Feeds

How Phorm plans to tap your internet connection

Under the hood of BT's data pimping machine

The Essential Guide to IT Transformation

Exclusive Internal BT documents obtained by The Register for the first time provide solid technical information on how data from millions of BT, Virgin Media and Carphone Warehouse customers will be pumped into a new advertising system.

It will not be "injecting" anything into your internet connection, as some commenters on our previous stories have suggested. Phorm's Open Internet Exchange (OIX) is an online advertising broker service that, just like DoubleClick, matches advertisers with publishers. For both these parties, the closer the match the better: advertisers reach the people they're most interested in, who are more likely to click on the ad, which means the publisher will get more money.

DoubleClick does matching using a cookie. Each time you visit a website running DoubleClick code, it can log that you've been there and build up a profile of what ads might be relevant to you. You can of course just kneecap the DoubleClick's system by refusing its cookies in the first place (at that level at least; it does targeting in the old school way too, by serving technology ads on The Register, for example).

Phorm is notably vague on its own website about how its system actually works, preferring to emphasise that the data it collects will be anonymised, and that it also offers anti-phishing warnings.

"With OIX and Webwise, consumers are in control: they can switch relevance 'off' or 'on' at any time at Webwise.com," it reassures. But are they just be switching off ad targeting, or can they stop their data being sent to Phorm?

Click image to enlarge

A presentation doing the rounds at BT suggests two possible scenarios. The first alternative is that "ACE" in these diagrams checks whether a user has opted out of their browsing history being used to target advertising, and the process ends there and a normal HTTP request is sent to the website the user is visiting. The second possibility is that the opt-out check is performed once the request has been diverted all the way to the Anonymiser. That would mean Phorm still knows what you're looking at.

We'll be asking Phorm's CIO Marc Burgess about that point next week. You can help us out with your own questions for him. Just click on the author's name or post in the comments.

Click image to enlarge

"ACE" is a piece of Cisco hardware - its Application Control Engine. Details on the kit are here. F5 hardware performs similar functions, more here.

For users who don't opt out, the way the system works is much more clear (see "Active mode" slide). Hit a link in your browser and the HTTP request will be intercepted by the ACE and rerouted to Phorm's Anonymiser. Having hijacked the request, the Anonymiser can then set a tracking cookie, which it keeps hold of.

Without a response, the browser resubmits its request for the web page you want to visit. It is again rerouted to Phorm, but only as far as the F5 hardware, which bounces it on to the website you originally wanted, but also sends a copy of the request to Phorm's profiler kit.

The website reruns the content you want, which is again intercepted by the ACE. A copy of the page contents is sent to the Profiler, this time with the cookie in tow. If the publisher of the page is a member of the OIX, keywords in the page can be used to target ads. Finally the page is served up on your screen, and if everything is worked correctly, the browser and the user should be none the wiser.

As the process iterates the cookie will sit there, gradually building up a profile of your interests as you browse. It doesn't matter if most of the websites you visit aren't members of the OIX - their content will go towards targeting adverts on those that are.

Click image to enlarge

We tapped Aaron Crane, The Register's Technical Overlord, for help bending our puny scribe's brain around these diagrams. He said: "Looking at this makes me damn glad my own internet connection is funded by what I pay for it, so the ISP doesn't have to engage in this sort of shady practice merely to cover costs.

"If I were using one of the ISPs concerned, I'd switch."

Phorm meanwhile claims its technology represents "a revolution in privacy". On this evidence, we're inclined to agree. ®

Bootnote

BT still hasn't bothered to explain why it told El Reg, and more importantly its own customer, that it had no relationship with Phorm last summer. Suspicious connections to Phorm domains were the result of spyware, BT told a BT Business subscriber. We asked why first thing on Tuesday morning.

The Essential Guide to IT Transformation

More from The Register

next story
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Speak your brains on SIGNAL-FREE mobile comms
Readers chat to the pair who flog the tech
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.