March 28, 2008 | Becky Hogge

ORG and FIPR meet with Phorm

On Wednesday, at their invitation, I went to Phorm’s offices in Central London. I was accompanied by ORG Advisory Council member (and Foundation for Information Policy Research Treasurer) Richard Clayton. We were there, on Phorm’s invitation, to find out how the systems that they are selling to BT, Virgin and TalkTalk actually work. Over the last few weeks, the story that three of the UK’s major ISPs are signed up to trial Phorm, which tracks users’ online surfing habits in order to serve them targeted ads, has been met with significant public resistance.

We didn’t go to Phorm for “the layman’s view”. We wanted the real deal, and I’m delighted to say that that’s what we got. Over the coming days, Richard Clayton will be posting details of different aspects of the system on Light Blue Touchpaper, posts which I will report on here. Earlier this month, the Open Rights Group called on Phorm to publish full details of how the technology will work – Richard’s analysis will provide this information. Only when we know how Phorm actually works can we model exactly what the implications of the technology are for users’ privacy. Richard and I also encouraged Phorm representatives to join the UK-crypto mailing list, in order to engage further with the expert community.

In the meantime, I thought it would be useful if I noted one of the less technical discussions that took place at the meeting. Phorm remain convinced that their technology, in the words of Simon Davies "advance[s] the whole sector of protecting personal information by two to three steps". This assertion is based on the significant measures they have taken to obscure identifying and sensitive information as they track web activity in order to serve targeted ads.

However, what this assertion fails to take into account is that BT, Virgin and TalkTalk are proposing to apply the Phorm system to a layer of the web stack that has previously been free of any such tracking and targeting activity. It is this aspect of the story which has caused so much public disquiet. As Sir Tim Berners-Lee put it last week:

"I myself feel that it is very important that my ISP supplies internet to my house like the water company supplies water to my house. It supplies connectivity with no strings attached. My ISP doesn’t control which websites I go to, it doesn’t monitor which websites I go to."

If you don’t like the way a web application is protecting your privacy, you can use another one, and if you can’t find one you want to use then you can build your own. But you can’t build your own connectivity. If the UK’s major ISPs all sign up to Phorm, then UK citizens will find it increasingly difficult to find connectivity that doesn’t come with "strings attached". Internet users can opt out, as, it turns out, can server operators (but I’ll let Richard provide details of that). TalkTalk have even indicated that they will make their Phorm system opt in. But is this enough? How long until we are asked to pay a premium for connectivity which comes "snoop-free"?

Nothing Richard Clayton and I saw yesterday appeared to contradict the legal analysis issued by FIPR last week, analysis that raised questions as to Phorm’s legality under section 1 of the Regulation of Investigatory Powers Act. But the Phorm issue is far more likely to be decided upon in the court of public opinion than in a court of law.

At the meeting, I encouraged Phorm to engage further with its critics. They are now planning an open, public meeting to hear people’s concerns about their technology. As soon as I have details of this meeting I will publish them here. If you’ve seen expert comment on Phorm, or think that the debate would benefit if others (for example the ISPs themselves) were specifically invited, please leave your suggestions in the comments. Thanks to everyone who left comments to my previous two posts on Phorm, many of them were tremendously helpful in preparing for the meeting.

Earlier this month, ORG also called for 80/20 Thinking Ltd’s privacy impact assessment to be made public. An interim assessment [pdf], dated 10 February 2008, was published last week. It predicts the media and public backlash against Phorm, and leaves several questions unanswered, including "Can an external attacker gain access to the required information to re-link [an] individual [with their] unique identifier?" Phorm let us know yesterday that the full privacy impact assessment (which was due this month) has not yet been completed, and that they will publish it as soon as they can after it is complete.

Comments (39)

  1. John:
    May 20, 2008 at 09:48 AM

    It's funny, but I can't see any reponse to the comment from Stazi when he asked, quite clearly:

    "If People On Page was adware and not spyware then why did it use the Apropos rootkit to hide itself and make it difficult to uninstall?

    "For those who may be unaware of what the Apropos rookit was/did here is a handy link:"

    Based on the track record to date, Phorm have displayed absolutely no reason to engender any kind of trust whatsoever.

  2. Becky:
    Apr 02, 2008 at 07:08 PM

    But on this scale (the UK's 3 biggest ISPs are thinking of adopting this technology) is trust a good security model?

  3. Oar Wellin:
    Apr 02, 2008 at 07:57 PM

    The core problem with their system is that its tap root grows right into the heart of the nexus through which all our internet communications must pass. Even if their system is as benign as they claim it to be, this sets a precedent that will be exploited by their less ethical competitors to gain entry to the same resource. The safest strategy to protect our security is to prevent all access to this vulnerability.

  4. David M:
    Apr 07, 2008 at 08:56 PM

    after many CF re-submitting of petitions on the downing street website and beening rejected every time with such replys as "duplication" were its clearly not,and this laughable latest one "Outside the remit or powers of the Prime Minister and Government"

    OF1979 had enough and posted at a new place

    heres the petition
    "To: UK Prime Minister
    We, the hereby undersigned, petition the United Kingdom Prime Minister to ask the Home Office to launch an investigation into British Telecom and Phorm criminal breach of section 1 of the Regulation of Investigatory Powers Act 2000 (RIPA) during secret trials in 2006 and 2007.

    BT have recently admitted to carrying out secret trials of Phorms technology in 2006 and 2007 without their users consent or permission. Many experts, including the Foundation for Information Policy Research and also the Open Rights Group, contend that these trials constituted illegal interception and as such were a criminal breach of RIPA.

    We ask that the Prime Minister require the Home Office and police to launch an investigation into these criminal breaches which constitute a large scale intrusion of online-privacy.


    The Undersigned
    pass the word please.

  5. Becky:
    Apr 02, 2008 at 06:40 PM

    Although I respect your right to do so, I don't find it terribly productive to talk about the pasts of the people behind Phorm when modelling the privacy implications of the technology they are currently offering.

    Even if this technology was being proposed by a coalition of Tim Berners Lee, Richard Stallman and the Dalai Lama, would you want it plugged in to your internet connection?

    This conversation backs up a point ORG Board member Ben Laurie has made on his blog:

    "one of the core problems with their system: it requires everyone to trust that all this data they have gathered without consent is actually handled as they claim it is handled."

  6. Stazi Republic Of Phormistan:
    Apr 02, 2008 at 07:03 PM

    Becky, its precisely because the issue of trust is so central here that the past of Phorm (as 121 media) is so relevant.

  7. Stazi Republic Of Phormistan:
    Apr 07, 2008 at 11:04 PM

    A new petition started calling on the Home Office to launch an investigation into BTs secret trials:

  8. VPN:
    Apr 01, 2008 at 12:54 PM

    "The Phorm Comms" Team seems to be saying they collect data relevant to the User & then provide relevant Ads, BUT THIS CANNOT BE DONE WITHOUT PROFILING THE USER!!!.
    The Ads would have "No" relevance in either the short or long term without constantly updating the profile, I therefore challenge them to come clean on what data & how much is flowing through the internal/external "Phorm" system.

    Also intercepting communications without the direct authority of "THE" user is illegal, it is a M.I.T.M attack & can also be termed as Wire-tapping!!!

    If this scheme was "OUTSIDE" the ISP user's would have a proper choice as to whether to use this system or not, "This is blatantly NOT TRUE!!"

    Notice I also said "THE" user, if "a" user uses an ISP with this system in place on a Wifi Hotspot, this user has "NOT" given direct permission to be for a better word "PHORMED" & this is a breach of Privacy laws, the Data Protection Act & the Telecommunications Act.

    **Interception of any type of private communication be it written or electronic has always been deemed illegal without due legal process.**

    **Special Terms of Contract or Rules, do NOT negate these Rights unless good cause is shown!!**

    Phorm are trying to "SUBVERT" the entire Legal, Privacy & Data Protection Systems that are in place, to suit their own short sighted commercial interests!!

    Phorm Quote:-
    6) I disagree — if you truly care about your privacy you should lobby for an industry standard of no storage of personal data, which is in fact what our system represents and delivers. Please see the following flash demo for more information

    The wording above is typically written by a legal mind.

    Please note Phorm state "No storage of Personal Data", this does not mean they are not looking at it, which the very point I am making, they do not have permission to look at or inspect User's Data without first applying due legal process!

  9. The Open Rights Group : Blog Archive » Phorm: public meeting announced for next Tuesday:
    Apr 09, 2008 at 04:13 PM

    [...] month, we announced that Phorm, the company whose technology delivers targetted ads based on where you visit on the [...]

  10. Phorm Blog » Blog Archive » Open Rights Group, FIPR visit Phorm office:
    Mar 28, 2008 at 06:07 PM

    [...] [...]

  11. Phorm Comms team:
    Apr 01, 2008 at 11:12 AM


    To clarify the inaccuracies above -- which you seem to be posting repeatedly across the boards despite Phorm having clarified these for you before:

    1) 121Media was involved, fully transparently, in adware. Each programme had an EULA a user had to sign in order to use the programme. This is not a feature of spyware, as you must know.

    2) We do not modify webpages as you describe by inserting adverts. Firstly, OIX ads only go into existing slots on websites we partner with. To make this plain: websites who decide to partner with us show OIX ads. We cannot show ads on pages that are not our partners. The reason websites would chose to do this is that they set a price for that slot which we then guarantee to beat -- thus earning the website more money. In addition, we do not serve pop ups or pop unders.

    3) As we have said previously the system is designed to offer either opt in or opt out. There is no default as you suggest. Each ISP will decide which option is best for their customers. Either way, it will always be easy for customers to opt in or opt out. It's always a choice.

    4) The system does not store URLs. Full stop.
    What we store is: a product category, a random number and a timestamp.

    5) I fail to understand your logic here.

    6) I disagree -- if you truly care about your privacy you should lobby for an industry standard of no storage of personal data, which is in fact what our system represents and delivers. Please see the following flash demo for more information:

    Best wishes,


  12. Alex Burke:
    Apr 06, 2008 at 07:57 AM

    Generic IP packet service cannot be market differentiated and sells for a tiny fraction of the prices formerly charged for T-1 private lines and ISDN. I'm sure every telecoms co looks at your broadband line, which you get for $60 a month, and wishes they could charge you $1,000 a month, like the good old days. Now besides getting IP service nearly free, you want privacy as an "entitlement." Who can blame the telcos when someone comes along and says, "look, here's a new revenue stream." If your personal data can be monetized, to help restore some profitability to this business, it probably will be. Or if you truly want a "private" (dedicated) line, like in the old days, maybe it'll run you $1,400 a month.

  13. Phorm Comms team:
    Apr 04, 2008 at 07:28 PM

    I meant to add: The Information Commissioner's Office put out the following statement on Phorm today. It can be found in the news section of the ICO site:


    4 April 2008
    Phorm advertising – ICO statement
    A spokesperson for the Information Commissioner’s Office said:
    “The ICO has received a number of queries concerning the recent announcement by Phorm that 3 major UK Internet Service Providers have agreed to allow them to use technology, developed by Phorm, to present adverts to their customers based on the nature of the websites they visit.

    “Understandably, this has provoked considerable public concern. We have had detailed discussions with Phorm. They assure us that their system does not allow the retention of individual profiles of sites visited and adverts presented, and that they hold no personally identifiable information on web users. Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users. They clearly recognise the need to address the concerns raised by a number of individuals and organisations including the Open Rights Group. We welcome the efforts they are making to engage with sceptical technical experts and believe that it is only by allowing their technology to be subject to detailed scrutiny by independent technical experts that they will be able to prove their assertions regarding privacy. The ICO strongly supports the use of technology in ways which enhance rather than intrude upon privacy, and plans to produce a report on “Privacy by Design” later this year.

    “We understand that the technology is not yet in use and that BT intends to run a trial involving around 10,000 broadband users later this month. We have spoken to BT about this trial and they have made clear that unless customers positively opt in to the trial their web browsing will not be monitored in order to deliver adverts. BT has also stated that the system does not store personally identifiable information, URLs, IP addresses or retain browsing histories and that search information is deleted almost immediately, and is not retrievable.

    “We will continue to maintain close contact with Phorm and BT throughout the trial. Clearly the trial should reveal whether this is a service that web users want, whether it is privacy friendly and that users are comfortable with the privacy safeguards put in place by Phorm.”


  14. SomeUser:
    Apr 03, 2008 at 12:58 AM

    I think I understand your point Becky, and FWIW, my comment wasn't actually meant as a personal attack or a "can't trust the system because we can't trust the folks behind it" argument. I was merely trying to steer folks towards some information so that they could better evaluate the claims made by Phorm representatives.

    IMO, the potential privacy and security issues are profound. They could manifest themselves in many different ways including through accidental mistakes. Just one incident could cause irreversible harm to countless millions of users. Spot inspections by even the best team of experts can't guarantee the system always functions as expected. There will always be a motivation to evolve the system to collect more information and achieve better targeting. Etc. I believe there are situations in which adequate control over something is impossible to achieve and thus that something should not be unleashed. I believe systems like this fall into that category.

  15. Pete:
    Mar 29, 2008 at 05:54 PM

    Sadly, I think you are being drawn into yet more PR spin.

    Phorm have failed to make a case for their software being valuable to web users, or justified the assumed consent of the people who create web content (who will become victims of parasitic marketing).

    Phorm have failed to publish key details of how their system works.

    And worse, they have published misleading information... such as Kent Eradsfadf claim that they were endorsed by Privacy International, Mark Burgess claim that their UID is a simple binary value, claiming they could filter out all names and identifiers from web pages, claiming they would not use form submission data, claiming they could use user agent filters to avoid profiling content requested by desktop apps, claiming they don't intend to store personal data despite their DPA registration stating the exact opposite in capital letters, and on and on.

    Phorm, with its links to 121Media, do not have the unblemished record of privacy and security protection I would require even if Phorm were legal and completely technically solid.

    And no assurance you obtain from Kent Ertugrul will now convince me otherwise.

    For me the technical argument is comprehensively over. Phorm simply cannot be tolerated.

  16. Pete:
    Mar 30, 2008 at 09:39 PM

    @Becky - if you did get the 'real deal', and I sincerely hope you did, I very much look forward to seeing the usual high standard of technical evidence and analysis in the technical reports you produce.

    There are many skilled experienced qualified technologists who have been asking Phorm and their professional PR consultants for detailed technical information for weeks.

    Phorm have posted their record of your meeting on their blog btw. (


  17. Alan Parker:
    Apr 15, 2008 at 08:08 PM

    Phorm/Webwise is basically junk. It doesn't matter how many details they provide like 'we ignore numbers more than 3 digits'. They should not be *reading* web traffic **CONTENT** - protocol headers you can just about get away with, but what Phorm/Webwise want to do is ILLEGAL.

    I'm a software engineer, and I can see that their system is nothing magical, it's simply a pile of crap that the ISPs are considering letting loose right in the guts of their network just to generate a few million quid. Why not up the broadband charges a bit and have done with it?

  18. VPN:
    Mar 28, 2008 at 03:05 PM

    The Global Implications of these "Pick-Pockets" inside ISP's!

    A VPN Service, Hotspot VPN, SSL Proxies etc etc have to be "unencrypted" at the Server if the Recipient is using an ISP controlled by these pick-pockets the data is then rifled through on the other side of the now "defunked" privacy controls of the VPN Service the User has employed!

    This means the Whole WWW "is no" longer safe for Private or Personal Communications especially if these pick-pockets manage to get global contracts!

    The Only method which can be used safely & reliably would be VPN to VPN point to point communication!

    The only possible solution I see at the moment is a Server Link, like the Hamachi system which is capable on request of setting up a Direct link between WWW Users! Especially if they are using Personal "Private Password Protected" small Web Servers!!

    Death of the Internet, possibly, but more than likely a slow degradation & then a total lack of control, badly diminishing it's global influence!

    I for one, if this is implemented will be switching off my Router & making other arrangements!

  19. A Very Worried Messenger!:
    Apr 04, 2008 at 08:56 AM

    Having read the Home Office Advice, it is duly noted:-

    How little they respect the Rights of UK Citizens.!

    1/ Privacy should not be an obstacle to this new Technology???
    (This is not new technology it is "subverting" existing technology, used all the time to properly control the WWW)

    2/ Data Protection. (Enough said I think, as this affects everyone including the Home office Officials)

    3/ Most Damning of all "existing Wiretapping Laws should NOT stand in the way of the "new (SO CALLED) Technology".

    This is Advice (by some Home Office Officials) to essentially throw away the entire Structure of the Law Protecting the Privacy & Data of UK Citizens.

    ****************WITHOUT DUE PROCESS OF LAW!!!**********************

    This is the Advice BT VirginMedia TalkTalk & Phorm are banking ON!

    All of this for dubious technology with a dubious history!

    ****I think not!!!****

  20. cronos:
    Mar 28, 2008 at 05:32 PM

    This is basically the capitalist version of the great wall of china. Well invade the privacy of our citizens just to sell them product.

  21. amanfromMars:
    Mar 28, 2008 at 05:14 PM

    I think it is somewhat naive to think that such "harvesting" of information was not already long in place even before Phorm tried to capitalise and stream/direct it.

    Maybe they are just the tip of the old guard flexing their new IT toys wings with a Proxy Cover.

    Stranger things have happened.

  22. Nick F:
    Apr 06, 2008 at 05:27 PM

    Many thanks to Richard and Becky for taking the time to visit Phorm and for Richard preparing the report in a form that is understandable.

    I am still, however, concerned that despite Phorm's openess there is still room for unspecified add-in's, amendments etc which are transparent to their Clients (BT et al). This is only mentioned as all Phorm's comments about the system have categorically stated that no-one will see or have access to the source code except Phorm! The ISP's are therefore totally reliant on Phorm's assurances, written or otherwise and their own testing to prove that there is nothing untoward buried in the code.

    Is BT's testing that good? - from the performance of their own web-site at times I think not.

    Can BT test for a sub-routine which could be switched on later without their knowledge? - I don't think so.

    Additionally if the report on (Pinset Masons - IT and e-commerce Legal Help site) in mid-March is anything to go by the ICO are "blunting their own teeth" and making their ability to take action or the likelihood of action being taken selective. This may well explain the vagueness of their recent Press Release. Link

  23. Stazi Republic Of Phormistan:
    Apr 02, 2008 at 12:12 PM

    Ok PhormCommsTeam a simple question for you. If People On Page was adware and not spyware then why did it use the Apropos rootkit to hide itself and make it difficult to uninstall?

  24. Sean Ellis:
    Mar 31, 2008 at 02:27 PM

    "Phorm have failed to make a case for their software being valuable to web users"

    In fact, the talk from various web users suggests exactly the opposite. Much of the (admittedly self-selecting) opinion I have read indicates that people will change their ISP, even if it is more expensive, and the original article above made the prediction that we will have to pay extra for unmonitored connections,

    This strongly indicates that Phorm is a service of NEGATIVE value to the end user.

  25. Phorm Comms team:
    Apr 04, 2008 at 07:16 PM

    Hi all,

    We're reading Richard's report with interest, which is available at

    It's a tremendously indepth piece of work and we think him and ORG for coming in to learn more about the system and for giving us a fair hearing.


  26. Becky:
    Mar 30, 2008 at 04:39 PM

    @Pete - I dearly hope that's not the case. What Richard and I are attempting to do is to get the key details you refer to into the public domain. Whether an intention to mislead was present or not, the fact that Phorm have been outlining their technology in "layman's terms" has obscured these details up until this point. Going into the meeting, my intention was not to receive assurances, but to get the details of the system into the public domain so that any subsequent objections to Phorm could come from informed foundations.

  27. Links » More Bullshit from Phorm:
    Mar 31, 2008 at 02:54 PM

    [...] they were quite happy to brief two of my colleagues in detail, without any NDA - and my colleagues are planning to produce a full, public report of that [...]

  28. Marcus:
    Apr 01, 2008 at 01:35 AM

    What's wrong with Phorm?

    * Kent Ertugrul - CEO of Phorm - has been involved in distributing
    spyware/adware. I would not wish to trust the security of my Internet
    connection to a company led by someone who has a previous history of Internet

    * It appears that the system modifies the web pages which are requested, by
    inserting adverts. This constitutes tampering with the data stream between the
    end-user's browser and the web server they are accessing. As a
    "man-in-the-middle" attack, this would not be legal.

    * The system is enabled by default. This means that one has to explicitly "opt
    out" rather than "opt in". If I clear cookies at the end of my browser session
    then the next time I go online the Phorm system is switched on again.

    The system - if it is ever implemented - should be disabled by default and
    require an explicit "opt in" to enable it.

    * The system stores URLs which have been accessed. If personal data is
    contained within a URL, for example in the form of string variables from a
    submitted form, then these could be stored by Phorm.

    * When the system was trialled last year by BT, users were lied to (as
    reported by the Guardian). This indicates to me that Phorm wishes to act in an
    underhand way about its activities.

    Basically, if anyone cares about their privacy then they should not use an ISP which is implementing Phorm and the spyware/adware that company represents.

  29. Stazi Republic Of Phormistan:
    Apr 02, 2008 at 12:23 PM

    For those who may be unaware of what the Apropos rookit was/did here is a handy link:

  30. TechnoFact:
    Apr 02, 2008 at 01:47 PM

    Let me start saying that I'm not sure why Phorm is getting so much more attention than BT & co. The legality of Phorm's methods might be questionable but is largely irrelevant, or at least less relevant than ISPs deciding to run trials without users' knowledge. Nonetheless there seems to be a lot more effort to find out how Phorm works instead of getting details of the trial BT itself admitted and the legality of that. I'd be glad if someone could prove me wrong here and show reports of investigations on that front.

    > 2) We do not modify webpages as you describe by inserting adverts

    This is true, yet misleading, altho it's unclear where exactly the fault is. What has been shown is that javascript is injected to trigger client side connections to the well known domain. So while adverts aren't necessarily inserted, there is technically an alteration of the content via iframes. This is the very same technique used by crackers taking control of websites via third-party ad campaigns to distribute malware through hidden iframes.
    If you wanted to make it even simpler, all that needs to be said is that the md5sum of the content received by connecting to via a "Phorm enabled" ISP differs from the one obtained via an ISP that is not.
    This is a technical fact, not an opinion, google will happily point you to details if you take some time digging. The only thing that googling won't make clear is whether the injections are performed by the ISP as part of handing over its customers to Phorm or those techniques are part of the Phorm package.
    Additionally, following up on what I mentioned on malware distribution, to me this whole matter not only creates privacy concerns, but also worries me in the way that it provides yet another attack vector. I'm sure that Phorm and BT take all the necessary precautions to secure their systems, but if this model becomes widespread I'm sure it will also become a very common target. I'd be very interested to see a technical insight of how phorm and ISPs intend to protect themselves by this (BT running bugged version of squid proxy was a good example of how they are not).

    Please keep it as technical as possible, I've no interest whatsoever in legal speak, nor in propaganda or general FUD, simply because if it can technically be proven that content is altered without users' awareness that is already covered by computer crime regulations without getting in way even more complicated privacy laws.

  31. Oar Wellin:
    Apr 05, 2008 at 01:55 AM

    Radha, is this some very sophisticated PR strategy that is going right over my head?

    We can read the documents you quote and they plainly do not support your case.

    Richard Clayton says, "Overall, I learnt nothing about the Phorm system that caused me to change my view that the system performs illegal interception as defined by s1 of the Regulation of Investigatory Powers Act 2000", and the ICO statement is merely water treading until you deploy, when a proper assessment can be made of what legislation your system transgresses.

    To imagine we can be swayed by proffering these documents displays a staggering arrogance, on your part, in your under estimation of our intellectual abilities.

  32. A Very Worried Messenger!:
    Apr 06, 2008 at 10:58 AM

    Alex at the moment, this is a UK Issue & there "are" Laws governing this type of behaviour!
    (We use £'s in the UK)

    I have no objection to Paying the Proper going rate for a Service, but I do mind "Invasion of Privacy" & very likely leakage of "Personal & Financial Data"

  33. Oar Wellin:
    Apr 06, 2008 at 11:23 AM

    I'm sure they wish they could drive up the prices, but who drove them down in the first place? They moved themselves from selling a 'scarce' resource at premium prices to a niche market, over to a low margin bulk business that more than compensated them by volume, '...and now they long for yesterdayayayay', much like the RIAA/BPI.

    Phorm style interception opens the door to us being exploited multiple times in parallel. Now Experian, a credit checking company, wants to buy in to the same wire-tap to provide an “online competitive intelligence service”.

    Once Pandora's box has been opened it's open season on us.

  34. William Morton:
    Apr 06, 2008 at 01:17 PM

    One question I would like asked at the meeting is, "Is there any agreement in place where the ISP will release their customer's billing information/ personal details to PHORM or its agents"

    I remember reading the usual spin from PHORM with an faux par from an ISP spokesman that said that the partnership agreement gave PHORM the right top request the ISP to identify the user of a cookie ID but it did not give the scope of information that would be returned.

  35. A Very Worried Messenger!:
    Apr 04, 2008 at 08:03 PM

    Phorm Comms team for once please answer the questions asked!

    What comments have you on this latest development below.

    Why are you & certain relevant Media/Press entities not properly informing the UK Public about the details of your so called New Anti-phishing System "which collects Private Information for Analysis without the necessary User Permission"!!!

    ****If it is NOT in use on the BT Network why am I receiving attempts to add webwise cookies to my Browser & certain DUP/ACKS for the URL the browser called etc.**** (traffic analyzer)
    Which I can only assume is because the Website had to send a Duplicate Acknowledgment because my Browser did not receive the first acknowledgment.
    On it's own this is not proof, but there are way too many coincidences!

    Illegal' ad system scrutinised
    BT has tested Phorm's technology

    Technical analysis of the Phorm online advertising system has reinforced an expert's view that it is "illegal".

    The analysis was done by Dr Richard Clayton, a computer security researcher at the University of Cambridge.

    What Dr Clayton learned while quizzing Phorm about its system only convinced him that it breaks laws designed to limit unwarranted interception of data. The Information Commissioner's Office (ICO) has also said it would monitor Phorm as it got closer to deployment.

    In addition the ICO revealed that BT is planning a large-scale trial of the technology "involving around 10,000 broadband users later this month".

  36. Jamie Hunter:
    Apr 02, 2008 at 01:28 AM

    Phorm Quote:-
    6) I disagree — if you truly care about your privacy you should lobby for an industry standard of no storage of personal data, which is in fact what our system represents and delivers. Please see the following flash demo for more information

    Ahh, the arrogance of Phorm. Not only do they want to re-educate Sir Tim Berners-Lee they now have the nerve to tell people what they should be thinking!

    What I and many others are campaigning for is that our internet activity data stays away from Phorm and any other company who is not directly involved with supplying our internet connectivity.

    The Register reports that there is documented evidence that they, with Phorm, secretly wiretapped 18,000 customers' web browsing activity.

    And you are still claiming to be trustworthy? When The Guardian rejected Phorm because it didn't fit with the values of their business?

    Virgin Media has been refused permission to export my internet activity data anywhere outside the Virgin Media internet provision section, including any and all third party companies. Many others are doing and will do the same thing. Why? Because we do not want, we do not need and we do not trust Phorm. Nothing Phorm can do will change that.

    Phorm is being exposed for the invasive, intrusive scheme that it is and more and more people are challenging and rejecting it.

    @ Becky - I look forward to reading your version of the record of the aforementioned meeting.

  37. SomeUser:
    Apr 02, 2008 at 05:49 PM

    Here is one starting point for those wishing to read up on the shady past of Kent Ertugrul and gang:

    I believe Kent Ertugrul has confirmed the connection between ContextPlus, PeopleOnPage, and 121 Media. Though of course maintaining it was all a legitimate adware business. Be sure to check out the secondary links in that article and do some digging for yourself. As the article mentions, privacy organizations, government agencies, etc were stepping up their efforts against their malware and malware in general. The (US) CDT filed a Complaint, Request for Investigation, Injunction, and Other Relief with the (US) FTC, naming ContextPlus and others. Was it a coincidence that they shutdown their operations when greater forces were aligning against them and lawsuits were a genuine possibility?

  38. Redirection:
    Apr 03, 2008 at 03:49 PM

    What some more proof & info about BT Phorm's "illegal" redirects then read some of the posts here:-

This thread has been closed from taking new comments.