Jonathan • User • The Register Forums

Top security firm: Phorm is adware

Thursday 13th March 2008 14:15 GMT Jonathan

Wouldnt this be easy to scam?

@Vishal Vashist

As far as I know, no. You would need to embed special javascript into your pages to make them fetch the phorm ads - the adverts wont be inserted unless you have agreed to it.

But that makes me wonder if the system can be abused. Say we get the script someone is thinking of writing, that makes random requests using random cookie IDs. And we change it to make random requests a particular page hosting a Phorm advert, retrieve the URL that the Phorm advert leads to, and request it. Unless they have some other protection, this will net the website owner some cash. Done hundreds of times per second with multiple willing bots, and....

Even if the website is chosen without the owners knowledge (ie the scripters are not in league with the site owner, and thus do not stand to benefit) they can create havok as now Phorm needs to work out what is a legitimate request, and therefore eligible for money, and what is not.

0 0

Thursday 13th March 2008 14:08 GMT Jonathan

@AC

I'm pretty sure that was just Customer Disservice being stupid. Because if they arent, they lose any possibility that Phorm is legal under RIPA.

The thing is, as I see it, is if the customer is offered the choice, it could be argued that forms consent. If you dont, then they cant legally intercept your traffic. If I were you, I'd phone them up, ask to speak to a supervisor, and tell them that unless you are given the option to opt, you will a) switch to a different ISP, b) sue them. Hopefully such threats will jog their memory.

I'd also say that Phorm should have a bigger problem with websites. Now that website traffic can be intercepted, I imagine websites wont be too keen on the idea. Anything could be exposed, and Phorm has no right to intercept. As far as I understand RIPA, it requires consent from both parties, not just one.

0 0

Thursday 13th March 2008 11:37 GMT Jonathan

@Graham Wood

True.

Although, I guess such an attack wouldnt be legal, and would probably lead to banned subscribers.

But, if the ISPs dont pull out because of negative press alone (and lost subscribers), I wouldnt be surprised if something like that were to arise.

@Stephen Baines

I'm very interested in cases like yours. As you say, you dont give permission for your conversations to be intercepted, so in order to be legal, BT Webwise would need to block your site to prevent interception. Something has got to give - I imagine BT's execs will realize its too much of a nightmare to implement solely because of the interception.

Hopefully Phorm's stock will bottom out some more, and hopefully its founder will lose everything he ever invested (including a lot of time!), and will come away a little wiser.

0 0

Thursday 13th March 2008 10:30 GMT Jonathan

Word from bethere

I quite liked bethere when I used it in a previous house, so I contacted them to ask them about Phorm, to hlpe me make a decision in future. This is their response:

Thank you for contacting us.

We are not a part of the Phorm system and we are not even planning to be, so there will be nothing to worry about.

Regards,

Be Team

So, assuming this isnt the same kind of like that BT spouts, I think they at least, are in the clear.

I thought of something else though - what if someone wrote a program, that created random Phorm cookies, and made random requests. Distribute this program to a few addresses, and suddenly Phorm's database becomes far less relevant - it will now contain lots of redundant and useless information. Although, I guess it doesnt stop them profiling people.

0 0

Wednesday 12th March 2008 16:31 GMT Jonathan

@Mycho

I dont want to pay anymore! I want to pay the same amount of money, and get the service that I should be getting - no interception for any reason ever, unobtrusive traffic shaping (if you really must), 99.999% uptime, UK call centres only.

Anyway, its funny to see Phorm in such denial. "Its not Adware or Spyware!", Phorm says scandalized. "Its useful, its relevant, its.... its...."

Its advertising software, sorry Phorm, you Phail.

Now the question is, as Trend Micro says, is there a better solution to opting out than storing a cookie on your machine? What if I want to remove all traces of Phorm, even including the opt-out cookie? It seems self-defeating, I know, but I dont want any part of Phorm on my computer at all.

PS: can we have an Epic Fail pic? Like the Failboat, or Fail Kitty?

0 0

Bill Gates loses richest man crown

Wednesday 12th March 2008 19:59 GMT Jonathan

For Bill's next birthday...

I hope he works in a McDonalds for a day, just as a joke.

Imagine...

"So what qualifications do you have, Mr Gates?"

"Well, I created and monopolized the home operating system market, and the company I co founded later extended into home entertainment and server software."

"So you dont have any experience in the fast food industry?"

"Well, I, uh, that is"

"Thanks Mr Gates, we will get back to you."

0 0

Home Sec: British rings to be tightened against intrusion

Wednesday 12th March 2008 10:27 GMT Jonathan

The title...

Am I the only with a dirty mind?

I'd prefer it if we gave more support to the police to help them deal with crime, no matter who is at fault, whether it is native Britons or immigrants, we need more police, and better equipped police, to deal with the problem.

I'd also vote for removing some of the red tape that prevents police personnel from doing their jobs.

0 0

CPW builds wall between customers and Phorm

Tuesday 11th March 2008 13:31 GMT Jonathan

The real answers...

"I didn't switch on this service. Why do I have to switch it off?"

"Because BT's shareholders love money. They love it so much, that they would even sell your private data to gain money. Money is so important to them, that they think it is worth increasing the risk of compromisation of the network, increase the cost of said risk, violate your right to privacy, and lie to you. That is how great BT's commitment to money is. Please note that, at no time will you, the consumer, benefit from BT's increased revenue. If you find that you have in some way benefitted, please contact BT Customer Disservice so that your account can be downgraded. Please allow 4-6 weeks for someone to someone to help you."

</sarcasm>

"BT is beginning a trial of Phorm's ad targeting technology with 10,000 consumers this month, under a changed privacy policy."

Somehow I think this isnt the first trial, contrary to popular belief.

0 0

Dear ISP, I am not a target market

Tuesday 11th March 2008 11:52 GMT Jonathan

@Phorm Tech Team

"Hi, I'm from the Phorm Tech Team"

Lie #1. No you arent, you are a paid PR person. As such, your "facts" and opinions are worth less than nothing.

"We just don't believe they should have to give up their personal data to get it."

Lie #2. You go through my personal data - my page requests, and responses - and filter the stuff you deem unnecessary. In fact, given that you store it in a condensed form, you still store it. If I downloaded pirate software, and compress it, it is still pirate software. The same applies to your system. If you truly believe that I dont need to give up my private data, then dont search through my data - simple hey?

"we don't know who you are, we don't know where you¹ve been"

Lie #3. Ah but you do. You want my browser to store a cookie that uniquely identifies me, therefore you know who I am. Your system must necessarily process both my IP address and cookie ID, even if the IP address is not stored.

"participation is always a choice"

but I cant stop my data from being analysed by a profiler at all, can I? And its opt-out, not opt-in. Given how uninformed the majority of users are, how is this a choice? Whatever I choose, you still analyse my data - you just dont build up a profile.

"Or you can drop me an email: techteam@phorm.com"

Somehow I doubt my email would reach you, since you arent employed by Phorm at all.

Its a sad day when not even PR - people paid to manipulate, lie and obfuscate - can make Phorm seem like a good idea. Perhaps that is why Phorm has lost over 50% of its market value in 2 weeks - everyone thinks is a bad idea. How long before those in charge of Phorm get over their huge egos and realize that consumers arent willing to be treated like that?

0 0

Monday 10th March 2008 12:43 GMT Jonathan

its a shame

You know, on the Internet, my two pet hates are advertising and unwanted software. By unwanted software, I mean anything that wants to install itself on my computer, or otherwise affect my computer, that I dont want there. Thus, adware, malware, spyware and viruses and trojans all fall into this category.

And so, its with dismay that I realize the reason Phorm is so bad, is because its using the Number 1 Worst Internet thing (Spyware), to promote the Number 2 Worst Internet thing (Adverts), by violating my privacy.

How is this good for me exactly?

Phorm is an example of the worst of the public's fear of a corporation - a corporation that makes money by exploiting customers in a fashion that, if it isnt directly illegal, is at best immoral.

I'd love to understand what motivated the founders of this company to be so underhanded. What made them wake up one morning, and think "Gee you know what? I love money so much, that I'm going to sell the private data of millions of people to unscrupulous advertisers. because I know they wont be crazy about the idea, I'll hide it under an anti phishing technology that nobody needs anyway, and lie as much as possible so I wont get found out. Woohoo, Money, here I come!"

Paris, because the makers of this software would love to be as rich as she is, too bad they didnt have rich daddies - maybe then we wouldnt have Phorm? Maybe we should start a donation drive for these guys, they are obviously so hard done by.

0 0

Ten years old: the world's first MP3 player

Monday 10th March 2008 14:16 GMT Jonathan

@Glenn

Sony were late to the party because they couldnt get their heads round the idea that portable music meant digital music.

They wanted something to control, a revenue stream, and the prospect of people sharing music, or even purchasing only the good songs from an album and not the fillers, terrified them.

So its no surprise they put it off - they didnt want to kill the CD business, which they mistakenly thought was the future.

0 0

Phorm launches data pimping fight back

Friday 7th March 2008 15:57 GMT Jonathan

@Random URL Generators

I hope they have some protection against denial of service attacks - this would be easiest system in the world to overload. And if you overload the system, what happens to everyone elses browsing? Do those who have opted out still lose their connection?

Also, about opt-out....

my homepage is always set to my google homepage. because I rent the house, and the landlord provides the internet connection, I dont even know what login is. I have my own homepage set. So, my question is, how exactly is Virgin going to inform me that they are selling my browsing habits? And where will I be offered this opt out choice, seeing that my homepage is not virgin? Oh, let me guess, they will intercept my request and insert their page to query whether I want to use their.... ahem software.

Well, guess what, most people will probably say no, ESPECIALLY if you are more honest with them and tell them what you are really doing.

I think Phorm should quit it now. Reception here at El Reg has been very negative, and I'll bet that the mainstream press wont carry a favourable impression of the idea. With potential lawsuits looming, I wouldnt be surprised if all ISPs involved pull the plug on Phorm, thus sinking Phorm itself.

0 0

Friday 7th March 2008 13:59 GMT Jonathan

More lies...

Quote: MB, this article

MB: What happens is that the data is still mirrored to the profiler but the data digest is never made and the rest of the chain never occurs. It ought to be said that the profiler is operated by the ISP, not us.

Quote: MB, http://www.badphorm.co.uk/page.php?10

TheObserver: So if you opt out your data never touches a Phorm server? This is at odds with much coverage, which suggests the data still goes to your server but you discard it if the opt-out cookie is present.

MBurgess: Yes. There is widespread misunderstanding of how the system works, which is why we are keen to set the record straight...

He contradicts himself, saying in this article that your data does in fact always touch Phorm, and then in another, that it only does if you opt in. Which is it?

Myself, with the way these guys have been acting, I'm inclined to believe that the worse of the two cases, ie that your packets always get intercepted by Phorm, is true.

Perhaps Phorm doesnt understand that, in many people's eyes, Adware is only one step above malware. I dont care what its there for, I care that it shouldnt be there, it intercepts private data.

Its funny how on BT's website, they try to bury the bad news that your every browsing move and search term will be monitored, by harping on the anti phishing protection. Gee, funny that, perhaps the general public isnt crazy about excessive adverts and privacy intrusions, fancy that. They already know the public wont be crazy about the idea, yet they go ahead, and even worse, they lie about it, and get caught.

This makes me think, that the next time I shop for a new ISP, I'll be looking for one that is fast, has as little downtime as possible, a declaration stating that they do not and will never have any dealings with Phorm or any of its affiliates, or any similar schemes which aim to intercept or in any way monitor by browsing.

Oh, and if we use targeted advertising, we will see less adverts? What is he on? Less adverts means less possible revenue - why would you remove adverts? You can have more targeted adverts. This will only lead to a very slippery slope, and makes me glad that I exlusively use Firefox with Adblocker Plus installed.

0 0

BT targets 10,000 data pimping guinea pigs

Wednesday 5th March 2008 14:57 GMT Jonathan

Lies, lies and more lies

I checked my cookies last night, and lo and behold, there was one set by OIX.net, which coincidentally happens to be Phorm's portal.

So, although Virgin claims to be some way away from an implementation, my browsing is already being monitored. Dont worry, I promptly decided to disable all cookies except those for sites I trust, changed to OpenDNS, and even installed Adblocker Plus to prevent me from even seeing these new adverts, if they ever appear. I wish Adblocker Plus was installed with Firefox by default - it must be the best addon I have ever seen. Or better, not seen!

I do hope that BT's new homepage for these guinea pigs explains exactly what they are agreeing to, and why they shouldnt. Perhaps they should link to the discussion on El Reg, for a less biased point of view.

0 0

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

Posts by Jonathan

Page: