Berners-Lee Rejects Tracking 155
kernowyon writes "The BBC has an interview with Sir Tim Berners-Lee during his visit to the UK on their website currently.
In it, he voices his concern about the practice of tracking activity on the internet — with particular reference to Phorm.
Quotes Sir Tim with regard to his data — "It's mine — you can't have it. If you want to use it for something, then you have to negotiate with me.""
It's all nicey (Score:5, Insightful)
Negotiation done! (Score:5, Insightful)
Renegotiation done! (Score:4, Interesting)
Also, if you make me pay a subscription fee (or like slashdot, if I was to choose to), and you STILL sell want to sell my data, I also want a share of the profits.
I also want a list of all the organisations you supply my information to and I also do not want them to be able to resell it without observing the above conditions: I get a share in the profits, I get to see who the sell it to, people they sell it to have to... etc
This is the only way I would be happy to allow tracking.
Re: (Score:2)
Re: (Score:1)
Capitalism, done right, feet voting.
If they asked for DNA samples, would you say sure? Course not, there is a line, probably somewhere in between the current state of things and DNA sampling that is a reasonable compromise. If they thought they could get away with pushing for DNA samples, they would do it. Why shouldn't we push our end?
Re: (Score:2)
Re: (Score:2)
You can't interact with anyone or their website without them having at least as much an ownership of the data as you have.
Just being the devil's advocate here.
Re: (Score:2)
No, because just because there may be something of interest on a site doesn't mean I'll actually check it out.
As much as you get together with your friends and discuss what you see online, they get together with their friends and discuss who sees them online.
Well, my friends and I don't profit when we talk about something online. Your wh
Re: (Score:2)
If there's nothing wrong with estranging people from their common culture to the point that they can't sing happy birthday without having thugs show up demanding so much money it shuts your business down, and , then no, copyright isn't evil.
If there's nothing wrong with telling a brilliant inventor that they can't share what they've created with their fellow man, because some group owns that idea, and they've decided no
Re: (Score:2)
How exactly is copyright keeping people ignorant? Seems to me we have libraries full of books on a huge array of topics. Anyone is free to read them.
If there's nothing wrong with estranging people from their common culture to the point that they can't sing happy birthday without having thugs show up demanding so much money it shuts your business down, and , then no, copyright isn't evil.
Funny, my family has had a lot
Re: (Score:1)
Re:Negotiation done! (Score:4, Interesting)
Only it isn't. They are tracking user activity beyond the websites that use Phorm for their advertising, and even if they were to limit it to those websites, there is still dubious data sharing going on which is probably illegal in the UK if it is not opt-in.
Re: (Score:3, Informative)
The real problem with the Phorm system is that it's purposely designed to grab every users click stream. Phorm are misrepresenting their opt-out cookie, which relates to targeted advertising and not the interception and profiling. The only way Phorm would be legal
Re: (Score:2)
In cases like this, I really don't see the difference between opt-in and opt-out. All the ISPs have to do to make it "opt-in" is include a clause saying that you agree to share your data in amongst the dozens of existing clauses in the terms and conditions when you sign up.
Re: (Score:3, Informative)
...and all I have to do is keep my hosts file reasonably up to date and substitute a blank gif for anything requested from an adsite.
The Phorm interception is done at hardware at the ISP on the first hop. It won't matter what is in your hosts file. Phorm will get to read and store the opt-out information under the current proposals. All you will miss by using a cookie for "opt-out" is the placed ads. I appreciate that "The Register" is not a regular technical resource around here, but on the issue of Phorm they have done a lot of work to bring this to the attention of users. It is UK ISPs that are first on the list. The Phorm Files [theregister.co.uk]
Re:Negotiation done! (Score:4, Interesting)
Old Skool - Static (Score:5, Interesting)
Re: (Score:2)
So, how do we get this done ? We have to find many trackers and activate them regularly to make noises to pollute the signal ? Anyone knows of such a project ?
Re:Old Skool - Static (Score:4, Informative)
As developer of SquiggleSR, I was thinking to extend it to simulate fake browsing as well to create more noise and deceive track based on cookies. But since some ads are charged when they are displayed, this could actually be assimilated to something like "fraudulent view". What do you think?
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
What does it keep? At first, Phorm's technology collects information on browser type, response to advertising, the URLs of some of the web pages viewed, and search terms entered. Neither URLs nor search terms are stored - they are discarded immediately. The matching information that's left is assigned to an anonymous, randomly-generated ID number. The random ID marks an anonymous list of the categories of products or services in which a user appears to be interested.
I think they're sniffing on the wire passively instead of using cookies. Although, it's hard to tell from their blurb that doesn't contain a single element of useful or technical data. Please correct me if I'm wrong; I'm just assuming from what I can gather.
Re: (Score:2)
Picked two random words from a dictionary
Plugged them into a random search engine (google, youtube, ask... list is endless)
Visited n of the first i links
Visited x of the links on each of those pages, and thereafter a 5% chance of following any other link on that page
would do a great job of confusing the hell out of anything
Re: (Score:2)
Re: (Score:1, Redundant)
Get your favorite tar balled dictionary, pull a random word from it, google the random word with elinks or something, and follow a random link with wget. From that site, pull 3 unique links and visit them, from those site
Re: (Score:2)
Didn't think of that, actually. (Score:2)
Re:Old Skool - Static (Score:4, Informative)
* according to Phorm, which, in the company's previous incarnation as 121media, was a spyware peddler.
Re: (Score:1)
Re: (Score:2)
Re:Negotiation done! (Score:5, Funny)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Depends on what you mean by "advertise". A site's Privacy Policy and/or User Agreement will normally state plainly whether the site collects any information about your behavior, and if so how they use that information.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
What I don't expect is for you to automatically forward all the data i'm paying to access, plus all the data I submit to you as the receiving party (which may be confidential), to a third party, previously linked with less than legal practices, with limited or no choice in the mat
Re: (Score:2)
Or you just don't come to my server and request my things. Oh, and do
Re: (Score:2, Insightful)
Re: (Score:2)
The above post isn't intended to defend, it's intended to lay out how it is. Know your enemy and all that.
BTW, the consumers really don't seem to care that the financial industry has been doing this with their ATM, Debit, Credit, and gift cards for a while now.
Re: (Score:2)
I was going to say the same. I know someone who is freaky about personal information issues, then I come to find out he has a couple "rewards" cards from various retailers. When I tried to explain to him that all those cards do is collect information about his habits for retailers, he laughed and called me "paranoid". Yet he searches through his logs
Re: (Score:2)
FWIW...
Re: (Score:2)
Re: (Score:2)
They just turn EVERY SITE YOU VISIT into a phishing site! Sorted.
Re: (Score:2)
Re: (Score:2)
Al Gore doesn't like tracking?
You have to negotiate, and I'm very expensive. (Score:3, Insightful)
Unless I want them to do something else. And tracking me is not something I want. That's right, spam filtering is something else that I want to be "opt-in", and content filtering, and every other bloody sort of filtering.
Actually though, I would be happy if they paid me, but for one week at a time. For that one week I'll happily browse Goatse, Goatshe, Tubgirl etc. (images downloaded, but not displayed, I'm not that crazy). Any real browsing I'll do via my own encrypted proxy set-up at my webhost.
Basically, I'm not the target audience for tracking.
Anyway, it's great to see this sort of issue on mainstream media. Now just to get the 'normal' people to read it...
Re: (Score:1)
Re: (Score:2, Funny)
Re: (Score:2)
Phorm ..... (Score:2)
Re: (Score:2)
Re: (Score:2)
And yes, I read the article before posting.
free internet? (Score:3, Interesting)
In return, I want high speed internet access to be provided free of change, with no download limit.
Sound fair?
"quotes" (Score:2)
Certainly, "Quoth" would be correct in its place -- but archaic -- or just "Said".
Re:"quotes" (Score:5, Funny)
So that now to stop the tracking
with ISPs not lending backing
stoping only shy of hacking - hacking at my gateway door
Quoth Sir Berners: "Nevermore"
Phorm's own CEO doesn't even get it (Score:5, Funny)
You think you need to explain how your tracker works to the father of the internet , and that once you do, he'll be ok with it. Boy, if that ain't arrogance right there, I don't know what is.
Re: (Score:2)
Re: (Score:1)
Re:Phorm's own CEO doesn't even get it (Score:4, Funny)
Dear Mr Father-of-Internet (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
You are a failure, boy -- man up and cop to how stupid you made yourself look.
I Agree With Tim (Score:5, Interesting)
Re: (Score:2)
Personally, I visit religious sites and political sites all the time in which they are a personal thing. Does my ISP need to know which religion I belong to or who am I going to vote for?
Hell no.
Not surprising but... (Score:2)
<!-- Code for
<!-- START NetRatings Measurement V5.1 -->
<!-- COPYRIGHT 2003 NetRatings Limited -->
NetRatings being a tracking service of some sort.
Anyway. I always wondered about the philosophical implications of allowing someone to own the vibrations in the air. What I mean is, if someone makes the air around me vibrate in a particular way, I'm not allowed to observe it as I wish. One way of observing the vibrations would be to observe the effect those vib
Re: (Score:2)
The 'tracking' involved doesn't amount to much more than a page impression counter to enable the BBC to see what interests people most (though I have my worries about such data being used to promote a dumbing-down of editorial policy - lowest common denominator and all that...).
Re: (Score:2)
Re: (Score:2)
It's mine! You can't have it! (Score:2)
Jack Valenti? Is that you?
Seriously. I skimmed the summary, and thought this article was something completely different.
Easy Fix (Score:1)
Should call this script/program DEPHORM, guess it could easily ruin some halfwits dreams of embarrassing riches!
Privacy Terms of service (Score:1)
What we lose sight of.. (Score:1)
We enter into a contract, pay some money, and get a service.
If you dont want to be tracked, profiled, and served steaming hot piles of ads, then build your own network, backbone, etc and see how far you can go with that.
The other option is to simply not use the Internet or find someone with a contract/TOS you can live with but as long as there is money on the table (feeding you ads) tracking and profiling will always be one b
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
It's not they TYPE of data that you get, its whether or not it can be gathered through passive observation. In the case of the internet, it can.
Re: (Score:2)
If that does not make sense then I don't know what doesn't.
Re: (Score:2)
In the real world, last-mile ISPs are built on privileged access to rights of way and other public subsidies.
Give me $200 billion [newnetworks.com] and I might just.
Phorm Phollows Phunction (Score:2)
Am I the only one who had to look it up? I thought "Is phorming like phishing"?
For the humorless cretin who mods me down for linking
Re: (Score:2, Informative)
Read in to that what you will.
Not Against Tracking (Score:1)
I am not against my ISP tracking which sites I visit. In fact, I would not mind a summarized list of the sites my family visits and how long they are online. Phone companies automatically track which phone numbers I dial, why cannot it be the same for ISPs?
I am, however, vehemently against sharing that data with other companies. Of course, unless the ISP is providing me with tracking information, any information that they would track would be useless to them unless they do share it with others.
Phorm on cookies (Score:2)
So... that 'accept cookies from sites' checkbox in my options menu isn't an on/off switch then?
And what, exactly, can he do about it? (Score:2)
On behalf of Phorm (Score:5, Informative)
Re:On behalf of Phorm (Score:5, Insightful)
internet connection to the Phorm network even when the "opt-out" cookie is set is opting out?
"By contrast, ad targeting from other major Internet companies means that potentially identifiable personal data is stored for over 12 months before it is even anonymised. Also, because these companies reach nearly all UK Internet users, consumers effectively have no real choice about being targeted in this way.
"
This is completely disingenuous. Whatever Google et al do with my data *I* have chosen to go to their site, *I* have chosen to perform a search. The Phorm method of gathering data is not comparable. If all of a person's HTTP traffic was routed through Google you may find a few people disagreeing with this too!
Re: (Score:3, Insightful)
I question their understanding of what they're doing as well, based on the fact that they could send a marketing droid to debate geeks. On Slashdot.
The only possible outcome to this kind of a conversation is for the marketer to be positively buried in technical rebuttals which he is neither equipped nor allowed to respond to. $MARKETER will receive not a little disdain in the process, and if he's not careful, will become defensive.
The first sign of b
Re: (Score:2)
They will only understand and trust a precise technical description of the system, something which Phorm may, understandably, be reluctant to give for IP/Business reasons.
What does "no personal data is stored" mean. Is data stored or not? Is it anonymized in the same way as the AOL Seach scandal was anonymized?
Will there be cross-pollination of adverts amongst users sharing the sam
Tracking the advertiser, not the user (Score:5, Interesting)
We've been doing some tracking recently, but aimed at the advertiser side. We have a plug-in for Firefox which rates ads. [sitetruth.com] A little icon is displayed next to each ad, showing what our system knows about the advertiser. As we tell users of the plug in, "AdRater 'phones home', but tells us as little as possible. AdRater sends the domain name associated with each advertisment you see to SiteTruth." SiteTruth then sends back advertiser information, in XML, which the plug-in turns into icons.
We use this to find out what the advertisers are doing. Individuals are entitled to privacy; advertisers are not. We're building up a picture of the on-line advertising market. We now have, for example, a list of Google's AdSense advertisers.
Soon we'll be issuing reports on advertiser quality. (Ads on Bloomberg: mostly legit. Ads on LinkedIn: quality varies, mostly OK. Ads on MySpace: mostly bottom-feeders.) More on this in coming weeks.
It's not just advertisers tracking users any more. Sometimes it's the other way round.
Re: (Score:2)
Re: (Score:2)
I'd be interested in seeing the criteria, and sample data, for determining the quality of advertisers before I view your report as having any legitimacy.
Sure. See these documents. [sitetruth.com]
Phorm 'illegal' says FIPR (Score:2)
Some notes from the Phorm sales pitch (Score:5, Interesting)
Phorm has hired a specialty PR company, Citigate Dewe Rogerson [citigatedr.co.uk] to alter public perception of any complaints found in blogs, news programs, and on technical sites. They have been aggressively pasting boilerplate responses about the legality of the system, using carefully sanitized language to obfuscate the debate. The company specialises in mastering public opinion as part of crisis management during corporate fiascos. They may be employing a few companies like this, I've seen Dutch, German and French language follow-up posts in the last few weeks.
Phorm has addressed the main part of pesky privacy laws in Europe by "gifting" the collection equipment to the ISP using a standard 5 year depreciation schedule. The interception and initial filtering kit officially becomes property of the ISP, but is installed, maintained, configured and run by Phorm's technical team. If the equipment stays 5 years in the ISP's premises, then it becomes the full property of the ISP. The ISP can claim to privacy oversight groups that the equipment belongs to them, and that all the personal information hasn't left their network should post-analysis show the customer has "opted-out" of passing the information to Phorm's China-based servers. The data is still captured and analyzed, just not all of it is passed to Phorm.
The Phorm collectors sit inside the ISP's network, and collect all internet traffic from all clients all the time. Web traffic is directed to machines that analyze the request, and respond with some HTML code redirecting the browser to one of the many domains operated by Phorm. The code can be customised depending on browser string to put an invisible iframe or other HTML structure surrounding the subsequent web pages. The redirect is to trick the browser into sending cookies associated with one of the many Phorm domains, and to accept new cookies. Once the cookies are read and re-written, more HTML code is sent to once again redirect the browser to try the original request, which then passes through the ISP's network to the internet. This is how Phorm claims to read the opt-out cookies should they exist. No cookies returned is considered opt-in at this point.
The problem I, and others, had with Phorm's plan was that they leave some kind of HTML trick code running in the browser session to track all subsequent web traffic and to allow them to intercept anything they believe to be relevant.
As an example, let's take an ordinary, un-intercepted session to slashdot.org. The browser sends an HTML request to the slashdot servers, which respond with code asking about cookies which can be used to display a customised page for logged-in slashdot users. The browser can't be tricked by slashdot's servers to return cookies from digg or google.
With Phorm, the initial HTML request to slashdot.org gets intercepted by the Phorm equipment, which respond with a 302 redirect to spyware.ru, the browser then does a lookup and redirect to the new site. Note, that at this point, no traffic has managed to escape the ISP and get to the internet. At this point, the Phorm interceptor machine can also respond to the DNS lookup for malware.ru with the correct address for slashdot.org, to prevent any kind of local firewalling based on known bad networks. The browser tries to get to malware.ru with the new address, and once again the Phorm equipment returns some HTML code. This is where the serious trouble begi
Re: (Score:2)
Or did you mean that Phorm's servers intercept everything coming across my connection, and that the browser scenario was just one example?
Re: (Score:2)
Have a look at how BT will be implementing [theregister.co.uk] the Phorm interceptor line tap. The equipment is located where it intercepts all flows from all customers on the exchange, filtering out port 80 traffic to be passed to the F5 interception engine. The box known as "ACE" in the slides is provided, configured, and administered by Phorm, although it officially is "gifted" in accounting terms to the ISP to circumvent UK privacy laws.
Nobod
ISP value added suggestion (Score:2)
Re: (Score:2)
You're now giving the ISPs a business model selling you a "service" which should be included with your account...
Re: (Score:2)
Re: (Score:2)
After all - I need do nothing to cause anything original that I write or say to be copyright...
Actually, you do have to do something to copyright a work -- you have to "fix" it. In other words, write it down or record it in some way. If you're not recording it, then you have nothing to copyright. If someone else is recording it, then they have something to copyright. However, even if you did record it in some way, it's not the content that would be protected by copyright, but your recording of that content that would be protected.
You can't copyright facts, but you can copyright a presentation of f
Re: (Score:2)
So, for example, after MLK Jr wrote his "I have a Dream" speech and delivered it from the steps of the Lincoln memorial, the TV and radio networks who recorded it at the time have copyright over their recordings of it, but who has copyright over the speech itself - surely MLK's heirs ?
Before delivering the speech, MLK wrote it down and registered it with the copyright office. Therefore he owned the speech as it was written (but had no ownership of the public delivery of that speech), while those who recorded it owned their specific recordings. This means that the TV/radio stations can rebroadcast their specific recordings of the speech, but they could not create a new recording of the content of that speech without permission from MLK or his representatives.
However, MLK owning that sp