"“We have lent a huge amount of money to the U.S. Of course we are concerned about the safety of our assets. To be honest, I am definitely a little worried.” "

Chinese premier Wen Jiabao 12th March 2009

""We have a financial system that is run by private shareholders, managed by private institutions, and we'd like to do our best to preserve that system."

Timothy Geithner US Secretary of the Treasury, previously President of the Federal Reserve Bank of New York.1/3/2009

Sunday, March 02, 2008

Just when you thought it was safe to browse the Web.

BadPhorm - When good ISPs go bad!

Read this website and get a better appreciation of how your browsing history is being stolen - then sold. More details from the exceedingly well informed Yorkshire Ranter "Who needs remote control?" and from The Register on Friday 29th 2008 complete with network diagrams etc.

Briefly, three of the UK's largest ISPs (Virgin Media, BT and TalkTalk - approximately 70% of the UK broadband ISP market) have decided to sell your private browsing history to an advertising broker. Yes, the entire list of every web page you visit gets sent to Phorm (the broker) in real time, as you click, so they can send you 'targeted advertising'. Ho.Ho.Ho.

Would you believe it the New York Times wrote about it on the 18th February 2008 3 Internet Providers in Deal for Tailored Ads by Eric Pfanner.

Now why wouldn't the MSM want to tell us all about it ? Well it might hurt THEIR advertisers.

Well go to the YR - he has the fix.

Related stories from The Register

Broadband big boys waiting on data pimping (29 February 2008)
BT pimped customer web data to advertisers last summer (27 February 2008)
ISP data deal with former 'spyware' boss triggers privacy fears (25 February 2008)

Also see the comments at The Register some good and well informed others plainly ranty.

Lots of concern is expressed about Privacy blah, blah,blah ... so you think Uncle GCHQ isn't already doing this ?... and has been for a very,very long time.

Most commentators think the MSM will take up the issue ... hey if they can suppress ALL news abouyt the bacton fire - see previous post here, they are not going to get excited about a little snooping going on by their advertisers ...who are leaving them in droves.

Phorm is run by Kent Ertegrul, a serial entrepreneur alumnus of blue chip St Paul's School, London and holds a Bachelor's degree in Politics from Princeton University. He started his career in investment banking, working at JP Morgan, Credit Suisse and Morgan Stanley before going into business on his own. His past ventures include selling joyrides on Russian fighter jets - Migs Etc. Previously, his most notable foray online was as the founder of PeopleOnPage, an ad network that operated earlier in the decade and which was blacklisted as spyware by the likes of Symantec and F-Secure.

Security firm F-Secure describes PeopleOnPage's software here.

It says: "The spyware collects a user's browsing habits and system information and sends it back to the ContextPlus servers. Targeted pop-up advertisements are displayed while browsing the web.

"Each installation is given a unique ID, which is sent to the ContextPlus server to request a pop-up advertisement." ContextPlus was the rootkit that PeopleOnPage used to harvest data and hide its presence.

The similarities between this business model and that which will be kicked off by Phorm in the coming months are striking.

Phorm, under its previous name 121Media, floated on AIM in December 2004.

You have to admit , if legal it's a brilliant way to sit back and make shitloads of money.

This is how Phorma explain their privacy policy

How does Phorm protect customer privacy?
No private or personal information, or anything that can identify you, is ever stored - and that means your privacy is never at risk.

Phorm identifies each user with a unique, randomly-generated number. With it, Phorm can deliver warnings of potentially dangerous websites and replace untargeted ads with more relevant ones, but can never identify the user personally. Phorm's technology can also be switched off easily at any time.

What information does Phorm store about browsing behaviour?
Phorm only stores advertising categories that match a user's areas of interest. There is no sensitive data stored.

Does Phorm ever store a customer's IP address?
No. The IP address is never stored.

Does Phorm collect any information that can identify me by name, address or any other personally-identifying information?
No. Phorm does not collect personal information, and cannot use it to serve ads. The system does not attempt to identify the user in any way and does not integrate with any system (like the ISP's log-in system) that could identify the user.

How does Phorm ensure that no personal information is collected?
Phorm uses technology that has been built from the ground up to avoid any information that might identify a customer personally. Phorm technology does not view any information on secure (HTTPS) pages, and ignores strings of numbers longer than three digits to ensure that we do not collect credit card numbers, phone numbers, National Insurance or other potentially private information.

Can a user's browsing history be identified if the government or ISP requests it?
No. The browsing history is not stored in any way. The unique fundamental design of this technology ensures that consumer privacy is protected and that, even under compulsion, no personally-identifying data or detailed browsing data can be retroactively provided to anyone.
The privacy claims Phorm make about its technology's use of consumer data have been verified by leading global auditing firm Ernst & Young. (View report PDF) The technology used by the OIX will be regularly audited on an ongoing basis to make sure that we continue to comply with our commitment. (But if they asked you (told you) to squirt it to them rather than store it ?)

What type of security measures do you have so that aggregated data is not stolen or lost?
Phorm has a high level of system and network security and operates a stringent security policy. Access to database hosts is restricted to systems administrators and data access is only permitted for specific purposes within the terms of the security policy.

However, the major safeguard is that all data is anonymous and cannot be attached to any individual. Only derived channel-match information is stored against the anonymous id in the database and all raw data is deliberately and continuously deleted according to the privacy timeline. These procedures are regularly audited and verified by Ernst & Young.

So we rely upon auditors whom you pay to check you don't store anything ? Great.

UPDATE MONDAY 3.00EST The Register has an update / rundown on the story

1 comment:

Anonymous said...

Browse using Firefox, with the NoScript Plugin installed. It stops all the shoit popping up.

(C) Very Seriously Disorganised Criminals 2002/3/4/5/6/7/8/9 - copy anything you wish