Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Chris U · 19-03-2008, 10:52

[QUOTE=lucevans;34509543]In the absence of any information forthcoming from Phorm or Virgin Media, here are some more questions:

Tucked away in the small print of the scheme is the fact that a far more detailed record of the online activity of every customer will be stored in a "debugging" log for 14 days by Phorm, than will be stored in the "digest" (i.e. the aggregated, anonymized record they plan to hold on each of us for the purpose of targetting adverts at us).

What data fields will the debugging log contain? Will it include a user's IP address? Will it contain any of the information that was stripped-out of the digest to preserve the individuals anonymity or security? (By this I mean data like form fields, numbers, names, webmail data, etc.). Will it contain the raw data of encrypted pages that pass through the profiler?

It seems to me that by concentrating on the "anonymity" of the digest record of every customer, Phorm may be seeking to divert our attention from another, far more detailed, far less anonymous record that will be held "purely for administration and troubleshooting purposes"

Even if their intentions are honest regarding use of the debugging records (something I find hard to believe), surely these files would present a much more attractive target to hackers or criminal employees within Phorm or the ISPs, as they would contain lucrative personal information.

Who gets to see the debugging logs? (Russian spyware programmers, perhaps?) Are they exported outside the UK for "troubleshooting" by the "talented teams of programmers" that Phorm employ in the US and Russia? How do we know that they are irrecoverably destroyed after 14 days?

The questions just keep coming. Shame there are no answers.

======================

I'd be interested to see that small print, do you have a link ??

I have looked at the possibility of a link between RBN and Phorm, RBN is based in St. Perterburg, the Phorm Russian office is in Moscow, so far there is no obvious link other than 121 Media's past history.
(121 Media by the way is still an active and listed Subsiduary of Phorm)

Also worth noting is that soon after users found the oix.com server was apparently hosted on a Chinese IP, that changed quite quickly to being hosted by Fasthosts UK.

In the VM forums I issued a challenge to Phorm to allow a team of privacy and security experts to have access to several weeks worth of Phorm employees online data, including sites visited etc.

The Ernst Young audit did have some reservations about how the system could be open to abuse. Mr Davies of Privacy Internationals claimed by Phorm endorsement of the Phorm system in a BBC article he later posted that "They Had Not Endorsed Phorm" but on the face of Phorms description of how they claim it works had some good points.
But that was based on only the sales pitch being used by Phorm with no true technical analysis of the whole system or methods Phorm claim to use in public.

19-03-2008, 10:52	#1414
Chris U Inactive Join Date: Mar 2008 Posts: 1	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] [QUOTE=lucevans;34509543]In the absence of any information forthcoming from Phorm or Virgin Media, here are some more questions: Tucked away in the small print of the scheme is the fact that a far more detailed record of the online activity of every customer will be stored in a "debugging" log for 14 days by Phorm, than will be stored in the "digest" (i.e. the aggregated, anonymized record they plan to hold on each of us for the purpose of targetting adverts at us). What data fields will the debugging log contain? Will it include a user's IP address? Will it contain any of the information that was stripped-out of the digest to preserve the individuals anonymity or security? (By this I mean data like form fields, numbers, names, webmail data, etc.). Will it contain the raw data of encrypted pages that pass through the profiler? It seems to me that by concentrating on the "anonymity" of the digest record of every customer, Phorm may be seeking to divert our attention from another, far more detailed, far less anonymous record that will be held "purely for administration and troubleshooting purposes" Even if their intentions are honest regarding use of the debugging records (something I find hard to believe), surely these files would present a much more attractive target to hackers or criminal employees within Phorm or the ISPs, as they would contain lucrative personal information. Who gets to see the debugging logs? (Russian spyware programmers, perhaps?) Are they exported outside the UK for "troubleshooting" by the "talented teams of programmers" that Phorm employ in the US and Russia? How do we know that they are irrecoverably destroyed after 14 days? The questions just keep coming. Shame there are no answers. ====================== I'd be interested to see that small print, do you have a link ?? I have looked at the possibility of a link between RBN and Phorm, RBN is based in St. Perterburg, the Phorm Russian office is in Moscow, so far there is no obvious link other than 121 Media's past history. (121 Media by the way is still an active and listed Subsiduary of Phorm) Also worth noting is that soon after users found the oix.com server was apparently hosted on a Chinese IP, that changed quite quickly to being hosted by Fasthosts UK. In the VM forums I issued a challenge to Phorm to allow a team of privacy and security experts to have access to several weeks worth of Phorm employees online data, including sites visited etc. The Ernst Young audit did have some reservations about how the system could be open to abuse. Mr Davies of Privacy Internationals claimed by Phorm endorsement of the Phorm system in a BBC article he later posted that "They Had Not Endorsed Phorm" but on the face of Phorms description of how they claim it works had some good points. But that was based on only the sales pitch being used by Phorm with no true technical analysis of the whole system or methods Phorm claim to use in public.