ilago
Premium
join:2005-06-28
Australia
 ·Internode
|  ISP Based Contextual Advertising
I haven't seen this mentioned here as it is broadly USA ISP based where issues to do with net neutrality, ISP behaviour and politics seem to dominate many discussions. I believe this is a privacy and a security issue and maybe coming soon to an ISP near you.
quote:
BT, Virgin Media, and Carphone Warehouse have agreed to feed data on their subscribers' web activities to Phorm. Data will be fed into the Open Internet Exchange, Phorm's advertising network, where advertisers will pay to target interest groups. Frequent visits to the BBC's Top Gear site might result in being served up more car ads, for example.
Covered in two articles in the Register.
»www.theregister.co.uk/2008/02/25···rtising/
»www.theregister.co.uk/2008/02/29···targets/
quote:
TalkTalk, BT and Virgin Media, the three biggest broadband providers in the country with more than nine million customers, last week announced a deal with Ertugrul's Aim-listed Phorm that will put 'targeted advertising' in front of millions of internet users.
»www.thisismoney.co.uk/investing-···age_id=3
The company providing this service is Phorm. Phorm's "Open Internet Exchange (OIX) is an online advertising broker service. With offices in New York, London and Moscow, Phorm (AIM: PHRM, PHRX) is a Delaware, US incorporated company, publicly listed on the London Stock Exchange's Alternative Investment Market (AIM) since 2004" »www.phorm.com/oix/
Their Open Exchange site OXI.com resolves to 203.93.173.3 and seems to be a Chinese web server according to Dnsstuff.com. However, a traceroute carried out from your location will always stop at a point somewhere near. If you are in Belgium, the final hop will be in Belgium. If you are in Australia it stops at »www.telstra.net/cgi-bin/trace?oix.com
quote:
For years now, ISPs have been searching for alternative revenue streams to avoid just being "dumb pipes." A few years ago, they picked up on the fact that they have a tremendous amount of data about what you (yes, you!) do online. A bunch of ISPs then started selling your clickstream data to companies that could do something useful with it (though, those ISPs probably neglected to tell you they were doing this). Late last year, we heard about a company that was trying to work with ISPs to make use of that data themselves to insert their own ads based on your surfing history -- and now we've got the first report of some big ISPs moving into this realm. Over in the UK three big ISPs, BT, Carphone Warehouse and Virgin Media have announced plans to use your clickstream data to insert relevant ads as you surf through a new startup called Phorm.
http://techdirt.com/articles/20080218/024203278.shtml?KeepThis=true&TB_iframe=true&height=400&width=780
Phorm has Kent Ertugrul at the wheel and is using Russian expertise to develop the product. He was a principal in 121 Media. 121Media has from in the malware world. It was the provider of ContextPlus and the Apropos rootkit http://www.symantec.com/security_response/writeup.jsp?docid=2005-102112-2934-99&tabid=2 forced adware "products". Malware removers will be familiar with that "product" and from memory I was still removing this until relatively recently, despite this article on zdnet advising that 121Media had withdrawn from that market.
quote:
...Due to concerns over the practices of some of its distribution partners, ContextPlus has determined that it is no longer able to ensure the highest standards of quality and customer care and therefore is discontinuing further distribution of its software....
...Not surprisingly, the company is blaming its affiliates — sounds familiar, yes? According to this article, several high-level investigations are underway. ContextPlus also is responsible for PeopleOnPage...
http://blogs.zdnet.com/Spyware/?p=820
More Information on 121Media
http://www.independent.co.uk/news/business/analysis-and-features/small-talk-spyware-company-has-its-eye-on-a-fund-raiser-534944.html
How Phorm uses the customer's internet connection to serve the contextual advertising opens a few issues to do with Privacy and Security. It's unlikely that Phorm will only be selling this service to the UK, it's very likely that we'll see this from ISPs in other countries, which would include the USA, Australia, New Zealand and European countries that don't have explicit laws preventing this type of activity. There is apparently an opt-out available, but very little has been published at all by any of the ISPs that have apparently contracted these services. British Telecom is rumoured to be expecting 85 million pounds per annum. .
The proposed Phorm model snipped
quote:
For users who don't opt out, the way the system works is much more clear (see "Active mode" slide). Hit a link in your browser and the HTTP request will be intercepted by the ACE and rerouted to Phorm's Anonymiser. Having hijacked the request, the Anonymiser can then set a tracking cookie, which it keeps hold of.
Without a response, the browser resubmits its request for the web page you want to visit. It is again rerouted to Phorm, but only as far as the F5 hardware, which bounces it on to the website you originally wanted, but also sends a copy of the request to Phorm's profiler kit.
The website reruns the content you want, which is again intercepted by the ACE. A copy of the page contents is sent to the Profiler, this time with the cookie in tow. If the publisher of the page is a member of the OIX, keywords in the page can be used to target ads. Finally the page is served up on your screen, and if everything is worked correctly, the browser and the user should be none the
As the process iterates the cookie will sit there, gradually building up a profile of your interests as you browse. It doesn't matter if most of the websites you visit aren't members of the OIX - their content will go towards targeting adverts on those that are.
http://www.theregister.co.uk/2008/02/29/phorm_documents/
In Australia we are looking at our own government introducing ISP based porn filtering.
http://www.australianit.news.com.au/story/0,24897,23274585-15306,00.html |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
 ·RoadRunner Cable
| This issue has come up in the News forum. I'll repeat what I said there. There isn't anything we can do about our ISP's collecting data on us, but it's very easy to prevent ads from making it to our desktops. I apologize to anyone here who depends on that income to fund their websites, but as usual, the greedy will spoil things for others.
The troubling part is that those most likely to spend times on security websites are the same people that are capable of blocking the ads. The notoriety that this is garnering has convinced me that it is time to adjust my privoxy rulesets to allow ads from sites that I learn things from. I will have to think about how to tell if ads are being redirected. |
|
Its a Secret
Never mind
Premium
join:2008-02-23
Calgary, AB | reply to ilago
I wonder if disabling "Access data sources across domains" will thwart this to some degree? |
|
ilago
Premium
join:2005-06-28
Australia
·Internode
| reply to mikenolan7
said by mikenolan7  : There isn't anything we can do about our ISP's collecting data on us, but it's very easy to prevent ads from making it to our desktops. I am a great deal more concerned about the company that is collecting the data and providing the advertising than whether my ISP has my personal data. I could hardly have internet access if they didn't.
Many of the regulars in this forum are also interested and active in malware removal and will be familiar with the Apropos rootkit and other products from 121 Media.
Is Phorm just same horse, different color and should they be permitted to legally "intercept" your net activity to provide contextual based advertising.
I'd also like some further real technical information about the proposed interception of requests to enable context based advertising. There is a possibility that you may not be able to control it as easily as you think in the future. I've posted what seems to happen with traceroute and there are a few other things I've noted that really need a lot of clarification.
There is more to this than your relationship with your ISP, this is them making money from selling your data which is then outside their control and yours. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to Its a Secret
said by Its a Secret :I wonder if disabling "Access data sources across domains" will thwart this to some degree? Nope. That setting only effects Data Binding in IE4-7.
--
Wanted: More White Babies (i.e. Christian White Supremacy) |
|
anon101
@cox.net
| reply to ilago
Wow! Just what we all need. More stuff to "enhance our viewing pleasures and experiences"!
Does anyone have a link to a site that is using this stuff? I really don't want or need to have my viewing experience enhanced. My hosts file and ad blocking is patiently awaiting.  |
|
MeDuZa
join:2003-06-13
Austria
| reply to ilago
said by mikenolan7 :There isn't anything we can do about our ISP's collecting data on us, but it's very easy to prevent ads from making it to our desktops. Snooping into my browsing habits is no one's business. Preventing ads from making it to our desktops is so far irrelevant. Boycotting those ISPs is the only thing the user can do.
said by ilago :Many of the regulars in this forum are also interested and active in malware removal and will be familiar with the Apropos rootkit and other products from 121 Media. Is Phorm just same horse, different color and should they be permitted to legally "intercept" your net activity to provide contextual based advertising. In this case no matter what kind of horse is Phorm, ISPs are to blame first and only.
No third party should be permitted to legally "intercept" your net activity.
--
Reality corrupted. Reboot universe? (Y/N) |
|
SUMware
Premium
join:2002-05-21
| reply to ilago
Open Rights Group questions Phorm
From The BBC
12 March 2008 - quote:
Campaign body the Open Rights Group (ORG) has called for further detail on the workings of ad system Phorm.
BT, Virgin and Talk Talk have signed up to trial the system, which intercepts users' web surfing to analyse habits.
In a statement ORG said: "Question marks are beginning to appear over Phorm's compliance with the law.
"Can ISPs' employment of Phorm comply with the Data Protection Act? Is intercepting traffic in this manner an offence under section 1 of Ripa (the Regulation of Investigatory Powers Act)?"
There is concern that the interception of users web surfing data may contravene Ripa, which makes the interception of any transmission across a public telecommunication system illegal without the explicit consent of users.
|
|
anon101
@cox.net
| reply to ilago
Re: ISP Based Contextual Advertising
Here's a blog with Phorm's Home Office remarks. Seems if it's in the TOS of your ISP they consider it legal (user consent). What a sham.
»blogs.guardian.co.uk/technology/···ent.html |
|
SUMware
Premium
join:2002-05-21
edit:
March 12th, @12:35PM
| reply to ilago
Firefox Addon Protection
Also: »Phorm - Coming to America?
From Dephormation Firefox Add On quote:
Don't let Phorm/Webwise force you to opt in by default.
Download the Dephormation v1.2 Firefox Add On [visit site].
Why you should be concerned about Kent Ertugrul and Phorm
The Dephormation Add On ensures that your decision to opt out of Phorm profiling cannot be undone.
Optionally, the Add On can also alert you to sites using Phorm/Webwise/OIX profile based advertising.
With each page you view in your browser, a Phorm 'opt out' cookie is set automatically, and the Phorm UID cookie is randomised. Even if you delete all your cookies regularly.
But Dephormation is not a solution. Its a fig leaf for your privacy.
Phorm's webwise product presents so many security/privacy risks it should never be implemented.
Note that Dephormation cannot protect applications like iTunes, Google Earth, other browers such as Lynx and Internet Explorer, instant messaging applications, remote desktop tools, RSS/ATOM feed readers, or external images embedded in HTML email.
www.badphorm.co.uk
www.politicalpenguin.org.uk
Petition to the UK Prime Minister
www.StopPhorm.bebo.com
Complain to your ISP. Your MP.
And the Information Commissioner.
Stop Phorm. Protect your right to privacy.
[Note by SUMware - I am not personally familiar with this addon] |
|
anon101
@cox.net | reply to ilago
Re: ISP Based Contextual Advertising
An interesting article:
Traces the history and background...
»www.politicalpenguin.org.uk/blog/p,294/
|
|
Grimy
Premium
join:2005-01-13
Orange, CA | reply to ilago
It's not just Phorm.
»Wide Open West Using NebuAD
--
"Before you accuse me, take a look at yourself"-Bo Diddley |
|
SUMware
Premium
join:2002-05-21
edit:
March 12th, @01:58PM
| Whoa! Thanks.
NebuAd Services Privacy Policy: US / Canada Version
How it works:
ATM for ISPs or Spy in a Box?
NebuAd installs equipment inside facilities of ISPs to glean deeper insights
Dec. 10, 2007 - quote:
NebuAd installs equipment inside the facilities of Internet service providers (ISPs), which see everything their customers do online. NebuAd's boxes examine many of the sites people visit, what they do there and what they hunt for on search engines.
The company won't say how many carriers or advertisers it works with, though CEO Bob Dykes said Internet providers representing millions of customers run NebuAd's system to let it gather information. In return, they get a share of the revenue from advertising NebuAd places.
The only ISP known to be working with NebuAd is Monroe, La.-based CenturyTel Inc., which has 530,000 broadband subscribers scattered throughout the country. NebuAd says some of the largest ISPs are at least testing the service.
Aspects of NebuAd's technique are already in play. For example, besides cookies, many online retailers deploy "clickstream analysis" tools that monitor what customers do on a given site — what they browse, what they read, which items they put in their shopping carts but fail to buy.
|
|
SUMware
Premium
join:2002-05-21
| reply to ilago
Top security firm: Phorm is adware
From The Register
12th March 2008 - said by The Register :
In a fresh blow to its hopes of winning consumer acceptance, a top three anti-malware firm has said it will very likely include Phorm's targeting cookies in its adware warning database.
Trend Micro told The Register: "The nature of Phorm's monitoring of all user web activity is certainly of some concern, and there is a very high chance that Trend Micro would add detection for the tracking cookies as adware in order to protect customers.
"Obviously, as with other adware/spyware Trend Micro would need to constantly monitor things like... how aware users are that they are being tracked and whether the user has the ability to completely opt out of the service."
If Trend adds detection for Phorm then millions of home computers running a scan using its protection software would get a warning that their ISPs have dropped either a Phorm opt-in or an opt-out cookie onto their systems.
PC Tools, another large anti-malware firm, based in Australia, echoed Trend Micro's concerns for its customers' privacy and security. It said in a statement:
If our research confirms that Phorm places an opt-out cookie on the desktop PC, we will evaluate if it safe to remove it without re-opting the customer back into the Phorm tracking mechanisms.
If the cookie cannot simply be removed but we can find a reliable method to detect the Phorm service, and the Phorm service was evaluated and identified using our threat matrix, we will then endeavour to alert our customers of its existence.
Naturally we encourage all companies involved in handling, monitoring or storing personal information, such as web-surfing behaviour, to prominently disclose whether there is information being supplied or used by a third-party. Ideally any service with privacy implications should require users to consciously opt-in after they know all the facts. PC Tools is a significant player in consumer desktop security because its Spyware Doctor software is bundled with the Google Pack. We are waiting for responses from Symantec and McAfee, the two largest anti-malware vendors.
|
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
·Sprint Mobile Broa..
·RoadRunner Cable
| reply to ilago
Re: ISP Based Contextual Advertising
I don't think I explained my point very well. The reason that this privacy intrusion exists is because there is an accessible revenue stream. If we cut off the revenue stream (which is ads reaching our desktops), we will stop this invasion into our privacy.
If everyone were to block ads from reaching their desktops, many privacy invasions would dry up and go away. If enough people do it, they will determine who is, and who isn't, and not waste money tracking people who are blocking ads.
The reason we all get spam is because it is nearly free to send. Keeping track of the online movements of people will be expensive, when compared with collecting email addresses. That's why it has taken longer for this approach to profiting from the internet to come about.
The key to solving online issues is not always technology and regulation. Sometimes the best approach is to follow the money. |
|
ilago
Premium
join:2005-06-28
Australia
·Internode
| said by mikenolan7 :If everyone were to block ads from reaching their desktops, many privacy invasions would dry up and go away. If enough people do it, they will determine who is, and who isn't, and not waste money tracking people who are blocking ads. ..snip... The key to solving online issues is not always technology and regulation. Sometimes the best approach is to follow the money. If everyone blocked all ads, a huge number of valuable websites would disappear. That is a separate issue.
I had actually lost hope of anyone being interested in this 
I did a lot of homework before posting originally. Kudos to "The Register" for following this up in depth in the face of apathy on the part of the mainstream media.
Up until now, few ISPs have pulled stunts like this.
DePhormication - I'm not seeing how anything you do with your browser at your machine can stop your data being handled by the Phorm hardware in your ISPs hardware. The interception of data does not appear to be at software level or at your machine. The first hop is through the hardware at your ISP. You can't bypass your ISP as the first hop of your connection. With Phorm or similar technology installed that first hop is through their hardware and then referred to the webpage you've requested. Your ISP password is not yours if it is processed through other hardware?
ISP customers pay for a service not a degraded response while some piece of third party commercial interest hardware processes my requests. I'm not in the Phorm line of fire in Australia ..... yet.
How can you safely do academic research or safely conduct confidential commercial with this level of "interception" that could be so easily abused and developed by a known malware provider?
So much for Safe Hex and good security practise.
This appears to be the patent
»www.freshpatents.com/Targeted-ad···cription
Referenced and discussed here:
»www.politicalpenguin.org.uk/blog/p,295
This is a US patent and Phorm is registered in Delaware. With that patent do they end up with a monopoly in this area which is, in fact, the worst possible future for internet.
This opens the door even wider for other types of interception and once the hardware is installed. With a monopoly the technology can be licensed and the data onsold to anyone. Can other malware providers, security services, vested interests such as a well known fiction based commercial cult, pay Phorm for access to this level of "interception" once it is in place. It would be out of the hands of your ISP if that is the case.
Phorm are saying "Trust us, we know what we are doing". They might know, but we don't.
I'm having difficulty finding the technical details about the hardware. Switching processes at ISP level are not my area of expertise. |
|
SUMware
Premium
join:2002-05-21
edit:
March 12th, @07:06PM
| said by ilago :DePhormication - I'm not seeing how anything you do with your browser at your machine can stop your data being handled by the Phorm hardware in your ISPs hardware. The 'theory' is that the user must be given the opportunity to 'opt-out' of Phorm's service. This is achieved by setting a cookie. Phorm claims that it will honor such requests and will not monitor said users.
Dephormation claims that said by Dephormation :
With each page you view in your browser, a Phorm 'opt out' cookie is set automatically, and the Phorm UID cookie is randomised. Even if you delete all your cookies regularly.
The Dephormation Add On ensures that your decision to opt out of Phorm profiling cannot be undone.
Optionally, the Add On can also alert you to sites using Phorm/Webwise/OIX profile based advertising.
Time (and investigations) will tell if this will continue to be SOP with Phorm, similar organizations & cooperating ISPs.
In the meantime they'd like us to trust them. |
|
SUMware
Premium
join:2002-05-21
| reply to ilago
said by ilago :I'm having difficulty finding the technical details about the hardware. Switching processes at ISP level are not my area of expertise. How Phorm plans to tap your internet connection |
|
SUMware
Premium
join:2002-05-21
edit:
March 12th, @07:43PM
| reply to ilago
Alert | 
Preferences | | 
about:config |
I've just installed this addon with the above displayed, and the shown 'about:config' additions. |
|
ilago
Premium
join:2005-06-28
Australia
·Internode
| reply to SUMware
Thanks SUMware, I've been following the Register information fairly closely 
As far as I can see from the Hardware Architecture Diagram, there is NO way that the first hop can avoid the Phorm interception, regardless of the protocol being used for accessing the network. It is the Phorm equipment, not the ISPs, determining whether you've opted out.
I find giving a known malware developer access to all users' internet activities at hardware level in the name of advertising to be appalling. |
|
