Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[TheBruce1]

Quote:

Originally Posted by roadrunner69

What is contained in the debug and research logs, where it is processed and what happens to them after 14 days has, as far as I am aware, never been answered to any ones satisfaction.

And most likely it will never be as the data will be processed/aggregated by phorm to sell to advertisers and any one else would wishes to pay to see our data.

Quote:

Originally Posted by bluecar1

i might have found some info on the missing market research see http://www.theregister.co.uk/2000/07...lies_and_bofh/

Some(maybe all)bosses are truly stupid, did someone say BT

Quote:

Originally Posted by Dephormation

And if it hadn't been for us meddling kids Phorm might have gotten away with it too.

Damm those kids, as Kent would say.

Quote:

Originally Posted by HamsterWheel

No doubt the company spent the money on internet advertising instead - it's a growing market you know

Oh thank God your back, i was really getting worried that you had gone missing trying to find the answer to the questions that have been asked, now your back, any chancer of an answer, i real answer that is.

Quote:

Originally Posted by Paul Delaney

Share Price: 1,125.00

http://www.lse.co.uk/ShareTrades.asp...re=phorm_reg_s

Hopefully not too long before it reaches 0.00

[Dephormation]

Quote:

Originally Posted by jtechs

even if you invest in SSL, if the page is public then they can just follow your URL, unless this is encapsulated in the SSL tunnel... if you goto https://www.somesite.org/secret/location.php they can see the GET (or am i wrong on this?)
J

I believe the only things they will get from SSL is the destination IP address/domain, date & time of your request, and a block of random garbage on which to run their profiling engine.

That could still be valuable, for example it would allow them to know which bank you use, when you use it, how often, how long, whether you visit after or before making a purchase, but not much else.

If they did eventually decide it was permissible to use that data (noting they currently claim not to, I'm so reassured I left Virgin) then you might see loan ads, savings ads, or competitive banking ads shortly after doing your normal online banking for example. Or ads for ASDA, after completing an SSL checkout at Sainsbury. Or ads for Dabs, after completing an SSL checkout at Maplin.

You get the picture I'm sure.

Once you pawn the privacy of your connection to Phorm, you may be suprised how much they learn about you and/or your customers even from snooping on encrypted traffic.

Phorm has to be stopped. You can't operate an economy with parasites snooping on private communication traffic.

[Deko]

Why are a.webwise and b.webwise running "F5 Big-IP" are these boxes doing some kind of proxying to the boxes hosted in the states.

Why are DPI machines facing the internet. Maybe i'm missing something here.

[rryles]

Quote:

Originally Posted by Deko

Why are a.webwise and b.webwise running "F5 Big-IP" are these boxes doing some kind of proxying to the boxes hosted in the states.

Why are DPI machines facing the internet. Maybe i'm missing something here.

I think these boxes are commonly used as a sort of firewall/cache for web servers. They are designed primarily to improve performance of a website and provide some resilience to (d)DOS and other attacks. They could be proxying it to a server in the US but there is no evidence that they are. If they are then most of the security benefit would be lost as the real server would be exposed to the internet.

[bluecar1]

Quote:

Originally Posted by R Jones

I'd love to know the name of the person who interpreted that survey as being supportive of Phorm. They could get a great job in politics.

could it be the PM GB moonlighting and being as good in PR as he as at PM ????

peter

---------- Post added at 16:48 ---------- Previous post was at 16:42 ----------

Quote:

Originally Posted by Dephormation

If they did eventually decide it was permissible to use that data (noting they currently claim not to, I'm so reassured I left Virgin) .

sorry pete had to double take that line, i thought you were inferring your were a virgin??????? if they did not look at the data

he he

peter

[Dephormation]

Incidentally, it struck me this morning, Phorm might want to use the 'opted out' data to create aggregate statistics for advertisers (which might explain their reluctance to provide a real opt in model). For example, they might not create a personal profile, but they might accumulate aggregate data about Virgin Media subscribers opted in or not... and if it is truly opt in they can't do that.

And its one of the reasons it must be truly opt in, I don't want to be profiled as an individual or participate in group profiling either.

[nb; I've seen nothing to indicate this is the case, yet]

[bluecar1]

on going saga with dear emma

sent today as not heard from here regarding my questions,
peter

******************
Emma,

I have been waiting for a reply from you explaining to me why BT think they do not have to check credentials online before changing the terms and conditions of a customers contract to ensure it is the account holder who is authorising this change?

the approach as regards WebWise seems in total contrast to all other dealings I have with BT,

to check my children's browsing history in parental controls, I have to authenticate
to talk to someone at BT I have to passed DPA question to ensure I am the account holder
to pay my bill online I have to create an account and authenticate
to change my contract and sign away my privacy and to accept WebWise and provide BT with a new revenue stream, I DO NOT HAVE TO PROVE I AM THE ACCOUNT HOLDER OR AUTHENTICATE MY CREDENTIALS
just a tad inconsistent

I await your answer with interest, and it will be published on the BT forum and cable forum

regards

Peter

[Privacy_Matters]

I don't know if I missed this on the way - but I just found the pdf at the link below:

http://www.publications.parliament.u...aff/58/58i.pdf

Refer to page 21

[bluecar1]

Quote:

Originally Posted by Dephormation

Incidentally, it struck me this morning, Phorm might want to use the 'opted out' data to create aggregate statistics for advertisers (which might explain their reluctance to provide a real opt in model). For example, they might not create a personal profile, but they might accumulate aggregate data about Virgin Media subscribers opted in or not... and if it is truly opt in they can't do that.

And its one of the reasons it must be truly opt in, I don't want to be profiled as an individual or participate in group profiling either.

[nb; I've seen nothing to indicate this is the case, yet]

my thoughts exactly, what wonderful data, 100 most common search keywords in google etc

10 most popular holiday destinations etc

top ten cars etc

this is why they want to profile opted out data, as well as the fact it is more difficult for them to do a bypass of the profiler except on an account level opt-out, you can see k*nt crying at the thought of losing at tha PII

peter

[SelfProtection]

Quote:

Originally Posted by Dephormation

Incidentally, it struck me this morning, Phorm might want to use the 'opted out' data to create aggregate statistics for advertisers (which might explain their reluctance to provide a real opt in model). For example, they might not create a personal profile, but they might accumulate aggregate data about Virgin Media subscribers opted in or not... and if it is truly opt in they can't do that.

And its one of the reasons it must be truly opt in, I don't want to be profiled as an individual or participate in group profiling either.

[nb; I've seen nothing to indicate this is the case, yet]

[nb; I haven't seen anything to the contrary either, yet]
This may be another point to put directly to the ICO.

[bigsanta11]

Quote:

"We do ask that our customers adhere to our terms and conditions, which state that they must comply with all relevant laws and not infringe the rights of others," BT said.

http://www.pcadvisor.co.uk/news/index.cfm?newsid=13547

[bluecar1]

Quote:

Originally Posted by bigsanta11

"We do ask that our customers adhere to our terms and conditions, which state that they must comply with all relevant laws and not infringe the rights of others," BT said.



http://www.pcadvisor.co.uk/news/index.cfm?newsid=13547

they forgot to add "we also apply the principle of do as i say not as i do"

peter

[Ravenheart]

I've just had a reply from Liz Lynne one of my MEP's who was very quick to raise questions in the EU about Phorm.

Her latest update is as follows

Dear Ms ***************

I am writing to you further to my previous letter regarding your concerns over Phorm advertising software. I have recently received a reply from Baroness Shriti Vadera of the Department for Business Enterprise and Regulatory Reform regarding a letter I sent to her outlining your fears.

Baroness Vadera informs me that the Information Commissioner’s Office (ICO) is currently examining the proposed use of Phorm to ensure that any use of the technology is compatible with the current legislation relating to privacy. The ICO has published its preliminary view on Phorm, which can be found at

http://www.ico.gov.uk/about_us/news_...e_and_oie.aspx.

Baroness Vadera also states that the Home Office has been in contact with ISPs to discuss how the use of Phorm relates to the Regulation of Investigatory Powers Act. However, she notes that not all applications of Phorm will necessarily contravene this act.

Finally, I am assured by Baroness Vadera that both she and the ICO have been in contact with those ISP’s hoping to run trials involving Phorm to discuss their plans and will be maintaining close contact with ISPs and Phrom throughout any subsequent trials.

Yours sincerely

Liz Lynne MEP

Which doesn't really tell us any more than what we don't already know, but my respect goes to her for at least keeping me informed on developments, and the fact she's still asking questions on the issue.

[Rchivist]

Quote:

Originally Posted by bluecar1

on going saga with dear emma

sent today as not heard from here regarding my questions,
peter

******************
Emma,

I have been waiting for a reply from you explaining to me why BT think they do not have to check credentials online before changing the terms and conditions of a customers contract to ensure it is the account holder who is authorising this change?

the approach as regards WebWise seems in total contrast to all other dealings I have with BT,

to check my children's browsing history in parental controls, I have to authenticate
to talk to someone at BT I have to passed DPA question to ensure I am the account holder
to pay my bill online I have to create an account and authenticate
to change my contract and sign away my privacy and to accept WebWise and provide BT with a new revenue stream, I DO NOT HAVE TO PROVE I AM THE ACCOUNT HOLDER OR AUTHENTICATE MY CREDENTIALS
just a tad inconsistent

I await your answer with interest, and it will be published on the BT forum and cable forum

regards

Peter

I've just reminded her of those issues today as well. She also mentioned in her reply to me that the interstitial page in the ICO/FOI bundle was a draft and that she was confident that the final one would meet requirements of the legislation. So I have reminded her that she was confident that the 2006/2007 trials were legal but the ICO differs, and that no one had mentioned the Consumer Protection from Unfair Trading Regulations 2008 in respect of the interstitial/invitation page.

My email included the following:

IMHO - in order to be remotely legal the "interstitial page" will need to

a) only be offered to customers while they are logged in to and visit a bt.com or BTYahoo page, and only while the customer is logged in as the primary account holder. (not offered to minors, not offered to sub account holders). If the page pops up during ordinary browsing of non BT sites it will constitute an illegal interception - effectively a browser hijack.

If it is offered to minors, then the change in the T&C's of the primary account holder that their acceptance will involve, is UNenforceable, and if it is offered to sub account holders, then the change in T&C's that their acceptance will involve is unenforceable.

You will also need to address the issue of targeting of adverts to minors and explain that in the invitation page so that the primary account holder can fully evaluate that particular issue.

b) contain adequate information about Webwise technology which the copy sent to the ICO certainly does NOT, in order to conform to the Consumer Protection from Unfair Trading Regulations 2008. Representing Webwise simply as a means of reducing irrelevant adverts, or antiphishing protection, will be a breach of these regulations.

c) only be offered if the informed consent of website owners that the customer might visit while participating in the trials, can be obtained and verified BEFORE their unique data exchange with their customers is profiled, before the content of their websites is copied and exploited, before derivative copies of their websites are made for commercial gain (a CRIMINAL offence) and before forged cookies are made incorporating their domain name. You should be aware that there are many websites out there waiting for Webwise customers to visit their sites, at which point they will commence reporting BT for criminal (yes - criminal) breaches of the copyright laws.

d) the trials can only proceed if there is absolutely NO way that ANY traffic from non-opted in customers goes anywhere near the Phorm software. I am unable at present to see ANY way in which you can legally intercept traffic of all customers to find out whether they are opted in to the trial without access to BT Wholesale equipment or by illegally intercepting the traffic of non-opted in customers.

Hopefully that will give ES something to think about, and at the very least, they can't say they weren't warned.

[Florence]

Quote:

Originally Posted by R Jones

I've just reminded her of those issues today as well. She also mentioned in her reply to me that the interstitial page in the ICO/FOI bundle was a draft and that she was confident that the final one would meet requirements of the legislation. So I have reminded her that she was confident that the 2006/2007 trials were legal but the ICO differs, and that no one had mentioned the Consumer Protection from Unfair Trading Regulations 2008 in respect of the interstitial/invitation page.

My email included the following:

IMHO - in order to be remotely legal the "interstitial page" will need to

a) only be offered to customers while they are logged in to and visit a bt.com or BTYahoo page, and only while the customer is logged in as the primary account holder. (not offered to minors, not offered to sub account holders). If the page pops up during ordinary browsing of non BT sites it will constitute an illegal interception - effectively a browser hijack.

If it is offered to minors, then the change in the T&C's of the primary account holder that their acceptance will involve, is UNenforceable, and if it is offered to sub account holders, then the change in T&C's that their acceptance will involve is unenforceable.

You will also need to address the issue of targeting of adverts to minors and explain that in the invitation page so that the primary account holder can fully evaluate that particular issue.

b) contain adequate information about Webwise technology which the copy sent to the ICO certainly does NOT, in order to conform to the Consumer Protection from Unfair Trading Regulations 2008. Representing Webwise simply as a means of reducing irrelevant adverts, or antiphishing protection, will be a breach of these regulations.

c) only be offered if the informed consent of website owners that the customer might visit while participating in the trials, can be obtained and verified BEFORE their unique data exchange with their customers is profiled, before the content of their websites is copied and exploited, before derivative copies of their websites are made for commercial gain (a CRIMINAL offence) and before forged cookies are made incorporating their domain name. You should be aware that there are many websites out there waiting for Webwise customers to visit their sites, at which point they will commence reporting BT for criminal (yes - criminal) breaches of the copyright laws.

d) the trials can only proceed if there is absolutely NO way that ANY traffic from non-opted in customers goes anywhere near the Phorm software. I am unable at present to see ANY way in which you can legally intercept traffic of all customers to find out whether they are opted in to the trial without access to BT Wholesale equipment or by illegally intercepting the traffic of non-opted in customers.

Hopefully that will give ES something to think about, and at the very least, they can't say they weren't warned.

Well put maybe more needs to email the same or similar... Hope you asked for a read reciept since the last one I sent was deleted without being read.