Hello all, once again I have been gone from my blog for more time than seems healthy. but I have been a bit busy with stuff as always.
Today I’ve decided to try and help raise awareness of a service called Webwise created by a group of assholes called Phorm.
What is this Phorm stuph then?
Phorm is a company built on top of 121 Media, the very same company that installed extrememly difficult to remove spyware products on your home PC that would bombard your system with pop-up adverts. 121 Media not content with having its malware identified as Spyware by every major anti-virus company on earth decided that it could do more.
Phorm was born and what they do is sell advertising products to ISP’s. Their system works by capturing every single web page request made by EVERY SINGLE Customer at an ISP. Building up an advertising profile that is then used to process mangle the web pages you visit and return those pages with targetted ads based on data gleaned by tracking your web usage.
Let me be clear on this from a technical stand-point the phorm system relies on all outbound traffic being relayed to it on layer 7, each page viewed is captured and processed and fed back to you the user with lovely targetted ads.
But it gets better, they tell you that you can opt-out, basically all this means is that they allegedly stop filling the pages with their targeted adverts, they still perform the data capture. What does this mean for you, the customer? Well basically it means that a third party system, has complete unfettered, un-restricted access to see every single site you have visited, every page you visited on that site everything you posted to that site and they can read everything that you viewed and did. Think about that when you read your webmail, or your on-line bank account details (SSL encrypted or not, SSL proxying is a reality), when you are visiting blogs, when you make a donation to a political party, book a holiday or when your kids are visiting their favourite sites.
What is your guarantee that they dont do this? Well you have to accept their word on it. Is this an acceptable approach to personal security on the internet?
There is no simple way of getting around Phorm’s advertising blitzing technology blocking the web services phorm provides will cut you off from the internet as every data packet has to travel through their system. and Opting out does not stop the data capture process.
Those of you living in the UK should be aware that BT, TalkTalk, Virgin Media and Carphone Warehouse, are offering this ’service’. The private communications data of 10 million citizens is being pimped to phorm. Those of you who live in the US should be aware that Phorm are in discussions with your ISP’s too.
Phor more inpormation on phorm please visit the protest site http://www.badphorm.co.uk
Some additional information – Update.
With thanks to Barry Tork who drew my attention to http://www.politicalpenguin.org.uk you can check out details on Phorm’s patent on-line at the Politcal Penguin blog by following this link http://www.politicalpenguin.org.uk/blog/p,295/ . Political Penguin also have some excellent articles related to the Phorm system.
Cheers Barry and thanks for the info relating to Phorm’s dirty information campaign being conducted by its PR company ‘Citigate Dewe Rogerson.‘
Tonight I’m listening to
Labyrinth by The Cure
Oh Dear, you’re, like, two weeks out of date mate! Get on the real issue- phorm aren’t going to ‘mangle’ pages or read sensitive data- are you really that n00b that you think an audited company could afford to do that when they are under investigation? Also if you do your own research (rather than read comments on El Reg (the online tabloid)) then you’d have seen the system does leave your info alone if opted out (and barred cookies from webwise to be extra safe…).
Get with the real issue rather than making the blog community look like paranoid schizophrenics-
How about trying to motivate people to find out what the real truth is under all this mudflinging- How much data is kept and what is it? How is the data anonymized and will it be sold on?
Probably to much to ask from one of the tinfoil hat brigade but i always hope….
To say that a sh*t storm has started is an understatement…
The story’s developing rapidly, and the focus is shifting towards the ISPs in question who’ve said they’re going to trial it. The Register wrote a great piece today.
I’d refer particularly to the 3rd paragraph in that article, regarding the PR offensive that seems to be under way… If I started seeing positive comments appearing about Phorm on my blog I’d be wondering who the poster was, but I’m naturally suspicious like that…
The Political Penguin’s blog has some great stuff, especially the Patent details.
Refer to The Register’s continuing coverage… and particularly the 3rd paragraph about the blog-based PR offensive that they suggest is under-way.
In light of that, I’d treat supportive posts regarding Phorm with the utmost, err, caution, unless I was sure they had no vested interest. For the sake of balance, I’d obviously treat negative comments the same
The Political Penguin’s blog has some good stuff, especially the Patent coverage.
Firstly Mupp3t (apt name btw) are you really that childish to use the word noob here? Do you really believe what an auditor can tell you? I work in the IT industry and have done so for many years, I know exactly how useless auditing of IT systems and process actually is. An auditor can tell you that if this business process is followed and circumstantial evidence supports that conclusion then a documented outcome can be expected. What if people don’t follow that process all the time? It happens, people take shortcuts they put the Child Support Agency database in the post and lose it in transit. Auditing is not a safeguard and should never be treated as such.
Secondly have you actually read Phorm’s technology patent? I highly recommend it. For the record I VERY CLEARLY stated that if you opt out your page is not mangled with adverts and script injection. I did however, say that the data is still captured; that is the beauty of their system, opted in or out the page information is still captured. The issue is not about targeted ads its about the methodology used to get the information used to build the profile (no less than a Layer 7 re-direct/relay), and while I have pointed out in the post that I have not blogged for a while, I was conducting some research into the system.
I read the phorm patent before I made my post. Its a rather dense article, but I highly recommend you do the same. Afterall fore-warned is fore-armed. But be my guest; If you feel it a great idea to have your data sniffed, captured at layer 7, and profiled then I hope that works well for you.
I on the other hand do not. But here is the real beauty of blogging, I don’t have to justify my thoughts or opinions to you or anyone. My thoughts are mine, my blog is mine so kindly phuck oph, and tell your (in my estimation likely) pals at Citigate Dewe Rogerson to cram Phorm where the sun shineth not.