Details On British Telecom, Phorm Trial LeakedPhorm's PR problem just got worse... ( old news - 06:20PM Thursday Jun 05 2008) tags: business · privacy · worldDespite the scuff up over Charter's sale of user browsing history to behavioral advertising firm NebuAD, the discussion of the privacy implications of such systems have been muted. As I mentioned last week, there's some dissent within the halls of ISPs between engineers and marketing departments over the use of such systems, but for the most part the public here remains unaware that their albino antelope fetish has become a revenue stream. In the UK, the debate over such systems has been much more heated. That's in part because the largest behavioral advertising firm in the UK, Phorm, began its money-making life as a spyware and rootkit developer named121 Media. And whereas NebuAD is fairly forthcoming about their systems, Phorm tries to warm consumers to the idea by pretending that their system can protect users from phishing scams. The company also found itself under fire when it was revealed that they conducted a secret trial with British Telecom, without anyone bothering to tell consumers. A former rootkit developer secretly buying your browsing history under the guise of an anti-phishing solution? What could go wrong? Wikileaks today, um, Wikileaked the confidential results of Phorm's trial with British Telecom. The leaked memo (pdf) shows, among other things, that personal IP addresses were involved in the tests, contrary to Phorm's claims that personal identifiers would be made anonymous. Wikileaks also claims that charity ads were replaced by more profitable endeavors: "The advertisements were used to replaced [sic] a 'default' charity advertisement (one of Oxfam, Make Trade Fair or SOS Children's Villages) when a suitable contextual or behavioural match could be made by the PageSense system." Given the trial was conducted secretly (potentially in violation of British law), users obviously didn't know about it. The report concludes that just 15-20 users (0.1% of the 10,000 tested) actually noticed the trial and had a "negative reaction." Of course none of the users who noticed glitches caused by the system understood they were caused by Phorm. The test concludes that to sell users on the idea, PR is obviously essential "Any deployment of Page Sense will clearly require the userbase to be informed. Despite the fact that the system is intended to improve the relevance of advertisements through anonymous collation of browsing histories, communications regarding advertisement systems and information collection could lead to negative perception if not carefully handled. You think? Might I suggest that carriers interested in insulting their users' intelligence could do what Charter did and suggest that such systems are so beneficial, they're no different than users getting faster speeds. The memo goes on to note that (just like NebuAD's system) opting out of Phorm's system does not opt users out entirely. The memo also notes that the system they tested (which may have evolved since) was a bit of a pig: The measurements made during the trial indicate that the Page Sense system tested will require the deployment of approximately 323 server platforms to cater to BT's customer base -- approximately 283 proxy servers and 40 Channel-servers. . .121Media needs to develop a solution that requires fewer devices, uses less footprint, and consumes less power. There's plenty more technical specifics in the report for those interested in studying these systems more closely. I'd particularly be interested in reading thoughts from ISP network administrators. If you're unfamiliar with NebuAD, see my interview with NebuAD CEO Bob Dykes.
Related:- Phorm Continues To Lose Executives
- Wednesday Evening Links
- Phorm May Not Be Out Of The Woods Yet
- Amazon 'Opts Out' of Phorm User Tracking
- Sweden's New Piracy Law Foiled By ISPs
- NSA Still 'Overcollecting' American Data
- Phorm Goes Off The Deep End
- Phorm Fighting Tightening Balance Sheet AND Critics
|
 
HEDP
join:2008-04-27
Miami, FL | ... "A former rootkit developer secretly buying your browsing history under the guise of an anti-phishing solution? What could go wrong?"
This isn't the first time it has happened or is happening currently. You shouldn't be surprised. | |
|  | 
Karl Bode
News Guy
join:2000-03-02
Host:
Road Runner
PC gaming GAMES
PC gaming Tech
| Re: ... This isn't the first time that a British rootkit developer changed their name, became a behavioral advertising developer, conned all of Britain into thinking they had changed their stripes and were selling anti-phishing software, and then triggered a global privacy firestorm?
Or do you mean it's not the first time a sleazy group has continued to show sleazy tendencies? Because if the latter, yes I agree. | |
| | |
HEDP
join:2008-04-27
Miami, FL
| Re: ... Pretty much a little bit of both. I am on a Charter line as I write this to you. Coming from the underground there are many ways to keep track of consumer information, and this is simply doing it on a large scale.
You can start with any basic home network and simply expand from that little branch into many sections where data can travel without a user knowing other than some behavior patterns done by packet inspections.
If these companies are so out of shape that they need to enforce caps and have network capacity issues, one month of consumers not paying their bills or simply cancel their service will bring a major blow to a companies financial table. If these issues where so important, someone would of started another ISP.
The problem is that how the internet works, if one person has it, it does not really matter who else get's it. Any traffic between peering points will be logged, and copied. So the moment AT&T did what they where doing, everyone who traveled through AT&T's backbone has been affected and with such a massive backbone they have, I am sure just getting to this website I have traveled through their network.
Someone with a small understanding of basic TCP/IP will know that there is always a trace. Since data can be intercepted or seen so easily traveling through the network, a basic tool such as a lan sniffer is all you really need to do in order to see.
The man is no mastermind, but he can cause a lot of damage. Why bother attacking the OS after all, that's becoming hard now with Vista and Mac. Just attack the network directly by selling a product that is useful to ISPs but at the same time useful information for identity thieves.
By the way Karl, I just hope that you let nobody change your mind and speak in what you believe in. I speak what I believe in even though nobody really agrees with me, but that's the nature of being true to yourself and others.
The internet is the biggest P2P network their is, anyone who tells you something different is a liar, and should be buried alive. Don't let AT&T and Verizon control the internet gates to the rest of the world, that's all I really ask of you. | |
| | | 
knightmb
Everybody Lies
join:2003-12-01
Franklin, TN
 ·AT&T DSL Service
| Fight Back See my signature for a link to generate data to pollute their product. As was pointed out on Slashdot, I'm sure they can ignore the invalid domains, so that's why I recommend using the "mix with fake sites" option.
Due to this, I may end up tweaking the anti site a little to include an option of "just use all real sites" and put a little link on the page to "suggest a site" to add into the random rotation.
All the suggested links will have to be checked first (in case someone gets a funny idea to use a phishing/hack site or a site with their own personal referral number). But since it's all client accessed, they won't be able to stop the pollution attack short of just banning your IP from the list to watch (would that be so terrible of a ban list that they quit watching you?  )
--
Fight NebuAD and the like:
Click Here to pollute their data | |
| | | 
Anti Rootkit
@co.uk | Re: ...Nationality phorm is a US company registered in Delaware. The principal officers and developers are Russian. | |
| 
sbrook
Premium,Mod
join:2001-12-14
H0H 0H0 | So, I visit a page with an Ad, and phorm replaces it? If I was the original advertiser, I would be SO PISSED OFF. Again, it's all a matter of the sanctity of the content of packets being violated. Even if it's an ad! | |
| | 
Jason Levine
Premium
join:2001-07-13
USA
| Re: So, I visit a page with an Ad, and phorm replaces it? And I would be extremely pissed off if I were the website operator. When I put ads on my website, it means one or two things:
1 - I, or the charity the ad is for, am making money off of the ad in question.
2 - I approve of this company's service.
By replacing those ads with other ads, they are depriving me of income, depriving charities of income, and using my name to insinuate that I approve of a product or service that I might actually be opposed to.
In fact, I would call this fraud since they are fraudulently using my (hopefully good) name and reputation to sell something. I could be defamation of character too. After all, if the product/service is bad, then my name/reputation might be damaged as a result.
--
-Jason Levine
Support a children's charity. Buy a calendar. Shooting For A Cause
Jason's Toolbox | PCQandA.com | |
| 
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| they are still at it - 121Media Amazing, legally BT under its Terms and Conditions, could not drop the cookie to enable tracking so instead they let 121Media to do it stealthily
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008 | |
| | | Corydon
Cultivant son jardin
Premium
join:2008-02-18
Denver, CO
clubs:
 ·Comcast
1 edit | Re: Don't Pimp Me Bro So let's suppose that Qwest (another company in financial straits) decides to do something like this.
And let's further suppose that you live in a community serviced by Qwest and Charter.
Who, precisely, do you propose changing your ISP to? AOL?
--
My opinions are my own. No-one else would want them! | |
| | | EPS
join:2008-02-13
Hingham, MA | Re: Don't Pimp Me Bro AOL isn't doing so hot either, and don't they basically use the same thing with their software client, except that they don't have to alter the content of pages to serve their ads? (Alright, that's a big difference, but data is still being examined) | |
| | | 
GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
2 edits | said by Corydon  :So let's suppose that Qwest (another company in financial straits) decides to do something like this. And let's further suppose that you live in a community serviced by Qwest and Charter. Who, precisely, do you propose changing your ISP to? AOL? You can always use a VPN based proxy service. Then the ISP can't see your web pages to modify them since they are encrypted. The only thing they will see is that you are going to the VPN proxy web site - nothing more. Assuming, of course, your VPN proxy service isn't also being modified somewhere by their ISP or host provider.
Here is only 1 example. There are many others:
»www.banana-vpn.net/supportfaq.htm
And it will cost you $20/mo.
--
My BLOG .. .. Internet News .. .. My Web Page | |
| 
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| The other evil The selling of customers' browsing data (or access to it) is widely recognized as offensive and objectionable to the customers. The other evil in this situation is less recognized, but ultimately even worse: ISPs could gain a licence to falsify data on its way from one person to another.
This pdf is notes of a presentation that Phorm marketers gave for prospective customers. It has lots of technical detail beyond what has been known to most "netizens" so far.
And among other things, the phorm system installed at an ISP redirects requests (there's a request when you click a link or bookmark, or type in a URL) invisibly to a user, and "impersonates" the destination site long enough to contaminate the request/response with Phorm code.
If this somehow becomes accepted as legitimate, it will become hard to trust anything received over the wires, or to be sure that what one transmits is received unaltered at the other end, unless it's encrypted. Once given this power, ISPs or companies they contract with will sooner or later escalate to "filtering" pages deemed undesirable, and eventually rewriting content.
We shouldn't have to accept this any tampering at all in order to obtain internet access.
If you feel the same, please write to your Congress-people and demand laws that require *Separate* consent for data-interception (so they can't require you to consent in order to get internet service). | |
| | openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| Re: The other evil said by swhx7 :And among other things, the phorm system installed at an ISP redirects requests (there's a request when you click a link or bookmark, or type in a URL) invisibly to a user, and "impersonates" the destination site long enough to contaminate the request/response with Phorm code. You mean like a proxy server? | |
| | | 
MarkH
reserved for later use
Premium
join:2002-12-19
| Re: The other evil »www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf
That link is a report done on the system phorm want to employ, it was authored by Dr Richard Clayton of the University of Cambridge.
Phorm have not disputed any of the claims made in Dr Clayton's report, as you will see, it is far more reaching than any simple proxy.
The system actually forges cookies, even for sites that don't use them, it employs multiple redirects to achieve their forgery, and is generally very intrusive.
»www.lightbluetouchpaper.org/about/ Dr Clayton has also made several postings to that blog with regard to the phorm situation. | |
| 
GlobalMind
Domino Dude, POWER Systems Guy
Premium
join:2001-10-29
Hollywood, FL
| So hold on... I haven't looked into this all that much admittedly, but am I to understand that this system would inject ads onto websites which normally do not have ads on them?
Seems to me that any ISP does not have the legal right to modify the website code of a site they do not own, even if it's just on the delivery via this bodged up proxy type sytsem. After all, my site's content belongs to me regardless of the ISPs network it may travel over.
I still say it's all BS and that my browsing history belongs to me, not the ISP, regardless of whether it runs on their network. I generated the data after all.
--
TheGlobalMind.com | Speed costs money. How fast do you want to go? | Trust the instinct to the end, though you can render no reason. Ralph Waldo Emerson
| |
| |
Jason Levine
Premium
join:2001-07-13
USA
| Re: So hold on... I'm not sure if it will inject ads into an otherwise ad-free page, but it does take pages with ads, take out those ads, and insert ads from its own system in its place. The end result is that the webmaster (and possibly charity) doesn't get the ad revenue and the webmaster's good name and reputation is used without their consent for Phorm's profit (possibly damaging the webmaster's name/reputation in the process).
--
-Jason Levine
Support a children's charity. Buy a calendar. Shooting For A Cause
Jason's Toolbox | PCQandA.com | |
|
Jason Levine
Premium
join:2001-07-13
USA
| Phorm is Spyware In the past, we've seen applications that replaced ads on webpages with their own ads. We, rightfully, called these applications ad-ware or spyware. However, to do this a spyware purveyor needed to install a rogue application on your computer.
Phorm, however, just waved some cash under the noses of some ISPs and got their program installed on the ISP level. You can run all the anti-spyware applications ever developed and it won't help you one bit on this one. The ads on the pages you are viewing *will* be replaced if your ISP is running Phorm and Phorm decides to replace the ad. Let's call Phorm what it is: Spyware on a massive scale. (Now, in line with how other spyware vendors reacted, I wonder if Phorm will try to sue me for calling them spyware.)
--
-Jason Levine
Support a children's charity. Buy a calendar. Shooting For A Cause
Jason's Toolbox | PCQandA.com | |
| |
MarkH
reserved for later use
Premium
join:2002-12-19
| Re: Phorm is Spyware said by Jason Levine :Let's call Phorm what it is: Spyware on a massive scale.
To quote a phrase that has been used on a few forums: Intra-ISP-Spyware
There's no need for the target consumer to download a thing, the ISP sells them out for a few extra pieces of silver.
| |
| | | |
|
|
