Phorm is a scary UK initiative to track the websites most UK Internet users visit and to track what we type in when we visit these site, via users’ own ISPs, and then to use that information to serve them advertising. Phorm has been set up to work with the key UK ISPs, such as BT, Virgin Media, and TalkTalk. Phorm expects to have access to the browsing habits of 70% of UK broadband users. If have been writing about electronic wake issues for some years now, but this is the one that is likely to make the topic one of popular outrage.
When the system was first unveiled and trialled there was an explosion of concern and Phorm backtracked to the point where it agreed to allow users to opt-out. However, it was likely that to opt-out a user would have to do it separately for each computer they used and for each account that had on that computer. At present it looks as though opting out would only stop the ads being served, it would not stop your Internet traffic being recorded and added to Phorm’s database.
Phorm and the ISPs plan to do this monitoring by using deep packet inspection (dpi), which means that the ISP opens and reads information travelling to and from the Internet users. There is also a concern that it could edit that information – for example changing the results from a Google search request.
Phorm and the ISPs claim the data they collect would be entirely anonymous, but there is great doubt about whether this would be true. For example, when AOL accidently put the search records of 650,000 users into the public domain in 2006, specific individuals were identified.
The potentially good news is that, according to the BBC, the UK Information Commissioner has said that in the UK the ad serving part of Phorm must be opt-in. That might be enough to kill the Phorm initiative, unless the ISPs find some way round it, because it is hard to see that many people will choose to monitored and targeted for unwanted ads.
There had been some hope that the Home Office would also rule that Phorm was illegally intercepting messages (remember they are planning to open the traffic to and from your computer and read it), but the Home Office seems happy. I suspect that this is because either the Home Office plans to use Phorm to monitor what we do, or because the Home Office is already, or plans to, use a similar system to monitor what UK people are doing and saying online.
If Phorm does go ahead, then expect to see a large number of people leaving Virgin, TalkTalk, and in particular BT.
It would be nice to see initiatives from Market Research organisations such as ESOMAR, MRS, and ASMRS making it clear that they oppose Phorm and anything similar. It would also help if advertisers were to make it clear that they would avoid this intrusion - but that may be hoping for too much.
Phormcommms sock puppet... how can you possibly anonymise a huge block of data from the internet?
I recall asking you a while ago and you couldn't explain.
Suppose my surname is Hammer. And you find my name in a block of text. How are you going to filter that out. Or are you going to show me a DIY ads?
Suppose my first name is Rose. And you find my name in a block of text. Are you going to server me gardening centre ads? Or filter that out?
Now suppose the text I'm reading is French, German, Chinese, Spanish... Is your system so multilingual it can spot PII from all of those cultures, in all of those character sets?
What you are suggesting is so technically absurd its hard to find polite words. Its pure tripe. Its nonsense.
Webwise will unavoidably store and process PII. Its undeniable (but you keep denying it).
Posted by: Pete | July 18, 2008 at 05:27 PM
The Phorm Comm team have never answered the questions I have asked them on other Forums, all they ever do is utter the same diatribe.
"such as the the earth is flat, trust us, the earth is flat" !
Posted by: I'm not a Jackass | April 16, 2008 at 10:46 PM
I'd be interested in Phorm's response to F-Secure's recent blog...
http://www.f-secure.com/weblog/archives/00001420.html
Posted by: Mike Gray | April 16, 2008 at 09:56 AM
I am always glad to welcome debate. But I want to come back to the point about anonymity. When AOL released the search data, it was not IP addresses nor names entered as names that led to people being identified, it was the content and pattern of things that were searched for. For example, if I am a member of a local church I may search for it, I might look for related information. I might also play rugby and search for rugby related sites and visit my club's website plus others. By adding together these snippets of my life, such as the fact I am an elected councillor, you would soon arrive at me. This is what the New York Times did with Thelma Arnold.
There is also the issue of whether better targeted ads are, by themselves more intrusive, something that the Facebook beacon advertising fiasco turned up. For example, many home PCs are shared between two or more users, most of whom do not log on with different user IDs. Imagine the case were a husband is searching for a surprise Diamond wedding gift, the wife might be surprised to see a wide range of Diamond wedding gift adverts. Worse still, the husband could be search divorce lawyer sites!
Finally, there is the issue of ISPs already being paid for the service they provide. Most sensible people accept that website advertising allows many websites to be free at the point of use. However, I pay BT a large sum of money each month for broadband access - and it mostly works OK. I do not, therefore, expect them to monetise that relationship in different ways that do not benefit me. Indeed, if Phorm goes ahead, I will move my two BT accounts, and urge others to do likewise.
Posted by: Ray Poynter | April 14, 2008 at 11:56 AM
Hi there
I work on behalf of Phorm here in the UK - I am part of the comms team. While we welcome the healthy debate our system has encouraged, there are some points above that need clarification.
Firstly, let us be clear, the Webwise system does not store personally identifiable information. The AOL situation could not arise because our system does not store PII, so it cannot be lost, hacked or misused. This is in stark contrast to many search engines that store details such as IP addresses for over a year even BEFORE they are anonymised.
Secondly, this is not a system designed to increased either the number or the intrusivenss of ads - such a system would be counter-productive. Webwise is designed to make those ads that are shown to the user more relevant to that user. It works not by identifying a person but simply anonymous behaviours. It does not monitor 'what you do online' because we ignore names, email, even postcodes. Webwise is about making the ads that you experience as part of the Internet as relevant as possible, without compromising your privacy online.
If you want any further information, see http://www.phorm.com or www.webwise.com
Posted by: Phorm Comms Team | April 14, 2008 at 11:03 AM