Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Privacy Communications Networking Your Rights Online

BT Silences Customers Over Phorm 196

Posted by Soulskill
from the lalala-i-can't-hear-you dept.
An anonymous reader writes "The Register reports that BT, the UK's dominant telecom and internet service provider, has 'banned all future discussion of Phorm and its "WebWise" targeted advertising product on its customer forums, and deleted all past threads about the controversy dating back to February.' Phorm is a controversial opt-out system for delivering targeted advertising that intercepts traffic passing through an ISP in order to profile subscribers via an assigned unique ID based on their online activities. Subscribers can opt-out at the Webwise website but are opted-in again if the Phorm cookie is cleared. Firefox users can install Melvin Sage's Firephorm add-on to manage their interaction with Phorm and Webwise."
This discussion has been archived. No new comments can be posted.

BT Silences Customers Over Phorm

Comments Filter:
  • Heuristic: (Score:5, Insightful)

    by fuzzyfuzzyfungus (1223518) on Saturday November 22, 2008 @01:09AM (#25855497) Journal
    If you have to suppress speech about what you are doing, you shouldn't be doing it.
    • Re:Heuristic: (Score:5, Insightful)

      by TubeSteak (669689) on Saturday November 22, 2008 @03:10AM (#25855971) Journal

      [Adam Liversage, BT's chief press officer] said the fact that BT had chosen not only to close the threads but delete them entirely was insignificant. "It doesn't matter either way because the people who are following this will have the threads backed up in multiple copies," he said.

      Wow, that's something only a PR man could say with a straight face.

      Seems they don't want to admit the difference between stopping speech and suppressing it.

      • Re:Heuristic: (Score:4, Insightful)

        by theaveng (1243528) on Saturday November 22, 2008 @05:50AM (#25856429)


        As someone who's been banned from a couple forums, I can attest that "forums are private and there's no requirement for free speech". In other words the owner of the forum can be a dictatorial censor is that's what he wishes; it's his forum. Same applies to British Telecom.

        The only catch: If BT is a government-owned company, then the government may be in violation of its own laws. Too bad the U.K. doesn't have some "supreme law of the land" to act as a contract which the government must follow, and provides guarantees such as free speech which cannot be over-ruled by a politician.

        • Re:Heuristic: (Score:5, Insightful)

          by SmokeyTheBalrog (996551) on Saturday November 22, 2008 @07:40AM (#25856803)
          The US has a "supreme law of the land" yet that hasn't stopped the government from blatantly ignoring it whenever it's convenient.

          And I'm not talking about just the last eight years.
          • by theaveng (1243528)

            As far as I can tell the U.S., States, and other courts enforce the Supreme Law quite well. Not perfectly, but better than if we had no Supreme Law to protect our free speech.

        • Re:Heuristic: (Score:5, Insightful)

          by digitig (1056110) on Saturday November 22, 2008 @08:25AM (#25856925)

          If BT is a government-owned company

          It isn't.

          then the government may be in violation of its own laws.

          They're not.

          Too bad the U.K. doesn't have some "supreme law of the land" to act as a contract which the government must follow

          It does.

          and provides guarantees such as free speech which cannot be over-ruled by a politician.

          It does. It could be over-ruled by a whole lot of politicians working together, of course. Can you say "constitutional amendment"? Or maybe "Patriot Act" is easier (at least, it was for the politicians).

          • by GWLlosa (800011)
            Um.... I don't think they have the Patriot Act in the U.K....
            • by digitig (1056110)
              That was rather my point. a "supreme law of the land" doesn't provide the protection that theaveng seems to think it does.
        • As an ISP, BT does not "own" the data it transmits over its wires, any more than UPS owns the packages they're transporting between people.

          The rest of your argument is then ridiculous.

  • by Anonymous Coward on Saturday November 22, 2008 @01:12AM (#25855521)

    I'm concerned about how they're hiding the history of ***** use. Deleting post on ***** is quite extreme, and who knows what they'll do next? Start censoring the use of ***** on their network?

  • by cjfs (1253208) on Saturday November 22, 2008 @01:17AM (#25855549) Homepage Journal

    Our broadband support forums are designed to be a place where customers can discuss technical support issues and offer solutions.

    And someone hijacking and modifying your data isn't a technical support issue?

    • by icebike (68054) on Saturday November 22, 2008 @01:59AM (#25855729)

      This seems to be the tactic of the day. Apple does the same thing in their forums, delete any posts mentioning things they don't want mentioned on the grounds that it is a user to user technical support forum.

      Yet you can post gushing praise of Apple without asking for help or offering to help and the moderators leave those fanboy posts alone.

      This is a good reason to start an independent forum on any one of a number of forum hosting sites, preferably out of the reach of BT.

      • Re: (Score:3, Insightful)

        by mrsteveman1 (1010381)

        If you are a BT subscriber, it appears nothing is out of their reach at this point.

      • by AnalPerfume (1356177) on Saturday November 22, 2008 @02:34AM (#25855847)
        The smart person would see the lack of criticism as a pretty obvious sign that the site is being stage managed to hide the negative. Any time I compare products / services I look for the good and the bad reviews; the lack of any bad reviews means I stay away from it for just this reason. The lack of a thing can tell just as much as the presence of a thing.
        • by theaveng (1243528)

          Most people aren't that smart.

          They don't see negative reviews, so they never think anything is amiss. ("Out of sight; out of mind.") Removing negative reviews is an effective strategy for BT to use.

          • There used to be a phrase "Damn with faint praise". Said in an Alan Rickman snarl one would completely wither the opposition with some remark. Such as: after a resounding technical explanatory victory, the opponent murmurs, "nice vocabulary."

            You're right that if stuff looks totally "Pleasantville" then it comes through kinda snitty. But if you allow some *token* complaints, you can give the illusion of fairness while still hiding the killer points.

            "Announcement: Posted by Admin: We're sorry if you experien

        • by iONiUM (530420) *
          What if something was just so fucking awesome it really didn't have any bad reviews? Then you'd miss out on potentially the most fantastic product ever. Fail
        • Exactly my problem with blogs that censor negative comments.

      • by RocketRabbit (830691) on Saturday November 22, 2008 @02:53AM (#25855923)

        I encountered this with Apple. I was on their forum a few times, making rational complaints that they didn't support a certain professional camera's RAW files (Epson R-D1). Within hours, the post would be deleted. The first time I thought it was a glitch. After that I knew they were fucking with me.

        • Oh ye of little faith!

          I encountered this with Apple. I was on their forum a few times, making rational complaints that they didn't support a certain professional camera's RAW files (Epson R-D1). Within hours, the post would be deleted. The first time I thought it was a glitch. After that I knew they were fucking with me.

          Some people just Don't Get it. Apple DOES have RAW support for the Epson D1 [apple.com]. Your problem was you were in a hurry. Apple, in it's Mysterious Ways, was way ahead of you. They knew suppo

        • by wikinerd (809585)
          why make a complaint about a product on the manufacturer's website and not your own website or a third-party website that accepts such complaints?
          • by spazdor (902907)

            Because my own site doesn't get much traffic from users (and potential users) of the manufacturer's product.

            If a third-party forum exists, then bully. But not all manufacturers and service providers are unlucky enough to have a community-run forum to watchdog 'em.

      • by Xiroth (917768) on Saturday November 22, 2008 @04:40AM (#25856245)

        Hmm, here in Australia we have Whirlpool [whirlpool.net.au] for exactly that. The forums are very active, and all of the major ISPs have employees who get involved to at least refute rumours and clarify information about their services. It's being able to get unfiltered comments from customers which is the most valuable, though. It's a very useful resource.

    • by mlts (1038732) * on Saturday November 22, 2008 @02:11AM (#25855775)

      Not just hijacking and modifying data, but an active classic man in the middle attack.

      Imagine this ad server being compromised, and instead of "just" adding random ads to pages and logging customer activities for sale, picture it redirecting to phishing sites or just grabbing passwords sent to sites that are not SSL protected.

  • Same here ... (Score:2, Interesting)

    by Jahf (21968)

    My ISP recently turned on a similar system. I'm quite unhappy about it but I really don't have a realistic alternate ISP (boonies, telco, blah blah blah). It really does suck when things like this happen. I don't do anything illegal, but I still like my (relative) privacy and the ISP is the easiest place to attach my real identity to my data paths.

    So, for now, I'm pondering going back to a fulltime SSH VPN to my web host for everything except the few apps I use that need low latency.

  • by mlts (1038732) * on Saturday November 22, 2008 @01:18AM (#25855553)

    I remember Google was working on something on the app layer that would guard against this type of connection hijacking but without the setup and teardown overhead of full blown SSL.

    Its probably in Google's best interest to get something like this widely deployed -- a lot of ISPs are frothing at the mouth to get Phorm/NebuAd on their networks for more revenue streams, and it won't be long before a Google query would not route to Google (even if done at www.google.com), but to wherever the ISP desires.

  • by Your Anus (308149) on Saturday November 22, 2008 @01:35AM (#25855637) Journal
    Isn't this the same BT that sued everyone claiming a patent on hyperlinking? Would you expect anything less from these drones?
  • What about wget ? (Score:5, Insightful)

    by mmu_man (107529) on Saturday November 22, 2008 @01:50AM (#25855705)
    Firefox can keep a cookie, but what about all those apps doing http requests (wget, media players, apt-get...) without maintaining cookies ??? Those can't opt-out, so basically they are forcing that on you.
    That's just plain discusting anyways.
    • Re: (Score:2, Informative)

      by mmu_man (107529)
      Actually wget can use cookies, but you have to pass it a cookies file each time... so any script using it will miss the thing.
      • Re: (Score:3, Informative)

        by tck42 (227122)
        Or just us a .wgetrc file and specify your cookie file in there. I use curl instead, but same idea with .curlrc...
        • wget and curl may store cookies, but how would you perform the opt-out procedure in these clients anyway? ;)

          My understanding is that you have to opt-out in every client that you use on every system that you own and ensure that the opt-out cookie does not expire and is never cleared. Ironically it's likely that certain pro-privacy software will clear cookies, including the option in Firefox to clear private data on exit.

          It's certainly an interesting solution from the good folks at Phorm and BT for giving sub

    • by corsec67 (627446) on Saturday November 22, 2008 @02:01AM (#25855745) Homepage Journal

      Plus, if they are basing opt-out on a cookie, they are still doing deep packet inspection, since the cookie isn't in the TCP/IP packet headers (being an application layer thing and all).

      I would think that people would want to opt out of Phorm interacting with their data at all, not setting a flag that is essentially "don't use this data for marketting purposes."

    • That's just plain discusting anyways.

      Well what if I like custard? What of it?

    • It occurs to me that it would be nice if Firefox/IE exposed your local cookie data to third party applications through some sort of generalized API call.

      I'm sure its not that hard ... but neither is SOCKS support and getting third party apps to support it is still a pain :).

  • by corsec67 (627446) on Saturday November 22, 2008 @02:18AM (#25855795) Homepage Journal

    Since it seems like they store a copy of the websites visited, could a website have a license that is "only end users can keep a copy of the data on this site", and then sue Phorm if they keep the data? Or would their impersonating other servers be fraud, especially if people have the "opt-out" cookie?

    Looking at the wiki diagram [wikipedia.org] of what they do, that is just insane. They are a man in the middle, adding cookies, hiding cookies, redirecting requests to unrelated sites, etc. They are slowing down every site, and what happens if they get overloaded? Does everything come to a halt?

    Imagine if someone got a server on a network and added an entry to webwise.net to the /etc/hosts file (or equivalent), they would get a record of every site that everyone with the extra DNS entry visited. Combine a server with a DNS poisoning attack, and you can get the traffic for a large number of people.
    Maybe people should point www.webwise.net to a non-routing address to be safe?

    • by TheRaven64 (641858) on Saturday November 22, 2008 @09:01AM (#25857021) Journal

      There is absolutely no way in which this isn't copyright infringement. Any web page is copyrighted. This comment is copyrighted and owned by me. The Slashdot terms of use say that they get a nonexclusive distribution right to them. No one else has the right to reproduce them or modify them. The complete page is also copyrighted and owned jointly by all of the posters and by Slashdot.

      A carrier has an implicit license to distribute exact copies to their customers and, if the correct headers are set, to cache a copy. Inserting adverts, however, is creating and distributing a derived work from the copyrighted material. Since they profit from the adverts, it counts as commercial infringement, which typically has much larger financial penalties.

      The maximum fine for online copyright infringement in the UK is now £5,000 per offence. Every single page that is modified counts as an instance of infringement. The total fines would come to more than the market capitalisation of BT at the moment.

      • Re: (Score:2, Interesting)

        by maxume (22995)

        There is absolutely no way in which this isn't copyright infringement. Any web page is copyrighted. This comment is copyrighted and owned by me. The Slashdot terms of use say that they get a nonexclusive distribution right to them. No one else has the right to reproduce them or modify them. The complete page is also copyrighted and owned jointly by all of the posters and by Slashdot.

        A carrier has an implicit license to distribute exact copies to their customers and, if the correct headers are set, to cache

      • by Blue Stone (582566) on Saturday November 22, 2008 @02:32PM (#25858945) Homepage Journal

        Please mod this and all similar posts down (nothing personal TheRaven64).

        Phorm is not "Inserting adverts [and thus] creating and distributing a derived work from the copyrighted material."

        It is performing a man-in-the-middle attack to glean information from all ISP subscribers, and using that information to serve 'tageted adverts' on PARTICIPATING websites; sites that have signed up to use Phorm as an advertising provider.

        The only copyright infringement that might occur is that Phorm scrapes websites (by hijacking the ISP subscriber's session) but does not respect the robot text. It can therefore (arguably) be said to be in breach of a website's usage agreement.

        Phorm have said that they respect the robot.txt restrictions only in agregate: where no robots are allowed they will not go, but if ANY specific spidering is allowed, they (wrongly) calim that they are also allowed.

        Phorm (and apparently also BT) are scum. I pray that they're found guilty of computer misuse, but this will have to be the result of a ruling by the EU (rather than the incompetent British government).

        It goes without saying that, should this happen, the guilty parties will not serve jail time (since they are corporate and rich with contacts in the government) but hopefully, the immoral and corrupt spyware scheme that BT is creating with Phorm will be stopped.

        • Ah, sorry, I misunderstood what Phorm did. In this case, it appears to be a more interesting problem. It doesn't fall under the computer misuse act, since it is only stuff going over their networks that they are inspecting and modifying. It does, however, fall under the data protection act. As a BT customer, you are allowed to request that they give you copies of all data that they have on you (including this), that they delete all of this data, and most importantly they are required to get permission f
      • by wikinerd (809585)

        Inserting adverts, however, is creating and distributing a derived work from the copyrighted material

        I am not a lawyer, but what could one say if they said that by merely putting your copyrighted material and their adverts next to each other without changing your material they are only putting two copyright works in a collection rather than creating a derived work? I have the impression that mere collections or aggregations of copyrighted works are not the same as derived works.

        I don't mean to support them or anything like that, but only to see what defence one could use against a claim such as that.

  • by AnalPerfume (1356177) on Saturday November 22, 2008 @02:27AM (#25855823)
    For years I assumed I needed to pay BT for the line rental so I could get broadband through the telephone line, as I assumed only they could provide it. I got my calls and broadband from companies who give a shit about their customers. Then I found out that there are several companies who can do line rental / call / broadband deals (all of those I checked out were cheaper than BT, and not all signed up for Phorm). When I found this out I was completely away from BT within one month. If you're in the UK, and value privacy and a company who actually wants to please you, I suggest you do some Googling and be prepared to switch. They escaped criminal punishment, government punishment, the only reason they keep doing it is that they assume most people believe they are stuck with BT. If you do switch, make sure you tell them why; who knows, if they see enough rats abandoning ship it may make them rethink the Phorm deal. ispreview.com & adslguide.org should give you a starting point.
    • by mmu_man (107529)
      Wow, it's amaizing ISPs don't publicize total degrouping in UK while it's been there in france for years... I thought UK was all about free market and you still have a single operator visible ? how odd.
      • by jonbryce (703250)

        Tiscali are quite keen to get you to switch everything to them, as are TalkTalk. But TalkTalk are also involved in Phorm so don't switch to them.

      • Parts of the country also have Virgin Media (cable), and the mobile phone operators Vodafone and 3 have well publicised 3G networks. These do not go over BT lines at all.

        The BT network is in fact so poor in our area that I do all my deployment update downloads for our company at home on Virgin (20Mbit/s downloads) and thus get better total download speeds than our office BT business lines.

        Although BT is officially a private company, it cannot really be one because national infrastructure runs over its lines

    • Why don't you name the companies who are providing your connections? Have they requested your silence on the matter?

  • by mlts (1038732) * on Saturday November 22, 2008 @02:55AM (#25855939)

    What a company could do, assuming it had the cash for reasonable Internet peering, would be to make a VPN service. Give directions for novice BT users to set up and route through. It doesn't have to be an "anonymous" service, however it would be a boon for privacy if TCP/IP logs are held just long enough in case of a security issue (or to make the UK government happy), and then promptly deleted. This service would be hosted physically in the UK to ensure decently fast connections, as opposed to other services located elsewhere around the world where packets would possibly have to cross through high latency overseas lines.

    It could offer the usual PPTP services. It can also offer a SSL proxy (plain or using stunnel) for Web traffic so only the Web browser would have to be configured if the user doesn't have administrative rights. For users using ssh, it can offer PPP over ssh.

    Then, this company can provide some decent instructions for people to set up a VPN to its site with the usual operating systems (Linux, OS X, BSD, Windows.)

    Of course, BT could try to block or throttle the packets, but that is starting a type of legal battle with another company that may not be in BT's interest.

  • So find a forum somewhere else that can be used for all the legal/moral/ethical/boycott/etc issues. If there isn't one, make one (rent a server).

  • by IAmAI (961807) on Saturday November 22, 2008 @03:30AM (#25856031)
    I thought it had been decided that Phorm was only legal in the UK if it was an opt-in service, rather than an opt-out service?
  • Glad I Left (Score:3, Interesting)

    by KingJ (992358) on Saturday November 22, 2008 @05:51AM (#25856431) Homepage
    I left BT a few months ago after they continued with the trial, despite massive outcry from customers and other internet users. Thankfully, here in the UK it's easy to switch ADSL providers, just request a MAC transfer code and give it to your ISP. I moved to ADSL24, a reseller of Entanet who are very open about their network, while other ISPs like to hide it. I have been extremely satisfied with my new provider, and I am going to make sure that I never give any money to BT again. Bad idea to annoy those younger customers, they've still got quite a lot to spend into the future.
  • by sakdoctor (1087155) on Saturday November 22, 2008 @06:14AM (#25856507) Homepage

    What would happen if the webwise.net domain (which shares an IP with phorm.com) was to accidentally get DDOSed?

    Going by the Phorm diagram on wikipedia, it would seem that webwise.net is a central point of failure for the system.

  • Injection warnings (Score:3, Informative)

    by Wowsers (1151731) on Saturday November 22, 2008 @06:50AM (#25856641) Journal

    It's about time that all http web traffic was https instead, so the likes of BT could not inject their garbage into pages without people knowing the pages have been compromised.

  • IANAL nor do I know how UK copyright law works but why doesn't someone who owns a website (preferably one involving paid content or something) and who also has an account with BT visit their website via their BT connection, have all the inserted ads come up and then sue BT for copyright violation.

  • I can't believe that whoever handles this stuff for BT isn't aware of the "Streisand Effect." Maybe their PR staff had nothing to do with it.

    It's the stupidest thing you can do these days, tring to censor your customer base in public like that.

    It's one of the things that really makes me feel good about the internet, and one of the few phenomenons in these times where people can organize (without even organizing) and change the behavior of a corporate behemoth.

    It must drive authoritarian corporations and gov

  • Copyright Issue (Score:3, Insightful)

    by secondhand_Buddah (906643) <(secondhand.buddah) (at) (gmail.com)> on Saturday November 22, 2008 @09:20AM (#25857099) Homepage Journal
    Surely Phorm violates copyright at some level?
    They are effectively modifying content in such a way that what is presented, is not what was published
    There could also be some issues effecting the value of the content. I create content, and BT defaces it before it reaches my client/consumer, they are in a sense effectively damaging my property and assets. If I was a large website owner I might take offense to this kind of behavior.
  • As a web author:

    -> I did NOT give them permission to place or inject their ads on *my* site.

    -> I have no control over what ads are delivered with my content -- some of it may be counter to things I beleive, and some ads may imply an endorsement of products, people or policies that I abhor.

    -> I am not recieving ad revenues from their ad hits which my site geneates for them.

    To me, this is outright theft of my content to generate revenue for them. I beleive the legal term is "conversion", taking some

  • I wonder why these types of companies aren't doing away with cookies altogether and getting their clients to install a completely server-side monitoring system.

    Nobody would even have a cookie to delete in that case.

  • Can a site admin request that nothing form a given site be looked at, or will I have to put up with the private forum I visit (not to mention every IRC network and MUD, which can't be opted out of at all) being spied on because a single person forgot to opt out?

  • I don't know about the UK's views on it, but I'm pretty sure this is a colossal privacy issue that SHOULD run afoul of consumer protection and privacy laws. If this starts to show up here in Canada, you could expect a pretty significant uproar and an appeal to the government to stop this sort of thing before it becomes habit.

    Are there no privacy laws in the UK? Is it seriously that bad?

The clearest way into the Universe is through a forest wilderness. -- John Muir