back to article BT pimped customer web data to advertisers last summer

BT’s servers were secretly passing data on subscribers to its "new" advertising partner as long ago as last summer, though the companies refused to acknowledge any relationship at the time. BT - the UK's number one internet provider - finally revealed the plan earlier this month along with Virgin Media and Talk Talk, which …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Anonymous Coward

    /etc/hosts

    dns.sysip.net 127.0.0.1

  2. LJ
    Stop

    A simple solution?

    Might be interesting to see if one of the affected people could set an entry in their hosts file to point dns.sysip.net (or *.sysip.net) to 0.0.0.0 - it's unlikely that BT are going to trust Phorm to handle all their DNS queries, so dns.sysip.net is probably named so to make people think it's something innocent (or too technical for them to understand).

    Perhaps a public service announcement would be in order?

  3. Anonymous Coward
    Jobs Halo

    opendns

    Won't pointing to opendns.com (or similar) for your dns requests solve this? I don't know enough about the ins and outs to be sure though.

  4. Justin White
    Black Helicopters

    BIND + Root Servers > ISP Redirect

    Personally, I find it easier to maintain my own DNS cache using BIND9 on a small Linux box I maintain. No need to use the ISP DNS crap in the first place!

    I knew this was a conspiracy! Tinfoil hats around to all!

  5. Jez Caudle
    Go

    Technical details

    I wondered if El Reg could post technical details of how exactly this works.

    If they know where you are going and what you are looking at, how do they then show you ads? Do they rip and replace ads from other sites or wait until you hit a site hosting their adverts - at which point they look up your previous habits and then display loads of "relevant" ads?

    A nice technical article and some possible mitigations would be fantastic.

  6. Greg
    Thumb Down

    Time to say goodbye..

    I have been with TalkTalk for some time now and have been one of the lucky few to not have any trouble with their service. Even if it as easy as changing your host file to avoid this I won't feel happy staying with a company that does business with spyware pushers.

  7. John Bayly
    Thumb Down

    @opendns

    I doubt it, all BT have to do is sniff packets on Port 80. From the packet they can see the Host header along with everything else.

    As they appear to rely on cookies, I'm assuming they'll be injecting a cookie for www.oix.net into every HTTP response. Blocking the www.oix.net cookie (as they suggest if you want to disable the service <cough> permemently <cough>) will only mean that when you request a page containing oix.net adverts, no cookie with the <cough> unique anonymous <cough> ID linking you to keywords will be sent. Hence you will simply receive random adverts.

    Blocking a cookie still means that BT will happily be sending your clickstream data & pages viewed to Phorm, so they still get a wealth of data.

    Time to call BBC radio Oxford and try to get this mentioned in the mainstream media, because this is seriously taking the piss now.

  8. Godwin Stewart

    @Justin White

    "Personally, I find it easier to maintain my own DNS cache using BIND9 on a small Linux box I maintain. No need to use the ISP DNS crap in the first place!"

    Indeed, I've been doing just that ever since Verisign broke DNS with their "sitefinder" stunt:

    http://www.theregister.co.uk/2003/09/16/all_your_web_typos/

    http://www.theregister.co.uk/2003/10/04/icann_demand_sees_verisign_pull/

    http://www.theregister.co.uk/2003/10/16/verisigns_site_finder_is_undead/

    The "delegation only" feature works like a charm :)

  9. Anonymous Coward
    Anonymous Coward

    Re: technical details

    I second that, some technical details please

    not only on how they plan to serve the ads, but there is also no mention of what these requests were

    you mention the browser was making connections to there - no matter what an ISP do they can not make a program on your computer just start connecting to random places. it sounds like he probably noticed it by the status bar showing loading from there or something similar, which would indicate that they are embedding something in to every webpage that is returned. If this is the case then it will certainly break at least some pages (i doubt they have found a flawless way to add arbitrary code to a web page that doesn't break the page in at least some circumstances, particularly with AJAX requests etc which may not be returning a web page to be rendered)

    anyone any ideas as to the technicality of how they got the browser to make an outgoing connection to report on your activities?

    or is it just extremely bad wording claiming "connections" being made, when it's actually just that they set the DNS servers to there (connectionless except for some rare large responses), so that was handling DNS lookups - and they are monitoring just hostnames resolved by you

  10. Anonymous Coward
    Stop

    Virgin Media details

    http://www.cableforum.co.uk/article/377/virgin-media-signs-targeted-ad-deal

    Lets see how easy it is to opt-out

  11. Anonymous Coward
    Anonymous Coward

    <no title>

    One should not need to opt out of this sort of stuff. One should have to knowingly opt in.

  12. b shubin
    Pirate

    TOR?

    has it come to this? do we all have to start using encrypted anonymizing proxies, to stop our provider from selling all information about us to a third party, without our knowledge or consent? opt-out indeed. what's the benefit for the profiled?

    doesn't the UK have a Commissioner to handle this sort of thing?

    and i thought the US telcos were slimy.

  13. colin stone
    Black Helicopters

    Watchdog

    I posted a short summery of this story to watchdog, plus links to this site and others.

    I am awating a call back as I was out of my office when the reasercher called.

    Please post your compaint at

    http://www.bbc.co.uk/consumer/tv_and_radio/watchdog/contact_index.shtml

    As it looks like this may be a story that they are likely to cover.

    If nothing else it may expose BT, and others as the skumbags that they are on tv.

  14. Jim Murray
    Stop

    Worse and worse

    I'm not at all sure why Phorm seem to be interested in DNS lookups. From their own description of their technology they appear to have access to all the contents of any non-encrypted HTTP traffic, so what is the need to monkey with the DNS?

    What do they gain from this, other than perhaps using it to obtain some details from those who are trying to evade it's data mining by technical means?

    Where does it stop...

    I'd love to hear from any other BT customers who with experience of Phorm, perhaps it'll shed some light on just how this company is actually going about it. Tails of woe welcome on www.badphorm.co.uk

  15. Anonymous Coward
    Anonymous Coward

    Contact the police if you're a BT customer

    If BT have been intercepting details of your browsing habits then this may be a violation of RIPA http://www.statutelaw.gov.uk/content.aspx?activeTextDocId=1757378

    In particular sections 1(1) and 2(2):

    1. Unlawful interception.

    — (1) It shall be an offence for a person intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of—

    (a) a public postal service; or

    (b) a public telecommunication system.

    2. (2) For the purposes of this Act, but subject to the following provisions of this section, a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if, he—

    (a) so modifies or interferes with the system, or its operation,

    (b) so monitors transmissions made by means of the system, or

    (c) so monitors transmissions made by wireless telegraphy to or from apparatus comprised in the system,

    as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication.

  16. This post has been deleted by its author

  17. Joe K
    Stop

    Future class action suits?

    Surely there is some kind of privacy laws being breached here.

    If Facebook can take a kicking from the EU courts for far less than this, i'm pretty sure BT will be hauled into the courtroom soon enough.

    Maybe they think its all too technical for the courts. I'd say that its pretty much the same as them installing a trojan on their customers computers to monitor their browsing habits.

    Or, for the tabloids: "its as if they bugged your house to listen to your conversations, and play matching ads on your TV"

  18. Anonymous Coward
    Alien

    Orange - good guys for once?

    Interesting that several high level Freeserve/Wanadoo/Orange employees (including the ex CTO) have been poached by Phorm recently and Orange have met with them but have (so far) decided not to go with Phorm.

  19. Adam Trickett
    Linux

    Death to Spammers

    It's at times like this I'm glad I run my own DNS server and all my browsers run Adblock and NoScript on Linux platforms. It looks like an investment in learning how privoxy and Squid work are required next.

    A quick nmap of dns.sysip.net shows it currently only appears to be only running http, so it could be as simple as adding it to your /etc/hosts file and/or Adblock/noscript filters and you are safe.

    Spammers are scum, spammers pretending to be legitimate advertisers are sum, and ISP that help them are scum.

  20. Anonymous Coward
    Flame

    The sneaky bastards

    I was just about to dump TalkTalk (for being shite) and I was thinking of going back to BT or possibly Virgin.

    Lo and behold, they're all cavorting with spyware peddlers.

    The sneaky, dirty bastards.

    Well done El Reg and (tinfoil) hats off to Stephen for digging it out. I am really surprised this is legal and I hope they get a good kicking for it.

  21. Tim Schomer
    Paris Hilton

    Big Question..

    (well, for me at least) is this sort of behavior likely to be spread to the smaller ISPs that BT secretly swallowed in the last couple of years (Plusnet is one, I only found out 18 months after it happened!)

    I wouldn't expect any direct communication from them on this, they're useless about giving their bill payers any information they actually need.

    Tim

    Paris 'cos she wouldn't know even if they told her...

  22. Anonymous Coward
    Black Helicopters

    BT Wholesale + LLU

    Does anyone have any idea if this just affects BT Broadband customers, or does it include BT Wholesale customers as well - ie people whose broadband is supplied by resellers.

    I would also be interested to know whether or not people on LLU networks are immune to the sniffing aspect. Although the redirect is done using BT Broadbands DHCP served DNS addresses, the LLU providers traffic still partially goes across BT Wholesales network.

  23. Anonymous Coward
    Alert

    Un-anonymizing Anonymous Data

    Depending on how this is implemented, it's hard to see how anonymous the end user can expect to remain.

    The blurb states that adverts will be linked to keywords in both the page title and page content of sites visited by the user.

    If Phorm has access to raw HTML streams, e.g. via "anonymized" dumps of some sort from the ISPs transparent proxy or routers, then this will be very dangerous as next time the user visits a social networking site, unencrypted mail, eBay, anything which displays their real name will be cached alongside the "anonymous" id, creating a link to the real life person.

    Obviously there are many other ways of implementing this without access to raw streams, but if the ISPs and Phorm do not come clean ASAP with intimate technical details, then a fair few people will have cause to write to the Information Commissioner with very real cause for concern that identifiable information is being sold without permission.

    I urge all concerned with this to fully disclose how this system will work to pre-empt public concern.

  24. Sam

    Bearing in mind what happened to Sony

    I hope far worse happens to all those scum involved in this...I want to pull fucking heads off right now!

    Dear El Reg, what about a nice security article for the masses, with instructions for workaround options?

    Preferably in about ten minutes.

    I'm switching to copper foil hats with an earth braid.

  25. Anonymous Coward
    Dead Vulture

    Its worse than you think..

    ..details here www.badphorm.co.uk

    DNS changes will not protect you. The optout only asks them not to use the data they have already connected.

    Is it a crime to copy data on its way TO you as opposed from you? Thats what they are doing. Its not clear to me whether this can be construed as 'intercepting communications' . Presumably they are preparing there legal arguments now, which is why BT and Virgin are being so secretive about it.

    If nothing else given the spyware and crookery provenance of Phorm who can have any confidence in their assurances? Phorm is a US company based in 'Dodgy Delaware' and its OIX ad servers are in China somewhere. So they can tell whatever lies they like about privacy and security and no-one can hold them to account. BT and Virgin should try to look beyond their greed and see just how horribly exposed they are too.

  26. Ash

    @Joe K

    Or, for the tabloids: "its as if they bugged your house to listen to your conversations, and play matching ads on your TV"

    ---

    No, it's as if they bugged your telephone line, sent your conversations to a firm run by a guy who used to illegally bug phone lines to pick up your credit card numbers, played you audio adverts over your phone line in the middle of a conversation, then said "your data is safe because we say so."

  27. Anonymous Coward
    Dead Vulture

    Or opened all your letters...

    ... and added some junk mail after reading the contents.

  28. Anonymous Coward
    Pirate

    not only opened your datastream

    But added unwanted crap in there.

    The next likely scenario is : you pull up a page for a car manufacturer , only to see an ad for another manufacturer.

    Or,f you pull up a page for something , it gets replaced by something else. After all , they can replace one element in the stream with another now ... ( based on your surfing habits of course )

    This is clearly TAMPERING with the information stream. Class action lawsuit anyone ?

    I als op wonder what the 'default surfing habits will be' for a new user ? Purple pills ? Lottery tickets ? We all know that's why people use the internet anyway. If they monitor email streams (thats text after all. and especially if you use a web based interface) they also pick up all these keyword in all the spam messages you get, so it won't be long before you get ads for all the stuff that is now beeing pushed through spam as well....

    Even a grounded copper foil hat won't help. We're talking lead-lined , faraday cage, steel reinforced 10 meter thick contrete hats now ....

    i got my scisor sready to cut the incoming ethernet cable intot the house ... let them try pushing their crap through my cut cable ...

  29. Claire Rand
    Flame

    linked to what exactly?

    assuming there are several people using a computer how do they identify the user?

    if its a user specific cookie that identifes you, and contains the 'dont track' bit so if you block cookies you're 'opting in' so to speak...

    thinking bout what happens when little jonny sees an advert 'targetted' at his dad from all them sites with pictures of ladies on.

    sue the bastards for all they are worth?

    I'm 'offended' etc.

    or how long before theres a firefox extension that just randomises the cookie? sort of 'track this...'

    ho hum.. still theres always TOR etc, this could work wonders for making people start encrypting connections.

    oh and since i run a TOR relay would this mean i get ads 'targetted' based on other users preferences?

    i think they will have trouble unless they provide a way to opt out once and for all, without the thing turning itself back on right away.

    def like the firefox extension idea, this crap has been tried before, not at the ISP level though, hasn't worked yet.

  30. Anonymous Coward
    Jobs Horns

    Who clicks?

    I've never met anyone who has clicked on an ad, targeted or not. Most make some effort to block them, often just out of spite. So how does anyone make money from these things? Do they no longer count click-throughs? Is the idea now just to get some form of presence out there like a newspaper ad?

    The fat man with the horns seems appropriate.

  31. Morely Dotes

    @ AC

    "no matter what an ISP do they can not make a program on your computer just start connecting to random places."

    Of course they can. DHCP allows the ISP to tell your computer which DNS servers to use, and if you have not specifically entered your own choice of DNS servers, then BT will be able to push whatever they like down to you - which means that, if they so choose, *every single Web request* will be forwarded to a transparent recording proxy, and the data returned to you as if you were deliberately using Network Address Translation. In other words, if you use BT's DNS servers, they have total control over where your computer connects.

  32. Anonymous Coward
    Anonymous Coward

    Computer Misuse

    Surely the redirection might be considered to be a breach of the Computer Misuse Act, since no one gave authority ?.

  33. N

    hosts

    Agreed, AC

    dns.sysip.net 127.0.0.1

    in hosts file, along with about 10,000 other crap ware sites!

    I hope that as more people realise what a heap of crap BT are, they will migrate away from them

  34. Anonymous Coward
    Black Helicopters

    Patent application for this one...

    I love the patents system. Could this be it? Names KENT THOMAS ERTUGRUL as inventor and 121Media as applicant. Published in Sep 2007.

    "TARGETED CONTENT DELIVERY FOR NETWORKS"

    http://v3.espacenet.com/textdoc?DB=EPODOC&IDX=WO2007108818&F=0

  35. Armitage
    Happy

    Tor?

    im a little rusty on the subject but does Tor encrypt from the browser (firefox) all the way to the exit node so in theroy all the isp would see is encrypted data?

  36. Someone

    How could I have been so stupid?

    I’ve been wondering about the name ‘Phorm’. It’s only just hit me. I’m guessing it comes from:

    PHishing by web fORM

    That would make it an out-and-out in-your-face bad-taste joke. (I know it’s a bit rich for me to comment, given the name I chose to follow the word ‘By’.)

  37. Danny

    Information Commissioner

    The Information Commissioner can take action against these companies.

    http://www.ico.gov.uk/complaints/data_protection.aspx

  38. Anonymous Coward
    Anonymous Coward

    Will they tell the police too?

    I once carelessly did an image search for pictures of horses and have therefore viewed illegal images on the internet. I am concerned that this may become public knowledge.

  39. ChessGeek

    And the next step...

    ...in this mess will be for BT, et al, to contract with the credit companies to match your buying habits to the ads you've been served.

    Those who don't buy what's advertised to them like good little puppies will then see their broadband bills go up to cover "loss of revenue".

  40. BitTwister

    @BT Wholesale + LLU

    > does it include BT Wholesale customers (...) broadband is supplied by resellers.

    Unlikely, I would hope, since BT would be treading all over their agreement with the reseller and that should certainly raise interesting legal issues (beyond those already raised!). Since this seems so far to be BT acting directly as the ISP (plus some resellers who have decided to play along), I think it would only affect BT customers who pay BT directly as their ISP. Unfortunately, more resellers may also join in after being approached by BT.

  41. Mark de Roussier

    Time to pin down your ISP...

    In the light of Ertegrul's claim to be 'talking to all UK ISP's', perhaps it's time for everyone to start asking their ISP what their position is with respect to Phorm. I've just squirted a query at the corporate PR droids for mine, though I'm not expecting much. Maybe El Reg could get the Pimply Faced Youth to stop surfing the pron and get on the phone...

  42. Anonymous Coward
    Anonymous Coward

    Retail or Wholesale

    This only affects BT Retail.

    It sits in their service layer along with various other management tools.

    I've met one of the folks at Phorm and I couldn't say I felt I could trust him.

  43. Joe K
    Happy

    Mitigation

    OK, let's see mitigation includes:

    1.Tweaks hosts file.

    2.Wear the tin hat. (mine is x-heavy duty)

    3.Wear the copper foil hat. (cost prohibitive, something about inflation)

    I was wondering if there is anything that would actually work?

    Can checking the 'opt out' box, assuming there is one, guarantee anything?

    Why is it the company can do things I would be arrested for?

  44. Chris Donald

    I'll be leaving them then..

    If they are going ahead with this, why the hell should I pay for their service.

    Anyone know if using Tor would screw this up for the assholes?

  45. Anonymous Coward
    Unhappy

    @Morely Dotes

    if it is merely sing their DNS servers, then there is no opt out, there are no cookies - so it can't be that from the description

    and in addition there was mentioned that the browser showed connecting to there, which indicates making a request to a URL on that hostname

    there is also the fact that the system is listening on port 80 for HTTP, but not on 53 for DNS (although port 80 is immediately closed after being accepted for me, i assume as i'm not on a participating ISP... yet)

    of course that hostname showing up anywhere means that the request was directed to it for something other than DNS purposes (you can't direct a DNS lookup to a hostname, chicken and egg problem - and it wasn't a reverse DNS lookup as no programs do those for that type of request, plus a reverse DNS lookup returns a completely different generic hostname)

    which would indicate the browser making a request to a URL on that hostname - the only way it would do that is if either the user went to that URL, or a page they were loading had a reference to that URL in it, obviously not the former so the latter - which would mean having to modify every page returned to include whatever reference they are using (a javascript inclusion, loading a transparent invisible picture, whatever), which having tried to do such a thing before (obviously on a smaller scale for different purposes) i have had to conclude is impossible to do in a way that doesn't break at least something (what about where a response contains just the text "DONE" in an AJAX request? and various other scenarios)

    any even basic research on what was happening from an effected connection would involve a packet sniffer, which would say exactly what was going where and what it was returning - which is why i expected such information to be easy to get from supposedly technical people (as apposed to "well i saw a hostname with 'dns' in it") about the only thing that can be ruled out is that it is in any way DNS related (due to firstly the fact that it showed in the browser, which has no idea which DNS servers your system is set to use when it calls API functions, and secondly the fact that it states that opt-out is for a single browser - which just monitoring DNS packets would only be able to tell you the users IP Address and the hostname they looked up not a specific browser, only way to tell a specific browser is using the HTTP cookies from a HTTP request)

  46. Richard Williams
    Thumb Up

    Own DNS

    I agree with Justin - I run a Windows 2003 box in my case that is my movie/music repository and a DNS server. Works great for me, I don't have to touch the ISP's DNS at all. Of course companies running even Windows small business server are required to have DNS for Active Directory. So in that instance as long as you go into the DNS Server and remove any forwarders (ie your ISP's DNS Servers) this provides the same.

  47. Anonymous Coward
    Alert

    @computer misuse

    If you use their software to install/setup your broadband, as most people would, then they get you with the licence agreement because as you know, everyone reads those.

  48. colin stone
    Pirate

    Charity Adverts

    Some internet adverts are useful, sites like everyclick.com use advertising to raise funds for charity. In fact the charity I run makes a good chunk of its income through everyclick. visit us at http://costellokids.com

    My big worry is that such great systems of fundraising will be damaged as people move towards Tor and other systems.

    I block 99% of advertising, yet for EveryClick and a few other sites I allow there adverts as I know how important they are.

    I have not yet figured out how to allow Tor to allow advertising of my choice.

    Does anybody here have experiance of products such as ghostsurf? Would this also be as secure as Tor?

    I also wonder how long it will be before the security companies build blocking technology into the AV/Firewall products. Which will put an end to this stupid project by the ISP's.

    My big worry is privacy for the work we do, as webmail is used by many of our members, and myself as it is so quick and easy to access. So if keywords are being used, from webmail pages, then there is a possible risk to the people we support, and by the nature of our e-mail it would be very easy to identify individuals. This is scary and I have contacted the information commissioner about this, as well as writing to my ISP's compliance officer.

    I no longer have any trust in my ISP. The worry is that like all Bandwagon's all UK ISP's will quickly jump on.

    It is a bad time for UK internet users and the privacy of all.

  49. Anonymous Coward
    Anonymous Coward

    Light relief

    Wow. I'd like to see some technical details as well.

    Here's some light relief. BT started spamming me a couple of months ago (web design and review services, for some reason), using an address I gave them for online account access. This got so annoying a few days ago that I tried to opt out. The opt-out link was dead, so I had to email them. The 'mailto' link didn't work either - not sure why, maybe Thunderbird gets confused when it sees a subject - so I manually constructed the (empty) email, using the 'mailto' address and subject.

    A couple of minutes later, my mail is returned - BT has rejected it as...

    *spam*.

    Try again, with a body, still rejected as spam. Ring up the advertised 0800 number, shout at somebody, who politely tells me that he'll talk to his sales manager.

    Got another spam from BT today.

  50. Adam
    Black Helicopters

    There's little point in ...

    ... running your own DNS/Proxy etc, as all those requests still go through the ISP's routers on UPD port53/TCP Port 80 respectively and can be redirected/stored or whatever without you knowing anything about it.

    Cookies? They'll be of no use for DNS traffic (coz it doesn't use cookies) and is unlikely to be of much use for HTTP traffic. Cookies are tied to a site, and unless you are sending a request to that site (either through your location bar, or via a web page downloading an advert from some third-party site) the cookie won't be sent.

    I'm with Virgin at the moment (until I get Sky TV/Broadband installed next week - no more Virgin/Phorm, but probably a whole new set of problems!) and I know they use an 'transparent proxy'. This is a proxy that all HTTP traffic goes through without you having to set a proxy setting on your machine. You can tell it's there because if you create a web page that simply displays all the http headers it receives as part of a request from a browser, it shows the 'X-Forwarded-For:' header with my IP address. This is added by the proxy so the web site knows where the request originally came from. The IP Address the web server thinks the request came from (in this case 129.188.8.162 - no reverse DNS lookup for this IP address) is the IP address of the transparent proxy.

    I once asked NTL to turn this off. I was told to call back and speak to a higher-tier engineer who could do this for me. It sounded hopeful, so this is what I did. When I spoke to the engineer though, he proceeded to try to tell me how to remove proxy settings from IE (as if I'd use IE - yuck)! A bizarre conversation followed, while I tried to explain what I actually meant, including asking the engineer to go to the page displaying the headers, and him getting confused because he thought it was some sort of error page. Doesn't say much about NTL engineers. He eventually understood, and then said it couldn't be turned off for individual users.

    The prospects of turning this Phorm tracking/logging off for individual users is also unlikely. That would require some major additional processing from some routers, and a system for controlling the config of said routers. As that would be expensive and entirely counter productive to what they are trying to achieve. I think they are more likely to rely on legal arguments to justify what they are doing. Unless they back down from sufficient negative publicity, the only way this is going to end is in court.

Page:

This topic is closed for new posts.

Other stories you might like