Skip Navigation


Users worry over privacy issues
Tuesday 26 February 2008 20:27:45 by Andrew Ferguson

Profiling the audience for television shows has gone on for years with advertisers keen to get air time for their adverts when their market audience is watching. The internet changed all that and very often advertisers know very little about who is seeing the adverts. Phorm the people behind a new advertising agency are aiming to change this by tracking the types of websites people visit and presenting what its advertisers feel are more relevant adverts.

The Register is just one site that has news on the launch of the Open Internet Exchange (OIX) deal with BT, Virgin Media and Carphone Warehouse. The OIX works by tracking peoples browising habits and then attempting to serve more relevant advertising content to people, for example you will probably be offered adverts about gardening products if you spend all your time looking around gardening websites.

From reading the discussions people are having on this new system there is one issue that does need clearing up and that is on which sites will these targeted adverts appear? We have spoken to BT who have confirmed that the adverts will not appear on third party websites, but only those that are a member of the Open Internet Exchange service.

The privacy issues revolve around areas like how opting out of the service will work. The current opt-out plan appears to require people to accept a cookie that is stored on their computer which Phorm will see and know not to track the websites visited. Many of those concerned about privacy will not want to accept a cookie like this. Use of a cookie means all devices with web access will need to be opted out, and if the cookie does go missing their browsing would be tracked until they opted out once again. This is different to most opt out type services where unless you explicitly opt back in you will never receive the material again.

There is a small incentive for people to remain opted into the service and this is a phishing warning system known as Webwise that comes as part of the advertising system. The FAQ that details how Webwise works also gives answers to some common questions about the advert tracking system. Phishing protection is built into a number of anti-virus and Internet security packages as well as some browser tool bar add-ins, so it could be said this feature is more a by product than the main reason for letting people track where you go online.

The FAQ tells us that information such as numbers, email addresses, web site URLs and other potential personal information are discarded and just the type of site is stored in the system. Secure websites using HTTPS are ignored by the system.

Trust is something that is built up over time. Enough people have seen reassurances before that turn out to misplaced. If this system has problems it is sure to get lots of attention.

Comments

Posted by c_j_ over 9 years ago
Thanks for that pointer, not good news but good to be warned in advance.

Does "BT" also include BT subsidiaries Plusnet and Metronet (etc) here? Couldn't see any reference to this on the Plusnet sites yesterday, haven't checked again today...

Obviously I'm pleased I'm no longer a Virgin customer, but if this applies to Metronet and Plusnet I know a few folks who will be looking to move (including me).
Posted by gribz over 9 years ago
Adverts? What adverts? (Praise be AdBlock+)
Posted by mctechlog over 9 years ago
As long as it doesn't mean ISPs using BT Wholesale . . . glad I don't use them. When you limit cookies and regularly delete all to protect privacy as I do, you'd have no way out.
Posted by Guzzo over 9 years ago
Once again BIG Business attemts some form of Net control pretending its only a selling plan.

Stick you cookies where the monkey stuck the Net. You do not need to know what products I buy!
This is nothing more than the online version of the stinking Pizza leaflets droppping on the doormat 5 times a week. Soon I can make a good mat out of them.

Posted by Canopus over 9 years ago
Yes you can opt out by using the opt out cookie, they are very clear about that. They also inform you very clearly that if you are a person who regularly clears out your cookie then you end up opted back in until you download another opt out cookie. They then inform you that to work around that so that you have nothing to do with them all you have to do is put their OIX cookie address into your browsers blocked cookie list and that's the end of it. From my research it's no big deal, nothing to exactly ID you, turn on or off or block
Posted by Clearsky2 over 9 years ago
I thought that some European Directive states that cookies and email stuff should be opted into - that is, people are opted OUT by default????

The Open Internet Exchange service doesn't sound very open?
Posted by wormss over 9 years ago
Why would I want to see adverts of garden stuff if I am already looking on garden websites.
If I want a lawn mower I will search for a lawn mower. I dont want to have 400 adverts telling me to buy one.
What if the computer is used by many people all using 1 account.
And yes, AdBlock+ is the king, but that will not stop the people gathering data on me, just I will not see the adverts they try and show me.
I can hear it now 'advertising generates money' so does selling drugs, becoming a hitman, robbing a jewellery store, doesn't mean you SHOULD do it to generate money.
Posted by brianlj2008 over 9 years ago
Ads are trivial to block. That's not a problem.

The problem is that Phorm (a US-based company with servers in China) will have all your browsing history *whether or not you opt out*. If you opt-out, you just have to trust that they won't use that information.

And trust? Do a Google on 'Phorm' and 'rootkit' to see how trustworthy they have been in the past.
Posted by CARPETBURN over 9 years ago
quote "...deal with BT, Virgin Media and Carphone Warehouse..."
Cant say im shocked its those companys... Glad i wont be affected, have to block enough stupid banners and ads as it is without these adding to the collection.
As to the privacy issue, thats easily solved also.... open router find firewall settings, enter the relevant IP....... good bye to the saddos monitoring.
Posted by CARPETBURN over 9 years ago
Wouldnt infact shock me if some antispyware ends up Identifying their cookie and system as junk to block anyways.
Posted by c_j_ over 9 years ago
Hey Carpetburn, I think you may have misunderstood the way this works. Blocking the *ads* may be trivial, sorting the privacy issue is impossible except by changing ISP to one that doesn't play this silly game [1] - part of the dodgy party's kit sits in the relevant ISP's datacenters, and there's no IP address anyone can enter anywhere (router, firewall, whatever) which can stop that kit from monitoring their traffic as it passes by.

[1] Would anyone trust their "opt out" policy?
Posted by scragglymonk over 9 years ago
Got a decent hosts file to snuff adverts at source, suspect that when get the site's details it will be added. Firefox and adblock take care of the few that get past the hosts file - got mine from mvp
Posted by keith_thfc over 9 years ago
"There is a small incentive for people to remain opted into the service and this is a phishing warning system known as Webwise that comes as part of the advertising system. "

Sounds no different to any other type of Spyware - i.e. promising to give you something utterly useless to give you an incentive to accept.

I mean how on earth could you trust this to protect you given its sole nature is to spy on your browsing habits.
Posted by KarlAustin over 9 years ago
A few people seem to be missing the point, it isn't the adverts that are the problem, it's the fact that they'll have your browsing data - including data submitted in forms, sent to them - regardless of you opting in or out, they will have that data and all that it entails i.e. postcodes, phone numbers etc.
Posted by keith_thfc over 9 years ago
Nobody could be surprised by the ISP's involved though - all of which have plenty of history of deceiving customers.

And AOL have been forcing adware on to customers for years now so nothing new there.
Posted by gayboy-ds over 9 years ago
The government will use this as an excuse to allow them access to data so that they can snoop for pirates... terrorists... gays... It just reeks of double standards here from ISPs. "No Mr. Brown, we are giving you sod all until you hand us a nice wad of cash". Along comes Phorm and offers them that cash.
Posted by keith_thfc over 9 years ago
Gayboy - why would the government use this to search for gays?

I didn't know the government were hunting them down.
Posted by whatever2 over 9 years ago
well i think a couple have been found searching them out on clapham common...
Posted by Canopus over 9 years ago
Webwise uses a cookie with an unique identifier that only identifies the cookie not your PC and certainly not any web forms you fill in. There has never been any legislation that cookies have to be opt in, it's up to you to enable or disable them from your browser along with it's other cookie preferences. If you are really worried about Webwise cookies then simply add OIX.net to your blocked cookie list and it will never effect you. Further info for <i>informed</i> decisions can be found at http://www.webwise.com/how-it-works/faq.html If the FAQs are deceitful you can sue them ;-)
Posted by Guzzo over 9 years ago
Is it me or has this forum gone PC psychotic in the last few days?
why wont devient ideas stay at home and play?
Posted by Dawn_Falcon over 9 years ago
All you need is their server IP addresses. It's what a hosts file is for.
Posted by KarlAustin over 9 years ago
@Canopus - You've missed how this works with the advertising, you really have. I suggest you go over to TheRegister.co.uk and read how it works.

@Dawn_Falcon - That won't do any good, yes it'll block the ads, but it won't block them harvesting your data at your ISP.
Posted by djcalzar over 9 years ago
I personally think a hacker should send Phorm's server so much mail that it falls over. And then keep on doing it until they get the message. I hate Spam advertising of any nature and that's what this amounts to.
Posted by CARPETBURN over 9 years ago
I think a few here are overly paranoid LOL
its nothing but a system where a cookie sends info to a server the server analyses said info and sends targetted ads back, you just make sure you aint got the cookie and you block the server IP which is harvesting the data, it wont get anything that way. I dont read this as some covert thing to monitor people in any real high tec way... It just a ad system like so many before it
Posted by whatever2 over 9 years ago
http://www.theregister.co.uk/2008/02/27/bt_phorm_121media_summer_2007/

Looks like BT have been caught trousers down.
Posted by c_j_ over 9 years ago
"I think a few here are overly paranoid ... It just a ad system"

If you understood what is being talked about, and understood that no DNS fakery the customer can do will stop the monitoring, and that BT and Phorm can't be trusted to be honest about this (see link whatever21 posted) you might be paranoid too.

Or, like others, you might just object in principle to this kind of business operation happening without the explicit permission of the people who pay BT/Virgin/etc's wages.

Read The Register coverage (and the comments).

There's more to this than just a competitor to Google Ads.
Posted by CARPETBURN over 9 years ago
quote"If you understood......"

LOL i understand just fine and can comprehend just find what "web browsing data" is which is what theregister story quotes.

It doesnt record data you fill in on forms like your credit card number when you order something online from a secure webserver. BT or whoevers server couldnt pass that on even if it wanted as its secure AKA encrypted AKA unreadable by anyone except the server doing the transaction. (CONT)
Posted by CARPETBURN over 9 years ago
Honestly some of the paranoia is laughable so far we have 1 person claiming they are gonna have a record of basically everything you do online including credit card numbers and form filling, another that thinks its some conspiracy to catch gay folk, terrorists or anything else... Its just a system to deliver adverts to make money that is all, and its obvious thats all it is. A money making annoying but pretty harmless system. (CONT)
Posted by CARPETBURN over 9 years ago
The worst its likely to do is notice you visit dollyshowsyouhowtonobbleasheep.com often and send you rather amusing adverts of inflatable items.

Either way i dont give a damn i had more brains in the first place than to sign up with BT, Virgin Media or Carphone Warehouse LOL <<< 3 of the biggest cash cow ISPs in this country so no shocker they want to make more cash. It wont affect me or many others :D
Posted by CARPETBURN over 9 years ago
The way some are speaking they think its a keylogger with some supery dupery decrypts all sensitive data and sends secure data to a silly little ad companys web server LMAO
Honestly get a grip!
Posted by Dawn_Falcon over 9 years ago
c_j_ - Actually if you use non-ISP DNS servers and block the right IPs in hosts... yes, it does work.
Posted by greedy4 over 9 years ago
http://www.badphorm.co.uk/page.php?3

Any non-encrypted webpages will be stored bt phorm for 14 days.

Sounds bad to me.

BTW capetburn, did you used to be called movie?
Posted by Clearsky2 over 9 years ago
Phorm... China... Sounds like the company is to affraid of US/European legislation. However, even if Phorm is immune to EU Directives / FCC Rules, the companies that make deals with them are NOT.

I suggest that web surfers will become savvy to the Open Internet Exchange scam, thus rendering websites that are OIX Compliant, dead in the water.
Posted by KarlAustin over 9 years ago
Granted, they can't intercept SSL data, but any other data submitted to forms, they can and will get - that includes a lot of online email services that don't run over SSL (or only run the login portion over SSL).
Posted by CARPETBURN over 9 years ago
quote"Granted, they can't intercept SSL data, but any other data submitted to forms, they can and will get - that includes a lot of online email services that don't run over SSL (or only run the login portion over SSL)."
Install something like Open SSL then. That way they wont know half the stuff you are typing, sending, receiving and lots more. If you set things up right. Or better yet if people are that paranoid about it pick up the phone and say 2 words "MAC please".
Posted by Clearsky2 over 9 years ago
**************

It's also a good way for China to track the cyber-activities of political dissidents from thousands of miles away.
Posted by KarlAustin over 9 years ago
Installing Open SSL isn't exactly something a user of a webmail service can do themselves though is it? "Excuse me Mr. Mail Service provider, will you let me install Open SSL on your servers?" or, "Excuse me Mr. Supplier, will you let me install Open SSL on your web server". Welcome to the real world.
Posted by Guzzo over 9 years ago
Couldn't agree more with CARPETBURN on this one.
In truth you often find that paranoia stems from a deep seated hatred of "normal" citizens and this constant "assertion" is a cover for an individual who knows he/she really doing themselves in and simply want to take others with them with their INSANE persnality disorder
Posted by Dawn_Falcon over 9 years ago
Karl, if you pay peanuts, you get monkeys. I pay £5.50 a month for my web hosting and OpenSSL is avaliable.

Welcome to "if you want deacent service, pay for it".
Posted by Guzzo over 9 years ago
I cant spell either with this damn optic keyboard. Where did I put that old Tactile Cherry Keyboard?
Posted by CARPETBURN over 9 years ago
quote"Installing Open SSL isn't exactly something a user of a webmail service"
If you was that damn worried about your privacy WTF are you doing using a webmail service where its likely already your email is passed around like nobodys business and email is targetted at you.Hotmail, lycos, Google and many others have done that for ages. Honestly get a grip or the Little green aliens are gonna take you away as well. CONT...
Posted by CARPETBURN over 9 years ago
The system is nothing more than annoying poop much like Bonzibuddy and others before it were.

Its just something that sends you adverts.

Its not MI5 and you are not that important so get over it LOL
You must be logged in to post comments. Click here to login.