Pete said:
March 5, 2008 11:57 PM | permalink
I can't believe what I'm reading.
Opt-out isn't good enough. This type of deeply intrusive 'service' should be opt-in, if it is indeed legal at all.
Webwise uses a cookie stored on the client to implement opt out (see webwise.bt.com). If you delete your cookies you are co-opted back in by default.
And the BT cookie expires silently after 24 months. So you are co-opted back in by default after 24 months.
And the Webwise UID cookie that you store is encrypted - why? If you've nothing to hide show me your cookies.
And the HTTP content that Webwise will see includes web chats using IM clients, remote desktop over http, SOAP/web services, images embedded in email, email viewed through webmail interfaces.
And if a client application doesn't or can't hold an opt out cookie, all data that originates from that client will be accessible to Webwise by default.
If you run a web site, and don't like Phorm, you can't opt out.
I've written an add on for Firefox 2 that will ensure the Phorm opt out cookie can never be deleted (accidentally or maliciously), and further randomises your UID cookie with every page load so Phorm can't monitor the browsing history of an individual user on a given IP address. But as privacy protection goes, this is a fig leaf.
Phorm should be outlawed.
http://www.planetsaturn.pwp.blueyond...phormation.xpi