Feeds

Activist coders aim to deafen Phorm with white noise

Faking it for data pimps

Top three mobile application threats

Updated Coding activists have developed an application designed to confound Phorm's controversial behaviour-tracking software by simulating random web-browsing.

The folks behind AntiPhormLite says this means actual browsing habits are buried in noise. The app, which is available free of charge, is designed to poison the anonymised click stream Phorm collects with meaningless junk, thereby (at least in theory) undermining its business model.

Its developers reckon the chaff AntiPhormLite generates would be indistinguishable from genuine surfing. AntiPhormLite works with any browser a user cares to use and includes customised options so that each installation can be configured differently, making countermeasures Phorm might apply more difficult to develop.

The beta release comes with source code, allowing security experts to verify that it does only what it says on the tin. The app features "natural time delays" and throttling so that computer generated traffic would be difficult to distinguish from the real thing, as explained below:

AntiPhormLite runs independently and silently in the background of your PC. It connects to the web and intelligently simulates natural surfing behavior across thousands of customizable topics. This creates a background noise of false information disguising and inverting your own interests. We believe our technology is indistinguishable from that of a typical user engaging the internet. To support this claim we have introduced a preview mode that works with any of your preferred browsers, and together with a detailed reporting system and a host of custom options each AntiPhormLite will appear unique.

AntiPhormLite is a Windows (Vista and XP) only app. The application does not execute web pages directly inside a browser, minimising the possibility that it might become a conduit for drive-by-download attacks. It ignores bandwidth-heavy images, flash and video files in a bid to make sure that its doesn't eat through a user's bandwidth and thereby slow regular web surfing.

The application needs DirectX 9.0C or later installed. Future versions based on a screen saver are in development.

Phorm has signed deals with BT, Virgin Media and TalkTalk to deliver targeted ads based on a user's surfing habits. Other firms including NebuAd and Front Porch are attempting to exploit the same emerging market. The technology has provoked a huge privacy debate spurring an anonymous group of "artists, programmers and designers" to develop AntiPhormLite. Whether AntiPhormLite works against technology from NebuAd and Front Porch is unclear.

Particularly when left in default mode (the settings most users apply) it may not be too difficult for Phorm to filtering out traffic generated by AntiPhormLite. Phorm's developers, whatever else you might think of them, have shown themselves to be tenacious and technically skilled. Many people would have to use AntiPhormLite to skew results and the biggest disadvantage is that those users would have to consent to using Phorm's behavior tracking software in the first place.

Data pimping fight-back

AntiPhormLite does however represent another front against Phorm, which is under close scrutiny from anti-malware firms, many of which consider its technology to be on the borderline of adware classification.

The UK Information Commissioner has called on ISPs to apply Phorm's technology on an opt-in basis, something Phorm itself has resisted but Talk Talk has agreed to. Security watchers, most notably Richard Clayton of Cambridge University and the Foundation for Information Policy Research, have questioned the legality of Phorm's approach, particularly in relation to UK data interception law.

Meanwhile internet activists have created a site, BadPhorm, highlighting concerns about the Phorm's behaviour tracking technology, and the company's background as adware firm 121Media.

More on AntiPhormLite can be found here. ®

Update

The app went live on Thursday afternoon. There is no physical address and phone number on the AntiPhorm site, prompting a bit of concern about the provenance of the app in a thread on the BadPhorm forum. One poster complained that it generated multiple tabs in a browser window.

Commentors elsewhere suggest switching to a Phorm-fee ISP is a better approach than applying a as yet-unproven application.

Combat fraud and increase customer satisfaction

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.