Phorm Is Watching You - Who’s Watching Phorm?
By DavidReece • Apr 5th, 2008 • Category: Feature, News
If you’re reading this article from inside the UK (or soon, worldwide) there’s a good chance an advertising company called Phorm is watching your every move, and has been for some time. Three major ISP’s in the UK have been secretly selling your browsing habits to the company as part of a trial, which has been linked with spyware and other nefarious activities, and plan for full-scale integration by the fourth quarter of 2008.
The idea is simple; Your ISP tracks and relays information about every web page you visit, which is then collated by Phorm and used to serve related advertisements from any site in the Open Internet Exchange (OIX) network, which includes early-adopters such as The Guardian, Financial Times, and Myspace (see footnotes).
The ISP’s in question are BT, Virgin Media, and Talk-Talk, who see your privacy as a commodity, and are making users opt-out of the scheme if they want to continue protecting their privacy while browsing the internet. This has raised serious concerns from privacy groups, who claim the practice is illegal, citing a breach of the Regulation of Investigative Powers Act 2000.
Not surprisingly, Phorm’s own press archive is devoid of these concerns, linking only to a collection of stooges and advocates who’ll quite happily write biased press-release style articles that support Phorm’s public image, and squash dissenters with headlines like “Self-appointed defenders of privacy should lay off Phorm and save their ire for the government” (IT Week).
BT will make an estimated profit of £85 million in 2010 by selling your browsing habits to Phorm, which was founded by Kent Ertegrul, who also founded a notorious spyware company by the name of PeopleOnPage, which also sold advertising by spying on user habits, and bears an uneasy resemblance to the invasive business model boasted by Phorm, previously named “121Media”.
According to the Financial Times (a phorm advocate and OIX adopter), Phorm is seeking $65M to fund oversees expansion after a staggering 31% fall in it’s shares caused by “mis-information from bloggers” about the privacy implications of the scheme. It certainly seems that bloggers aside, phorm have been working hard to get the mainstream media firmly in it’s pocket, but that’s unlikely to soften the blow from independent bloggers who can still think for themselves.
In an effort to quell the growing concern over Phorm, BT will be marketing the scheme as “Webwise”, which puts the emphasis on anti-phishing warnings and privacy features, which is quite ironic considering the underlying agenda of these features is to do the exact opposite.
While many of the specifics of BT’s partnership with Phorm are still in question, we do know that BT has consistently lied about it’s involvement, secretly sent data as part of a trial (without disclosure), and are now attempting to hide it within the Webwise service. We also know that Phorm has it’s roots in a prolific spyware company, and is eager to farm your data for it’s own profit, all with the complicity of your ISP, and if you think you’re safe outside of the UK, think again - Phorm also has it’s eye on you America, the biggest cash-cow of all.
Update: As per a reader request, for UK residents, you can sign a petition against the invasive practices of ISP’s by visiting Downing Street’s Online Petition Service. The deadline is 04 March 2009.
Update(2): The Guardian has since pulled out of it’s involvement with OIX/Phorm, and Myspace is not confirmed as an adopter of the service.
Update(3): BT to Customers - We are dropping Phorm, Phorm outrage escalates: Protestors demand police action
Subscribe to RSS Feed Tagged as: advertising, bt, Internet, isp, phorm, privacy, spyware
David
I’d like to thank you for the article that you’ve written, it’s very informative and will allow many people, regardless of whether or not they have technical knowledge required to understand the implications of such an invasive piece of technology. I would however like to help you amend your article. The Guardian has announced that it will not become a partner with the aforementioned company, which I daren’t even type because I loathe it to such an extent.
The involvement of MySpace is a hoax. It is not a participant of the advertising technology nor has it been a participant. In addition, I’m pleased that you’ve stated an apparent agenda in order for BT to adopt and implement the advertising technology; where did you source your information?
I would also appreciate it if you are able to embed a hyperlink into your article to allow United Kingdom residents to sign a petition via the Prime Minister’s website to oppose the technology proposed.
Thanks for the update Anon, I’ll add a link to the petition at the end of the article.
David
Please add a link to http://www.badphorm.co.uk and http://www.StopPhorm.bebo.com.
StopPhorm on bebo has a list of several others groups too.
David,
I was interested to see that you state that 3 ISPs have been involved in trials. I was aware that both Talk Talk and Virgin Media have to date denied running any trials, although, according to The Register, BT repeatedly denied involvement in trials until forced to do so in the face or evidence.
If you have evidence of other ISPs running trials, it would be good to see it.
SPM
VirginMedia have confirmed (more or less in a subtle way) that they will be testing the platforem before implementing
With reference to this :
–
Phorm is seeking $65M to fund oversees expansion after a staggering 31% fall in it’s shares caused by “mis-information from bloggers” about the privacy implications of the scheme.
–
Phorm haven’t at any time been prevented from posting any information on BadPhorm. They have a regular PR presence there who enjoys unrestricted posting rights (as do all other contributors). All of the Phorm online webchats are reproduced verbatim on the site. Phorm’s own answers to questions raised by site users were also posted, verbatim, within a few hours of them being received.
Quite how they can accuse us of peddling mis-information is difficult to understand. Phorm have at all times been given a right to reply. They’ve frequently made use of it, ineffectively in most cases but they’ve used it.
We disagree with their assessment of the system. We do not believe it is good for online privacy. We do not believe it is good for web users. That does not make us guilty of peddling mis-information, it makes us guilty of having a view that’s different to theirs.
It seems that anyone who disagrees with Phorm is peddling mis-information. Hmmmm.
“If you’re reading this article from inside the UK (or soon, worldwide) there’s a good chance an advertising company called Phorm is watching your every move, and has been for some time.”
Wrong on its face. No ISP has implemented this; BT has trialled it, on (max?) 36,000 users, when it has millions of users.
“secretly selling your browsing habits to the company as part of a trial, which has been linked with spyware and other nefarious activities,”
Nope, they haven’t (been selling it; they’ve only done trials); if you mean Phorm has been linked with spyware, well, that’s definitional. And what other “nefarious activities”?
“It certainly seems that bloggers aside, phorm have been working hard to get the mainstream media firmly in it’s pocket, but that’s unlikely to soften the blow from independent bloggers who can still think for themselves.”
You haven’t been reading the Guardian, then. The UK’s most-read newspaper website, the only one with a dedicated technology section, and you haven’t bothered to read it?
Poor stuff. As for the FT story, it implies a link between the share price fall and the fundraising, but if you knew anything about finance you’d realise they’re very unlikely to be connected - companies don’t raise cash via the shares already issued. It just makes it harder to raise the cash. They’re not raising cash *because* the stock price went down, but because they want to expand.
Charles Arthur, editor, Guardian Technology
PS it’s “Webwise”. Accuracy does weigh one down, eh?
@Charles, let me address your arguments one at a time, since you’ve clearly put a lot of effort into attacking this article on choice of words alone…
1. “Wrong on its face. No ISP has implemented this; BT has trialled it, on (max?) 36,000 users, when it has millions of users.”
The point is, it trialled it on its own users without letting them know, this as far as I understand it, is an implementation. The ratio of users affected makes it no less of an implementation.
2. “Nope, they haven’t (been selling it; they’ve only done trials); if you mean Phorm has been linked with spyware, well, that’s definitional. And what other “nefarious activities”?”
Will BT make money as a result of the trials? Yes. This is part of the selling process. As for other nefarious activities, their entire business model has since it’s inception, been secretive and intrusive. Whether or not you’d call this nefarious is your choice, but of course you have the Guardian to express your own views on this, as I have Startup Earth to do so.
3. “You haven’t been reading the Guardian, then. The UK’s most-read newspaper website, the only one with a dedicated technology section, and you haven’t bothered to read it?”
I haven’t bothered to read it (if you wish to make that assumtion) because despite being the UK’s most read ‘newspaper website’, it’s not the only source of information, and certainly not the best. The Register (theregister.co.uk) is by far the most comprehensive source on this story, and unlike ‘newspaper websites’ as you put it, isn’t written by biased shills.
4. “Poor stuff. As for the FT story, it implies a link between the share price fall and the fundraising, but if you knew anything about finance you’d realise they’re very unlikely to be connected - companies don’t raise cash via the shares already issued. It just makes it harder to raise the cash. They’re not raising cash *because* the stock price went down, but because they want to expand.”
I simply quoted from the FT article, and drew no conclusions that weren’t in the source article, you’ll have to take up this argument with them, as their writers are probably more qualified than you or me to draw such conclusions.
P.S - thanks for the spelling correction. It’s good to know that the infallible Guardian bases it’s position on the choice and spelling of words.
“and unlike ‘newspaper websites’ as you put it, isn’t written by biased shills.”
I couldn’t have put it better myself. The Guardian is clearly threatened by all this blogger dissent if they spend their time attacking sites like startupearth. It sounds to me like Charles “I write for the guardian” Arthur is doing a little damage limitation after the Guardian pulled out of it’s Phorm adoption.
It’s interesting he linked to the Guardian in his comment and not his own blog ( http://www.charlesarthur.com/blog/index.php ). Maybe his opinion wouldn’t carry so much weight with his own dreadful looking blog to back it up.
Keep writing David, this was a good article.
@stopphormnow: “The Guardian is clearly threatened by all this blogger dissent if they spend their time attacking sites like startupearth.”
But if I ignored it, then that would be Big Media Ignoring Bloggers. How about you - have you stopped beating your wife?
” It sounds to me like Charles “I write for the guardian” Arthur is doing a little damage limitation after the Guardian pulled out of it’s Phorm adoption.”
What damage? I’ve written extensively about Phorm, and I don’t think I’m their favourite person especially after my interview with Kent Ertegrul, where I pointed out he was misusing Privacy International’s name and other points. Try http://download.guardian.co.uk/audio/1205254860080/7906/gdn.tec.20080311.sc.Tech_Weekly.mp3
“It’s interesting he linked to the Guardian in his comment and not his own blog ( http://www.charlesarthur.com/blog/index.php ). Maybe his opinion wouldn’t carry so much weight with his own dreadful looking blog to back it up.”
I thought I’d point out I wasn’t any passing bod, and give a link to a site that’s covered plenty about Phorm. I think I’ve blogged about Phorm (or more precisely pointed to the stories I’ve written) on my own blog. If you don’t like the design, don’t fret - just grab the (full) feed.
My point (which I’ll come to in the next comment) is that errors in articles like this make the anti-Phorm case weaker, not stronger, because if you’re going to challenge the technology then you need to be precise, and factual, and accurate.
And BTW - Spam Karma 2 means never having to say you’re going to moderate comments.
@DavidReece: 1. “The point is, it trialled it on its own users without letting them know, this as far as I understand it, is an implementation.”
No, it’s a trial. Wikipedia (since it’s nearby): “In the IT Industry, implementation refers to post-sales process of guiding a client from purchase to use of the software or hardware that was purchased”. Trial != implementation, except in a really nit-picking use where absolutely any test “implements” it.
“Will BT make money as a result of the trials? Yes.”
No. If they abandon it now, how have they made any money? Evidence, please.
“As for other nefarious activities, their entire business model has since it’s inception, been secretive and intrusive. Whether or not you’d call this nefarious is your choice, but of course you have the Guardian to express your own views on this, as I have Startup Earth to do so.”
You said “spyware and other nefarious activities”. I said: spyware, perhaps, depending on definition. So what’s the “other nefarious activities”? You’re avoiding the question and just saying “it’s all bad!”. If you do that, or make wild claims, you weaken your own case. Opposition has to be built on facts - as though you were making a case in law. It’s a hard discipline, but ultimately rewarding.
“I haven’t bothered to read it (if you wish to make that assumtion) because despite being the UK’s most read ‘newspaper website’, it’s not the only source of information, and certainly not the best. The Register (theregister.co.uk) is by far the most comprehensive source on this story, and unlike ‘newspaper websites’ as you put it, isn’t written by biased shills.”
If you haven’t read the Guardian’s coverage, how do you know El Reg’s is the best?
And please tell me what of the coverage you have read is written by “biased shills” and how you know they’re (a) biaed (b) shills. Obviously, because you’re going to name names, you’ll have obvious evidence - you won’t just be making a shrill generalised unfounded accusation. Because doing that is what someone with no facts would do.
“I simply quoted from the FT article, and drew no conclusions that weren’t in the source article, you’ll have to take up this argument with them, as their writers are probably more qualified than you or me to draw such conclusions.”
Fair enough.
“P.S - thanks for the spelling correction. It’s good to know that the infallible Guardian bases it’s position on the choice and spelling of words.”
Here’s another one, then - “it’s” means “it is”, and should not be confused with “its”, meaning “belonging to it”. Though your final sentence doesn’t actually make sense. Based its position? What position? If you’re suggesting that I’m somehow backing Phorm against you, then you should try reading this page again, pretending you were justifying it in front of, I dunno, a judge who had the power to ban Phorm. Because you’d have to get every single fact right to persuade him/her.
So: are you *sure* everything you’ve written is objectively correct? (You can be unbalanced - putting only the anti-Phorm case - yet factual, of course; that’s completely allowed.) That’s the standard you should hold yourself to.
@charles,
“And please tell me what of the coverage you have read is written by “biased shills” and how you know they’re (a) biaed[sic] (b) shills.”
I really hate to lower myself to correcting your spellings to support my argument, but I know I’ll sleep better tonight if I just point out that the word “bia(s)ed” has an ’s’ in it. I only do so because your entire first response used a mis-spelled word and my choice of wording to support your argument.
Really, I expected a little more professionalism from The Guardian than to search for dissenting bloggers and pick at their choice of words. It’s an act of desperation from someone who should know better.
I wonder if you’d be prepared to present these arguments on your Guardian column and let your own readers decide? Just a thought.
>You said “spyware and other nefarious activities”. I said: spyware, perhaps, depending on definition. So what’s the “other nefarious activities”?
Whitewashing the Wikipedia article on Phorm? Secretive and illegal BT technical trials? Pretending that Privacy International was satisfied with that Phorm protects users privacy? Quoting Richard Clayton out of context by ommiting his verdict that Phorm was illegal under the RIP making it seem like Richard Clayton advocated Phorm? Pretending that people can ‘opt-out’ of the system, when they really can’t (the ‘opt-out’ doesn’t stop data interception)? Hiring five PR teams to propagate lies and misinformation all over the web?
Those are just a few of things off the top of my head which I would classify as ‘nefarious’.
@MikeD - exactly, well put.
I cannot say i’m not suprised that the Tech editor of a national ad-paper, comes to belittle the comments of bloggers. Its not as if ad-paper reading is in severe decline and that individuals blogs gets more hits than one of the main servants to the ad-industry.
I find it interesting Charles debates the definition of spyware (note no EULA involved with phorm) with regards to phorm, but has a much clearer definition of nefareous.
To quote: “No. If they abandon it now, how have they made any money? Evidence, please.”
IF they abandon it now. IF. Which they have no current plans to do. VM have also they are debating on HOW to implement it. Have you any evidence to suggest that BT/VM will drop it? There is none. They will be making money from the system, just like the FT will and the Guardian would be if they supported it.
Disgusting comments on wife beating. Luckly I gave up reading your ad-paper a long time ago.
@David: since my earlier comment with links to the pieces I’ve done about Phorm seems to have gotten strangely lost, I’ll try again: just read what I’ve written about it at the Guardian via this handy search: http://www.google.com/search?q=phorm%20%22charles%20arthur%22%20site%3Aguardian.co.uk&sourceid=mozilla2&ie=utf-8&oe=utf-8
@MikeD - good points. The PI/80-20 thing caused an interesting pause when I challenged Kent Ertegrul of Phorm about it in a podcast interview. You’ve heard about it, then.
@Alec: the first two sentences of the article above contain numerous factual errors. (Phorm’s system isn’t implemented - so the chance is infinitesimal that it’s being used right now, in mid-April. It hasn’t been doing this for some time - there were two trials. Virgin and TalkTalk haven’t trialled it at all. The timescale for implementation isn’t announced, to my knowledge.)
If you don’t like Phorm, you’re not going to persuade people with inaccuracies - are you? That’s a rancid tactic. David contended in a comment above “Will BT make money as a result of the trials? Yes.” I asked for evidence, or even a suggestion of how *the trials alone* have made money. None forthcoming. Don’t add more inaccuracies to those already there.
The point - I’ll make it again - is that if you dislike this system, telling untruths about it is the wrong way to go about getting rid of it.
I made the point about the spyware/adware definition because it’s not trivial. Also, Phorm can’t be implemented across an ISP without a change of the T+Cs of that ISP with its customers. That’s the EULA there. This is a potentially huge sticking point for the ISPs.
Pity you gave up reading the paper. Are you sure - really sure - you’re better-informed as a result?
@Charles, comments with too many links are removed automatically (assumed to be spam), which would explain why one of your comments disappeared. I’m sure people are well aware of your many articles and don’t need them indexing here. As for another of your comments asking what happened to your comments, I deleted that personally as it didn’t add anything to the phorm discussion.
You have to understand, that this isn’t a single-issue blog, and many posts are fleshed out by the comments section, as my readers are clearly very knowledgable (you included) about a particular issue and often make updates or corrections to an article.
Your comments have not impacted the debate in a positive way, as you seem to have come here to attack the writing style, instead of an issue which many people feel strongly about.
This isn’t a “We write, you listen” publication, and as with many blogs (unlike some ‘newspaper sites’) the reader often gets more value from taking in the whole conversation, and not just the article itself. This is something mainstream media is going to have to understand sooner or later if they want to survive.
Thankyou for your contributions, you obviously know a lot about the Phorm issue and readers will know that, but please try to keep it civil, or you may damage the phorm debate, and your own reputation.
Now to answer your question on the definition of spyware/adware, a member of badphorm.co.uk said (in response to this article)…
“Here is a description of one of Phorm’s !!Adware!!
http://www.f-secure.com/sw-desc/apropos.shtml
another Phorm !!Adware!! writeup
http://spyware-free.us/2005/12/apropos-rootkit.html
More Phorm !!Adware!!
http://www.symantec.com/security_response/writeup.jsp?docid=2005-102112-2934-99&tabid=1
You guessed it!!! More !!Adware!!
http://www.prweb.com/releases/2006/5/prweb385888.htm
??? I wonder what this could be?
http://blogs.zdnet.com/Spyware/index.php?p=820
http://www.spywarewarrior.com/viewtopic.php?t=18442&highlight=apropos
http://www.randomfix.com/2005/11/16/apropos-rootkit/”
I did not use the terms adware or spyware to be sensationalist, this really is how the industry defines such practices, and explicitly states in various sources that Phorm is in fact spyware.
I hope that answers your question.
Sorry, can’t resist. New title: “Charles Arthur Is Watching You - Who’s Watching Charles Arthur?”
PS Please keep up the good anti-Phorm work - the outrageousness (spelling, anyone?) of what’s happening beggars belief - none of us should need to be having these conversations (intercepted or not). Will Phorm just please, please, please, re-direct themselves and go away.
@David: Astonishing. I rebut you, but you choose not to approve the comment which points out your errors, while approving other comments that do agree with your point of view. Such a brave new world. Did you learn your trade at Bocog?
@AdeW - I’m just waiting for David to acknowledge the major errors in his first two sentences (there’s no chance at all that Phorm is watching you, because there have been two trials lasting a total of a month in the past 18 months, affecting 36,000 out of 10m customers).
The latest ICO ruling suggests that Phorm is going to have serious problems getting enough users. That seems like your wish granted.
@David, just a peice of advice - don’t feed the troll. He’s obviously here to sabotage your article, so why keep responding?
@Charles
Just a couple of points :
BT have ~4million broadband customers, not 10million (the number vary from site to site, the lower end listing BT as having 3.5million and the upper end stating 4.25million)
The number of people involved in the trials by BT haven’t, as far as I am aware, been released. To date, BT have either spent their time denying that any trials took place or subsequently claiming not to be able to tell exactly how many customer accounts were actually involved.
Whatever the truthof the numbers and the trial, the reality is that no customers were informed that this was taking place, even when some customers queried why their routing had gone via an IP address apparently in China.
It is good to see someone from the press have a keen interest in this subject, as it is quite obviously a worrying step for ISP’s to be taking. However, the tone of your responses is somewhat argumentative. Whilst I agree that correct spelling and grammar give an argument more sway (at least with intelligent people), I would suggest that the lax attitudes towards the same by this governments education policy has a lot to answer for (but perhaps thats a discussion for another time).
[...] also: Phorm is watching you - Who’s watching Phorm? These icons link to social bookmarking sites where readers can share and discover new web [...]
Phorm/Webwise is the thin edge of the wedge people. Do NOT allow this to go ahead. Why exactly *should* your ISP make money from monitoring *your* web browsing activity? That’s besides the fact that what they are doing is ILLEGAL. Phorm/Webwise is the worst internet system I’ve ever heard about and *MUST* be stopped!
How would my child safe software work to block unwanted adult adverts?
How will Coke respond with Pepsi advert injections or vice versa?
Are there any ISPs that have said they will never use this technology?
[...] involvement in illegal wiretapping as part of it’s early opt-out trial, in which customers browsing habits were profiled and sent to Phorm (formerly 121Media), a notorious spyware [...]
Phorm share price getting much lower, no sign of BT trials, US ISPs dropping similar tech like stones.
Good news at the mo’.