Forgot your password?

Wikipedia Opts Out Of Phorm 98

Posted by timothy
from the phorm-of-their-objection dept.
ais523 writes "Wikipedia (and other websites run by Wikimedia) have requested to opt-out from Phorm; according to the email they sent, they 'consider the scanning and profiling of our visitors' behavior by a third party to be an infringement on their privacy.'" Another reader points to this post on which includes a confirmation from Phorm that those sites will be excluded.
This discussion has been archived. No new comments can be posted.

Wikipedia Opts Out Of Phorm

Comments Filter:
  • The official post (Score:5, Informative)

    by David Gerard (12369) <slashdot AT davidgerard DOT co DOT uk> on Thursday April 16, 2009 @06:41PM (#27604685) Homepage

    Wikimedia Tech Blog post [].

    (This would have happened sooner, but Brion was snowed under.)

    • I'm hoping the BBC will be next.

      • Re:The official post (Score:4, Interesting)

        by OldakQuill (1045966) on Thursday April 16, 2009 @08:18PM (#27605635)

        The BBC can't opt-out at the moment. It seems that major sites which do opt-out at the moment make news (including headlines at []). It'd be quite reflexive for the BBC to opt-out from a scheme run by a major UK telecommunications company and to report it on their news website, since that is a major source of their web traffic. The BBC News website itself would be making the news by undermining BT's scheme on the grounds of privacy invasion. When enough sites have opted-out for it to be non-news, they could do it.

        Also, the BBC and BT have to work with each other on things like iPlayer, the online television/radio delivery platform. Perhaps the BBC are avoiding opting-out on these grounds too.

        Then again, since the BBC has a special place in the UK regarding license fee and lack of advertising, perhaps they were opted-out of the scheme from the beginning.

        • Re: (Score:3, Insightful)

          by EdZ (755139)
          You don't know the BBC. They've reported on their OWN internal scandals in the past, and tried pretty well to remain unbiased over them.
          • It's a sad, sad world when governmental owned news media are less biased than privately owned ones. My socialist buddy will heckle me with this for ages if he finds out...

            • by Shrike82 (1471633)
              The BBC aren't owned by the Government. It's operated and regulated by the BBC Trust, and it was originally set up by a bunch of telecom companies.
            • The BBC is not government-owned. It is an independent media corporation, formed by a Royal Charter.

            • This is what many Americans don't get about the BBC. All they think is "it is run by the government, they must have their hands in it".

              The reason the BBC can remain so unbiased is because they have no need to profit or grow the company. They know they will be funded next year, they have a government mandate and direct taxation supporting them. Also, it is an arms length from the government. They have a charter to collect the TV tarrif directly - the government does not directly fund them to my knowledge.


              • by Acer500 (846698)

                Since they don't have to worry about marketing and soliciting advertising, they can devote 100% of their time and energy on reporting on the news to the best of their ability.

                Not to mention they get a leftover budget for cool shows like Top Gear :)

            • Why do you say that it's sad? In my perfect world, I'd be more likely expect a privately-owned source to be tainted by the views of its owners, and a governmental one to be closer to reality.

        • by mdwh2 (535323)

          Firstly, the BBC can and do report on their own news.

          Secondly, I'm confused as to your logic - are you really saying that the BBC can't do anything that would be "newsworthy", because they might get into some circular-metajournalistic-tangle over whether to report it or not? Either they'll report it, or they won't, but it would be ludicrous to suggest they were prevented from being able to carry out the action itself, whether or not it gets reported.

    • by Dreen (1349993)

      Not nearly all Wikimedia domains are included there, for example only handful of wikipedia.* is that because the other ones are only redirects or something?

      • That's everything which Wikimedia directly controls DNS for. There's others that have different technical or administrative contacts listed. They've been alerted they should do it themselves too.
        • Re:The official post (Score:5, Informative)

          by brion (1316) on Thursday April 16, 2009 @08:08PM (#27605513) Homepage
          Those are also not actual Wikipedia content sites, but either redirects or sites of local Wikimedia chapters. All our actual content is on our own domains -- for instance German-language Wikipedia is at [] not [] which is a portal page maintained by Wikimedia Deutschland. (In part because German courts routinely shut down in preliminary injunctions... ;)
          • Brion,

            I would like to extend my gratitude to you for supporting the campaign and opting the Wikimedia Foundation out, myself and other campaigners are very appreciative of the support.


            Alexander Hanff
            Founder of NoDPI.Org
  • sorry I dont understand

    where is the list of websites who have opt'd out of webwise ?

    and since webwise is not active at the moment what good will this do ?


    John Jones

    • by David Gerard (12369) <slashdot AT davidgerard DOT co DOT uk> on Thursday April 16, 2009 @07:13PM (#27605011) Homepage

      The Open Rights Group is keeping a list of people it's asked to loudly and publicly tell Phorm to phuck off. Amazon opting out made lots of mainstream media a couple of days ago; looks like Wikimedia doing the same will get a bit of notice too.

      The point is to publicise that Phorm (a) exists and (b) is a bad thing. Schemes like Phorm only get away with existing insofar as people aren't aware of them.

      • by TubeSteak (669689) on Thursday April 16, 2009 @07:57PM (#27605407) Journal

        Schemes like Phorm only get away with existing insofar as people aren't aware of them.

        Schemes like Phorm exist because they are opt-out.

        Numerous studies have shown that people are lazy and won't even do things that are in their best interest if they have to exert even minimal effort. That's why opt-out is so successful.

        • by oldhack (1037484) on Thursday April 16, 2009 @09:44PM (#27606451)

          "Numerous studies have shown that people are lazy and won't even do things that are in their best interest if they have to exert even minimal effort. That's why opt-out is so successful."

          Or because opt-out is a fraudulent scam. We've got ten thousand and one things to keep track of for real life, and I don't see why we should have to keep track of opt-out status for every pissant website.

          • That's exactly what's wrong with opt-out in the first place.

            "Here, you are now a member of the Church of Opportunist worshippers. That costs just one buck a day, you can pay a year in advance without worries, and of course the moment you tell us you don't want to be a worshipper anymore, we'll terminate your contract immediately"

            This is fine if you first opt-in. I.e., if you have to come to me to worship me and pay me for it (not bloody likely, but hey, if you really wanna...). If it's just "done" to you, p

          • Definitely the latter. We have become so accustomed to the fact that "opt-out == spam-me-to-hell-now-i've-confirmed-that-i-exist", nobody trusts the option any more. Which is why people take steps with appropriate hosts-file blocking or firefox extensions.
        • by bit01 (644603) on Thursday April 16, 2009 @10:46PM (#27606911)

          Numerous studies have shown that people are lazy

          Numerous studies have shown that people attempt to rationally allocate their time and attention.

          There are millions of businesses in this world. It is not humanly possible to opt-out of all their marketing drivel even when there a cost-benefit in doing so.

          Marketers steal the time and attention of many people to make a sale to one person and then act all surprised when those people get pissed. Spam is just the extreme example of that, unfortunately becoming less extreme all the time.


          The USA is

        • Re: (Score:1, Flamebait)

          by Tom (822)

          And that's why opt-out should be illegal. No exceptions. Massive fines. That would end all the spam and scamming right there, at least for the legal part (you still have to find and prosecute the guys, of course, but you don't need any huge laws).

          So where are the class-action lawsuits? Americans, I'm looking at you, you make a case out of everything, what's taking you so long?

          • by Acer500 (846698)

            And that's why opt-out should be illegal. No exceptions. Massive fines. That would end all the spam and scamming right there, at least for the legal part (you still have to find and prosecute the guys, of course, but you don't need any huge laws).

            Why is the above a flamebait? Is it the second part (the calling the Americans to action)???

        • Schemes like Phorm exist because they are opt-out.

          What Phorm is doing is almost certainly illegal - you can't lawfully intercept communications without consent from all involved parties. By making it opt-out, you're not even getting explicit consent from one of the parties (the ISP's customer) - even if it were opt-in, you're not getting consent from the website that you're snooping the connection to, or any of the users of that website that may have posted (potentially private) content on it.

  • by Daimanta (1140543) on Thursday April 16, 2009 @06:43PM (#27604701) Journal

    But first there is a need for people:

    Read this thread down and comment on this one []

    If you are connected with BT please try some of these suggestions and see if it is possible to locate the IP addresses of Phorm. It is important that we stop this menace(or at least do what we can) before it spreads to other ISPs.

    • I'm on BT but from your link couldn't work out what suggstions you are talking about i'm afraid.

    • Perhaps a better approach to Big Internet Business would be rather than "user privacy", which in reality they don't give a damn about, we pointed out to them that Phorm "monetizes" other people's visitors (customers) without a return to the Web site owner ("you're STEALING my customers"). Microsoft and Yahoo might consider how much they like their Web "properties" being hijacked for someone else's profit.
  • It might be ignored as we (in the UK) don't spell "legitimize" with a "z" - it's legitimise here :)

    • Re: (Score:1, Funny)

      by Anonymous Coward

      Phuck oph.

    • by tomtomtom (580791) on Thursday April 16, 2009 @08:07PM (#27605503)

      Actually, "-ize" is absolutely not an Americanism - it is in fact correct spelling in either British or American English, whereas "-ise" is correct only in less formal British English.

      It is sad that very few of us British seem to understand our language properly; almost no one here realizes that it is actually more conservative in British English to use -ize and not -ise. For example, go and look at an older copy of the Oxford English dictionary or the Times and you will see all those words spelled "-ize". I believe that even the newer editions of the OED, despite now listing the "-ise" forms, state that "-ize" is the preferred form.

      To further complicate matters, the only words to which this rule can can apply are those which derive from Greek (and thus contain the Greek suffix "-ize" - this is the rationale for it being the more correct variant). So for example "enterprize" and "capsise" are always just wrong in either British or American English.

      • AIUI the -ise ending was introduced as a replacement for -ize during the 18th century, when it became trendy to spell things in a French style, hence -er endings became -re (centre, theatre) and -ise replaced -ize. Because American English was essentially divorced from the mother tongue by that time (politically if not culturally), the changes didn't propagate over the pond.

        As someone else noted, American English resembles British rural dialects (particularly Oxfordshire and Bristolian, so I'm told), which

  • by TheRaven64 (641858) on Thursday April 16, 2009 @06:49PM (#27604763) Journal
    Detect IPs from ISPs who are part of Phorm and redirect them to a page about Phorm the first time they visit Wikipedia each day. Amazon probably couldn't afford to do this, but it's not like Wikipedia loses any revenue if they irritate their visitors a bit, and if they can direct that anger to the ISP then it could do a lot of good.
    • Or they could just detect those IP addresses as you said, but put it in the message on top of the page, where they usually put official messages and calls for raising funds. A complete redirect would be overkill in my opinion.
  • WTF is Phorm? (Score:5, Informative)

    by EvanED (569694) <> on Thursday April 16, 2009 @06:54PM (#27604817)

    For those of you, like me, that read TFA and the article linked from TFA and still don't know what Phorm is other than it's something that some UK ISPs are implementing and there appear to be privacy concerns, Wikipedia [].

    In short, it's system for doing targeted advertising by deep-packet inspection.

    • I thought this was obvious? Doesn't PHORM stand for Privacy Heinously Obliterated for Rogue Marketing?

      Wait, I think my conscience is interfering with accurate perception of reality to discourage nightmares... dammit, why does this happen so often.....

    • Re:WTF is Phorm? (Score:4, Informative)

      by AlexanderHanff (1129649) on Thursday April 16, 2009 @10:39PM (#27606861)
      If you would like more information on Phorm/WebWise, NoDPI.Org has been leading the campaign against them for the past 14 months (and were co-signatories to the Open Letter). We have worked on a number of iniatives including organising the House of Lords Round Table Event which Sir Tim Berners-Lee attended on the 11th March this year. We plan to take the lobby all the way to Brussels and the campaign has already led the European Commission to initiate legal proceedings against the UK Government after they failed to enforce EU Privacy Directives with regards to Phorm's covert trials with BT Group in 2006/2007. I also filed a criminal case with the police in July last year, which they closed stating that there was no criminal intent and it was not in the public interest. As a result of this I was forced to contact the Director of Public Prosecutions and bypass the police entirely - the Crown Prosecution Service are now investigating the matter and will make a decision on whether or not to prosecute. The covert trials in 2006 alone intercepted over 130 million communications over less than 2 weeks and modified those communications to insert Javascript into web pages which passed through their systems (then known as PageSense). I leaked an internal BT report which goes into a great deal of detail about the 2006 trials to WikiLeaks last summer and I also wrote my undergraduate dissertation on the legal implications of the same covert trials.

      You can find the dissertation here: []
      You can find the leaked report here: []
      And you can catch up on the entire scandal on our blog here: []

      Hope that clarifies things for those who are not aware of who/what Phorm/WebWise are/is.

      Alexander Hanff
    • I'm surprised Virgin is one of the three ISPs doing this. Does Richard Branson still own that ISP? If he does, I will do my part and boycott all the Virgin brands. Since I live in the US, and since I don't do business with BT, boycotting and bad mouthing BT would be pointless.
  • by Anonymous Coward

    Would it be too much to ask for the summary to give some clue about what "Phorm" is, or why Wikipedia would need to or want to "opt out" of it?

  • by wjh31 (1372867) on Thursday April 16, 2009 @06:55PM (#27604843) Homepage
    aside from the whole invasion of privacy thing, people seem slightly less to pay attetion to the suggestion that intercepting and replacing the adverts on a page is tantamount to theft of advertising revenue, to the page owner for their share, to e.g google for their commision or however they work, and to the advertiser whom may otherwise have recieved an extra click through to their site
    • May be copyvio too (Score:5, Interesting)

      by Xtifr (1323) on Thursday April 16, 2009 @07:51PM (#27605341) Homepage

      Any content that is distributed under any of the Creative Commons NC licenses (e.g. cc-sa-nc [] cannot legally used for advertising purposes. The very similar license under which the Grateful Dead allow redistribution [] of their old concert recordings explicitly lists advertising and "exploiting databases compiled from their traffic" as forbidden.

    • Re: (Score:3, Interesting)

      by tomtomtom (580791)

      ... intercepting and replacing the adverts on a page is tantamount to theft of advertising revenue ...

      Not that I want to be seen to defend Phorm, but that's just not what their system does.

      To be fair to you, some of the original secret trials did include nasty rewriting of web pages to include their ads but they pretty quickly dropped this (I suspect more because it didn't work well enough than for any moral or legal reason given their dubious track record and the previous lives of the individuals behind Phorm).

      Phorm monitors your general web usage using Deep Packet Inspection at the ISP level, even an

    • by IBBoard (1128019)

      It isn't stealing advertising revenue, though.

      The way Phorm works is to monitor every page on all websites that a user on a Phorm'd ISP visits and build up a profile of them by analysing the content. This is then used to supply more targeted adverts on every site that is part of Phorm's network.

      They don't replace (for example) GoogleAds with their own adverts, but they do read the content of your website and use it for their own profit by scanning it after an interesting flurry of fakes and redirects [] - all

  • by Anonymous Coward

    If you look at , they are lying to the customer by claiming that a website has moved when it hasn't. As a website owner, I should be able to sue them if I have proof of such a fraudulent redirection. Why would opt-out be necessary or advisable under these circumstances?

  • by Anonymous Coward

    Opting out as a web site or user is just a lame attempt to avoid implementing the even simpler, and vastly more effective solution: MAKE YOUR WEB SITES ACCESS VIA HTTPS WITH SSL SECURITY FOR ALL PAGES, ALWAYS!

    That way nobody can easily "man in the middle" attack your page content for any purposes of deep inspection, advertising, user profiling, invasions of privacy like 3rd party traffic logging, et. al.

    Notice that I said "nobody can" versus "PHORM cannot" -- this would protect against ANY 3rd party snoopin

    • by shentino (1139071)

      The problem is forking over $$$$ to verisign and giving them monopoly control of the internet.

      I would rather be insecure than verisign's puppet.

    • by u38cg (607297)
      Hi. You appear to be under the impression that SSL is a magic bullet. I have bad news for you. If someone really wants to read your https traffic, they most likely already are: it's not that hard. And if you're an ISP, it's not exactly difficult to get hold of a legitimate certificate to do your MITM with.

      I think a better approach would be to make damn sure that everyone involved in commercial activity understands that they should keep the fuck away from my data, encrypted or not.

      • Actually, the only significant problem with his proposal is that a high-traffic website would have significantly higher server processing costs if it had to encrypt everything. There are no known breaks for SSL right now, so it's highly unlikely anyone is reading your https traffic except the website on the other end of the connection. An ISP would certainly be able to purchase a certificate for itself, but that certificate would be useless for MITM because a legitimate certificate authority won't knowing

        • by u38cg (607297)
          What if your ISP is big enough to control a top-level certificate issuing authority? Or even easier, what if they supply your browser and add their own top-level certificate? If you work in a large institution such as a bank, this is exactly what happens. Right now, at my desk, if I connect to my bank's website, my employer can read my traffic. I'm the last person to descend into tinfoil hattery, but when it comes to encryption, there really are too many ways for it to go wrong for it to be a magic bull
          • If your ISP is, in effect, providing you with a hacked web browser, then, yeah, the people who use it are stuck. But, only those people: those who used their own browsers would object, some quite strenuously, to their ISP doing a man-in-the-middle attack on every SSL website, so that scheme wouldn't be workable in practice. Employers can (sometimes) get away with the antics they pull because they're paying you. I wouldn't visit my bank from work unless I were booted from a CD anyway (and that's against p

  • Just a quick update for everyone. Today we have sent a letter of complaint to the Financial Services Authority (FSA) that Phorm's statement to markets this week that government regulators and departments support their technology as fully compliant with UK law - is misleading and possibly fraudulant.

    I have added a link and summary to my firehose here: []

    you can find the original article here: []

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis