Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Stuart · 05-03-2008, 12:58

OK, here's my take on the situation. Apologies if this is wrong (particularly on the legal side - I am not a lawyer) as it is quite difficult to sort actual facts from panic..

Virgin and Talk Talk plan to trial this system.

BT have already trialled this system, yet deny they have. All three currently plan to introduce it.

The system itself, put basically, monitors people's browsing habits, and serves "relevant" ads to them based upon their browsing habits.

The system appears to require that users opt out. It is unknown if the system supports opt in, but the stuff posted by The Register (originally sourced from a BT presentation) appears to suggest it does.

The system requires a cookie be sent to prevent the adverts being sent. It seems the system can be configured either to terminate monitoring, or carry on and just stop serving ads.

The system replaces ads in websites that have opted in to the scheme.

Not entirely sure where the profile Phorm generates is stored. Some reports say it's in a cookie stored on your computer, but the fact that Phorm don't seem to be storing the data in a country covered by any UK, European or US law (despite being a US company) but have a data centre in China is suspicious.

If the profile is not stored locally, and there is more than one person using the Internet at a location, then the system will not be able to distinguish one user from another, so may serve inappropriate ads to other people using the Internet.

If the profile is stored locally in a cookie, then it may be possible that simply blocking that cookie would stop them being able to track you.

There are two Parliamentary acts that may be violated by this system. The Data Protection Act (1998) and the Regulation of Investigatory Powers Act (2001). The DPA requires that people giver permission if their data is processed in a country without an equivalent to the DPA. RIPA prevents monitoring of connections, or interception of data sent along those connections (as Phorm does) without either the permission of the customer (express or implied) or a warrant.

Now, the key point in both those violations is permission. The ISPs appear to be playing up the anti-phishing side of the system while barely mentioning the monitoring side (if at all), so people who are less technically savvy than us may consent to be monitored based on the anti phishing promises alone. This may offer some protection to the ISPs and Phorm. Not too sure if either the DPA or RIPA require that companies explicitly state what people are opting in to when the ask if you want to opt in.

It helps that (whether justified or not), people seem to percieve the ISPs as trustworthy, so may listen to them even if other organisations (such as Mozilla, Microsoft and Opera) mount massive campaigns stating that their browsers already do protect against Phishing. It also helps Phorm that the various authorities and companies have been hyping up the threat of identity fraud. Thus, people may be more likely to percieve the system as valuable protection rather than a threat, and more likely to opt in.

A lot of ISPs need to make more money than they do to maintain the investment needed to keep upgrading their networks, so unless at least a sizable percentage of us are willing to pay higher prices than we do, some sort of advertising (whatever form that takes) is, sadly, inevitable.

Although I have tried to avoid expressing my opinion, and just present my perception of what is happening, it may have creapt in.

The above doesn't really change my opinion. I still do not think people should be monitored (whether or not advertising is served or a profile is built up) without their expressed permission, and I think people should be fully informed before expressing that permission.

05-03-2008, 12:58	#527
Stuart - Join Date: Jun 2003 Location: Somewhere Services: Virgin for TV and Internet, BT for phone Posts: 26,546	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77 & 102] OK, here's my take on the situation. Apologies if this is wrong (particularly on the legal side - I am not a lawyer) as it is quite difficult to sort actual facts from panic.. Virgin and Talk Talk plan to trial this system. BT have already trialled this system, yet deny they have. All three currently plan to introduce it. The system itself, put basically, monitors people's browsing habits, and serves "relevant" ads to them based upon their browsing habits. The system appears to require that users opt out. It is unknown if the system supports opt in, but the stuff posted by The Register (originally sourced from a BT presentation) appears to suggest it does. The system requires a cookie be sent to prevent the adverts being sent. It seems the system can be configured either to terminate monitoring, or carry on and just stop serving ads. The system replaces ads in websites that have opted in to the scheme. Not entirely sure where the profile Phorm generates is stored. Some reports say it's in a cookie stored on your computer, but the fact that Phorm don't seem to be storing the data in a country covered by any UK, European or US law (despite being a US company) but have a data centre in China is suspicious. If the profile is not stored locally, and there is more than one person using the Internet at a location, then the system will not be able to distinguish one user from another, so may serve inappropriate ads to other people using the Internet. If the profile is stored locally in a cookie, then it may be possible that simply blocking that cookie would stop them being able to track you. There are two Parliamentary acts that may be violated by this system. The Data Protection Act (1998) and the Regulation of Investigatory Powers Act (2001). The DPA requires that people giver permission if their data is processed in a country without an equivalent to the DPA. RIPA prevents monitoring of connections, or interception of data sent along those connections (as Phorm does) without either the permission of the customer (express or implied) or a warrant. Now, the key point in both those violations is permission. The ISPs appear to be playing up the anti-phishing side of the system while barely mentioning the monitoring side (if at all), so people who are less technically savvy than us may consent to be monitored based on the anti phishing promises alone. This may offer some protection to the ISPs and Phorm. Not too sure if either the DPA or RIPA require that companies explicitly state what people are opting in to when the ask if you want to opt in. It helps that (whether justified or not), people seem to percieve the ISPs as trustworthy, so may listen to them even if other organisations (such as Mozilla, Microsoft and Opera) mount massive campaigns stating that their browsers already do protect against Phishing. It also helps Phorm that the various authorities and companies have been hyping up the threat of identity fraud. Thus, people may be more likely to percieve the system as valuable protection rather than a threat, and more likely to opt in. A lot of ISPs need to make more money than they do to maintain the investment needed to keep upgrading their networks, so unless at least a sizable percentage of us are willing to pay higher prices than we do, some sort of advertising (whatever form that takes) is, sadly, inevitable. Although I have tried to avoid expressing my opinion, and just present my perception of what is happening, it may have creapt in. The above doesn't really change my opinion. I still do not think people should be monitored (whether or not advertising is served or a profile is built up) without their expressed permission, and I think people should be fully informed before expressing that permission.