ISP data deal with former 'spyware' boss triggers privacy fears
Don't worry, 'that was a long time ago'
More than ten million customers of the UK's three largest ISPs will have their browsing habits sold to a company with roots in the murky world of spyware.
The deal has sparked fears over privacy, but today Phorm, the firm behind the new advertising system, strongly rejected such concerns.
BT, Virgin Media, and Carphone Warehouse have agreed to feed data on their subscribers' web activities to Phorm. Data will be fed into the Open Internet Exchange, Phorm's advertising network, where advertisers will pay to target interest groups. Frequent visits to the BBC's Top Gear site might result in being served up more car ads, for example.
In exchange, the ISP trio will get a cut of new revenue. Analysts estimate BT's cut will be £85m in 2010.
There's no word on when BT, Virgin Media and Carphone Warehouse will begin sending customers' browsing information; but now that the broadband business is a high-volume, low-margin business, it's no surprise the providers are hungry for extra cash flow. Their choice of partner is ringing alarm bells in some quarters, however.
Phorm is run by Kent Ertegrul, a serial entrepreneur whose past ventures include selling joyrides on Russian fighter jets. Previously, his most notable foray online was as the founder of PeopleOnPage, an ad network that operated earlier in the decade and which was blacklisted as spyware by the likes of Symantec and F-Secure.
Security firm F-Secure describes PeopleOnPage's software here.
It says: "The spyware collects a user's browsing habits and system information and sends it back to the ContextPlus servers. Targeted pop-up advertisements are displayed while browsing the web.
"Each installation is given a unique ID, which is sent to the ContextPlus server to request a pop-up advertisement." ContextPlus was the rootkit that PeopleOnPage used to harvest data and hide its presence.
The similarities between this business model and that which will be kicked off by Phorm in the coming months are striking.
Phorm, under its previous name 121Media, floated on AIM in December 2004.
The accompanying announcement (pdf) explained how it envisaged its relationship with ISPs and their customers:
The company's business model revolves around distributing its PageSense technology to as many users as possible and showing users as many advertisements as possible, without causing negative reaction, to maximise response.
121Media currently acquires most of its users by integrating its PageSense Desktop technology with consumer software products known as distribution applications, which are offered free of charge to internet users in exchange for their permission to display advertisements.
Sounds quite familiar, doesn't it? The difference between 121Media/Phorm and PeopleOnPage is that the newer company buys its targets direct from ISPs, rather than persuading people to download spyware. It aims to make its money strictly from legit advertisers and publishers, avoiding the sort of operators that gave pop-up advertising such a bad name in the early noughties.
A couple of questions....
1. Were you or 80/20 Thinking Ltd paid for your work at Phorm?
2. You have signed this post as a Director of PI. Would it not have been more appropriate to sign it 80/20 Thinking Ltd?
3. What was your brief?
4. Other less inquisitive articles about this whole subject as quoting you as saying "We were impressed with the effort that had been put into minimizing the collection of personal information." under the banner of Privacy Campaigner. Would it not be prudent to highlight the fact that you were not carrying out your work at Phorm under the guise of a "Privacy Campaigner?"
5. Phorms website has a blog from Kent Ertugrul. This is a direct quote.
"We approached leading privacy advocates in the US and the UK, including Privacy International, and asked them what they thought."
Is this factually correct?
Whilst I am not questioning the good work you and your organisation carry out in any which way, shape or form - I would still like to know your answers to this questions, as in my view the articles in the mainstream press are using the Phorm marketing blurb and not focusing on the more relevant privacy issues, including the inability to not have data sent to Phorms servers, therefore ridiculing the "opt-out" claims. It is my view that any browsing history, search terms and words I have entered into webmail forms are unique to me, and therefore personal data.
Virgin On The Ridiculous
First of all, I just want to point out that I am sick and tired of UK isp dishonesty and cannot believe that the law allows us to be treated with what is blatant contempt and the various constant scamming of customers... I signed up as and NTL user 18 months ago after a year of BT misery... NTL changed hands and under Virgin things have gone from bad to worse... Why are UK ISP providers allowed to advertise a 20 meg BB package until recently make no mention of the words "up to" and give customers the impression that its a 20 meg upstream AND download speed? Also why hasnt the law insisted that thier new traffic shaping policies are shown too?
Not only has Virgin implemented "Traffic shaping" they have also quietly gone about editing the criteria without informing any of its customers. Apparently now they say they are now able to advertise an upgraded XL package so I will have 50 meg BB...
ALL THOSE POP UPS WILL BE COUNTED ONTO UR TOTALS BY UR ISPS!!!!!!!
Will they also be hijacking those kiddie porn freaks with pop ups about cheap flights to Thailand and Gary Glitter comeback concert ticket competitions too? Maybe u will login to ur internet banking and have the same file dll file running a keylogging process so that they can then hit u with more spam as soon as u log out. showing u a flash animation and ur bank details, maybe even a screenie of the pages u viewed whilst u were logged in... Just so they can show u a range of related antispyware products that they think u will want to buy... Sucks doesnt it? Ur thinking that it wont happen arent u? Well rest assured people it can and it will!!
Isnt it about time that the UK net users regardless of isp affiliation all stood as one and demanded what everyone else in the E.U. already has.... ??? In Paris citizens have free net access as part of thier civil rights, part funded by E.U. grants and its still faster than the U.K. isps BB deals on offer... Why do they get 15meg service totally free paid for with E.U. subsidies to which the UK is giving more than any other country in the E.U.??? The reason is cos the rest of Europes countries would stop hiding thier heads in the sand and make a fuss about it...
We are the sickmen of the internet in the UK... Until enough of a stink is kicked up about it, do u really think things will change?
if we simply all sent one email each to our respective area MP using thier related house of commons emails in the same week they couldnt possibly ignore it.... Its no use threatening ur ISP with changing ur provider.. Where u gonna go to? eh?
BT or Virgin.... all the rest of the isps are franchis isps using thier network so u will get an even worse deal than u had b4.... make a stand and spam ur M.P. or M.E.P. ...
To Simon Davies
Do you accept that interception at the ISP, where the Phorm servers get to read your entire HTTP traffic, is inherently vastly more dangerous than the systems used by Doubleclick/Google etc?
Did you perform a forensic analysis of the the source code of the applications being used by Phorm for scanning and discarding personal data? If not, what exactly is it that you verified?