My first instincts were to pen a post containing copious amounts of profanity regarding this subject but I have decided that it is one that does not require an outraged rant, but moreover a calm and collected examination of what facts are available, what logical conclusions can be deduced and more importantly to do what the internet is best at, to inform and spread awareness of an important issue.

I know that my blog is primarily political, most of my readers aren’t specifically techie but this is a distinctly technical issue so I apologise but if you hold any kind of regard for your privacy while online then I’d urge you to read on.

This is a big issue encompassing many different aspects which is why this is part one. There will be more to follow but to start I think it apt to do a bit of an overview.

So the question is this. How would you feel if your ISP (internet service provider) were to do a deal with a company so that they could analyse everything that you view online to then provide you with directly personal targeted advertising?

OK, try this. How would you feel if your ISP did a deal with a company whose director has form for creating one of the most repugnant systems of Spyware ever to hit the net to anaysle everything that you view online to then provide you with directly targeted advertising?

Or how about this. How would you feel if your ISP did a deal with a company whose director has form for creating one of the most repugnant systems of Spyware ever to hit the net and has all their company URL’s from an anonymising provider so that they can’t be traced?

Now no reputable ISP would now, would they?

So, are we with BT? Virgin Media (as in either old NTL or Telewest)? Talk Talk? Well if you are then you should take note. Equally Orange and Sky are looking at it but haven’t decided yet.

I should point out that I’m not trying to claim any exclusive. This issue has been knocking about the tech community for the past week or so but today was the first time I could actually get down to any real research to check out other reporting.

A good source of background information would be El Reg who’ve been covering it although I wouldn’t necessarily endorse some of the comments as they appear to be based more on supposition than a well researched and informed opinion. That said, there are some really good technical comments that shed some light on this affair.

So what we are dealing with is pretty much the bulk of every UK internet user’s ISP doing deals to monitor what we look at to profile us and and on the basis of that information, feed us targeted advertising.

So who is this company Phorm? Well, this is their website. They’ve got a new bit of patented technology run through Open Internet Exchange. It has a website, it’s here. They do look rather similar don’t they. They’ve also got their user interface where they claim people will be able to go to opt out of this new system, it’s here.

Now they all have one thing in common. They’re all on the same server, somewhere by the looks of it near Gloucester. They are also all registered with this company.

Now I don’t necessarily have an issue with the ability to register domains via a proxy service because there are instances whereby it is justified. People involved in political activity that may be contradictory to the state in which they live, where they may fear repression or persecution or even someone who wants a blog but would really rather try and keep things hush hush so the boss doesn’t trace them.

What these services are not for is a legitimate company that wants to implement a system that will analyse the web traffic of the bulk of the entire UK internet population. If the objective of the exercise was to make themselves appear dodgy then they have succeeded.

It doesn’t really make a great deal of difference because there are plenty of other avenues of investigation.

Phorm Inc UK is this according to Companies House:

Branch Details
Branch Number: BR008336
Name, Address: PHORM UK INC
222 REGENTS STREET
LONDON
W1B 5TR
Date Open: 29/11/2004
Closed(Y):
Type of Business: ON-LINE CONTEXTUAL ADVERTISING. DELIVERING TARGETED ADVERTISING

Just for the record, 222 Regents Street is a ‘virtual office space’ take a little look here. These sort of arrangements where someone takes the mail, answers a few calls for a service charge. If you want the lowdown on the services provided, including ‘hot desks’ then take a look here.

However, Phorm UK Inc is simply a branch of Phorm Inc which is registered here:

2711 CENTERVILLE ROAD
SUITE 400, CITY OF WILMINGTON
19808, COUNTY OF NEW CASTLE
DELAWARE, USA
UNITED STATES

Now your humble Penguin is an old hand at security related issues. He’s been around the block so many times that he’s reached the point at which everything starts to look familiar. Which is why this address stuck in my mind.

A few years back, in the days I used to spend large amounts of my time tracking down scams, spamming operations and spyware distributors I actually came across this address as the registered source of a rather nasty e-mail scam. Now of course it is wrong to simply assume that simply because various spamming/scams have been associated with this address that Phorm should be tarnished with the same brush. However, it should also be noted that the address in question also happens to offer a mail forwarding service for people or organisations that don’t wish to be traced, whether there are actually any offices there is anyone’s guess.

So what else do we know about Phorm?

Well, Phorm wasn’t always called Phorm. It was actually called 121 Media Inc and based here, yes another serviced office arrangement although at least it actually provides actual offices as opposed to Phorm’s ‘virtual office’.

They changed their name after their AGM on 26 April 2007 (PDF) which incidentally also changed their Certificate of Incorporation in Delaware so as to lift restrictions on the companies ability to borrow money.

So what are they doing?

Well, they’re ponying up large sums of cash to UK ISP’s to allow them to put their patent pending technology into their systems to analyse UK internet users browsing habits so as to build up profiles to send targeted advertising.

According to reports, they’re paying BT alone £82million. That’s a lot of money for a company that in the fiscal year ending December 2006 (remember this is US stuff, not our financial year ending in April) they posted a turnover of only $1.3million and a net loss of $11.5 down quite considerably on their net loss for 2005 of $3.5million.

If I were BT or any of the other ISP’s I would certainly be asking for the money up front on this one which might explain why the company amended its Incorporation to get rid of its limited borrowing.

So who’s behind this company?

Well, there are a couple of people involved but primarily the one that stands out is Kent Ertugrul. He’s a busy guy, apart from setting up operations in Russia to fly rich westerners around in Mig jets he’s also renown in the tech community as a prolific for having been behind PeopleOnPage, arguably one of the most despicable bits of spyware ever to rear it’s head on the net.

These days I prefer to do most of my work in relation to net based investigative research but many years back I used to do quite a bit in terms of cleaning up systems, networks and the like and PeopleOnPage which was in essence a search bar added into a web browser was one of the most difficult to completely purge from a system.

Have a little read up on it here. Anything starting to look decidedly familiar yet?

So, lets recap. The vast bulk of internet users ISP’s in the UK are going to be paid to allow a company whose director was behind one of the most notorious bits of spyware in net history, who’s UK branch is based in a ‘virtual office’ and who’s US address is a well known mail drop address for notorious spam/scam operations and whose online presence in terms of the various URL’s of Phorm, Webwise and OIX are all registered through an anonymising proxy agent so as to not allow access to who is behind them and they are going to allow this company to stick bits of kit into their systems to analyse the web browsing habits of customers to allow direct personalised marketing.

Anyone just a little worried about all this yet?

Right, that’s part one over. Part two which hopefully I’ll get done tomorrow will be concerned with the technical aspects of this system to the extent that can be deduced from the limited information available. After that will come some tutorials on what people can actually do about this threat to privacy but bear with me, I’ll have to do all the screenshots and instructions first. Might even come up with some ‘Phuck off! Phorm’ banners if I get a mo.

Spread the word my fellow bloggers, people need to be told.

[Update] Edited a line because it wasn’t clear after spotting it quoted over on Bob Piper’s site. Just to clear up any confusion, it’s the ISP’s that get paid, not the internet users themselves.