Dear ISP, I am not a target market

A question to PhormPRteam

A simple question.

You are going around the forums saying your system is good and has been audeted, etc, on and on.

OK if it is so good, why do all the people who know about the technology say it is bad, and an invasion of privacy.

When all the world (except the BBC) say something stinks it must actualy stink.

Thanks Reg another good piece.

its a shame

You know, on the Internet, my two pet hates are advertising and unwanted software. By unwanted software, I mean anything that wants to install itself on my computer, or otherwise affect my computer, that I dont want there. Thus, adware, malware, spyware and viruses and trojans all fall into this category.

And so, its with dismay that I realize the reason Phorm is so bad, is because its using the Number 1 Worst Internet thing (Spyware), to promote the Number 2 Worst Internet thing (Adverts), by violating my privacy.

How is this good for me exactly?

Phorm is an example of the worst of the public's fear of a corporation - a corporation that makes money by exploiting customers in a fashion that, if it isnt directly illegal, is at best immoral.

I'd love to understand what motivated the founders of this company to be so underhanded. What made them wake up one morning, and think "Gee you know what? I love money so much, that I'm going to sell the private data of millions of people to unscrupulous advertisers. because I know they wont be crazy about the idea, I'll hide it under an anti phishing technology that nobody needs anyway, and lie as much as possible so I wont get found out. Woohoo, Money, here I come!"

Paris, because the makers of this software would love to be as rich as she is, too bad they didnt have rich daddies - maybe then we wouldnt have Phorm? Maybe we should start a donation drive for these guys, they are obviously so hard done by.

You are the product.

Just remember: as far as Phorm/ISPs are concerned - just as with commercial TV - you are not a customer.

The customer is the advertiser. Your eye-time is the "product" and the ISP/TV-station's only interest is to deliver losts of product to customers.

Paris: because she's 'product'.

war on phorm

surely this will just spark website owners to start coding JS to rip out phorm added stuff. they don't have enough time to track 500 million variants of the same code.

perhaps re-write the html to include 32000 (hidden) links to the phorm corp site

Where are the rights of the page owners?

I never look at any adds on internet pages. If I want to buy something, I'll google for particular companies who supply it - just to round it off, I'll ignore anyone who is in google's sponsored links who isn't also in their non-sponsored links.

If a site owner wants to allow their pages to host some advertising as a way of making more money - or even subsidising the running of their site - then that is up to them to decide. They will then presumably have some say over what gets put there and where it is situated so as to be visible but not to distract from the content of their site.

What I object most strongly to, is that Phorm are possibly planning on putting adverts onto pages where the original content creator has chosen not to place them....or they are going to replace the advert the site owner did want (presumably because it related in some way to the content of their site) with something targeted at me.

So not only are we letting our own personal data into the hands of a company we don't like/trust/want, but we're also being led down the path where we allow site content to be modified based on marketing habits - very dangerous indeed!!

Thanks again El Reg - WELL PUT!

A whole bunch of Reg Readers, many doing it as a hobby without pay, spent many hours over the last 15 years contributing to standards that drive the internet today. From HTTP through to XML, all due credit to the original pioneers, have benefitted from a public standardisation, review and refinement/RFC process.

Why does anyone think that we'll sit back when someone claims to do the seemingly improssible - profile everyone to the benefit of marketing types without affecting the very fabric of the internet itself or put personal privacy at risk?

We sat up, questioned everything, got marketing guff in response as gaping holes appeared in the claimns. A data gathering exercise at the heart of the countries information exchange and a couple of "reports", ONE WHICH HAS YET TO BE RELEASED claim all is good, nothing to see here.

SHAME ON THE BBC FOR PRINTING A PRESS RELEASE AFTER IGNORING 3 WEEKS OF TIPS FROM PROFESSIONALS WARNING OF THE NIGHTMARE AHEAD.

Anyone who ever worked on a software system knows how difficult it is to check it does what's needed, never mind check it doesn't have unintended side effects. Fairly simple financial control systems can cost hundreds of millions of dollars because they have to be thoroughly audited both to do what they say they do, have an electronic trail of all operations, etc etc.

And then look what still happened at SocGen!!!

You Phorm Tech Team/CDR PR MONKEYS and more importantly BT, Virgin Media and Talk Talk go an print off 10000000 copies of your report... And use it to *wipe your arses on for the next 3 years/*clean up this mess (*delete as appropriate)

PHUCK OFF

K.I.S.S. or, I.T.I.S.P.S.

It's The ISP, Stupid!

About time the focus was on the real villains here - the ISPs. They are the ones proposing to intercept their customers HTTP traffic, default *their* customers to opt-in rather than opt-out, analyse their customers web traffic.

If they need to change their Terms of Service to operate this then customers should be made aware they can cancel the contract without penalty and move to another, non-intercepting, ISP.

Publish a list of quality ISPs that have undertaken never to intercept their customers Internet traffic (except in accordance with the law and court orders). Preferably, move to an ISP that operates one-month contracts like Zen rather than 12 or 18-month lock-ins.

Phorm's targeted advertising system is good at what it does and, if it were analysing data gathered in an acceptable manner, is better than most current advertising engines (Google, etc.) in that it doesn't keep a history.

For clarity, Phorm *isn't* about inserting or replacing adverts in pages as some people think. Their system only analyses traffic and builds up a profile of categories of advertising.

Web-site operators who use the OIX advertising system on their site will be able to deliver targeted adverts to visitors if those visitors present the webwise.net cookie containing the random number which relates to categories the visitor has been determined to be interested in. Without the cookie the advertising won't be so targeted.

When in doot, pollute!!

We should be happy that marketeers are such dullards. They never understand how easy it is to program our machines to outfox them. If they start cueing off IP packets, then machines will start sending HTTP packets to all manner of random addresses. It wouldn't take much to undermine their business model. If some percentage of Phorm's database is worthless, then their friends in advertising will drop them like a rock. Start polluting!

Re: Where are the rights of the page owners?

Sorry, but where have you read that Phorm are going to be injecting adverts into pages without the owners consent? That's news to me, it hasn't appeared in any article I've read, but I concede that my habit of speed reading does occasionally mean that I miss something.

What I have read is that website owners will place Phorm javascript/code into their pages, much like they do for any other advertiser. The difference being that visitors to that site will receive targeted adverts based on their browsing.

What Phorm does is wrong and if Virgin Media don't come to their senses they will lose me as a customer, but lets not muddy the issue with misinformation.

Excellent technical info here

http://www.politicalpenguin.org.uk/blog/p,295/

Including information from Etregul's patent, which at least one of us ought to have thought of, oh well.

Juiciest bits from the patent, because I know you'll all love this, but go have a look, it's a truly excellent piece. See if any of this sounds familiar...

"Furthermore, though the present disclosure discusses HTTP traffic in many examples, it will be appreciated that other types of protocols and traffic may be employed in connection with the targeted advertising system and method described herein."

Woops.

"Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed "

Ouch.

"Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client"

Oh dear.

"As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."

Oh Phorm, have you been telling us some MASSIVE porkies or what ?

The patent (linked at the above blog) is pretty dense, as you would expect, and contains plenty more of this kind of stuff. No doubt Phorm's hapless spinmeisters will be around to tell us that this isn't the technology they are going to implement NOW, and who knows, they might even be telling the truth*. But Phorm have lodged a patent application for technology that does indeed do all the things they have just assured us that they definitely won't do, ever, honest, we promise, cross our hearts.

Phail !

Props to Political Penguin for digging this up, looks like a smoking gun to me. Why patent a technology that you aren't going to use ?

* Really, they might. After all they did have Simon Davies look at it.

Bill Hicks saw where we were going

"By the way if anyone here is in advertising or marketing... kill yourself.

No, no, no it's just a little thought. I'm just trying to plant seeds. Maybe one day, they'll take root - I don't know. You try, you do what you can. Kill yourself.

Seriously though, if you are, do.

Aaah, no really, there's no rationalisation for what you do and you are Satan's little helpers. Okay - kill yourself - seriously. You are the ruiner of all things good, seriously. No this is not a joke, you're going, "there's going to be a joke coming," there's no fucking joke coming. You are Satan's spawn filling the world with bile and garbage. You are fucked and you are fucking us. Kill yourself. It's the only way to save your fucking soul, kill yourself.

Planting seeds. I know all the marketing people are going, "he's doing a joke..." there's no joke here whatsoever. Suck a tail-pipe, fucking hang yourself, borrow a gun from a Yank friend - I don't care how you do it. Rid the world of your evil fucking makinations. Machi... Whatever, you know what I mean.

I know what all the marketing people are thinking right now too, "Oh, you know what Bill's doing, he's going for that anti-marketing dollar. That's a good market, he's very smart."

Oh man, I am not doing that. You fucking evil scumbags!

"Ooh, you know what Bill's doing now, he's going for the righteous indignation dollar. That's a big dollar. A lot of people are feeling that indignation. We've done research - huge market. He's doing a good thing."

Godammit, I'm not doing that, you scum-bags! Quit putting a godamm dollar sign on every fucking thing on this planet!

"Ooh, the anger dollar. Huge. Huge in times of recession. Giant market, Bill's very bright to do that."

God, I'm just caught in a fucking web.

"Ooh the trapped dollar, big dollar, huge dollar. Good market - look at our research. We see that many people feel trapped. If we play to that and then separate them into the trapped dollar..."

How do you live like that? And I bet you sleep like fucking babies at night, don't you?"

Who cares about the ads?

The ads are the least of it, its easy to add oix.com to the blocklist along with doubleclick.net.

The real issue is your browsing history being handed to a 3rd party surely?

And no, they won't be injecting entirely new adverts into the stream, merely serving up "relevant" ads on webpages which already have hooks to their system. So you won't suddently get adverts on the BBC website, or injected into a "wget"...

@Mark Wilson - how current advertising works

In page adverts are served usually by a media brocker. So as a site owner with my 1million hits per month to sell, I go to this brocker and they will serve the ads to my site in the banner and skyscraper area defined for them. Then they will track them and tell me how many were served, clicked etc etc often they will make these figures up so as to pay me less.

The choice of which advertisers is fairly arbitrary, the site owner can obviously list competitors that should not be shown, also some adverstisers will stipulate that they do not want to be shown on a site also advertising competitors, e.g. you wont often see a vodafone and orange ad on the same site in the same session.

Also the advertiser will have approached the broker and said broadly what sites they want to appear on, e.g. family friendly or technology related. etc etc. Also what sites they dont want to be shown on e.g. filesharing, porn etc

So in reality as a site owner you already have little control over what ads are shown on your site. Phorm is attractive since the marketing is much more targeted so there is more of a chance of a sale therefore the advertising costs are higher than they would be currently.

Obvioulsy as both a site owner and a consumer this does not benefit me as that ad-revenue doesn't come to me.

Presumably the ad brockerage networks must be involved in this too.

And .. how long before someone like those of us commenting here can knock out a grease monkey script to taint the sniffed data so that it is not as targetted as they would be banking on for the marketers.

A superb summation

One can not claim transparency on one hand, whilst engaging secrecy on the other.

Phorm sells consumers short, by treating our data as its own personal money-printing tool.

but does it run on linux?

My understanding of this is that the process of sticking these 'targetted ads' into peoples browsers will be done via spyware, but where is this spyware going to be running? On the ISP's servers? intercepting and modifying every single packet sent in or out? How is that even remotele viable and how will this affect the socks5 proxy I use via an ssh tunnel to prevent users on my local network monitoring my traffic?? and what about the fact that I use ABP and NoScript?

All in all I find this whole concept disgusting and will be moving to a new ISP promptly in order to maintain my browsing dignity.

Posted anonymously cos that's how I roll.

So what???

I don't really see the problem.

I don't click on advertising like this but people do. I suspect more people (maybe even me included) would click on these banners if they were more relevant.

To me, this means that ads are maybe going to get worth looking at as they could show me a product that I actually want.

When i watch tv i am forced to watch adverts trying to sell me false teeth adhesive or kids toys when my teeth are my own and i have no kids... THAT winds me up. If the adverts were for snowboards or cameras because i have been watching programs about these then i would be less wound up and may even respond to them.

Bill Hicks...

Outstanding reference...thoroughly enjoyed that!

I have just emailed my ISP (Eclipse) to ask if they or Kingston Communications who own them are planning to sign up to this Phorm shit. If they say they will then as soon as they do and I see the Webwise page I'll give them the boot and tell them exactly why as well.

Its just as the AC above said, its the ISP's who are really screwing us over on this so tell them to get stuffed as soon as you get the Webwise page.

My solution.

I am a current customer of Virgin, and i do not like this one single bit.

From here on in, all data sent over the internet will be first encrypted then sent to a server in amsterdam (which i own). The latency is around 20 seconds, and worth it as far as i am concerned.

Sign-ups are welcome ;)

@ Vote with your feet

Thing is, until this, I liked my ISP. I realise that this makes me fairly unique in a world of cynics and freetards, but they give good service for a reasonable price, don't bug me about download limits on the occasions when I find myself downloading 15GB of Service Packs, Dev tools, SDKs, source code and all the normal shite in the course of a week, and although their tech support is reputedly pretty awful, I cant actually remember the last time anything went wrong enough for me to have to speak to them. They've been my ISP for, well, since I stopped dialing through local universities to get net access, anyway. I have NEVER had an issue with them. Until now. Which is why this pisses me off so much.

If they go ahead with this, I *will* be off, no question, even if I have to put up with a more rubbish service. I'll be voting with more than my feet, I'll be voting with my feet, my solicitor, my friends and family, and anyone else whose ears I can reach. As is suspect will many others.

But OTOH, if they see the error of their ways and stop acting like cnuts, I am willing to reconsider. Quid Pro Quo. I have made them aware of this position, weather they take any note of such customer feedback I have no idea.

@ Ash & everybody else

Not sure if you have the time - but if you are doing all that maybe you should post your letter, the current T&C's and whos-who to send them to - maybe in some sort of blog. If you do, then others can take action with you and we can all show how wrong this is.

When that happens, the BBC will come in with their "unbiased" reporting and jump on the bandwagon too - they love a good old internet protest! :)

I bet within a week or three you will have sparked off a mass-protest, with people using a printout of your letter with their name on it.

They would have to take us serious then. Strength in numbers!!! :)

Since Phorm consider my browsing data valuable...

.. they can pay me for it. The initial charge will be 100 GBP / click.

Collecting data constitutes acceptance of this agreement, I reserve the right to increase the charge as and when I see fit without prior notice.

@Sam

You can make a start with TrackMeNot ( http://mrl.nyu.edu/~dhowe/trackmenot/ ), a Firefox extension:

TrackMeNot runs in Firefox as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and MSN. It hides users' actual search trails in a cloud of 'ghost' queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles. As of version 0.4, TMN's static word list has been replaced with a dynamic query mechanism which 'evolves' each client (uniquely) over time, parsing the results of its searches for 'logical' future query terms with which to replace those already used.

Re; When in doot, pollute!!

"So when will this "confuserator" be available?

Preferably as a Firefox plugin?"

I find Noscript/Adblock Plus/Track Me Not works just fine, 'cept Track Me Not is currently Us for my Beta 3 version of FF3

Hmmmm.....

ABC Breakdown Cover

29a Ertegrul Way

Fingringhoe

Essex

Dear valued customer,

We would like to thank you for your long-term subscription to our 24 hour accident and breakdown recovery service and would like to take the opportunity to advise you of some minor changes to our terms and conditions.

As you may be aware, the UK breakdown market has become extremely competitive in recent years and to continue to attract new customers we have had to offer significant discounts- in some cases even free cover. This has obviously had a major impact on profits and to ensure a healthy return for our shareholders we had to investigate alternative ways to generate income.

We are very proud to have found a way to do so - while still continuing to provide the same high level of breakdown cover as always, with the same courteous service and at the same great price.

We have recently signed a deal with a major agency whereby, in exchange for a percentage of profits, our long term subscribers will assist visiting Korean businessmen with executive stress relief.

Despite any alarmist reports you may have read in the gutter press, this arrangement should cause you little or no discomfort. You will only be required to participate once a month, at a Holiday Inn of your choice. Furthermore, a generous amount of lube will be provided at no extra cost and your anonymity will be preserved at all times by use of our ingenious ‘paper bag over the head’ system.

In the unlikely event that you are for some reason unhappy with this minor update to our terms and conditions, you are free to cancel your policy and seek cover elsewhere. Of course, a similar system has recently been adopted by nearly all of our major competitors as well - I hear the RAC don’t even give you the lube.

Just to further allay any fears you may have that this new policy is in some way ‘immoral’ or even ‘illegal’ – I can assure you that our legal team has researched the matter thoroughly and insist that this is completely ethical, based on a recent precedent set in the UK ISP market.

We would like to thank you for your continued custom.

Yours insincerely,

Mr A Patsy.

Pay me for my time and preferences

By all means target ads at me - as long as I get paid for it.

e.g. If the targeted ads are really targeted correctly then they will appeal to me (i.e. they will be small, unobtrusive, informative, no fancy graphics, the subject or item will be of interest, etc). If I click through them, then purchase something from the site, I want to be paid - in cash, not discounts or points or other BS rewards.

Everyone else gets the benefit of me allowing my preferences to be analysed, the isp gets paid, the promoter (phorm, or whoever) gets paid, the site I visit benefits from the order. If I am worth so much to all these companies, I want my share of the pie.

This would not work with Search Engines, as you only visit them when you are looking for something - so your pay back is relevant links, either via advertising or high ranked pages. If your preferred search engine does not give relevant results, then switch to another.

The ads you are targeted with are for things you are not actively searching for, and are for things the you (don't know you) want. It takes time out of what you were doing to read the ad, follow the link, read the site, check out reviews, etc. My time is not free, and it seems that these ad targeting companies are generating money from me and my time - I do not work for free.

If I am not going to be paid, I will block all ads and otp out of the targeting campaign.

Do ISP's dream of Electric Sheep?

well this cock doth crow:

A trusted provider of a service, the ISP's (BT, possibly others too) concerned have already breached both the trust of their subscribers and the LAW of the country.

The 'profiling' is being run by the ISP's.

The 'means' is provided by Phorm.

Your privacy, agreed T&C's and the law HAS already been breached.

There needs to be an immediate injunction to prevent any further work's, deployment or removal of any of equipment/data/etc and the M.E.T. should be collecting the evidence.

That's not the sounds of the black helicopters, its the shredding equipment & clean up within the offices of your ISP.

once again for the record.

DO.

NOT.

WANT.

I am a randomly generated number.

I am a collection of actions.

I am a profile.

My name is profile: ######## but you can call me Alex

DO.

NOT.

WANT.

what does the eu get?

nothing. We hand over our personal habits for... Nothing.

Okay, before someone says phishing philter, most security software packages already have that.

Now if it was advertised as "half price if you let us sell your habits" I'd consider it.

My solution

1)Use linux to minimise the possibility of viruses and spyware.

2)Get a shell account on a remote server that is not served by any ISP's involved in this debacle.

3)Use ssh -D <unpriveleged port> <user>@<server>

4)Configure firefox to use a socks5/html proxy (depending on what's available on the remote host) running through the unpriveleged port.

Bingo. All your webtraffic is now encrypted and Phail will never see a packet of it. This also has the added bonus of securing your traffic on your local network as well and is usually faster than using Tor.

Jolly Roger cos evading the wishes of corporate scum these days is *clearly* piracy :P

I wonder if...

Perhaps if/when Microsoft do eventually get hold of Yahoo! (BT Broadband is actually BTYahoo!) then it could lead to some rather entertaining info-popups from this Phorm infection....

Imagine for a moment:

a gardener & a hairdresser sharing a computer

Phorm helpful messaging system: (ie: the phishing warnings)

"it looks as though your trying to build an improvised explosive device, would you like some help"

Confusion

There seem to be a few people misunderstanding the system. Correct me if I'm wrong, but here's how I see it...

* Ad injection by your ISP isn't part of it - Phorm ads are not inserted into web pages by the ISP, they're served up by current methods (using a tracking cookie) on pages that have signed up to show Phorm ads.

* The difference lies in how the cookie is generated - this is where the privacy problem lies. The cookie is generated based on all your surfing data which is monitored by Phorm's software.

* Phorm are only selling the technology to the ISPs, and the equipment/software is located on-site. It's also super-mega-hyper-secure and privacy-respecting, or so they claim!

I still don't like it any more than I'd like the Royal Mail opening my letters to help them decide what junk mail to post.

What about when it goes wrong?

Accepting for the moment the premise that it does not breach RIPA or other laws (I don't accept that but assuming it goes ahead).

There is an interception of all my HTTP traffic by a single cluster of devices somewhere in my ISPs network. This cluster has now become mana from heaven to the black hat mob.

Since it will have been installed by the hand of (wo)man, it is certain to be accessible by a similar hand (it might take a while for someone who isn't supposed to access it to do so) - but *inevitably* it will be *compromised* (after all there are people defacing websites of banks, governments etc already).

When the compromise happens, have I just broken every agreement with (say) my bank about taking care of my information (even though they routinely leave it out the back for collection with the bins)?