Feeds

How Phorm plans to tap your internet connection

Under the hood of BT's data pimping machine

Business security measures using SSL

Exclusive Internal BT documents obtained by The Register for the first time provide solid technical information on how data from millions of BT, Virgin Media and Carphone Warehouse customers will be pumped into a new advertising system.

It will not be "injecting" anything into your internet connection, as some commenters on our previous stories have suggested. Phorm's Open Internet Exchange (OIX) is an online advertising broker service that, just like DoubleClick, matches advertisers with publishers. For both these parties, the closer the match the better: advertisers reach the people they're most interested in, who are more likely to click on the ad, which means the publisher will get more money.

DoubleClick does matching using a cookie. Each time you visit a website running DoubleClick code, it can log that you've been there and build up a profile of what ads might be relevant to you. You can of course just kneecap the DoubleClick's system by refusing its cookies in the first place (at that level at least; it does targeting in the old school way too, by serving technology ads on The Register, for example).

Phorm is notably vague on its own website about how its system actually works, preferring to emphasise that the data it collects will be anonymised, and that it also offers anti-phishing warnings.

"With OIX and Webwise, consumers are in control: they can switch relevance 'off' or 'on' at any time at Webwise.com," it reassures. But are they just be switching off ad targeting, or can they stop their data being sent to Phorm?

Click image to enlarge

A presentation doing the rounds at BT suggests two possible scenarios. The first alternative is that "ACE" in these diagrams checks whether a user has opted out of their browsing history being used to target advertising, and the process ends there and a normal HTTP request is sent to the website the user is visiting. The second possibility is that the opt-out check is performed once the request has been diverted all the way to the Anonymiser. That would mean Phorm still knows what you're looking at.

We'll be asking Phorm's CIO Marc Burgess about that point next week. You can help us out with your own questions for him. Just click on the author's name or post in the comments.

Click image to enlarge

"ACE" is a piece of Cisco hardware - its Application Control Engine. Details on the kit are here. F5 hardware performs similar functions, more here.

For users who don't opt out, the way the system works is much more clear (see "Active mode" slide). Hit a link in your browser and the HTTP request will be intercepted by the ACE and rerouted to Phorm's Anonymiser. Having hijacked the request, the Anonymiser can then set a tracking cookie, which it keeps hold of.

Without a response, the browser resubmits its request for the web page you want to visit. It is again rerouted to Phorm, but only as far as the F5 hardware, which bounces it on to the website you originally wanted, but also sends a copy of the request to Phorm's profiler kit.

The website reruns the content you want, which is again intercepted by the ACE. A copy of the page contents is sent to the Profiler, this time with the cookie in tow. If the publisher of the page is a member of the OIX, keywords in the page can be used to target ads. Finally the page is served up on your screen, and if everything is worked correctly, the browser and the user should be none the wiser.

As the process iterates the cookie will sit there, gradually building up a profile of your interests as you browse. It doesn't matter if most of the websites you visit aren't members of the OIX - their content will go towards targeting adverts on those that are.

Click image to enlarge

We tapped Aaron Crane, The Register's Technical Overlord, for help bending our puny scribe's brain around these diagrams. He said: "Looking at this makes me damn glad my own internet connection is funded by what I pay for it, so the ISP doesn't have to engage in this sort of shady practice merely to cover costs.

"If I were using one of the ISPs concerned, I'd switch."

Phorm meanwhile claims its technology represents "a revolution in privacy". On this evidence, we're inclined to agree. ®

Bootnote

BT still hasn't bothered to explain why it told El Reg, and more importantly its own customer, that it had no relationship with Phorm last summer. Suspicious connections to Phorm domains were the result of spyware, BT told a BT Business subscriber. We asked why first thing on Tuesday morning.

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
ISPs' post-net-neutrality world is built on 'bribes' says Tim Berners-Lee
Father of the worldwide web is extremely peeved over pay-per-packet-type plans
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Turnbull: NBN won't turn your town into Silicon Valley
'People have been brainwashed to believe that their world will be changed forever if they get FTTP'
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.