Slashdot Log In
BT Silences Customers Over Phorm
Posted by
Soulskill
on Sat Nov 22, 2008 12:06 AM
from the lalala-i-can't-hear-you dept.
from the lalala-i-can't-hear-you dept.
An anonymous reader writes "The Register reports that BT, the UK's dominant telecom and internet service provider, has 'banned all future discussion of Phorm and its "WebWise" targeted advertising product on its customer forums, and deleted all past threads about the controversy dating back to February.' Phorm is a controversial opt-out system for delivering targeted advertising that intercepts traffic passing through an ISP in order to profile subscribers via an assigned unique ID based on their online activities. Subscribers can opt-out at the Webwise website but are opted-in again if the Phorm cookie is cleared. Firefox users can install Melvin Sage's Firephorm add-on to manage their interaction with Phorm and Webwise."
Related Stories
[+]
UK ISPs To Start Tracking Your Surfing To Serve You Ads 238 comments
TechDirt has an interesting article about a UK-based company that is trying to work with ISPs to make use of user surfing data to serve targeted ads. "Late last year, we heard about a company that was trying to work with ISPs to make use of that data themselves to insert their own ads based on your surfing history -- and now we've got the first report of some big ISPs moving into this realm. Over in the UK three big ISPs, BT, Carphone Warehouse and Virgin Media have announced plans to use your clickstream data to insert relevant ads as you surf through a new startup called Phorm."
Submission: BT Silences Customers Over Phorm by Anonymous Coward
[+]
Technology: Google To Monitor Surfing Habits For Ad-Serving 219 comments
superglaze (ZDNet UK) writes "Google is gearing up to launch cookie-based 'interest-based' advertising, which involves monitoring the user's passage across various WebSense partner sites. The idea is to have better-targeted advertising, which is not a million miles away from what Phorm is trying to do — the difference, it seems at first glance, is that Google is being relatively up-front about its intentions."
[+]
Rights Groups Speak Out Against Phorm, UK Comm. Database 102 comments
MJackson writes "The Open Rights Group (ORG) has issued a public letter to the Chief Privacy Officers (or the nearest equivalent) for seven of the world's largest website giants (including Microsoft and Google), asking them to boycott Phorm. The controversial Phorm system works with broadband ISPs to monitor what websites you visit for use in targeted advertising campaigns. Meanwhile, the Joseph Rowntree Reform Trust has issued a new report slamming the UK government's plans for a Communications Database. This would be designed to intercept and log every UK ISP user's e-mail headers, website accesses and telephone history. The report warns that the public are often, 'neither served nor protected by the increasingly complex and intrusive holdings of personal information invading every aspect of our lives.'"
[+]
BT Drops Phorm, Citing More Pressing Priorities 94 comments
Tom DBA notes a story up at The Register that begins "BT has abandoned plans to roll out Phorm's controversial web monitoring and profiling system across its broadband network, claiming it needs to concentrate resources on network upgrades... BT's announcement comes a day before MPs and peers of the All Party Parliamentary Communications Group are due to begin an investigation of Internet privacy. Their intervention follows the EU's move to sue the UK government over its alleged failure... properly [to] implement European privacy laws with respect to the trials, drawing further bad publicity to the venture." We've discussed Phorm many times in the past.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Heuristic: (Score:5, Insightful)
Re:Heuristic: (Score:5, Insightful)
[Adam Liversage, BT's chief press officer] said the fact that BT had chosen not only to close the threads but delete them entirely was insignificant. "It doesn't matter either way because the people who are following this will have the threads backed up in multiple copies," he said.
Wow, that's something only a PR man could say with a straight face.
Seems they don't want to admit the difference between stopping speech and suppressing it.
Parent
Re:Heuristic: (Score:4, Insightful)
Well...
As someone who's been banned from a couple forums, I can attest that "forums are private and there's no requirement for free speech". In other words the owner of the forum can be a dictatorial censor is that's what he wishes; it's his forum. Same applies to British Telecom.
The only catch: If BT is a government-owned company, then the government may be in violation of its own laws. Too bad the U.K. doesn't have some "supreme law of the land" to act as a contract which the government must follow, and provides guarantees such as free speech which cannot be over-ruled by a politician.
Parent
Re:Heuristic: (Score:5, Insightful)
And I'm not talking about just the last eight years.
Parent
Re: (Score:3, Informative)
The British Parliament has nothing to limit the damage it can cause to its own citizens. All it takes is a simple 50%+1 vote to take away British citizens freedoms. Like speech.
Not really accurate. You need a majority in *both* houses of parliament to get a bill passed, and the House of Lords does not have a majority for the governing party. The house of lords *can* be overridden (via the parliament act) but this takes considerable time and will not always succeed (because if the house of lords is being ove
Re:Heuristic: (Score:5, Insightful)
If BT is a government-owned company
It isn't.
then the government may be in violation of its own laws.
They're not.
Too bad the U.K. doesn't have some "supreme law of the land" to act as a contract which the government must follow
It does.
and provides guarantees such as free speech which cannot be over-ruled by a politician.
It does. It could be over-ruled by a whole lot of politicians working together, of course. Can you say "constitutional amendment"? Or maybe "Patriot Act" is easier (at least, it was for the politicians).
Parent
Re:Heuristic: (Score:5, Insightful)
Another question is if they by injecting information into the HTML stream is violating the copyright of the original content.
Otherwise this is also a good motivation for sites and users to use HTTPS more.
Parent
Re:Heuristic: (Score:5, Insightful)
It surely violates the webowners' rights, who PAID to have their ads appear on your screen, but instead British Telecom is blocking them: "BT Webwise also personalizes the online advertising you see when browsing on participating websites by linking ads to your interests. For example, if you search for a weekend trip to Paris or visit pages related to Paris, BT Webwise would replace the standard ads....."
I know if I was Google, Apple, Microsoft, or some other website, I would not be happy.
Ads are what pay my bills. How dare BT remove my revenue-source and jeopardize my ability to continue providing a Free website to my customers?
Parent
Is this really how it works? (Score:5, Informative)
It is my understanding that BT won't be removing your ads. Instead, "WebWise" will be a competing advertising provider to the likes of Google, Microsoft, etc. You can elect to put Phorm ads on your site instead, and in theory, those ads will be behaviorally targeted at the people browsing your site. (Or at least, the people who haven't opted out.) If you don't use Phorm, whatever provider's ads you sign up for will be shown.
The shitstorm, as I understand it, isn't that website owners' ads won't be displayed. It's that people using this WebWise thing while browsing your site will be reporting what they're doing to a third party, and since it's opt-in, many (most?) probably won't even know that they're doing it.
Worse, because WebWise now knows that Joe Schmo is interested in whatever it is your web site is advertising, say, cars, then it will start displaying car ads from your competitors on sites that have contracts with Phorm because Joe browsed your site.
All in all, pretty scummy, but I'd genuinely be surprised if it actually removes ads from sites that have nothing to do with it. Especially since they're talking about making it opt-in, I can't imagine that wouldn't be unquestionably illegal.
Parent
Still not correct? (Score:4, Informative)
Again, this is not my understanding of how it works.
As I read it, if you put Google ads on your site, people from British Telecom are seeing Google ads, period. However, as a web site owner, you can instead choose to put Phorm ads on your site, in which case, people from British Telecom will see the behavior tailored ads.
There's nothing new in that. What is new, and what I understand has everyone so up in arms, is that when British Telecom people are visiting your site (and seeing Google ads), Phorm is finding out about it and logging that fact, so that when British Telecom people visit other sites that have Phorm ads, what they will see is based on what they saw when they visited your site (with Google ads).
Plus, as an opt-out system, people won't know that the sites they're visiting are being silently watched by a third party, which is always very uncool.
If they're actually replacing content served by non-affiliated third parties (i.e. Google, or site owners who run Google ads), I'd like to see a reference to that, because I'm wrong in how I believe this works.
Parent
Re: (Score:3, Informative)
Thankfully we have a lot of choice and a very competitive market. It is trivial to switch to a different provider, and while most of your data may still be going over BT's networks, BT won't have a legal leg to stand on if they try to intercept communications belonging to people who aren'
As a BT customer (Score:5, Funny)
I'm concerned about how they're hiding the history of ***** use. Deleting post on ***** is quite extreme, and who knows what they'll do next? Start censoring the use of ***** on their network?
Re:As a BT customer (Score:5, Funny)
Parent
Not a tech support issue? (Score:5, Insightful)
Our broadband support forums are designed to be a place where customers can discuss technical support issues and offer solutions.
And someone hijacking and modifying your data isn't a technical support issue?
Re:Not a tech support issue? (Score:5, Interesting)
This seems to be the tactic of the day. Apple does the same thing in their forums, delete any posts mentioning things they don't want mentioned on the grounds that it is a user to user technical support forum.
Yet you can post gushing praise of Apple without asking for help or offering to help and the moderators leave those fanboy posts alone.
This is a good reason to start an independent forum on any one of a number of forum hosting sites, preferably out of the reach of BT.
Parent
Re: (Score:3, Insightful)
If you are a BT subscriber, it appears nothing is out of their reach at this point.
Re:Not a tech support issue? (Score:5, Insightful)
Parent
Re: "Praising with Faint Damnation"? (Score:3, Insightful)
There used to be a phrase "Damn with faint praise". Said in an Alan Rickman snarl one would completely wither the opposition with some remark. Such as: after a resounding technical explanatory victory, the opponent murmurs, "nice vocabulary."
You're right that if stuff looks totally "Pleasantville" then it comes through kinda snitty. But if you allow some *token* complaints, you can give the illusion of fairness while still hiding the killer points.
"Announcement: Posted by Admin: We're sorry if you experien
Re:Not a tech support issue? (Score:4, Informative)
I encountered this with Apple. I was on their forum a few times, making rational complaints that they didn't support a certain professional camera's RAW files (Epson R-D1). Within hours, the post would be deleted. The first time I thought it was a glitch. After that I knew they were fucking with me.
Parent
Re:Not a tech support issue? (Score:5, Informative)
Hmm, here in Australia we have Whirlpool [whirlpool.net.au] for exactly that. The forums are very active, and all of the major ISPs have employees who get involved to at least refute rumours and clarify information about their services. It's being able to get unfiltered comments from customers which is the most valuable, though. It's a very useful resource.
Parent
Re:Not a tech support issue? (Score:5, Insightful)
Not just hijacking and modifying data, but an active classic man in the middle attack.
Imagine this ad server being compromised, and instead of "just" adding random ads to pages and logging customer activities for sale, picture it redirecting to phishing sites or just grabbing passwords sent to sites that are not SSL protected.
Parent
Same here ... (Score:2, Interesting)
My ISP recently turned on a similar system. I'm quite unhappy about it but I really don't have a realistic alternate ISP (boonies, telco, blah blah blah). It really does suck when things like this happen. I don't do anything illegal, but I still like my (relative) privacy and the ISP is the easiest place to attach my real identity to my data paths.
So, for now, I'm pondering going back to a fulltime SSH VPN to my web host for everything except the few apps I use that need low latency.
Wasn't Google working on something against this? (Score:5, Insightful)
I remember Google was working on something on the app layer that would guard against this type of connection hijacking but without the setup and teardown overhead of full blown SSL.
Its probably in Google's best interest to get something like this widely deployed -- a lot of ISPs are frothing at the mouth to get Phorm/NebuAd on their networks for more revenue streams, and it won't be long before a Google query would not route to Google (even if done at www.google.com), but to wherever the ISP desires.
Re:Wasn't Google working on something against this (Score:5, Interesting)
I remember Google was working on something on the app layer that would guard against this type of connection hijacking but without the setup and teardown overhead of full blown SSL.
Sounds like you're thinking of the obfuscated tcp [slashdot.org] story. Wasn't so much a Google project as someone who happened to work at Google iirc.
Parent
Typical BT Behavior (Score:4, Insightful)
What about wget ? (Score:5, Insightful)
That's just plain discusting anyways.
Re: (Score:2, Informative)
Re: (Score:3, Informative)
Re:What about wget ? (Score:5, Insightful)
Plus, if they are basing opt-out on a cookie, they are still doing deep packet inspection, since the cookie isn't in the TCP/IP packet headers (being an application layer thing and all).
I would think that people would want to opt out of Phorm interacting with their data at all, not setting a flag that is essentially "don't use this data for marketting purposes."
Parent
Re:What about wget ? (Score:5, Insightful)
Thats really the key of this all. The cookie prevents it from showing you ads. It does not stop the DPI, and tracking.
Parent
Re: (Score:2)
That's just plain discusting anyways.
Well what if I like custard? What of it?
Copyright Infringement? (Score:3)
Since it seems like they store a copy of the websites visited, could a website have a license that is "only end users can keep a copy of the data on this site", and then sue Phorm if they keep the data? Or would their impersonating other servers be fraud, especially if people have the "opt-out" cookie?
Looking at the wiki diagram [wikipedia.org] of what they do, that is just insane. They are a man in the middle, adding cookies, hiding cookies, redirecting requests to unrelated sites, etc. They are slowing down every site, and what happens if they get overloaded? Does everything come to a halt?
Imagine if someone got a server on a network and added an entry to webwise.net to the /etc/hosts file (or equivalent), they would get a record of every site that everyone with the extra DNS entry visited. Combine a server with a DNS poisoning attack, and you can get the traffic for a large number of people.
Maybe people should point www.webwise.net to a non-routing address to be safe?
Re:Copyright Infringement? (Score:5, Interesting)
There is absolutely no way in which this isn't copyright infringement. Any web page is copyrighted. This comment is copyrighted and owned by me. The Slashdot terms of use say that they get a nonexclusive distribution right to them. No one else has the right to reproduce them or modify them. The complete page is also copyrighted and owned jointly by all of the posters and by Slashdot.
A carrier has an implicit license to distribute exact copies to their customers and, if the correct headers are set, to cache a copy. Inserting adverts, however, is creating and distributing a derived work from the copyrighted material. Since they profit from the adverts, it counts as commercial infringement, which typically has much larger financial penalties.
The maximum fine for online copyright infringement in the UK is now £5,000 per offence. Every single page that is modified counts as an instance of infringement. The total fines would come to more than the market capitalisation of BT at the moment.
Parent
Re:Copyright Infringement? (Score:4, Informative)
Please mod this and all similar posts down (nothing personal TheRaven64).
Phorm is not "Inserting adverts [and thus] creating and distributing a derived work from the copyrighted material."
It is performing a man-in-the-middle attack to glean information from all ISP subscribers, and using that information to serve 'tageted adverts' on PARTICIPATING websites; sites that have signed up to use Phorm as an advertising provider.
The only copyright infringement that might occur is that Phorm scrapes websites (by hijacking the ISP subscriber's session) but does not respect the robot text. It can therefore (arguably) be said to be in breach of a website's usage agreement.
Phorm have said that they respect the robot.txt restrictions only in agregate: where no robots are allowed they will not go, but if ANY specific spidering is allowed, they (wrongly) calim that they are also allowed.
Phorm (and apparently also BT) are scum. I pray that they're found guilty of computer misuse, but this will have to be the result of a ruling by the EU (rather than the incompetent British government).
It goes without saying that, should this happen, the guilty parties will not serve jail time (since they are corporate and rich with contacts in the government) but hopefully, the immoral and corrupt spyware scheme that BT is creating with Phorm will be stopped.
Parent
You don't need BT at all (Score:5, Informative)
Perhaps an Enterprising Brit could make cash? (Score:5, Insightful)
What a company could do, assuming it had the cash for reasonable Internet peering, would be to make a VPN service. Give directions for novice BT users to set up and route through. It doesn't have to be an "anonymous" service, however it would be a boon for privacy if TCP/IP logs are held just long enough in case of a security issue (or to make the UK government happy), and then promptly deleted. This service would be hosted physically in the UK to ensure decently fast connections, as opposed to other services located elsewhere around the world where packets would possibly have to cross through high latency overseas lines.
It could offer the usual PPTP services. It can also offer a SSL proxy (plain or using stunnel) for Web traffic so only the Web browser would have to be configured if the user doesn't have administrative rights. For users using ssh, it can offer PPP over ssh.
Then, this company can provide some decent instructions for people to set up a VPN to its site with the usual operating systems (Linux, OS X, BSD, Windows.)
Of course, BT could try to block or throttle the packets, but that is starting a type of legal battle with another company that may not be in BT's interest.
Re:Perhaps an Enterprising Brit could make cash? (Score:5, Informative)
I personally know an enterprising Scot making a decent stack on this concept.
https://www.vpntunnel.co.uk/ [vpntunnel.co.uk]
Parent
Re:Perhaps an Enterprising Brit could make cash? (Score:4, Informative)
Why not just switch to another ISP? Nobody is forced to use BT.
In some parts of the UK, especially in rural areas, BT is indeed the only provider. I can't imagine how they manage to sell any broadband at all in urban areas where there actually is competition: they're quite expensive, and their support is shockingly awful.
Parent
I thought Phorm had to be Opt-in (Score:3, Interesting)
Glad I Left (Score:3, Interesting)
Central point of failure? (Score:5, Interesting)
What would happen if the webwise.net domain (which shares an IP with phorm.com) was to accidentally get DDOSed?
Going by the Phorm diagram on wikipedia, it would seem that webwise.net is a central point of failure for the system.
Injection warnings (Score:3, Informative)
It's about time that all http web traffic was https instead, so the likes of BT could not inject their garbage into pages without people knowing the pages have been compromised.
Copyright Issue (Score:3, Insightful)
They are effectively modifying content in such a way that what is presented, is not what was published
There could also be some issues effecting the value of the content. I create content, and BT defaces it before it reaches my client/consumer, they are in a sense effectively damaging my property and assets. If I was a large website owner I might take offense to this kind of behavior.
Re:Just a thought... (Score:4, Insightful)
If it were done with the consent of the content creators, there would be little or no benefit over google ads.
Parent
Re:Just a thought... (Score:4, Informative)
That appears to be the case:
KentErtugrul
Just to clarify: we do not serve adverts into the traffic stream. The websites within which the ads appear are in fact our partners. They choose to partner with us to bring you more helpful, relevant and yes, more valuable advertising
http://www.webwise.com/how-it-works/transcript_080306.html
Parent
Re:Just a thought... (Score:4, Informative)
Mod parent (insightful and informed AC) up.
As much as I hate Phorm (luckily I'm not with a Phorm ISP), that's not entirely accurate. As mentioned by an AC (but likely to get lost) Phorm only modifies the ad selection for the Phorm advertising network. It does not strip out other ads and replace them with their own (although it wouldn't surprise me if someone had suggested that), it just tries to target ads from a select network of advertisers.
That said, it does still piggy-back any content that I put up on my website by reading it and gaining marketting data from it. I sure as hell didn't agree to that, so I'm investigating methods of stopping them profiting from my content when I don't get a cut and when I purposefully don't put adverts on my sites.
Parent
Re:Just a thought... (Score:5, Insightful)
The difference is that my TV doesn't track what I watch, who I watch it with, who I talk to, what mail I send and when I go to the bathroom.
Parent
Re:Just a thought... (Score:4, Insightful)
...yet...
Parent
Re: (Score:3, Informative)
does anyone know why they have to implement it with cookies and redirects? (according to wikipedia)
couldn't they have done this silently and leave users completely unaware of it?
As far as I can gather, it's not BT doing the dirty work. They simply route all HTTP traffic through the Phorm system, and their processes are set up so there's no way to filter whose traffic gets routed that way.
By the time it reaches the Phorm system, it may well not be associated with any specific BT user - Phorm don't know who has what IP address - so the only realistic option for them to use something at the application level.
If anything, it's an indictment of our data protection laws that customer ri
Re:cookie (Score:4, Interesting)
If it went to court, any customer in the UK would be able to get away with terminating their contract on these grounds. I would recommend a formal notification of terminating the contract, the clear reasons why and the promise that this would be resolved via legal action if they chose to pursue you. I would also promise legal action if they in anyway impeded my freedom to move to another ISP.
Parent