparantly they have a list of sites which they will not monitor and won't touch any encrypted pages but the whole thing is just bullshit.

The other alternative is choose an ISP which has stated they won't use these kind of tactics (but I cannot remember which specifically said they would not track - read more on theregister to find out).

Re:Idiots... don't do it client-side (0)

Anonymous Coward | more than 6 years ago | (#22969194)

I had my connection throttled down to 25% last night - the first time I've noticed it happen.
To be fair their open about the fact that they throttle. If your traffic is heavy between 4pm - 9pm you may be throttled, so schedule your torrents overnight.

Other than that there is no traffic shaping involved, and even if you get throttled the connection will be un-throttled come 9pm. It's not the worst in the world.

This Phorm thing is a pain in the ass though. I hope the Information Commissioner throws the book at all of them, including Virgin Media.

Re:Idiots... don't do it client-side (2, Interesting)

datajack (17285) | more than 6 years ago | (#22969404)

I too am with Virgin Media. Any idea how we can defend against phorm?


Yup. The RIPA act (which received an unwelcome reception) actually helps us out here. It basically says that a wiretap without police/government sanction is illegal without the consent of both parties involved in the communication.

Phorm says that their activities do not break RIPA because hosting a publicly available website implies public monitoring (duh?) and that ISPs may include an acceptance of monitoring clause in their Ts & Cs. IMO, if you write to the ISPs involved expressly denying the right to monitor you as a user and also expressly denying the right to monitor any websites you may own puts them in clear breach of RIPA if they do so. RIPA is a criminal law, not a civil one so the penalties are potential jail-time for directors not a minor fine for the company.
That is what I will be doing shortly. I run a website used regularly by a few thousand local peeps so hopefully that will et Phorm kicked out of our local network area.

Re:Idiots... don't do it client-side (1)

BlueStrat (756137) | more than 6 years ago | (#22970166)

...IMO, if you write to the ISPs involved expressly denying the right to monitor you as a user and also expressly denying the right to monitor any websites you may own puts them in clear breach of RIPA if they do so....

I don't know how it is in the UK, but in the USA the TOS/Customer Service Agreement is not negotiable or modifiable by a customer. It's a "take it or leave it" deal.

If you don't sign on the dotted line and agree to all of the ISPs' terms and conditions, which in most of the ISP TOS/Customer Service Agreements I've seen also means that the ISP may change the terms at their discretion, they simply refuse to do business with you and will cut you off if you're already receiving service if you indicate refusal to comply or agree to all the terms and conditions.

In many if not most areas this means that you have very few options in other providers because of either the distance limits with DSL, the exclusive franchise agreements with cities/townships, or simply because you may be in an area that hasn't been offered any choice in providers because of low customer density making it not worthwhile for anyone else to build out infrastructure to.

They have many, if not most, customers over a barrel. Agree completely to anything we demand or go to dial-up, mobile wireless (most services here are still very costly and extremely bandwidth-limited), possibly satellite if you can stand it and/or get it, or do without any internet connection.

By their actions, they're basically saying: "So what? What're ya gonna do about it? Switch!? BWAAHAHAHAHAA!!".

Cheers!

Strat

Re:Idiots... don't do it client-side (1)

TheGratefulNet (143330) | more than 6 years ago | (#22969594)

does that work even for SSL connections?

I believe that if you can fool the user into accepting a 'fake' (but real LOOKING) cert, you can do SSL man-in-the-middle attacks.

but I think you DO have to con the user into taking a fake cert, first.

Re:Idiots... don't do it client-side (0)

Anonymous Coward | more than 6 years ago | (#22969860)

I've been wondering about things like this. Anyone know of a Firefox extension to default all connect attempts to use ssl?

That way any link you click will first try ssl then fail back to http.

I'd love something like this, especially for all those "secure" sites that have 3rd party JS embedded in the clear.

Re:Idiots... don't do it client-side (0)

Anonymous Coward | more than 6 years ago | (#22970004)

you could create a plugin for Greasemonkey [mozilla.org] that rewrites all urls with https, should be rather trivial to create

Re:Idiots... don't do it client-side (1)

legirons (809082) | more than 6 years ago | (#22968802)

BT *did* do this on their side of the connection, which is what makes it an illegal wiretap.

Re:Idiots... don't do it client-side (0)

Anonymous Coward | more than 6 years ago | (#22968828)

Why don't you think that they do this already. All web hosts log every action on their servers...

The only reason I can think they where trying some form of spyware on the client PC is to track usage on secure HTTPS sites.

Re:Idiots... don't do it client-side (1)

cheater512 (783349) | more than 6 years ago | (#22968994)

RIPA is a law which forbids the interception of data between two points.
In this case its the user and the web server.

Its fine for the web server to log since they are a end point.
Its not fine for the ISP to intercept the data however.

No, the contract defines if it is legal (2, Interesting)

imtheguru (625011) | more than 6 years ago | (#22969458)

I linked this in another post in this thread.
The Home Office made available their views on whether phorm's user-profile-based tracking is legal w.r.t. the interception of communication legislation.

" Targeted online advertising services should be provided with the explicit consent of ISPs' users or by the acceptance of the ISP terms and conditions. The providers of targeted online advertising services, and ISPs contracting those services and making them available to their users, should then - to the extent interception is at issue - be able to argue that the end user has consented to the interception (or that there are reasonable grounds for so believing)."
And:
" Targeted online advertising can be regarded as being provided in connection with the telecommunication service provided by the ISP in the same way as the provision of services that examine e-mails for the purposes of filtering or blocking spam or filtering web pages to provide a specifically tailored content service."
Finally:
" Targeted online advertising undertaken with the highest regard to the respect for the privacy of ISPs' users and the protection of their personal data, and with the ISPs' users consent, expressed appropriately, is a legitimate business activity. The purpose of Chapter 1 of Part 1 of RIPA is not to inhibit legitimate business practice particularly in the telecommunications sector. "

If the ISP has put the tracking details into the TERMS and CONDITIONS and the user has OK'd the tracking, then the tracking is legal.

Here is the original article of the Home Office on Phorm [guardian.co.uk] .

What i don't know at this time, is whether BT does list the tracking in the T&C....

Cheers.

Re:No, the contract defines if it is legal (1)

cheater512 (783349) | more than 6 years ago | (#22969532)

Thats the thing. It wasnt in the T&C and they denied they were doing anything at all.

Re:No, the contract defines if it is legal (1)

Peil (549875) | more than 6 years ago | (#22969866)

However since that home office guidance it has also been argued that there is a strong case to say it's illegal. http://news.bbc.co.uk/1/hi/technology/7331493.stm [bbc.co.uk]

Re:Idiots... don't do it client-side (2, Interesting)

Original Replica (908688) | more than 6 years ago | (#22969122)

Why on Earth wouldn't BT just do this on their side of the connection? EVERYTHING that the user gets goes through their pipes, their routers.

That's really just a matter of semantics, either way it's still spying. Contrary to what is frequently espoused here on slashdot, there should still be an expectation of privacy even though the internet is largely public. If I yell my ATM pin number in the bank, then everyone knows it through no shady effort on their part, but if someone carefully looks over my shoulder to learn my pin number that is a very different matter. When two people are having a quiet conversation in a park it is rude to listen in, but if they are having a shouting match in the same park, then there is no fault in hearing it. Most of the time when someone is surfing the net, they are doing so with the expectation that they are only communicating with one other entity, the site that they are visiting. Regardless of any claims in the EULA from the ISP, that is the common expectation. Privacy is part of what is expected in return for paying for use of an ISPs infrastructure, so the fact that the ISPs own the routers and fiber that the information passes through does not give the ISPs rights to that information. Some may say that in this case the common expectation is wrong, but remember that common values and expectations are the foundation for any system of law.

Yes - spying at the network side is still evil (1)

schwaang (667808) | more than 6 years ago | (#22970096)

I think the confusion here is this article is about a previous trial that involved client-side spying by the same company that is now doing network-side spying.

But IMHO, either way it's still spying and it's just plain wrong, unless users opt-IN with informed consent because they believe they'll get something valuable in exchange, as is the case with using Google Mail.

And by opt-in, I mean they have to have a genuine choice, not "here's a 10-page EULA, like it or lump it, we're the only broadband you can get."

Re:Idiots... don't do it client-side (0)

Anonymous Coward | more than 6 years ago | (#22969292)

Answer: it is done server side.

Re:Idiots... don't do it client-side (0)

Anonymous Coward | more than 6 years ago | (#22969478)

The reason they did it client side is for privacy reasons - network side they would have been forced to log the person's IP, by dropping a harmless cookie, they used a browser session ID which expires or can be deleted/blocked on the client side. I for one am pleased they didn't do this network side!

Beyond Disgusting (1)

hyades1 (1149581) | more than 6 years ago | (#22968594)

These people should be shut down completely or compelled to pay some very serious damages to the people whose privacy was compromised this way.

A strong response now would send a message to other ISP's who may be moved to try this kind of irresponsible, illegal spying.

Re:Beyond Disgusting (1)

Ilgaz (86384) | more than 6 years ago | (#22969268)

As they are unofficial monopoly, nobody can dare to shutdown them without breaking entire country. That is how they dare to do such things. It is similar in lots of countries.

Legal, if the user gave consent (1)

imtheguru (625011) | more than 6 years ago | (#22969408)

The Home Office indicated their position on the usage of Phorm. Phorm's data collection was declared to be legal and lawful if the end-user gave consent for collecting the information.

Here's a reference from the guardian blogs of March the 12th [guardian.co.uk] .

Article says that end-users were not not made aware of the phorm tracking. This will be an interesting case.

Cheers.

In other news (0)

Anonymous Coward | more than 6 years ago | (#22968648)

Crack dealer executives insisted they had not broken the law and said no 'personally identifiable information' had been shared or divulged."
Developing....

But wait...it gets worse! (1)

Idefix97 (725474) | more than 6 years ago | (#22968682)

They (BT) are implementing this in the UK, along with a couple of other ISPs (like Virgin).

Re:But wait...it gets worse! (1)

eneville (745111) | more than 6 years ago | (#22968762)

Yeah, I've heard the same, but it's ok for me since I won't use Windows they'll have to think of another way to get to what I do... Such as watch me using their own CPU cycles rather than the cycles where Phorm runs (the client PC I believe).

At least they're not going to get it for free.

Re:But wait...it gets worse! (1)

Dude McDude (938516) | more than 6 years ago | (#22969770)

The monitoring happens at the ISP. The OS you use is irrelevant.

class action lawsuit? (1)

NynexNinja (379583) | more than 6 years ago | (#22968686)

sounds like a major privacy violation, I hope they get sued into oblivion.

Re:class action lawsuit? (2, Insightful)

arth1 (260657) | more than 6 years ago | (#22968908)

BT is the equivalent of Bell/AT&T in the US. It's impossible to sue them into oblivion. The best you can hope for is that one of the sub-sub-sub-sub-sub-CEOs gets a slap on the wrist and won't be invited to the next golf tournament.

safe assumption.... (3, Insightful)

3seas (184403) | more than 6 years ago | (#22968744)

.... that if you are online someone is watching you.

Yes (1)

Smordnys s'regrepsA (1160895) | more than 6 years ago | (#22968922)

We see you.

Re:safe assumption.... (1)

nurb432 (527695) | more than 6 years ago | (#22969690)

But it doesn't make it right.

One of the Worst Providers in the UK (3, Insightful)

lobiusmoop (305328) | more than 6 years ago | (#22968752)

BT's ADSL internet service seems to be one of the worst in the UK. Unfortunately since they have a long history of providing landline connections in the UK, many people assume they must be a worthy internet provider also - not so. I'd recommend UK Slashdotters look at This ADSL ratings site [dslzoneuk.net] for more personal citations of BT's (and other providers) service.

Good British Channel 4 news video on this... (1, Informative)

Anonymous Coward | more than 6 years ago | (#22968754)

BT are going to get screwed big style over this (4, Interesting)

Peil (549875) | more than 6 years ago | (#22968760)

This has been bubbling under for a few weeks, but really broke badly in the past couple of days.

Essentially they appear to have broken the Regulation of Investigatoy Powers Act (RIPA) by performing an unauthorised interception of a communication over telecommuncations infrastructure.

No word yet on legal action, although several MP's are kicking up a fuss about it.

BTW BT are the only ones who have confessedd to doing this so far, the other ISP's haveeither kept schtum, or muttered paltitudes like we will wait and see

Re:BT are going to get screwed big style over this (2, Interesting)

Anonymous Coward | more than 6 years ago | (#22968958)

...and the data protection act. Also something else from the act ( http://www.opsi.gov.uk/Acts/Acts1998/ukpga_19980029_en_3#pt2-l1g11 [opsi.gov.uk] ):
"An individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing for the purposes of direct marketing personal data in respect of which he is the data subject."

Essentially, users should be able to opt out of targeted advertising based on their personal data if they wish.

website operators can sue too (yes you) (0)

Anonymous Coward | more than 6 years ago | (#22968766)

the RIPA act that covers interception of data says that both parties involved in a communication have to conset to monitoring, so its not just a matter of 1 user consenting i wonder how google feels having its pages modified with banners and inserting tracking without permission ?, tortuous interference perhaps ? definately copyright , i wonder how those hidden intranet/exchange url owners (military/f100 companies etc) feel too having their employees/customers communications intercepted ? see you in the prison visiting room BT executives, ill bring you some smokes to look at

Uncle Sam isn't Big Brother... (-1, Troll)

PC and Sony Fanboy (1248258) | more than 6 years ago | (#22968786)

This isn't surprising. The UK has security cameras everywhere that anyone can watch through public tv. They use it to discourage violence, because you never know who's watching.
 
It isn't surprising to find out that their policies apply to the internet as well, and so does the mentality of voyeurism and big-brother-hood.

Re:Uncle Sam isn't Big Brother... (1)

Toonol (1057698) | more than 6 years ago | (#22968972)

The UK has security cameras everywhere that anyone can watch through public tv.

Out of curiosity, can you watch them online? I wouldn't mind watching some British hooligans.

Re:Uncle Sam isn't Big Brother... (1)

Kasis (918962) | more than 6 years ago | (#22968990)

Is somebody going to mod this down then?

This isn't surprising - Yes it is, BT is a massive company who have a lot to lose by getting involved in illegal activities.

The UK has security cameras everywhere - Not true. There are a lot of cameras, but they aren't everywhere.

that anyone can watch through public tv - Just not true.

They use it to discourage violence - Well not just violence, any crime really. It doesn't make much difference really, but some people feel safer.

It isn't surprising to find out that their policies apply to the internet as well, and so does the mentality of voyeurism and big-brother-hood - Are you fucking stoned?

Re:Uncle Sam isn't Big Brother... (0)

Anonymous Coward | more than 6 years ago | (#22969210)

My rhetoric beats your rhetoric, hands down. Why? because I'm using CAPS so I look smart! (but not as smart as if I used italics)

Re:Uncle Sam isn't Big Brother... (1)

cheater512 (783349) | more than 6 years ago | (#22969014)

Um...this is spyware (ads) not government interception.

Re:Uncle Sam isn't Big Brother... (0)

Anonymous Coward | more than 6 years ago | (#22969198)

The UK has security cameras everywhere that anyone can watch through public tv.

If that were true, I'd have less of a problem with them (reciprocal transparency and all that). But as it is, most camera feeds go a to a privileged few, making an information elite.

Re:Uncle Sam isn't Big Brother... (0)

Anonymous Coward | more than 6 years ago | (#22969214)

Jesus christ. Right sentiment, mate, but you're dreadfully misinformed. We wouldn't let just ANYONE watch the cameras, that would be a violation of privacy! Far better to just trust the good old government to do it. And private businesses.

OT but wtf is up with the buttons? (1, Offtopic)

citylivin (1250770) | more than 6 years ago | (#22968794)

How do i turn the reply buttons back to text like it was before? Ive been moving around computers alot and probably enabled some stupid new feature. I cant seem to find it in the preferences.

thanks

Re:OT but wtf is up with the buttons? (0)

Anonymous Coward | more than 6 years ago | (#22968840)

It's the new standard theme, AFAIK it can't be turned off in the prefs.

Re:OT but wtf is up with the buttons? (0)

Anonymous Coward | more than 6 years ago | (#22970156)

it looks like shit, whoever the dipshit is who enabled it without any option to disable it is a fucking moron and should be fired, fuck you button guy, fuck you. there's always some idiot who decides to ruin something good

Not illegal? (1)

felisconcolori (1191151) | more than 6 years ago | (#22968856)

...

Wait, so you're telling me that a third party can, without my consent and/or notification (implied or explicit), install and execute a program on my hardware? Isn't that what sends most virus writers to jail?

I'd want a lawyer to run over the BT access agreements with a fine tooth comb, and check this against any applicable privacy laws.

Computer Misuse Act (2, Interesting)

mutube (981006) | more than 6 years ago | (#22969148)

IANAL but the UK law covering this is the Computer Misuse Act and more recently the European Convention on Cyber Crime.

As I read it BT are guilty under CMA 1(1) [wikipedia.org] which relates to unauthorised access to any program or data held in a computer. Whether the information checking is done on the computer or the ADSL hub it is a violation. With regard to the Convention on Cybercrime [coe.int] they appear to be guilty under Articles 2, 3 and 6.

I hope someone sues their buttocks off.

Re:Computer Misuse Act (1)

esocid (946821) | more than 6 years ago | (#22969402)

I hope someone sues their bollocks off.

There, fixed that for you.

Re:Not illegal? (1)

Dude McDude (938516) | more than 6 years ago | (#22969822)

No software was installed/run on any of the users' computers. The http session was monitored at the ISP level (and that's how you'll be monitored, if you're a BT customer, when this is rolled out).

Aren't they supposed to log connection? (1)

tommyhj (944468) | more than 6 years ago | (#22968860)

With the new terror-laws, every ISP here in Denmark is bound by law to monitor and log all and every connections made in the country (mainly IP adresses, but probably down to protocel level, ports, mails, IMs etc.). I don't see how this is different...

Re:Aren't they supposed to log connection? (1)

arkhan_jg (618674) | more than 6 years ago | (#22969156)

That same law is in effect in the UK due to an EU directive - websites visited, and email addresses sent and received are collected (similar to phone log records) but not the contents, and only available after the fact by warrant.

The difference with this is because it's being passed to a third party company to analyse the traffic in realtime for keyword trends, to be passed to adbanner providers. So when you go to a website using phorm for their ad banners, phorm know where else you've been in the past, and picks the ads on the new site to fit with your previous profile.

I.E. one set of data is collected by government order for the purpose of policing, and is accessible by warrant after the event, the other set of data is collected secretly and probably illegally by a private advertising company for the purposes of spying on you in realtime to better target their adbanners to your history.

What's the best method of defeating all this ****? (1)

dixonpete (1267776) | more than 6 years ago | (#22968874)

I use ad-block+ so I never see any ads anyway but further I have absolutely no interest in letting any company besides Google, whom I'm presently very fond of, know anything about my Net habits. It just doesn't serve any of my interests and it causes me great anxiety to think that a profile could be built and accessed and sold. I'm not in the US but as an example the present US administration I would prefer to be an absolute cipher to. Would using a proxy server achieve much?

Re:What's the best method of defeating all this ** (5, Interesting)

sexconker (1179573) | more than 6 years ago | (#22968912)

Why do you (and so many others) trust google?

Re:What's the best method of defeating all this ** (2, Interesting)

dixonpete (1267776) | more than 6 years ago | (#22968982)

1) I use Google to search, very often 2) I watch their tech talks, often 3) I am starting to use their free apps Google is offering great value gives me services that greatly enhance my life. Plus, I signed up for this. These other jokers are stealing that information without my permission and offering me nothing in return. If ISPs need more money they can ask me for it.

Re:What's the best method of defeating all this ** (2, Insightful)

cheater512 (783349) | more than 6 years ago | (#22969120)

They have defended our rights where others have not.

They are also relatively honest and havent done anything immoral in regards to privacy to date.

Re:What's the best method of defeating all this ** (1)

esocid (946821) | more than 6 years ago | (#22969412)

I like google but disabled the search tracking since I found it a little creepy. For extra protection I use track me not [nyu.edu] .

Re:What's the best method of defeating all this ** (2, Informative)

fuego451 (958976) | more than 6 years ago | (#22969432)

Google at least gives you a reach around. Gmail has some nice features and I now have over 6.5 GiB of storage and counting. I use iGoogle to organize my most viewed sites with access to all the other Google features/tools/apps. Am I worried abut personal my personal info, shit, the IRS has it all from the late 50's, the FBI has it from the 60's (military secret clearance), the Veterans Administration from the 70's, employers, banks, the post office, state licensing agencies, mortgage companies, title companies, utilities you name it. Sure, I try to guard it as best I can but...

Re:What's the best method of defeating all this ** (1)

fuego451 (958976) | more than 6 years ago | (#22970070)

Am I worried abut personal my personal info

Interesting! When I previewed this in the new comment box, all was fine.

Re:What's the best method of defeating all this ** (2, Insightful)

RiotingPacifist (1228016) | more than 6 years ago | (#22969560)

1) because i get something back, in exchange for tracking me, they get more data about what i want and their searches are more tailored.
2) because they dont charge me, in exchange for good search results they track me and give me non intrusive ads.
3) because its very easy to switch, if they change their privacy policy im not tied to searching with them for another 6-12 months
4) because they do good stuff with the money ( FF, SOC, etc)
5) because theyre geeks, the main way the information is mis used is if somebody hacks in and steals it, i doubt this will happen with google, but after BT pushed out insecure linux routers to thousands of homes, i cant say id have faith.
5) be

Re:What's the best method of defeating all this ** (1)

BlueParrot (965239) | more than 6 years ago | (#22969902)

I choose to use google mail despite the privacy implications. In this case people are FORCED to have their connections sent through third party servers and profiled.

There's a big difference between profiling people based on adds on participating sites and scanning every connection to ANY site. Google doesn't see what Wikipedia pages I am editing, this system could.

The only way you could compare this to Google would be if every site you could connect to was using Google adds, and they were all written as to not render if you used add block. Actually, it is worse than that seeing that this actually interferes with sites that don't benefit from the scheme. It is more as if the search results in google would link to modified pages of the destination, each containing a google add , which was then used with a tracking cookie ( assuming there was no other way to get to webpages other than google's search ).

No, really, google doesn't even come close to this...

Re:What's the best method of defeating all this ** (1)

Dude McDude (938516) | more than 6 years ago | (#22969848)

The best method is to vote with your wallet and change ISP.

Re:What's the best method of defeating all this ** (1)

dixonpete (1267776) | more than 6 years ago | (#22969944)

And when they don't tell you they are doing it and/or lie about it like BT did? Seems wiser to rig one's machine to mess with their systems as much as possible. How about scrambling the contents of their cookies? Proxy servers? Encryption of some kind?

True to Phorm (1)

JackSpratts (660957) | more than 6 years ago | (#22968904)

saul hansell of the times has already been on this. he interviewed a principal of phorm and summarizes it on his times blog. needless to say the readers comments haven't been positive for the companies in question.

http://bits.blogs.nytimes.com/2008/04/03/can-an-eavesdropper-protect-your-privacy/index.html?ref=technology

- js.

The spying begins: Phorm coming to 3 major UK ISPS (5, Informative)

Sosigenes (950988) | more than 6 years ago | (#22968910)

The summary of the story doesn't emphasise the point that the spying test was just a small trial, and that Phorm is actually coming directly to the UK.

3 of the major UK ISPs: Virgin Media, BT and Talk Talk are getting all ready to implement and bring in Phorm. More information and details are available at the useful website BadPhorm: http://www.badphorm.co.uk/ [badphorm.co.uk]

Thousands and thousands of UK users are going to be subject to this inescapable violation of their privacy with little to do about it. There is an opt-out cookie, but this does not prevent the fact that the users browsing still goes through the Phorm servers. Would you be happy with all your internet browsing going through a third party server, let alone one owned by an advertising company that wants to profile you and "see the whole internet" (Reference: http://www.badphorm.co.uk/news.php?item.30.3 [badphorm.co.uk] ) through your browsing history.

There is lots of interesting discussion going on about this, particularly at Cable Forum by Virgin Media users, who are going to be thrown into this spying (Link: http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html [cableforum.co.uk] )

A fast growing petition to the UK government on the governments website is nearing 10000 signatures, and just shows how many people do not want this to happen (Link: http://petitions.pm.gov.uk/ispphorm/ [pm.gov.uk] )

This may not concern many people in the US, or people on the smaller ISPs in the UK - but the worrying thing is, other ISPs are already saying that they are going to watch the results and see if the ISPs can get away with it - if they can, they will likely pick it up to. And your ISP might do too!

MOD PARENT UP, it's INSIGHTFUL and INFORMATIVE (1)

I)_MaLaClYpSe_(I (447961) | more than 6 years ago | (#22969142)

If only I had mod points now...

Re:The spying begins: Phorm coming to 3 major UK I (1)

Creepy Crawler (680178) | more than 6 years ago | (#22969392)

If I was this ISP and had to make a choice, I'd do it the following: :If we have spyclient installed, watch for certain pattern of data through high# ports. IP dest and dest port should not matter, as to prevent detection :Bridges between customer backbones that watch all data from specified port. :The bridge captures and saves pertinent data to separate spy-net that they can watch, not interfere

All this talk only brings bad blood. Anyways, unencrypted traffic can be viewed at any point from source to destination. If people cared, they'd use encrypted tech to hide what they do. I have a hunch that most people "Just Dont Care".

Similarity to ET (2, Funny)

DogsBollocks (806307) | more than 6 years ago | (#22969540)

BT phone home.

Re:Similarity to ET (0)

Anonymous Coward | more than 6 years ago | (#22970020)

BT phone home.
Wasn't that their advertising slogan at some point in the 80s?

Queue the "If you have done nothing wrong,..." (0)

Anonymous Coward | more than 6 years ago | (#22969614)

Queue the "what are you hiding if you have done nothing wrong", with a strong scent of "what did you do, if you object?". The horse breeder did nothing wrong, but I guarantee that his racing competition will pay good money to see the ISP records of his web browsing. So "even though he has done nothing _WRONG_", he still has something to hide. People, get the point of privacy...

BT like MI5 (1)

SimonTheSoundMan (1012395) | more than 6 years ago | (#22969634)

I see the whole thing like; someone tapping into all your phone calls at the exchange, noting down everything you say, and midway through your conversation with someone else butting and offering phone sales.

God it's sickening! BT can tap into phone calls, but only a few. With the Internet it's like they are tapping into everyone's phone calls. Ugh!

This does not break a law? (1)

Opportunist (166417) | more than 6 years ago | (#22970190)

If spying on your customer does not break the law, the law is broken.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?