It would appear that at least one BT customer who posted on our forums could have unknowingly been involved in some form of beta testing or evaluation of the Open Internet Exchange software. The Register highlighted this thread which resulted in someones web browser accessing dns.sysip.net whenever they visited a website.
Phorm claims to be setting a 'gold standard' in online privacy, but with the denials and confusion that this person has gone through, it will make many question the reassuring statements that are appearing.
In theory, if what Phorm say they are doing works as expected, peoples information should be safe. The servers running at the ISP, while they will see things like the URL of the site you are visiting and other data a HTTP request provides, they are meant to filter this information and immediately mask out things like numbers longer than three digits and phrases with @ in them. The site is then looked up in a categories database to determine the sites type and then the count for this category is incremented against the unique identifier for that user. So in theory even if the persistent data that is stored in the database is compromised, all it should be able to tell someone is that user 1234 views lots of motoring websites and a few online shopping sites.
That is the theory as we understand it but, as always, the proof will be in how it works and whether the data is exactly as described. For example if something as simple as a domain name was also included in the persistent data, by analysing this you could perhaps identify individuals. A home worker may often visit his companies website and have a personal domain also, the two tied together could lead you to identiy someone.
For those using one of the many millions of BT Wholesale based ADSL connections, the BT division involved in the Phorm deal is BT Retail and will only affect BT Retail customers. Another item on The Register confirms that even the providers such as Plusnet and Madasafish who are owned by BT Retail will not be affected. With regards to Virgin Media, one presumes that both the cable and ADSL services will be affected. In respect of TalkTalk, it is not clear whether this will affect just TalkTalk customers or also include AOL Broadband who are part of the Carphone Warehouse group.