p2pnet news | Advertising:- As p2pnet posted yesterday, UK digital rights group the Foundation for Information Policy Research (FIPR) has come out officially against the Phorm surfer tracking system.

And now an anti-Phorm group called BadPhorm has gone online.

Sir Tim Berners-Lee, the man who created the World Wide Web, has strongly criticised Phorm, saying his data and web history belong to him.

“It’s mine,” he declared, “you can’t have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I’m getting in return.”

In a comment post to the p2pnet story quoting Berners-Lee, “Our technology is a real turning point in the protection of privacy online - it does not store personally identifiable information, does not store IP addresss and nor does it store browsing histories,” said Phorm, going on >>>

By contrast, ad targeting from other major Internet companies means that potentially identifiable personal data is stored for over 12 months before it is even anonymised.

Also, because these companies reach nearly all UK Internet users, consumers effectively have no real choice about being targeted in this way. With the Phorm technology, users can choose - they can opt out We look forward to speaking to Tim Berners Lee to explain how our technology is a ground breaking advance in delivering targeted ads while protecting privacy online and consumer choice, as we have with other experts.

Said the FIPR in an open letter >>>

Many users will also be identifiable from the content of the data scanned, since it will include email sent or retrieved by users of web-based email, and messages viewable by those authorised to gain access to individual pages of social networking sites.

Although some web-based email systems operate using ‘https:’ end-to-end encryption, which would prevent interception, this is far from ubiquitous. It might be possible for Phorm to configure the service to exclude a handful of the more high-profile web-mail and social networking systems. But there are no available methods of detecting the tens or perhaps hundreds of thousands of other, low usage, often semi-private systems which currently provide web-mail or social networking in chat rooms or similar environments.

Classification by scanning in this way seems to us to be highly intrusive. We think that it should not be undertaken without explicit consent from users who have been given particularly clear information about what is liable to be scanned. Users should have to opt in to such a system, not merely be given an opportunity to opt out. We believe this is also required under European data protection law; failure to establish a clear and transparent ‘opt-in’ system is likely to render the entire process illegal and open to challenge in UK and European courts.

It would be specially objectionable if opting out were to depend on the maintenance by the user of a cookie, since many reasonable users regularly clear all cookies; nor should users be expected to opt out by blocking one or more websites, since many may not understand how to do this or may make errors in trying to do so.

Where does this leave users?

Not high and dry, suggests BadPhorm.co.uk.

“It may seem like there’s nothing you can do, your ISP has sold you down the river and all hope is lost,” it says, but, “That’s not the case at all, in fact the more people who complain and make a fuss about this type of privacy invasion the more effective it will be.”

Specifically, BadPhorm recommends >>>

Start with the obvious, complain to your ISP.

Be polite, a sensible and moderately worded letter will have more impact than an expletive-filled rant! (coming soon!)

Speak to the Information Commissioner

The ICO is tasked with protecting the privacy of our personal information and ensuring it’s used appropriately. They have legal powers to fine companies who do not follow Data Protection law.

Still stuck? Talk to your MP.

Your MP is your voice. You pay their wages, make them work for you! Let your MP know how strongly you feel about corporate invasion of privacy and insist he raise the matter in the House of Commons.

Had enough? Hit them in the pocket!

If you really want to make your voice heard, hurt your provider in the pcket by changing to one that respects your privacy.

A FAQ explains Phorm is an internet marketing company which makes money by selling advertising on web pages to various companies through their brokerage arm called the Open Internet Exchange (OIX).

“You can find out more about Phorm and the OIX from their website (http://www.phorm.com),” says Badphorm warning, “but beware of the marketing-speak!”

The FAQ goes on >>>

What’s so different about that, google has been doing it for years!

Google’s advertising relies solely on Google’s own database to ‘target’ it’s adverts. It does this based on the content of the page you’re viewing, and doesn’t use any kind of browsing history unless you specifically opt-in (by creating a Google account). Phorm on the other hand targets it’s advertising based solely on your browsing history, which it collects direct from your ISP. You can opt-out of Phorm’s tracking by allowing a cookie to be set on your PC.

So you’re saying I’m automatically opted in?

Yes. If your ISP is Virgin Media, BT or Talk Talk, your browsing details WILL be sent to Phorm by default, you will require to disable the Phorm system by opting out on every browser that uses your network connection. There is no way to ‘globaly opt out’ of the Phorm system.

So what do they actually see?

Phorm doesn’t just see the URL of every page you visit, they see the entire content of every single web page (with the exception of encrypted pages). That means they can read your mail if you use most types of webmail, view all the posts you make or read on web forums, obtain the content of most webforms you complete, in fact just about anything you do on the web that is not encrypted can be hoovered up by Phorm. Phorm claim they do not store this information for more than 14 days.

What do they store?

According to their website, Phorm store an aggregate history of your browsing, not a detailed history of each page you visit. Even so, such a history would reveal considerable detail about your browsing and potentially about your personal life.

Can this history be tied to my identity?

Phorm claim they do not store any personally identifiable information (including IP addresses) or interface with any ISP systems that would allow them to identify you, however they assign each user a unique ‘tracking ID’ which relates directly to their browsing profile. If someone connected the ID to any piece of personally identifying information your browsing history would no longer be anonymous.

I heard Phorm was associated with a rootkit, is that true?

Phorm is not, however their predecessor company (121 Media) was. This has been confirmed by Phorm’s current CEO, who was also involved with 121 Media.

Definitely stay tuned.

Jon Newton - p2pnet

[NOTE - p2pnet is running a special reader’s survey. It only takes 20-30 seconds and it’d be a huge help if you’d fill it in. Please click here. Cheers! And thanks … Jon]

Slashdot it!

---

Use free p2pnet newsfeeds for your site. It’s really easy!

Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Tuesday, March 18th, 2008 at 6:35 am and is filed under Advertising, Freedom, P2P. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 5248 times