Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 29-06-2008, 13:37   #10451
Dephormation
Inactive
 
Join Date: Apr 2008
Location: Bristol
Services: Aquiss.net and loving it. No more Virgin Media, no more Virgin Phone, no more Virgin Mobile.
Posts: 629
Dephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to all
Post Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Paul Delaney View Post
Enter Phorm.
They add there own Deep Packet Inspection hardware which is identical to BT's with the exception that the personal data it collects isn't subject to the stringent laws restricting its use to non-commercial or advertising purposes nor who will have access to it. A government agency would not require a warrant to access any of the personal data running through this second Deep Packet Inspection hardware.
Phorms system is different. It not only monitors your traffic, it actively interferes with it, creating fake cookies and forcing unexpected redirects to imposter web sites. Any pages which are returned may have advertising inserted (if they are OIX partners).
In other words the privacy, security, and integrity of your communication with your desired web site is compromised (and vice versa).
Quote:
Originally Posted by Paul Delaney View Post
A computer program written by Phorm "strips personally identifiable material" from the data. This is what they present to every regulatory body to justify that their system complies with privacy laws.
Phorm have not published the algorithm or method they use. Indeed there was no reference to the anonymisation process AT ALL in the leaked 2006 report.
They have made oblique statements which claim names, and identifiers will be filtered out, but this is obviously unlikely to be successful unless you know the names of everyone on the planet, your filter is multilingual, and you know the format of all identifiers in use on the planet.
Look at this page, put yourself in Phorm's shoes, and ask yourself how you will remove all identifiers from this page? roadrunner69, dephormation, NTLvictim... are those names? Are they personal identifiers?
Phorm claim they will not process form data, but that assumes the form data is a post request, and seems not to include search engine forms. In other words, they will process form data if it is commercially attractive for them to do so.
Clearly, after a moments thought you'll agree, its complete nonsense to claim they can fully anonymise data.
Yet ICO did not ask BT how this algorithm worked, nor inspect its operation.
Quote:
Originally Posted by Paul Delaney View Post
So privacy is only guaranteed by Phorm's software program and as part of their contract with BT Phorm have complete control over the updating and servicing of their software.
Your only assurance is that Phorm claim they will not profile you while you retain their opt out cookie. This assurance is given to you by a firm that F-Secure labelled creators of "one of the most widespread malicious rootkits of 2005", and who co-operated with BT running two trials of their spyware in 2006/7, without advising their customers, ICO or (supposedly) the Home Office.
Quote:
Originally Posted by Paul Delaney View Post
The reality is our privacy is in the hands of a company who has a long history (under different names) of writing parasitic software including a rootkit virus, in each case to gain access to personal data.
Parasitic both in the sense of taking your personal information and selling it, and taking the one thing that makes the net the valuable resource it is (content and services data), and abusing that too.

There's only one conclusion. Phorm must be stopped.
Dephormation is offline