Berners-Lee Rejects Tracking

kernowyon writes "The BBC has an interview with Sir Tim Berners-Lee during his visit to the UK on their website currently. In it, he voices his concern about the practice of tracking activity on the internet — with particular reference to Phorm. Quotes Sir Tim with regard to his data — "It's mine — you can't have it. If you want to use it for something, then you have to negotiate with me.""

Re:Negotiation done!

[Anonymous Coward]

It is illegal in the UK under RIPA without the consent of both parties -- the ISP subscriber and web site operator. There's an implied consent for public web content but once a user has some form of authenticated session, it's illegal interception.

The real problem with the Phorm system is that it's purposely designed to grab every users click stream. Phorm are misrepresenting their opt-out cookie, which relates to targeted advertising and not the interception and profiling. The only way Phorm would be legal in the UK is for ISPs to use ACLs and isolate opt-out subscribers from Phorms "anonymous" profiling entirely.

Re:Old Skool - Static

[Janos421]

So, how do we get this done ? We have to find many trackers and activate them regularly to make noises to pollute the signal ? Anyone knows of such a project ?

Well that's exactly the purpose of obfuscation tools like SquiggleSR and TrackMeNot, two Firefox extensions. They generate fake queries on search engines to create noise and deceive data mining algorithms.

As developer of SquiggleSR, I was thinking to extend it to simulate fake browsing as well to create more noise and deceive track based on cookies. But since some ads are charged when they are displayed, this could actually be assimilated to something like "fraudulent view". What do you think?

Re:Phorm Phollows Phunction

[Thwomp]

It looks like the article has been edited by the 'Phorm Comms Team' [wikipedia.org]. The edits are summarised with "Factual changes on behalf of Phorm".

Read in to that what you will. :-/

On behalf of Phorm

[Phorm Comms Team]

Hi all As the name suggests I work for the Phorm Comms Team. In response to Tim's comments and the raft of commentary tht has followed, we also believe that it is wrong to store Internet users' personal data. Our technology is a real turning point in the protection of privacy online - it does not store personally identifiable information, does not store IP addresss and nor does it store browsing histories. By contrast, ad targeting from other major Internet companies means that potentially identifiable personal data is stored for over 12 months before it is even anonymised. Also, because these companies reach nearly all UK Internet users, consumers effectively have no real choice about being targeted in this way. With the Phorm technology, users can choose - they can opt out or in at any time; and again, no personal data is stored . We look forward to speaking to Tim Berners Lee to explain how our technology is a ground breaking advance in delivering targeted ads while protecting privacy online and consumer choice, as we have with other experts.

Re:Old Skool - Static

[Dude McDude]

I guess they (Phorm) just track web URLs

Nope. The content of every page requested by a user gets sent to Phorm's profiler for analysis, but the profiler ignores* the contents of form fields.

* according to Phorm, which, in the company's previous incarnation as 121media, was a spyware peddler.

Re:Negotiation done!

[stavros-59]

...and all I have to do is keep my hosts file reasonably up to date and substitute a blank gif for anything requested from an adsite.

The Phorm interception is done at hardware at the ISP on the first hop. It won't matter what is in your hosts file. Phorm will get to read and store the opt-out information under the current proposals. All you will miss by using a cookie for "opt-out" is the placed ads. I appreciate that "The Register" is not a regular technical resource around here, but on the issue of Phorm they have done a lot of work to bring this to the attention of users. It is UK ISPs that are first on the list. The Phorm Files [theregister.co.uk]

Phorm have form as 121Media. 121Media were the developers and installers of PeopleonPage, ContextPlus spyware and the Apropos rootkit. None were easily removed by commercial software and users flooded malware removal forums for help in removing their malware.

They stopped doing that in 2005-2006 to move to this model of forced data interception and forced contextual advertising.

Much of the development of their software is done in Russia as it was for their previous "commercial" malware offerings.

Their Open Exchange site OIX.com resolves to 203.93.173.3 and seems to be a Chinese web server. Traceroute carried out from your location will always stop at a point somewhere near. If you are in Belgium, for example, the final hop will be in Belgium. If you are in Australia it stops at www.telstra.net/cgi-bin/trace?oix.com

Your relationship with your ISP should not be subject to third party operations at hardware level. It's not too different to the (possible non-car analogy) mail exchange opening your mail before they forward it to your house to check if you might need an alternative insurance offer. This may be coming to an ISP near you, would you know if it wasn't getting some public airing in the UK?