UK ISPs To Start Tracking Your Surfing To Serve You Ads

TechDirt has an interesting article about a UK-based company that is trying to work with ISPs to make use of user surfing data to serve targeted ads. "Late last year, we heard about a company that was trying to work with ISPs to make use of that data themselves to insert their own ads based on your surfing history -- and now we've got the first report of some big ISPs moving into this realm. Over in the UK three big ISPs, BT, Carphone Warehouse and Virgin Media have announced plans to use your clickstream data to insert relevant ads as you surf through a new startup called Phorm."

hmm

[RMH101 (636144)]

So it's bad when ISPs do this, but OK when Google does it?

Re:

[FireballX301 (766274)]

Presumably there's an alternative to Google search. Not so for some regional ISPs, where it's either them or dial-up.

Re:

[BSAtHome (455370)]

Use tor... Sure, it is slower, but it bypasses the ISP tracking.

Re:hmm

[STrinity (723872)]

Use tor... Sure, it is slower, but it bypasses the ISP tracking.

However the last node in the chain can see anything you do that isn't using HTTPS/SSL, and if anything you do gives away your identity, they can figure out who you are.

Oh, and some of them may be run by governments and criminal organizations.

Re:

[internewt (640704)]

DSL competition is a fucking joke in the UK. Almost all the DSL services you can buy are still over BT's hardware, and BT charge other ISPs by the byte transferred: this means that unless you use an ISP that has their own kit in exchanges you will be playing by BTs rules. And even those ISPs that do have their own kit in exchanges barely undercut BT because charging/byte is very profitable.

I should think there are a few towns in the UK that maybe do have some real competition and inturn good fast 'net acces

Re:hmm

[N7DR (536428)]

So it's bad when ISPs do this, but OK when Google does it?

Yes. It's part of the data returned by Google. The ISP has to snoop the data stream and insert its own traffic into it.

ISPs should be forbidden from altering the data stream unless they own the content that's being transferred.

Re:hmm

[corsec67 (627446)]

Wouldn't copyright law already cover that?

You can't take a copy of my website, insert a little bit, and then serve that. Couldn't google sue any ISP that alters their pages in any way?

Re:hmm

[Anonymous Coward]

No, I don't think so. Transparently altering data is permissible according to RFC 2616 (the HTTP specification) unless you include the Cache-Control: no-transform header, which virtually nobody has ever heard of. Thus, if intermediate alteration is part of the protocol you are using and you haven't availed yourself of the opportunity to deny that action, it can be argued that the permission is implicitly granted, just the same way it's implicitly granted that they can cache it at all.

...until now

[phorm (591458)]

Methinks that if this becomes commonplace, then perhaps that little header bit might become a whole lot more popular.

p.s. looks like those UK bastards stole my nick too...

Not quite!

[johannesg (664142)]

Even if something is possible according to a protocol description, that still doesn't make it legal.

A copyrighted work remains a copyrighted work, even if it is technically possible to violate that copyright (same as how a torrent of a new movie is not actually legal just because it is technically possible and in compliance with its own specification). Thus, an ISP still has no right to mangle those works for their own profit.

Of course the answer is easy: use encrypted protocols, and nothing but encrypted p

Re:hmm

[rolfwind (528248)]

I can CHOOSE to use google to surf the net. There are many search engines. I can also use Tor to access Google anonymously if I'm paranoid.

My ISP choices are limited, and I can't change them as fast as a search engine either. Plus once I click onto a site, google pretty much loose track where I am, especially if I block ads.

ISP can know every place I go.

Moreover, I don't pay google to use their service. I do pay an ISP. They have an revenue stream.

So I think your analogy is flawed.

Re:hmm

[Anonymous Brave Guy (457657)]

ISPs should be forbidden from altering the data stream unless they own the content that's being transferred.

IMHO, ISPs should be forbidden from even snooping on your data stream. They've no more business monitoring your on-line activities than the Royal Mail has opening all your letters.

The data protection implications of this development are alarming, and frankly I don't care what some big accounting firm says about them. The day my ISP (which is not one of the three mentioned) says it will adopt a similar policy will be the day that I start the process of moving elsewhere, and I'd probably send a letter to the Information Commissioner expressing my concern as well.

But hey, if the ISPs are spying on where I go and what I do (actually, they're legally required to record it anyway these days — another draconian privacy invasion, this time mandated by our terrorist-fearing government) and acting on the data they have, presumably that absolves them of any immunity they might otherwise have had when they supply files to copyright infringers, kiddie porn to sickos, and the like. May the money-grabbing lawsuits and company-killing PR sink them quickly.

Re:

[delinear (991444)]

More to the point it comes down to money. I "pay" Google for its service by viewing their ads. I pay for my ISP with money. I don't expect to have to pay them twice.

Re:hmm

[Jaseoldboss (650728)]

They're using cookies to track behaviour. OIX.net is the address you need to block by the looks of it. Link [webwise.com]

I delete my cookies regularly, and I want to keep Webwise switched off. How do I do that?

If you regularly delete your cookies and want to ensure that Webwise is permanently switched off, simply add [OIX.net] to the Blocked Cookies settings in your browser.

Re:

[NMagic (982573)]

Yeah, most of your search pages already do logical banners. You search for something and they post up related products next to it. Hell, even most of your free webmail providers do it. As long as the ISP isn't dropping cookies on your box, I don't have too many problems with it... However, the one problem I see here comes when the ISPs start charging for bandwidth, and your browsing becomes as fast as using a 56k, due to the sheer amounts of tracking being done. Why should I have to pay for their ads?

Re:

[pembo13 (770295)]

Well the ISP is an internet provider. Google is as advertisement provider... I don't think they've ever been secretive about that fact.

Re:hmm

[moderatorrater (1095745)]

It's the difference between a company advertising to you when you call them (or trying to upsell, etc) and the phone company listening into your calls and breaking in when they have something to sell you. You're dealing with the company on the other side (google, in this case) as an equal. Your ISP holds a lot of power over you, and abusing it's wrong.

ISPUK apparently

[Anonymous Coward]

does this not break privacy laws? for that matter, why can an ISP snoop on what you're doign when the government can not?

Re:ISPUK apparently

[glesga_kiss (596639)]

does this not break privacy laws?

I think so! Under my understanding of the UK Data Protection Act (IANAL), this would have to be an opt-in scheme via a tick box on the contract. It used to be opt-out but this was changed.

Under the terms of the law an organization may not share personal data to another party without your consent. It's a pretty decent law, I don't know how the hell it got passed.

So who's paying the extra bsandwidth used?

[trolltalk.com (1108067)]

After all, if your ISP is serving you ads you don't want, they shouldn't be charging you the bandwidth used ...

Classy, very classy

[FireballX301 (766274)]

All you have to do is also lower prices, and you'll see how many 'citizens' are willing to sell their privacy.

And it's interesting how three big ISPs banded together like this. It's almost like they're trying to shut out alternatives...

Re:Classy, very classy

[ATMD (986401)]

I'll be sticking with UKFSN [ukfsn.org]. No throttling, no traffic shaping, no "fair use" - and no stream tampering for the foreseeable future, I'll bet.

I'd recommend them to anyone.

nice

[R3N3G4D3 (1227590)]

so now my family can enjoy the advertisements based on the porn I was watching earlier that week?

Re:nice

[moderatorrater (1095745)]

Everybody likes horses and other farm animals, right?

Re:nice

[Mr. Roadkill (731328)]

Everybody likes horses and other farm animals, right?

Maybe his kids will appreciate seeing pictures of others their own age with similar interests. Plus, most kids these days don't get to see anywhere near enough of Grandma.

Porn ads?

[PIPBoy3000 (619296)]

So if my wife starts getting a lot of ads for porn, do you think she'll put two and two together?

Porn ads from Virgin Media?

[EmbeddedJanitor (597831)]

Makes sense!

Re:

[Wandering Wombat (531833)]

Will she put two and two together? Probably not... http://www.xkcd.com/ [xkcd.com]

Re:Porn ads?

[edwardpickman (965122)]

So if my wife starts getting a lot of ads for porn, do you think she'll put two and two together?

She may just assume it's because of her own porn surfing?

Reason Number

[Smordnys s'regrepsA (1160895)]

Just reason #86 to switch to Firefox with Adblock Plus (lets 86 those adds)!

Re:

[STrinity (723872)]

Unless the ISP stores the ads in random directories with random names, it'll be possible to construct an Adblock filter for them. The bigger concern is that even if I block the ads, the ISP is still aggregating information about my surfing habits and distributing it to third parties.

Re:

[STrinity (723872)]

An ISP can't just insert an ad in a page -- if they just send you a .jpg or flash file when you open a site, the browser won't know where to put it and discard it. They'd have to modify the HTML so it contains a tag that says "place http://isp.com/ad.jpg [isp.com] here," and once that happens you can nuke it with Adblock.

Re:

[Allicorn (175921)]

Not exactly, since they can modify your HTTP responses at will and detect every HTTP request, regardless of target host, they need not insert...

    [img src=http://isp.com/ads/somead.jpg]

into the stream at all. They could instead insert...

    [img src=http://thesiteyouwereonalready.com/randomappearingnumber.jpg]

and then sniff your subsequent requests for that specific URI. Not easy to block with a plain old regular expression unfortunately.

Alli

Power corrupts

[Statecraftsman (718862)]

Please oh please, can we start working on an open source(wimax) router with two bands(backbone and local) so we can build our own huge mesh network and say buh-bye to ISPs forever? We don't need your email address, we don't need your antivirus software, we do not need your bills, and finally we don't need you messing with our connections. That is all.

Re:Power corrupts

[FooAtWFU (699187)]

Please oh please, can we start working on an open source(wimax) router with two bands(backbone and local)

Hooold up there, buddy. Where exactly are you going to get the money to buy the spectrum you need for your precious WiMAX to work?

Re:

[Statecraftsman (718862)]

We shouldn't need to purchase spectrum. We should purchase some lobbyists and maybe start some kind of calling campaign so the next useful chunk of spectrum will not be sold to the highest bidder. Instead it should be reserved like a national park for the public good...except instead of allowing us to enjoy the outdoors take hikes, collect our thoughts, this resource will grease the wheels of business, society and innovation.

Re:

[wall0159 (881759)]

Uhh... It's our spectrum - all we need to do is not sell it...

(privitisation is not always automatically a good thing)

Re:Power corrupts

[Dunbal (464142)]

This would work great inside urban sprawl, but you'll still need the telcos for rural and inter-continental stuff and that's where they will bite you in the ass. Unless of course you make enough money to lay your own trans-ocean cables.

In other news....

[maillemaker (924053)]

...advertisements for KY Jelly skyrocket...

Mmm bad summary?

[saikou (211301)]

When people say "Insert relevant ads" it usually means ISP hacked the page you got from remote server and inserted and ad that wasn't there, or replaced one on the page with something else. Bad thing. Here, they organize new ad platform. Any site that uses it will be showing something Phorm servs up, and it, in turn, will try to figure out what to show by using ALL of your surfing history, no matter what sites you visit. So, if you go to golf sites A, B, C (that serve ads via yahoo, for example), and then to Phorm-using site M that has articles on electronics, site M will show you golf ads, due to your click-stream.

Of course advertisers will be disappointed to find out, that many people actually use one connection for a household. So, while from the point of view of ISP user clicked Cooking A, Cooking B, Valentine's day, Heavy metal band, Banking, Myspace ... in reality it's 2-3-4 individual users. And showing wife an ad for a new heavy album won't make CTR go through the roof. And teenager might actually barf at the sight of the cooking ads.

p.s. ISPs sell the data anyways, not usre how this opt-out would work...

Phorm?

[vimh42 (981236)]

Well I guess it's pretty obvious what type of ads they expect to be serving up.

it's actually very very illegal

[QX-Mat (460729)]

Privacy, Art 8 and 10 aside, its actually very very illegal contractually. No doubt they will find a way of avoiding the contractual obligations through a shrink wrap, but there are issues here with the laws of confidence, the duty of care bestowed on the ISP etc. Not to mention cartel practice.

No no no no. This is BAD captialism. Stop. Think. Or I will sue.

Their right?

[CannonballHead (842625)]

I suppose an ISP has a right to do this sort of thing (unless, of course, they have contracted with you not to do it)

I'd imagine some ISP's will respond by offering Ad-Free internet service. Wouldn't this kinda fall under competition, then? Stupid for those ISP's, perhaps, but hey, stupidity can be nice for the consumer now and then.

I can has SSL?

[fuzzyfuzzyfungus (1223518)]

Wow. It's almost like they want to see SSL used absolutely everywhere. Have they considered the fact that, once website operators feel the need to switch to HTTPS to keep other people's ads off of their pages, they won't even be able to sell clickstream data anymore? (Not that I mind, of course. I really hate to see ISPs doing things like this; but if it drives greater adoption of crypto, it isn't all bad.)

In broader terms, though, this sort of thing is a (minor) example of what is really a huge problem. The internet is the biggest, newest, most disruptive medium in quite some time. But it flows over pipes largely controlled by people who would be much happier if it had never existed. That is a dangerous state of affairs. We need to exterminate the cable and telco guys, with their dreams of the old days when the endpoints were dumb and the network was all powerful, and get some new people who understand that internet access is a basic, cheap, boring commodity like cement or potatoes. It is occurrences like those above that make me seriously consider the idea of having municipal data pipes, just as we have municipal water pipes.

I don't get it

[Dunbal (464142)]

So how come it's not okay for the phone company to barge into a voice communication in the middle of a conversation I am having with someone in order to tell me of the sale at my local shopping mall and the low low prices on mattresses, but when it's DATA they feel they have the right to alter the communication between myself and the party I am communicating with?

Plus are the websites going to be compensated for their loss? Because presumably if the visitor is reading a 3rd party ad instead of the ads on the website, the value of the ad space on said website is diminished.

Wait a minute...

[ricebowl (999467)]

UK ISPs To Start Tracking Your Surfing To Serve You Ads...

I could've sworn we had a story recently in which ISPs were resistant to monitoring users [slashdot.org]; what happened..?

Oh! That's right; they were resisting legislative impetus to monitor traffic, but now they have a financial impetus. Tch; if only the government had thought through the remuneration aspect...

ISP's who do this

[MeNeXT (200840)]

May open the door to being sued. When they choose what can come through then they will be under obligation to stop thing like child pron, XXX to minors, BiTorrent downloads...

What gives them the right to choose?

Adblock now easy

[flyingfsck (986395)]

Cool, this can only make Adblocking easier since all ads will appear to come from the same place.

European privacy protection at its best

[nguy (1207026)]

Not only does your ISP record your surfing data and keeps it around to give to the police, he sells it to other companies, too.

Phorm

[Fluoxetine Freak (943931)]

From Phorm's [phorm.com] website:

"With OIX and Webwise, consumers are in control: they can switch relevance 'off' or 'on' at any time at Webwise.com. There's no small print and no catches: it's completely up to the consumer."

In the comments on the Techdirt article [techdirt.com] somebody is saying that Phorm are the latest incarnation of 121media which made the contextplus rootkit. A quick search later and indeed they are the same company [121media.com].

Anybody got any more dirt on them?