Blog Phorm - a personal perspective
Things are as far as I’m concerned pretty much in now. There’s the odd query or question regarding this system that I’d like clarification on but I’m not that fussed.
I’ve tried my best, although admittedly quite skeptical from the start to be fair and listen to what Phorm have had to say.
However, I’ve made up my mind. I am with one of the three ISP’s that are planning to implement this system and it is simple from my own perspective, I’m with Sir Tim Berners-Lee on this one as a consumer. If my ISP’s implement this system, they will no longer be my ISP. They may ‘just’ about get a reprieve if they configure their system in such a way that it constitutes a change in the terms and conditions of customers, that those who are in or out are handled at the ISP’s authentication level and that no part of my data stream goes anywhere near any bit of kit run by Phorm.
I think the problem is thus. It doesn’t matter about opt-out or opt-in cookies or any kind of guarantee that my traffic will not be analysed. It is now simply a matter of principle about what I as a customer want and how I consider the relationship with my ISP.
It’s pretty simple. I pay said ISP for a connection to the internet for a certain amount of bandwidth at a particular speed and they provide it. I don’t want content added, manipulated or impossible to block pop-ups on my screen.
I’ve spent far too much of my time messing around in both a professional and personal context with Windows based machines, hacking (manually in many cases) spyware, adware and viruses off them. I became fed up of spending my time having to deal with systems that worked in a way that meant I didn’t have control over what was going on. That’s why I run Linux, it’s about freedom, control over everything that I want on my system. It’s why I run Firefox because I can customise my web experience exactly the way I want it. Put short, it’s about individual freedom and choice, an underlying principle of the net.
This system and it’s future potential use if expanded to other areas like adverts before downloads or pop-up adverts between page loads isn’t what I want from my web experience.
It’s being marketed on the basis of providing two core enhancements to people’s web browsing. Anti-phishing technology that doesn’t seem to have any tangible benefits outside of what is already present in most good (or not good) browsers and ‘more relevant advertising’. From my perspective this is no benefit to me. I can spot a phishing site a mile off despite how clever it might be.
I don’t click on online adverts, I never have and never will because the internet for me is about finding things. If I’m after information or a particular product I’ll go out and look for it myself, adverts for me are nothing more than a waste of bandwidth.
Now if my ISP wanted to offer me a service that blocked all advertising I might well be up for that. It would save them bandwidth and costs and my web experience would be enhanced and if I could sign up to that as an individual customer, it be part of my terms and conditions then it would be great. I wouldn’t get any adverts that I’m not going to click on anyway, the ISP wouldn’t waste bandwidth serving me up adverts from sites because I’m not going to click on them anyway and the website publisher isn’t losing revenue from their adverts not being presented on my screen because, and I think I’ve mentioned it before, I’m not going to click on them anyway; everyone’s a winner.
I started a post last week about the dynamics in the market that are driving this situation, didn’t get it finished but will endeavour to this week.
Meanwhile, it’s interesting to note two things. Firstly the amusing revelation that Phorm, a company that it’s fair to say has a distinct competitor position to Google, uses Google’s services to monitor what people are saying about them online and secondly that no matter to whom I have discussed this issue, techie or non-techie, not a single person has said to me, yes, more relevant advertising, that’s exactly what I’ve been after all these years to enhance my web experience.
As a server operator, I’m worried about Phorm monitoring my data without *my* permission.
I’ve set my .htaccess file with the following to add a header to every web page and graphic served to explicitly say I don’t consent to Phorm monitoring traffic from my server. We need to get every webmaster to do the same!
Header add Phorm “Phorm Inc, All Subsidiary Companies of Phorm Inc, OIX Network, Internet Service Providers using the technologies provided by the former mentioned companies; We specifically deny permission for the former mentioned companies to intercept any communication between a remote user accessing content on our Server and that person’s Internet Web Browser, or any other Interface that such a remote user may use to obtain our data.”
Header add Phorm-Consent “No”
Hi PP
As I am sure you will have seen, the interim Privacy Impact Assessment that we’ve referred to in interviews and our live chats on Webwise has been released. Simon Davies, Managing Director of 80/20 Thinking, conducted the Privacy Impact Assessment with his colleague Gus Hosein, who is Visiting Fellow, Information Systems Group at the London School of Economics.
The Privacy Impact Assessment is a review of Phorm systems and policies. Since this preliminary, initial report was written several weeks ago, we have addressed several claims in it. Among them, we have confirmed to 80/20 Thinking that Webwise does not track behaviours across sensitive sites; that anonymous cookies cannot be traced back to users; and that Webwise deliberately ignores “https” pages used by banks, and other personal data. We will work with 80/20 Thinking on an ongoing basis throughout the year to complete the assessment and ensure we confirm our leading privacy standards.
In the press, Mr Davies has openly commented: “In our view, Phorm has implemented privacy as a key design component in the development of its system. In particular, Phorm has quite consciously avoided the processing of personally identifiable information.” In particular, Mr Davies told BBC News: “Phorm does advance the whole sector of protecting personal information by two to three steps.”
We want to be as clear as possible on this: Privacy International, one of the leading privacy advocacy bodies, did not endorse us and do not endorse any companies. We engaged Mr Davies (founder and director of Privacy International, though not acting in that capacity to produce the report) because of his expertise and experience. He has spent decades railing against infringements of privacy. We expect that he and his team in a consulting capacity would apply the same intellectual rigour to their assessment of companies that they do in campaigning for privacy rights.
As a consultancy, 80/20 Thinking conducts audits for companies and it charges a fee to do so. Audits take time and resources, as the one conducted by Ernst & Young (View report PDF), and we haven’t yet found a free audit service that is worth our trust or anyone else’s.
We await a date for the final Assessment to be issued and will update this page when we know.
The full interim report is at http://www.phorm.com/user_privacy/privacy_impact_report.php and you can ask questions on the site too
PhormCommsTeam are one of several PR agencies employed by Phorm to blast out these cut and paste responses! Has anyone seen the full 80/20 report yet??
Below is a better, more revealing quote from a Phorm Inc exec member:
“As you browse, we’re able to categorize all of your Internet actions,” said Virasb Vahidi, the chief operating officer of Phorm. “We actually can see the entire Internet.”
New York Times article:
http://www.nytimes.com/2008/03/20/business/media/20adcoside.html?_r=2&scp=1&sq=phorm&st=nyt&oref=slogin&oref=slogin
A Critical Evaluation of the 2006/2007 trials of
Phorm Inc. Technology by BT PLC.
Alexander Han
4th April 2008
http://www.paladine.org.uk/phorm_paper.pdf
“Phorm Inc. public relations campaign has focused on Webwise, a technology which is seen as mostly redundant in the present day due to existing protections built directly into computer operating systems, web browsing applications, firewall applications, anti virus applications and a multitude of
other software applications which focus on computer security.
Despite the public and political scandal this technology has generated, Phorm Inc. have failed to address or alleviate the concerns of legal think tanks, policy advisers,members of parliament, peers in the House of Lords, the press and media or
the general public as a whole with regards to various legal arguments which would seem to make the technology illegal…..”
http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/
“The Phorm “Webwise” System
April 4th, 2008 at 16:53 UTC by Richard Clayton
Last week I spent several hours at Phorm learning how their advertising system works — this is the system that is to be deployed by the UK’s largest ISPs to pick apart your web browsing activities to try and determine what interests you.
”
“Much of the information was already known, albeit perhaps not all minutiae. However, there were a number of new things that were disclosed.
Phorm explained the process by which an initial web request is redirected three times (using HTTP 307 responses) within their system so that they can inspect cookies to determine if the user has opted out of their system, so that they can set a unique identifier for the user (or collect it if it already exists), and finally to add a cookie that they forge to appear to come from someone else’s website. A number of very well-informed people on the UKCrypto mailing list have suggested that the last of these actions may be illegal under the Fraud Act 2006 and/or the Computer Misuse Act 1990….
”
“Overall, I learnt nothing about the Phorm system that caused me to change my view that the system performs illegal interception as defined by s1 of the Regulation of Investigatory Powers Act 2000…..”
I’m with virgin media. If they implement phorm I will be suing them. Immediately.