Update 2. For further clarification, Virgin Media have directed me to the following FAQ on the Phorm website...
Frequently Asked Questions
Who is Phorm?
Phorm is an innovative digital technology company that designed and built the infrastructure and technology that power Webwise and the Open Internet Exchange
Which ISPs have partnered with Phorm to launch the OIX and Webwise?
UK ISPs representing approximately 70% of the UK broadband ISP market have joined Phorm to launch the service to consumers. These are BT Group PLC, The Carphone Warehouse PLC and Virgin Media Group. [X
For Consumers - Webwise
What is Webwise?
Webwise is a feature offered by leading UK ISPs in the UK that helps protect customers from fraudulent websites and replaces generic online ads with ads that are relevant to customers' interests. Webwise is powered by Phorm technology.[X
How do I opt out, or switch off the service?
If you have the OIX or Webwise available from your ISP, simply go to www.webwise.com
and click Webwise Off. If you have several computers using the same internet connection, or use different log-ins or browsers, be sure to switch off Webwise from each one.
When Webwise is off, you will no longer receive warnings before reaching fraudulent sites. Webwise will also no longer analyse any data from the web pages that you browse to see if there are better ads to show you. For more information, see www.webwise.com/how-it-works/faq.html
How does Phorm protect customer privacy?
No private or personal information, or anything that can identify you, is ever stored - and that means your privacy is never at risk.
Phorm identifies each user with a unique, randomly-generated number. With it, Phorm can deliver warnings of potentially dangerous websites and replace untargeted ads with more relevant ones, but can never identify the user personally. Phorm's technology can also be switched off easily at any time. [X
What information does Phorm store about browsing behaviour?
Phorm only stores advertising categories that match a user's areas of interest. There is no sensitive data stored. [X
Does Phorm ever store a customer's IP address?
No. The IP address is never stored. [X
Does Phorm collect any information that can identify me by name, address or any other personally-identifying information?
No. Phorm does not collect personal information, and cannot use it to serve ads. The system does not attempt to identify the user in any way and does not integrate with any system (like the ISP's log-in system) that could identify the user. [X
How does Phorm ensure that no personal information is collected?
Phorm uses technology that has been built from the ground up to avoid any information that might identify a customer personally. Phorm technology does not view any information on secure (HTTPS) pages, and ignores strings of numbers longer than three digits to ensure that we do not collect credit card numbers, phone numbers, National Insurance or other potentially private information. [X
Can a user's browsing history be identified if the government or ISP requests it?
No. The browsing history is not stored in any way. The unique fundamental design of this technology ensures that consumer privacy is protected and that, even under compulsion, no personally-identifying data or detailed browsing data can be retroactively provided to anyone.
The privacy claims Phorm make about its technology's use of consumer data have been verified by leading global auditing firm Ernst & Young. (View report PDF
) The technology used by the OIX will be regularly audited on an ongoing basis to make sure that we continue to comply with our commitment. [X
What type of security measures do you have so that aggregated data is not stolen or lost?
Phorm has a high level of system and network security and operates a stringent security policy. Access to database hosts is restricted to systems administrators and data access is only permitted for specific purposes within the terms of the security policy.
However, the major safeguard is that all data is anonymous and cannot be attached to any individual. Only derived channel-match information is stored against the anonymous id in the database and all raw data is deliberately and continuously deleted according to the privacy timeline. These procedures are regularly audited and verified by Ernst & Young. [X