Slashdot Log In
EU Investigates Phorm's UK ISP Advertising System
Posted by
timothy
on Tue Apr 14, 2009 10:23 AM
from the ebay-bids-from-cubicle-81773(d) dept.
from the ebay-bids-from-cubicle-81773(d) dept.
MJackson writes "The European Commission has opened an infringement proceeding against the UK after a series of complaints by Internet users, and extensive communication with UK authorities, about the use of Phorm's behavioural advertising system, which uses Deep Packet Inspection (DPI) technology, by internet service providers. Phorm works with UK ISPs to monitor what websites you visit for use in targeted advertising campaigns, though its methods have raised more than a few fears about invasions of privacy. Similar services in the USA have caused an equal level of controversy."
Related Stories
[+]
Rights Groups Speak Out Against Phorm, UK Comm. Database 102 comments
MJackson writes "The Open Rights Group (ORG) has issued a public letter to the Chief Privacy Officers (or the nearest equivalent) for seven of the world's largest website giants (including Microsoft and Google), asking them to boycott Phorm. The controversial Phorm system works with broadband ISPs to monitor what websites you visit for use in targeted advertising campaigns. Meanwhile, the Joseph Rowntree Reform Trust has issued a new report slamming the UK government's plans for a Communications Database. This would be designed to intercept and log every UK ISP user's e-mail headers, website accesses and telephone history. The report warns that the public are often, 'neither served nor protected by the increasingly complex and intrusive holdings of personal information invading every aspect of our lives.'"
[+]
An Education In Deep Packet Inspection 126 comments
Deep Packet Inspection, or DPI, is at the heart of the debate over Network Neutrality — this relatively new technology threatens to upset the balance of power among consumers, ISPs, and information suppliers. An anonymous reader notes that the Canadian Privacy Commissioner has published a Web site, for Canadians and others, to educate about DPI technology. Online are a number of essays from different interested parties, ranging from DPI company officers to Internet law specialists to security professionals. The articles are open for comments. Here is the CBC's report on the launch.
Submission: EU Investigates Phorms UK ISP Advertising System by Anonymous Coward
[+]
Technology: Amazon To Block Phorm Scans 140 comments
clickclickdrone writes "The BBC are reporting that Amazon has said it will not allow online advertising system Phorm to scan its web pages to produce targeted ads. For most people this is a welcome step, especially after the European Commission said it was starting legal action against the UK earlier this week over its data protection laws in relation to Phorm's technology. Anyone who values their privacy should applaud this move by Amazon."
[+]
BT Drops Phorm, Citing More Pressing Priorities 94 comments
Tom DBA notes a story up at The Register that begins "BT has abandoned plans to roll out Phorm's controversial web monitoring and profiling system across its broadband network, claiming it needs to concentrate resources on network upgrades... BT's announcement comes a day before MPs and peers of the All Party Parliamentary Communications Group are due to begin an investigation of Internet privacy. Their intervention follows the EU's move to sue the UK government over its alleged failure... properly [to] implement European privacy laws with respect to the trials, drawing further bad publicity to the venture." We've discussed Phorm many times in the past.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Google (Score:2, Interesting)
Re:Google (Score:5, Insightful)
Ah, the most common argument for Phorm.
Difference is that you can chose not to use Google. If your ISP decides to do this you'll be opted in by default, and every time you delete your cookies, you'll be opted in again. We're not even sure that by opting out makes your traffic bypass Phorm's servers.
What's even worse is that the tax payer will pay the fine, not BT & Phorm. As usual the Criminal Protection Service, ahem Crown Prosecution Service has fucked the general public in favour of keeping Ministers friends on-side.
Sad this is that Brussels is better at looking out for us than Westminster.
Parent
Re: (Score:2)
Re: (Score:2)
You are free to swat at will. You may occasionally miss, You can wear bug repellant but it is imperfect and tends to wear off. You may be unable to swat at all. On many systems (such as say my treo 680) because the script and cookie handling functions are not advanced enough to be able to do more than simple global on/off you are more or less stuck with it. Almost eve
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Google (Score:5, Insightful)
Someone should go to jail for this, but no-one will.
Someone should go to jail over the guy being shoved, beaten and eventually dying near the G20 protests, but no-one will.
Someone should go to jail over the Jean Charles De Menezes murder, but no-one will.
Someone should go to jail over the various rail crashes due to poor maintenance or negligence, but no-one will.
Someone should go to jail over the war started on the basis of a dossier compiled from plagiarised articles on the internet, but no-one will.
The list goes on, but somehow no-one in a position of responsibility is ever responsible.
Parent
Re: (Score:3, Informative)
With Google you can block it by switching off cookies if you don't trust Google's opt out option. With DPI at the ISP level you can't. You have no control over what they're monitoring (save for doing something like using an encrypted tunnel to a proxy outside of the ISPs view). That's a pretty significant difference.
Re: (Score:2)
You have no control over what they're monitoring (save for doing something like using an encrypted tunnel to a proxy outside of the ISPs view). That's a pretty significant difference.
I don't use TPB for torrents, but i'll certainly use their IPREDator VPN service to get around this.
Re:Google (Score:5, Informative)
Google only records what information you give them when you use their services directly; when you search on google or use gmail or the like. The EULA for the service explains what is done with your data. This is explicitly allowed under the Data Protection Act (as it should be - otherwise apache logs would be illegal!) once you leave their site though, the logging ends.
Phorm collects detailed information on all your browsing traffic without your knowledge or consent, and then shares it with third parties, again without your knowledge or consent - take the BT trial, where people didn't even know it was running, let alone opt-in.
There's a good argument that Phorm breaches the Regulation of Investigatory Powers act here; as a non-governmental body (i.e. not specifically authorised to intercept traffic) they don't have the right to intercept and record the traffic of users without it being explicitly opt-in - it can even be argued that such recording requires the opt-in of both parties, i.e. the websites that people visit need to agree too.
Depending on what they do with the data specifically, and who it gets passed to, they may well be in breach of the Data Protection Act too.
ISPs have to record certain communications information under the Interception Modernisation Program, to be provided upon request to local and national governmental bodies. Phorm definitely doesn't qualify under that either.
Parent
Re:Google (Score:5, Insightful)
Businesses (like Google and Phorm) are mercilessly exploiting personal data on us all (for their own gain) to the point now its turning into a feeding frenzy and the law isn't changing fast enough to keep up and close down these relentless power grabs. (Also it is about power, as monitoring and profiling like this is a very powerful way to abuse so much information on so many people. Thats why governments also want to be part of this feeding frenzy for personal data, as they also gain by exploiting data on people for their own gain. Its also why they are very reluctant to make laws to ban such merciless exploitation. It takes time to force governments to listen to their people. In the mean time, businesses are showing they have utter contempt for peoples personal data.
Parent
Oh so now it's controversial? (Score:2, Insightful)
Don't get me wrong, I am completely against Phorm's practices. But it seems like it's completely ok for the government and the EU to question companies and individuals about this kind of practice. But when it comes to individuals asking the government about wiretapping etc. it's a completely different thing?
I'm sorry, I know the government is just trying to protect our kids from those drug-dealing maffia-involved sexual predator terrorists.
Re: (Score:2)
FTS:
I'm sorry, I just have a problem with a company called Phorm using DPI. Phorm is obviously short for chloroform, which is used by the sexual predators to abduct our childrens.
DPI probably involves two predators, if the "DP" part of that is what I
Re: (Score:2)
Re: (Score:2)
Phorm according to the BBC (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
Objecting to Phorm (Score:4, Informative)
I'm still reading all the essays Canada's deep packet inspection education site, but this one seems very topical:
Objecting to Phorm [priv.gc.ca]
Bonus - Phorm's 'essay' submission (but more like marketing drivel):
Phorm: A New Paradigm in Internet Advertising [priv.gc.ca]
Horrible implications (Score:5, Insightful)
Allowing Phorm to do their thing has awful consequences. We're already in the process of having every phone call, text and email logged in a massive "just looking for terrorists, nothing to worry about" database.
Once a private company is able to execute DPI without your explicit consent, purely for profit, what's to stop the government from doing the same "for everyone's protection"? Surely that's a more worthy abuse of your right to privacy...?
Slippery slope? We're about to hit bottom, ladies & gentlemen.
Re: (Score:2)
Yes, I agree entirely, but its going to get much worse. Here's how its going to get worse...
http://slashdot.org/comments.pl?sid=1184853&cid=27428923 [slashdot.org]
Combine that post above with this one, and it shows how bad things can get...
http://yro.slashdot.org/comments.pl?sid=989785&cid=25306989 [slashdot.org]
Investigate what? (Score:2)
The UK government are with the whipped ISP's collusion, intercepting all websites anyone visits for their log files to prove you're a "terrorist" (by whatever convenient definition they used for terrorist yesterday or decided on today or tomorrow). Phorm are intercepting all your web traffic and serving up different advertising content.
How long before the two join forces and your web pages you looked for are re-written on the fly by the government for more favourable coverage, and to kill off opposition?
The
Repeat after me .... (Score:2)
The INTERNET isn't private. It is PUBLIC. What you do on the internet, what sites you go to, what you look at, what you listen to, what you do, what information you send, what you receive is ALL PUBLIC.
You want privacy? Encrypt everything you don't want anyone else to see. And you better trust the person on the other end to keep your info private, and good luck with that.
Re: (Score:2)
The INTERNET isn't private. It is PUBLIC. What you do on the internet, what sites you go to, what you look at, what you listen to, what you do, what information you send, what you receive is ALL PUBLIC.
If the people want privacy, they'll pass laws "protecting" it. All this really does is raise the bar for those who would violate your privacy, but that does indeed promote privacy for the majority of the population, which is the best you can ever really do without violating one's right to liberty.
Re: (Score:2)
Nothing like promoting a false sense of security. We don't need more laws protecting stupid people from being stupid. If people don't understand the consequences of their actions why should that affect me and what I choose to do?
We can write all the laws we want to protect people from getting burned, but the reality is, that gas and matches are dangerous.
Don't repeat after parent (Score:3)
You are arguing a false dichotomy here. While it may be true to say that the Internet is not private, it is not public either. Public means that anyone can gain access to your Internet activity. I cannot see what websites you visit -- only your ISP can see that and a subset of your Internet activity can be
Re: (Score:2)
That's news to me. I haven't a blind brass notion of what anyone else is doing online. In fact, I don't even know how I would go about finding out.
Doesn't sound very public to me.
Re: (Score:2)
Walking around the streets is PUBLIC. But if some person follows you around to note which shops you visit, and then uses this information to put billboards in front of your face as you walk around, that's stalking, and is illegal.
Google actually has consent... (Score:3, Insightful)
The big difference between Phorm and Google is Google has consent of the WEB SITES.
Neither really have "user" consent, but Google will only track you on pages which are either hosted by Google itself or derive content from Google (adwords, analytics), which specifically excludes porn etc.
Thus although both have the same objective, they have vastly different mechanisms and Google does have one-party consent, vs Phorm's no-party consent.
Re: (Score:2)
One can argue that Google has implicit consent. Nothing is forcing me to use Google's services. I could use alternative search engines, etc.. Phorm, on the other hand, the only way to opt out is to use a different ISP.
Actually, you can't... (Score:2)
Actually, you can't without serious browser hackery:
Its not google recording your searches that are your problem, its that EVERY page with Google Analytics or AdWords or Doublclick on it tells google what you are viewing.
I wrote to my MP... (Score:5, Interesting)
He wrote back saying that many people didn't realise exactly how the system worked and that supporting this motion would do no real good, but that instead he would question the Cabinet directly. As a result, some time later I had a reply from the Cabinet Minister under whose remit this fell.
And that reply was awful.
Essentially it was Phorm's press release. Not even regurgitated - the documents were straight from Phorm. There was clearly no understanding from the Minister involved what was actually being proposed, and the whole attitude smacked of "there there little one, look - the nice company here has promised they're not doing anything wrong". They'd clearly never even really considered it properly. The Information Commission too was at that time pushing the notion nothing was wrong, a stance they've clearly had to back-pedal on in the face of the E.U. pressure.
Next time I think I'll cut out the middle man and go to the Commission directly. Says nothing good about the state of our democracy, does it? An unelected quango in the Commission does the investigative work, whereas the actual democratic representatives completely ignore voter's enquiries and fob them off with press releases.
Mind you, well done to my local MP for taking the correct action in getting me a response from literally the highest level available on the subject in the UK.
Cheers,
Ian
Re: (Score:2)
Was it the correct action? I don't see what it achieved. Perhaps a successful early day motion would have made the relevent minister do a little more research. Frankly, it sounds like your MP just passed the buck.
Reality (Score:2)
Nobody likes advertising. The world would be a better place with out it, completely. No more billboards cluttering up highways and ghetto streets. No more web banners for porn on children's sites.
Is there anyone that doesn't agree? OK, except people getting paid for advertising.
So it's settled then. No more advertising and we'll all be happy.
Re: (Score:3)
As long as you understand that most of the "free" services on the Internet e.g. Google are funded by advertising. No advertising, no search engines, no free web mail, no Sourceforge etc etc etc.
Now they can be held liable for content? (Score:3, Interesting)
If this ISP is doing what it does with advertising injection, are they now officially liable for any illegal content sent through it? I know it's not in the USA, but it seems to me if you have your hand in the content delivery(web data, and so forth), the ISP could be sued for pirated mp3s, illegal content, etc.
As the owner of a website funded by adverts (Score:5, Informative)
I'm extremely concerned by Phorm.
Effectively it gives the ISP the ability to remove the adverts that fund 60% of our costs and replace them with adverts for which they would receive the entire revenue stream.
My site is funded by adverts (60%) merchandise (30%) and donations (10%).
I'm fairly sure that the community would step up and purchase more stuff and donate more, but I don't think it's realistic that this could be sustained, whereas the advertising revenue is reasonably constant.
I believe that if Phorm becomes ubiquitous that I would have to question seriously how to find the website, and would probably have to remove all adverts and to seek to have the costs covered exclusively through other means. As I'm unsure of the feasibility of this, I would have to say that in my case the loss of that revenue would threaten my ability to continue running the site, especially under the risk of redundancy in the near/mid future.
I've already implemented the Phorm opt-out cookies, and written to my local MP (who couldn't care less from the generic response I got), so it's great to see the EU step up where the UK seems to have failed.
Re: (Score:2)
This is a relatively common misunderstanding of what Phorm does.
Phorm does NOT replace adverts on websites, it only places adverts where a website owner has signed up for Phorm as an advert provider, it then uses its spying data to decide which adverts are provided to which visitor.
So you have nothing to worry on that account.
Phorm is an evil, but it's not that kind of evil.
Re: (Score:2)
> Phorm does NOT replace adverts on websites...
Yet.
Re: (Score:2)
While it's indeed worrying what phorm means for privacy and the ability of third parties to snoop on our traffic without our knowledge, I don't think what you're worrying about is the problem.
Phorm doesn't replace adverts already in place on websites. What it does do is this:
User A goes to website W.
Phorm listens in on this, records it and classifies that user as a website-W sort of person - phorm pays your ISP to let them do this.
User A goes to website X. They have phorm-supplied ad bars. User A now sees a
Re: (Score:2)
> Phorm listens in on this, records it and classifies that user as a website-W sort of
> person - phorm pays your ISP to let them do this.
Why doesn't it pay the user?
> Or horse porn adverts, if that's what your other family members get up to.
Why doesn't each of your family members have a seperate account on the machine?
Re: (Score:2)
Why doesn't it pay the user?
Because the users are a commodity for the ISP to sell to advertisers. What, you thought this was for YOUR benefit?
Why doesn't each of your family members have a seperate account on the machine?
AFAIK from previous statements, it doesn't use a local browser cookie for tracking (too easy to mess with), only for opt-out - I believe it's based upon IP/mac address outbound; if you're all behind a single NAT router, it'll combine you all together.
Hey, I didn't design the thing.
Re: (Score:3, Insightful)
Firstly, we should all remember that what is known about Phorm comes from Phorme's employees and they have not been models of accuracy and full disclosure.
But the use described opt-out mechanism implies that people will have to keep opting out. IP addresse
Re: (Score:3, Informative)
Opting out is done via browser based cookie according to the ISPs that have implemented it so far. Every single browser you use on every single pc on every single account will have to be opted out manually, and re-opted out every time with changes.
*All* webtraffic you send via your ISP (that's not say, in a vpn) will go through phorm's systems at the ISP, overhead and all. If there's an opt-out cookie set, they suppposedly ignore that traffic for classification purposes. They also supposedly ignore personal
Re: (Score:2)
Sounds like it's time for encrypted VPN. If I was subscribed to one of these ISPs, and couldn't find an alternative, that's what I'd be doing. It would slow things down a bit, unfortunately.
Re: (Score:2)
If Tor were faster, I'd use that. In the absence, VPN out of the country will do.
Re: (Score:2)
Re: (Score:2)
So what you're saying is I should move to Denmark?
Re: (Score:2)
Unfortunately, Super Awesome Broadband would be Super Slow Narrowband where I live - i.e. in a city, but unable to see the telephone exchange from my bedroom window.
After a year of struggling over the ethics of switching to a monopolistic, Phorm-supporting, bandwidth-throttling FTTC cable [wikipedia.org] supplier [virginmedia.com] instead of my morally superior [ukfsn.org] DSL connection, I finally gave in. Goodbye 800Kbit/s, hello 20Mbit/s.
Now I do have trouble sleeping at night, but I can just stream HD video to wile away the time.