Jump to content
The Education Forum

UK ISP's sell your private browsing history


Guest David Guyatt
 Share

Recommended Posts

Guest David Guyatt

Not just the government, or local authorities or any government agency can snoop on you, now the corporate sector are going to do it, too:

http://badphorm.co.uk/page.php?2

So, what's all the fuss about?

Simply put, three of the UK's largest ISPs (Virgin Media, BT and TalkTalk) have decided to sell your private browsing history to an advertising broker. Yes, the entire list of every web page you visit gets sent to Phorm (the broker) in real time, as you click, so they can send you 'targeted advertising'. Naturally the ISP's are not too keen on telling their users this, they'd much rather feed us all platitudes about how it'll help combat phishing and how the targeted adverts will be so much better than the random ones we see today. In fact, they didn't even announce it to the UK press, we had to find out about it from the New York Times!

Over the past few days a PR company retained by Phorm and indeed Phorm themselves have repeatedly attempted to address the numerous questions raised by many concerned individuals.

In our opinion however, they have failed to adequately address some of the most important issues raised repeatedly and ultimately unsuccessfully by our users.

We therefore call on Phorm and all participating ISPs to state publicly and on the record that they will ensure all deployments of the Phorm system meet the following specific requirements :

* The Phorm system must be fully opt-in. Opt-out systems are, in our opinion, not acceptable for such a potentially invasive piece of technology.

* Such opt-in must be explicit and voluntary (requiring specific user action) for all subscribers, not simply a change in the ISPs terms and conditions.

* The opt-in process must be managed at a network level, not reliant on cookies or any other type of client side mechanism.

* Where a user has chosen not to participate in the Phorm system, that user’s traffic must not be passed through or be accessible by any equipment owned, operated or supplied in whole or in part by Phorm (including software operating on ISP owned equipment).

Many of our users have indicated they would far prefer ISPs did not install the Phorm system at all, citing privacy, security and reliability concerns over this unproven technology; a sentiment with which we agree.

We appreciate that some ISPs wish to offer their users the choice, and in our opinion those deploying the Phorm system can only offer genuine choice to their users and guarantee to protect the privacy of those subscribers who choose not to participate in the Phorm system by accepting the requirements above.

We commend Talk Talk (carphone warehouse) for agreeing to make the Phorm system opt-in only and thank them for listening to their users.

Edited by David Guyatt
Link to comment
Share on other sites

Not just the government, or local authorities or any government agency can snoop on you, now the corporate sector are going to do it, too:

http://badphorm.co.uk/page.php?2

So, what's all the fuss about?

Simply put, three of the UK's largest ISPs (Virgin Media, BT and TalkTalk) have decided to sell your private browsing history to an advertising broker. Yes, the entire list of every web page you visit gets sent to Phorm (the broker) in real time, as you click, so they can send you 'targeted advertising'. Naturally the ISP's are not too keen on telling their users this, they'd much rather feed us all platitudes about how it'll help combat phishing and how the targeted adverts will be so much better than the random ones we see today. In fact, they didn't even announce it to the UK press, we had to find out about it from the New York Times!

Over the past few days a PR company retained by Phorm and indeed Phorm themselves have repeatedly attempted to address the numerous questions raised by many concerned individuals.

In our opinion however, they have failed to adequately address some of the most important issues raised repeatedly and ultimately unsuccessfully by our users.

We therefore call on Phorm and all participating ISPs to state publicly and on the record that they will ensure all deployments of the Phorm system meet the following specific requirements :

* The Phorm system must be fully opt-in. Opt-out systems are, in our opinion, not acceptable for such a potentially invasive piece of technology.

* Such opt-in must be explicit and voluntary (requiring specific user action) for all subscribers, not simply a change in the ISPs terms and conditions.

* The opt-in process must be managed at a network level, not reliant on cookies or any other type of client side mechanism.

* Where a user has chosen not to participate in the Phorm system, that user’s traffic must not be passed through or be accessible by any equipment owned, operated or supplied in whole or in part by Phorm (including software operating on ISP owned equipment).

Many of our users have indicated they would far prefer ISPs did not install the Phorm system at all, citing privacy, security and reliability concerns over this unproven technology; a sentiment with which we agree.

We appreciate that some ISPs wish to offer their users the choice, and in our opinion those deploying the Phorm system can only offer genuine choice to their users and guarantee to protect the privacy of those subscribers who choose not to participate in the Phorm system by accepting the requirements above.

We commend Talk Talk (carphone warehouse) for agreeing to make the Phorm system opt-in only and thank them for listening to their users.

All somewhat murky.

According to the Phorm website:-

"What makes the technology behind OIX and Webwise truly groundbreaking is that it takes consumer privacy protection to a new level. Our technology doesn't store any personally identifiable information or IP addresses, and we don't retain information on user browsing behaviour. So we never know - and can't record - who's browsing, or where they've browsed."

http://www.phorm.com/

I'll take that with a pinch of salt. I'm always wary of information gathering services that claim to not store IP addresses or other information that could identify someone. They have been audited by Ernst and Young apparently.

http://www.phorm.com/user_privacy/EY_Phorm_Exam.pdf

I remain skeptical: since I use one of the ISPs mentioned I at least have the option of opting out. I agree with you David, that schemes like these should be opt in, not opt out.

Link to comment
Share on other sites

A very interesting read here David. My bolding.

http://www.theregister.co.uk/2008/03/17/bt_phorm_lies/

BT has admitted that it secretly used customer data to test Phorm's advertising targeting technology last summer, and that it covered it up when customers and The Register raised questions over the suspicious redirects.

The national telecoms provider now faces legal action from customers who are angry their web traffic was compromised.

Stephen Mainwaring, a BT Business customer in Weston-super-Mare, believes sensitive banking data relating to his online horse racing business was press-ganged into a trial of an unproven technology. He suffered sleepless nights after detecting the dodgy DNS requests, and said today: "It is very likely that I and others will take legal action against BT for what they did last summer."

In a statement, BT said: "We conducted a very small scale technical test of a prototype advertising platform on one exchange in June 2007. The test was specifically conducted to evaluate the functional and technical performance of the platform.

"Absolutely no personally identifiable information was processed, stored or disclosed during this trial. As with all service providers, it is important for BT to ensure that, before any potential new technologies are employed, they are robust and fit for purpose."

Speaking to El Reg on Friday, Stephen agreed: "Absolutely, new technologies should be stringently tested, but not using mine and my customers' data. If they wanted to run a trial, they should have asked. I would have told them I did not want to be part of it.

"I note the statement, 'absolutely no personally identifiable information was processed, stored or disclosed'. That means that all my information was processed, stored or disclosed but the personal bits were filtered out. Clearly that was unlawful."

Stephen has already filed a complaint with the Information Commissioner's Office and is consulting on how to proceed through the courts with other BT subscribers who believe their connection was subject to illegal Phorm tests.

Today, he and a fellow BT customer also disputed the claim that only one exchange was involved in the covert testing.

Spike, a Reg reader based in Brighton and Hove, also noticed dodgy redirects of his web traffic last July to sysip.net, a domain owned by Phorm. He wrote about the mystery here at the time.

Spike and Stephen urged other BT customers who believe they may have been co-opted into last summer's secret trials to speak out.

We first asked BT about its relationship with Phorm in July 2007, when it was widely known as 121Media, a firm deeply involved in spyware. BT denied any testing and said customers whose DNS requests were being redirected must have a malware problem.

It wasn't until 14 February this year, when the deals between BT, Virgin Media and Carphone Warehouse to pimp customer web browsing were announced, that a cover-up was revealed. You can read the original story here.

BT's belated confession that it secretly used its customers' traffic to test the safety of ad targeting technology can only add to the distrust around Phorm, whose executive team includes a former BT Retail CTO. Several security firms have confirmed plans to classify Phorm's cookies - both for opting in and opting out of Webwise - as adware.

As part of its admission to the secret 2007 trials, BT also said it will follow Carphone Warehouse's lead and develop an opt-out that does not involve cookies and means no data will be mirrored to a profiling server, even if it is ignored. It follows serious concerns raised by experts on the Regulation of Investigatory Powers Act 2000 (RIPA) that Phorm's plan to use cookies to exclude people who opt-out is illegal.

BT repeated its insistence that the technology is legal, however. It said: "We are already developing an opt-out solution that would remove the need for opt-out cookies altogether. We have carried out significant due diligence in this area, and informed consent from our customers will satisfy the necessary legal requirements."

Yet some authorities on RIPA have argued that ISPs would also need permission from website owners to profile the content of their pages. BT has not responded to our questions on this point.

ISP data pimping has also invoked the ire of the Greatest Living Briton™. Today the BBC reports that Sir Tim Berners-Lee, inventor of the web, has spoken out against ISP ad targeting. He summed up public opposition to the system: "It's [web traffic] mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return."

Meanwhile, the Downing Street petition against Phorm has now garnered almost 5,000 signatures.

Carphone Warehouse has said it will ensure that its subscribers are opted out of Phorm and Webwise by default. BT and Virgin Media have made no such promise.

You can follow all our reporting of Phorm over the last three weeks here.

Link to comment
Share on other sites

Guest David Guyatt
I remain skeptical: since I use one of the ISPs mentioned I at least have the option of opting out. I agree with you David, that schemes like these should be opt in, not opt out.

Ditto Dave, I use one of these three too. But when my contract is up for renewal I'll bugger off to someone else. The problem, I suspect, is that at some point in the future most - if not all - ISP's will follow suit, making opting out by changing ISP service virtually impossible.

Speaking of BT, I happen to know that is covertly gathers all sorts of data, from voice recognition patterns through to surreptitious use of computer voice stress analysis (a form of lie detector software) that was run through a Northern Ireland based India-owned BT contractor. Despite writing many letters to BT raising this issue with them over a nine month period they have not replied (or even acknowledged receipt).

Link to comment
Share on other sites

Guest David Guyatt

I'd be interested in that Maggie.

Also, in regard to what Peter said about mobile phones, there is now a website (sorry can't recall name) that you can tpe in your mobile number and it wil send you a text telling you the location of your phone.

Very useful if you're pissed out of your mind, I suppose, but also illustrative of how technology once the sole preserve of governments enters the commerical domain.

Link to comment
Share on other sites

Guest David Guyatt

Ta Maggies... copied links on to my youngest son who is (or was anyway) the proud owner of an Apple iPhone. It's a great gadget but I suppose that is what attracts the nerds of spookerama to build snoopiness in to it.

Uncle Sam = Big Bro'.

Link to comment
Share on other sites

I'd be interested in that Maggie.

Also, in regard to what Peter said about mobile phones, there is now a website (sorry can't recall name) that you can tpe in your mobile number and it wil send you a text telling you the location of your phone.

Very useful if you're pissed out of your mind, I suppose, but also illustrative of how technology once the sole preserve of governments enters the commerical domain.

Agreed, but there is now no degree of separation between Corporate and Governmental domain [the very definition of Fascism]. In USA many Companies and Corporations were asked to spy on customers, employees and persons they have access to information on for the FBI and Homeland Security and were even given permission to even be armed and kill in times of national emergency. There is a thread on it here somewhere, but search function can't find itfor me, at moment. Most Americans [ever the cockeyed optimists] think that things will somehow [with someone else putting their shoulder to the wheel] get back to 'normal'. It will not. It is now out of control and moving faster. I don't see the genie being put back in the bottle, the 

way things are moving. I'm very pessimistic, ONLY because of the naivete and passivity of my fellow citizens. The UK seems only to be the 51st state on all this. The 

rest 

of Europe is only slightly behind....but enough they can perhaps turn it around - though not optimistic there either.

Google Earth is an interesting example of Government and Corporate Blur. Some agency of US Govt. sensors the images of certain 'sensitive' satellite images via computer. That means they can also input false images, as needed - as well as just blank-out an area. The telecommunication companies in the USA have been providing phone and internet data to the US Government for a long time. There is even a bill in Congress to give them immunity from any prosecution resulting from the news of this.

It was not many years ago when I read Brave New World in high school that I worried 'what if'. Now one has to say 'what now, that it has become reality!'

And how about the following for a public-private partnership?

http://technology.timesonline.co.uk/tol/ne...icle3652494.ece

Why am I not surprised by this?

If I am not mistaken, Google execises a substantial degree of site content control which, but for its private sector status, would amount to censorship.

If the government is s substantial Google customer, it may well have considerable influence over Google's site control policies and decisions.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...