BT Silences Customers Over Phorm

An anonymous reader writes "The Register reports that BT, the UK's dominant telecom and internet service provider, has 'banned all future discussion of Phorm and its "WebWise" targeted advertising product on its customer forums, and deleted all past threads about the controversy dating back to February.' Phorm is a controversial opt-out system for delivering targeted advertising that intercepts traffic passing through an ISP in order to profile subscribers via an assigned unique ID based on their online activities. Subscribers can opt-out at the Webwise website but are opted-in again if the Phorm cookie is cleared. Firefox users can install Melvin Sage's Firephorm add-on to manage their interaction with Phorm and Webwise."

Heuristic:

[fuzzyfuzzyfungus]

If you have to suppress speech about what you are doing, you shouldn't be doing it.

Not a tech support issue?

[cjfs]

Our broadband support forums are designed to be a place where customers can discuss technical support issues and offer solutions.

And someone hijacking and modifying your data isn't a technical support issue?

Wasn't Google working on something against this?

[mlts]

I remember Google was working on something on the app layer that would guard against this type of connection hijacking but without the setup and teardown overhead of full blown SSL.

Its probably in Google's best interest to get something like this widely deployed -- a lot of ISPs are frothing at the mouth to get Phorm/NebuAd on their networks for more revenue streams, and it won't be long before a Google query would not route to Google (even if done at www.google.com), but to wherever the ISP desires.

Typical BT Behavior

[Your Anus]

Isn't this the same BT that sued everyone claiming a patent on hyperlinking? Would you expect anything less from these drones?

What about wget ?

[mmu_man]

Firefox can keep a cookie, but what about all those apps doing http requests (wget, media players, apt-get...) without maintaining cookies ??? Those can't opt-out, so basically they are forcing that on you.
That's just plain discusting anyways.

Re:Just a thought...

[andymadigan]

Advertising in television is done with the consent of the content creators, not so with Phorm. Modifying a site in this manner is completely unacceptable, there is no discussion to be had.

If it were done with the consent of the content creators, there would be little or no benefit over google ads.

Re:What about wget ?

[corsec67]

Plus, if they are basing opt-out on a cookie, they are still doing deep packet inspection, since the cookie isn't in the TCP/IP packet headers (being an application layer thing and all).

I would think that people would want to opt out of Phorm interacting with their data at all, not setting a flag that is essentially "don't use this data for marketting purposes."

Re:Not a tech support issue?

[mlts]

Not just hijacking and modifying data, but an active classic man in the middle attack.

Imagine this ad server being compromised, and instead of "just" adding random ads to pages and logging customer activities for sale, picture it redirecting to phishing sites or just grabbing passwords sent to sites that are not SSL protected.

Re:Not a tech support issue?

[mrsteveman1]

If you are a BT subscriber, it appears nothing is out of their reach at this point.

Re:Just a thought...

[Rakishi]

The difference is that my TV doesn't track what I watch, who I watch it with, who I talk to, what mail I send and when I go to the bathroom.

Re:Not a tech support issue?

[AnalPerfume]

The smart person would see the lack of criticism as a pretty obvious sign that the site is being stage managed to hide the negative. Any time I compare products / services I look for the good and the bad reviews; the lack of any bad reviews means I stay away from it for just this reason. The lack of a thing can tell just as much as the presence of a thing.

Perhaps an Enterprising Brit could make cash?

[mlts]

What a company could do, assuming it had the cash for reasonable Internet peering, would be to make a VPN service. Give directions for novice BT users to set up and route through. It doesn't have to be an "anonymous" service, however it would be a boon for privacy if TCP/IP logs are held just long enough in case of a security issue (or to make the UK government happy), and then promptly deleted. This service would be hosted physically in the UK to ensure decently fast connections, as opposed to other services located elsewhere around the world where packets would possibly have to cross through high latency overseas lines.

It could offer the usual PPTP services. It can also offer a SSL proxy (plain or using stunnel) for Web traffic so only the Web browser would have to be configured if the user doesn't have administrative rights. For users using ssh, it can offer PPP over ssh.

Then, this company can provide some decent instructions for people to set up a VPN to its site with the usual operating systems (Linux, OS X, BSD, Windows.)

Of course, BT could try to block or throttle the packets, but that is starting a type of legal battle with another company that may not be in BT's interest.

Re:What about wget ?

[QuantumRiff]

Thats really the key of this all. The cookie prevents it from showing you ads. It does not stop the DPI, and tracking.

Re:Heuristic:

[TubeSteak]

[Adam Liversage, BT's chief press officer] said the fact that BT had chosen not only to close the threads but delete them entirely was insignificant. "It doesn't matter either way because the people who are following this will have the threads backed up in multiple copies," he said.

Wow, that's something only a PR man could say with a straight face.

Seems they don't want to admit the difference between stopping speech and suppressing it.

Re:Just a thought...

[shentino]

...yet...

Re:Heuristic:

[Z00L00K]

Another question is if they by injecting information into the HTML stream is violating the copyright of the original content.

Otherwise this is also a good motivation for sites and users to use HTTPS more.

Re:Heuristic:

[theaveng]

Well...

As someone who's been banned from a couple forums, I can attest that "forums are private and there's no requirement for free speech". In other words the owner of the forum can be a dictatorial censor is that's what he wishes; it's his forum. Same applies to British Telecom.

The only catch: If BT is a government-owned company, then the government may be in violation of its own laws. Too bad the U.K. doesn't have some "supreme law of the land" to act as a contract which the government must follow, and provides guarantees such as free speech which cannot be over-ruled by a politician.

Re:Heuristic:

[theaveng]

It surely violates the webowners' rights, who PAID to have their ads appear on your screen, but instead British Telecom is blocking them: "BT Webwise also personalizes the online advertising you see when browsing on participating websites by linking ads to your interests. For example, if you search for a weekend trip to Paris or visit pages related to Paris, BT Webwise would replace the standard ads....."

I know if I was Google, Apple, Microsoft, or some other website, I would not be happy.

Ads are what pay my bills. How dare BT remove my revenue-source and jeopardize my ability to continue providing a Free website to my customers?

Re:Heuristic:

[SmokeyTheBalrog]

The US has a "supreme law of the land" yet that hasn't stopped the government from blatantly ignoring it whenever it's convenient.

And I'm not talking about just the last eight years.

Re:Heuristic:

[digitig]

If BT is a government-owned company

It isn't.

then the government may be in violation of its own laws.

They're not.

Too bad the U.K. doesn't have some "supreme law of the land" to act as a contract which the government must follow

It does.

and provides guarantees such as free speech which cannot be over-ruled by a politician.

It does. It could be over-ruled by a whole lot of politicians working together, of course. Can you say "constitutional amendment"? Or maybe "Patriot Act" is easier (at least, it was for the politicians).

Copyright Issue

[secondhand_Buddah]

Surely Phorm violates copyright at some level?
They are effectively modifying content in such a way that what is presented, is not what was published
There could also be some issues effecting the value of the content. I create content, and BT defaces it before it reaches my client/consumer, they are in a sense effectively damaging my property and assets. If I was a large website owner I might take offense to this kind of behavior.

Re: "Praising with Faint Damnation"?

[TaoPhoenix]

There used to be a phrase "Damn with faint praise". Said in an Alan Rickman snarl one would completely wither the opposition with some remark. Such as: after a resounding technical explanatory victory, the opponent murmurs, "nice vocabulary."

You're right that if stuff looks totally "Pleasantville" then it comes through kinda snitty. But if you allow some *token* complaints, you can give the illusion of fairness while still hiding the killer points.

"Announcement: Posted by Admin: We're sorry if you experience some site slowdowns while we transition our content provider software". (Yea, my site is "slower" because a botch in your proramming made my paid ad provider's ad hang upon loading. That does't do anything towards the fact that it was just fine last month.)