dslreports logo
 story category
WWW Creator Not A Fan Of Behavioral Advertising
On surfing history: 'It's mine - you can't have it.'

Tim Berners-Lee, one of the creators of the world wide web, says he doesn't much care for the new behavioral advertising services emerging that track online user activity in order to provide more specific ads. In his specific case he's talking about Phorm, a UK ad outfit that once developed rootkits -- who now wants to be trusted with ISP user privacy. They've begun tracking user clicks via ISP network hardware, something the WWW creator isn't ready for:

quote:
"I want to know if I look up a whole lot of books about some form of cancer that that's not going to get to my insurance company and I'm going to find my insurance premium is going to go up by 5% because they've figured I'm looking at those books," he said. Sir Tim said his data and web history belonged to him. He said: "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return."
While the CEO of the largest such system (so far) operating in the U.S. told us they don't track medical data, this is a young industry and there's likely many outfits that will be eager to sell such data wherever possible. It seems that getting consumers to accept this kind of tracking will be the first step. In Phorm's case, the one-time rootkit developer is trying to convince users that their user-tracking ad system is actually a useful anti-phishing solution.

Though some ISPs are making this an opt-in affair, it appears that most are making it opt-out, and are sneaking their use of this technology very quietly into ISP terms of service updates. One user directs our attention to an interesting new article by the folks at Lavasoft on Phorm.

view:
topics flat nest 

Smith6612
MVM
join:2008-02-01
North Tonawanda, NY

Smith6612

MVM

Couldn't agree....

any more with his quote. If I want my web data tracked, I want be asked up about it first hand before it is implemented. But it's a good thing to see that the creator of the Internet is against all of this.
33591094 (banned)
join:2002-11-19
Canada

33591094 (banned)

Member

Re: Couldn't agree....

said by Smith6612:

any more with his quote. If I want my web data tracked, I want be asked up about it first hand before it is implemented. But it's a good thing to see that the creator of the Internet is against all of this.
Creator of the World Wide Web, not the Internet.

darkhand
Premium Member
join:2003-07-28
Hilliard, OH

darkhand

Premium Member

Re: Couldn't agree....

said by 33591094:

said by Smith6612:

any more with his quote. If I want my web data tracked, I want be asked up about it first hand before it is implemented. But it's a good thing to see that the creator of the Internet is against all of this.
Creator of the World Wide Web, not the Internet.
Wouldn't want to steal Al Gore's thunder....

Smith6612
MVM
join:2008-02-01
North Tonawanda, NY

Smith6612 to 33591094

MVM

to 33591094
Isn't the World Wide Web the Internet technically though?
33591094 (banned)
join:2002-11-19
Canada

33591094 (banned)

Member

Re: Couldn't agree....

No. The Internet existed long before the WWW, so they technically cannot be the same.

jjoshua
Premium Member
join:2001-06-01
Scotch Plains, NJ

jjoshua

Premium Member

HTTPS

Web can use https by default. Performance may be slower but that's a tradeoff that some sites may be willing to take.

That would solve the problem.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5

Premium Member

Re: HTTPS

said by jjoshua:

Web can use https by default. Performance may be slower but that's a tradeoff that some sites may be willing to take.

That would solve the problem.
Would it? They would still have the URL you went to whether it was HTTP or HTTPS. So if you went to HTTPS://IhaveCancer.org they would still have that info to sell.
russotto
join:2000-10-05
West Orange, NJ

russotto

Member

Re: HTTPS

But they would not get »medicalstuff.org/ihavecancer -- just medicalstuff.org

Still, encryption is a very heavyweight solution for a problem that is easier fixed by NOT HAVING THE ISP TRACK MY PACKETS.

factchecker
@charter.com

factchecker to FFH5

Anon

to FFH5
said by FFH5:

Would it? They would still have the URL you went to whether it was HTTP or HTTPS. So if you went to HTTPS://IhaveCancer.org they would still have that info to sell.
They would see the URL, but that is it.

HTTPS would definitely go a long way toward foiling Phorm. Phorm uses an algorithm that scans webpages as they are loaded and finds "key words" and uses them to customize the ads for the user. The Register had a good summary of how Phorm works a few days ago...
said by »www.theregister.co.uk/20 ··· rtegrul/ :

Explain for our readers how Phorm's profiling system works.

Marc Burgess: What the profiler does is it first cleans the data. It's looking at two sets of information: the information in the request that's sent to the website and then information in the page that comes back.

From the request it pulls out the URL, and if that URL is a well known search engine such as Google or Yahoo! it'll also look for the search terms that are in the request.

And then from the information returned by the website, the profiler looks at the content. The first thing it does is it ignores several classes of information that could potentially be sensitive. So there's no form fields, no numbers, no email addresses (that is something containing an "@") and anything containing a title like Mr or Mrs.

jap
Premium Member
join:2003-08-10
038xx

jap

Premium Member

Re: HTTPS

said by factchecker :

Phorm uses an algorithm that scans webpages as they are loaded and finds "key words" and uses them to customize the ads for the user. The Register had a good summary of how Phorm works a few days ago...

»www.theregister.co.uk/20 ··· rtegrul/
Cripes. I never thought of backtracking to scan referring url. Bastards. No way for a client to detect presence of such a server tool either. Maybe some kind Mozilla user - who doesn't work for a data mining company - has created a redirect plugin. Time to locate some form of local referrer washer.

Thanks for the Register link. Evil for server owners to install such a tool.

[reminisces the pre-commercial web days]
gaforces (banned)
United We Stand, Divided We Fall
join:2002-04-07
Santa Cruz, CA

1 edit

gaforces (banned) to jjoshua

Member

to jjoshua
A better solution is to make the data mining backfire on them by inserting a worm into their database that sends info back Or it could do worse things ...

Payback is a mofo. Parse THIS, sucka.