*CONFIRMED*
The btcom.userName/btcom.dateVisited/btcom.isLoggedIn are 'domain cookies' that will be sent to any *.bt.com web site... including webwise.bt.com and
www.webwise.bt.com... revealing your email address to Phorm (simply by browsing the pages on webwise.bt.com/
www.webwise.bt.com).
I've asked Rob to do an additional test; I suspect btcom.userName cookie remains set
even if you have logged out of bt.com... If so, this would make your email address almost unconditionally available to third parties such as Phorm if you have ever logged in to BT.com.
And presumeably it has been leaking email addresses for months.