Jump to content

Phorm: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
SmackBot (talk | contribs)
3,734,324 edits
m Date the maintenance tags or general fixes
m WikiCleaner 0.75 - Repairing link to disambiguation page - You can help!
Line 102: Line 102:
=== Potential threat to search engines ===
=== Potential threat to search engines ===


Alexander Hanff has speculated that as direct competitors to [[search engine]]s, Phorm could use the same equipment to alter search engine results on their way back to the user. Using deep packet inspection and some trivial regular expressions, Phorm could place OIX partners at the top of the results. Hanff states this would be very difficult to detect if at all possible and has urged major search engines to consider providing [[SSL]] search pages to help manage this risk.<ref>{{cite web |url=http://denyphorm.blogspot.com/2008/04/is-phorm-serious-threat-to-search.html |title=Is Phorm a serious threat to search engines? |accessdate=2008-04-11 |last=Hanff |first=Alexander |authorlink= |date=2008-04-10 |publisher=[[Blogspot]] }}</ref>
Alexander Hanff has speculated that as direct competitors to [[search engine]]s, Phorm could use the same equipment to alter search engine results on their way back to the user. Using deep packet inspection and some trivial regular expressions, Phorm could place OIX partners at the top of the results. Hanff states this would be very difficult to detect if at all possible and has urged major search engines to consider providing [[Secure Sockets Layer|SSL]] search pages to help manage this risk.<ref>{{cite web |url=http://denyphorm.blogspot.com/2008/04/is-phorm-serious-threat-to-search.html |title=Is Phorm a serious threat to search engines? |accessdate=2008-04-11 |last=Hanff |first=Alexander |authorlink= |date=2008-04-10 |publisher=[[Blogspot]] }}</ref>


=== Fall in share price ===
=== Fall in share price ===

Revision as of 18:48, 27 April 2008

Phorm
Company typePublic (AIM: PHRM)
IndustryOnline advertising
Founded2003
HeadquartersDelaware, USA
Area served
United Kingdom
Key people
Kent Ertugrul, Chairman and Chief Executive Officer
ProductsOpen Internet Exchange (OIX)
Revenue£ 48.30 thousand (2007)
£ -11.43 million (2007)
Websitewww.phorm.com

Phorm, formerly known as 121Media, is a digital technology company based in London, New York and Moscow. The company drew attention when it announced it was is in talks with some United Kingdom ISPs to deliver targeted advertising based on a user's browsing habits by using deep packet inspection.[1] It is one of several companies developing Behavioral Targeting advertising systems, seeking deals with ISPs to enable them to analyse customer's websurfing habits. Others include NebuAd and Front Porch.[2]

Overview of proposed service

Phorm is working with major British ISPs including British Telecom, Virgin Media and TalkTalk regarding a targeted advertisement service which would monitor browsing habits and serve relevant advertisements to the end user. Phorm say that these deals will give it access to the surfing habits of 70% of British households with broadband.[3]

A diagram showing how the Phorm system creates copies of its tracking cookie in each domain the end-user visits, based on the report published by Richard Clayton.[4]

It would work by categorizing users' interests and matching them with advertisers who wish to target that type of user. "As you browse, we're able to categorize all of your Internet actions", said Virasb Vahidi, the chief operating officer of Phorm. "We actually can see the entire Internet."[3]

It is claimed that data collected would be completely anonymous, and that Phorm will never be aware of the identity of the user or what they have browsed. [5] By monitoring users' browsing, Phorm also offers protection against online fraud and phishing. If users try to access a phishing site that is listed on a database available to Phorm, a warning will appear on the browser, although phishing sites not on the database won't trigger any warning. Users will be able to opt-out of Phorm's service. However, according to a spokesman for Phorm, the way the opt-out works means the contents of the websites you visit will still be mirrored to its system.[6] All computers, all users, and all http applications used by each user of each computer will need to be configured (or supplemented with add ons) to opt out. [7]. It has since been declared by the Information Commissioner's Office that Phorm would only be legal under UK law if it were an opt-in service. [8]

Company history

121media, the former name of Phorm, has had its products described as spyware.[9] As 121Media it distributed a program called PeopleOnPage[10], which was classified as spyware by F-Secure.[11] PeopleOnPage was an application built around their advertising engine called ContextPlus. ContextPlus was also distributed as a root kit called Apropos[10][12], which used tricks to prevent the user from removing the application and sent information back to central servers regarding a user's browsing habits.[13]

In November 2005 the Center for Democracy and Technology in the US filed a complaint with the Federal Trade Commission over distribution of what it considered spyware, inlcuding ContextPlus. They stated that they had investigated and uncovered deceptive and unfair behaviour. This complaint was filed in concert with the Canadian Internet Policy and Public Internet Center, a group that was filing a similar complaint against Integrated Search Technologies with Canadian authorities.[14]

In May 2006 ContextPlus shut down its operations and stated "[Contextplus are] no longer able to ensure the highest standards of quality and customer care". The shutdown came after several major lawsuits against adware vendors has been launched.[15] Phorm has countered this with an admission of a company history in adware and the closing down of a multi-million dollar revenue stream as people confused adware with spyware.[13]

Reaction

Initial reaction to the proposed service highlighted deep concerns with regards to individual privacy and property rights in data.[16] Phorm has defended its technology in the face of what it called “misinformation” from bloggers claiming it threatens users’ privacy.[17]

Security firms are split about whether they will classify Phorm's targeting cookies as adware. Kaspersky Lab, whose anti-virus engine is licensed to many other security vendors, said it would detect the cookie as adware. Trend Micro said there was a "very high chance" that it would add detection for the tracking cookies as adware. PC Tools echoed Trend's concerns about privacy and security, urging Phorm to apply an opt-in approach. Specialist anti-spyware firm Sunbelt Software also expressed concerns, saying Phorm's tracking cookies were candidates for detection by its anti-spyware software.

Ross Anderson, professor of security engineering at Cambridge University, said: "The message has to be this: if you care about your privacy, do not use BT, Virgin or Talk-Talk as your internet provider." He added that, historically, anonymising technology had never worked. Even if it did, he stressed, it still posed huge privacy issues.[16] During the week beginning March 10, 2008, privacy concerns began to have an impact on the stock price of the company, which dropped 30% [18], indicating that shareholders might also be concerned about the issues being raised. By 27 March 2008 the stock price had dropped 45% over the month.

Phorm has engaged a number of public relations advisers including Freuds, Citigate Dewe Rogerson and ex-House of Commons media adviser John Stonborough in an attempt to save its reputation.[19], and has engaged with audiences via moderated online webchats. Full transcripts of these interviews can be found at http://www.webwise.com/how-it-works/chat.html.

In response to customer concerns, TalkTalk (The Carphone Warehouse) issued a statement[20] that its implementation will be "opt-in" only and won't use the same method as BT, meaning those that don't "opt-in" will have their traffic split, avoiding contact with a WebWise (Phorm) server.

The creator of the World Wide Web, Tim Berners-Lee, has criticized the idea of tracking his browsing history saying that "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return." He also said that he would change ISP if they introduced the Phorm system.[21]

Simon Davies, a privacy advocate and founding member of Privacy International, said "Behavioural advertising is a rather spooky concept for many people." In a separate role at 80/20 Thinking, a consultancy start-up, he was engaged by Phorm to look at the system.[22] He said: “We were impressed with the effort that had been put into minimising the collection of personal information.”[23]. He was subsequently quoted as saying "[Privacy International] DOES NOT endorse Phorm, though we do applaud a number of developments in its process." (original capitals) "The system does appear to mitigate a number of core privacy problems in profiling, retention and tracking... [but] we won’t as PI support any system that works on an opt-out basis.".[24]

Kent Ertugrul later claimed he was confused when he suggested Privacy International had endorsed Phorm. "This was my confusion I apologise. The endorsement was in fact from Simon Davies, the MD of 80 / 20 who is also a director of privacy international"[25].

BT trials

After initial denials that they had done so[26], BT confirmed they ran a small scale trial at one exchange of a "prototype advertising platform" in 2007 and are said to be developing an improved non-cookie based opt-out of Phorm, BT customers will be able to opt-out of the trial, but no decision has been made as to their post-trial approach.[27]

It was reported that BT ran an earlier secret trial in 2006, in which it intercepted and profiled the web browsing of 18,000 of its broadband customers. The technical report states that customers who participated in the trial were not made aware of this fact as one of the aims of the validation was not to affect their experience.[28]

Digital rights lawyer Nicholas Bohm, of the Foundation for Information Policy Research, has said that trials of an online ad system carried out by BT involving more than 30,000 of its customers were potentially illegal. [29] Channel 4's Krishnan Guru-Murthy interviewed BT's head of value added services, Emma Sanderson, about their trials [30]

It has since been revealed that BT's 2007 trial involved some tens of thousands of end users.[31]

British Telecom is facing legal action over trials of Phorm which were carried out without user consent. [32]

Analysis

Richard Clayton, a Cambridge University security researcher and member of the Open Rights Group and FIPR, attended an on-the-record meeting with Phorm, and published his account of how their advertising system works.[33]

Phorm explained the process by which an initial web request is redirected three times (using HTTP 307 responses) within their system so that they can inspect cookies to determine if the user has opted out of their system, so that they can set a unique identifier for the user (or collect it if it already exists), and finally to add a cookie that they forge to appear to come from someone else’s website. [33]

Leaking UID Cookies

Richard Clayton notes in his analysis that Phorm's system stores a tracking cookie for each domain visited on the user's PC, each containing an identical copy of the user's unique Phorm tracking ID. And although where it can do so, Phorm's system strips its tracking cookies from http requests before they are forwarded across the internet to a website's server, it cannot prevent the Phorm UID being sent to websites using https. Allowing Websites to associate the Unique Phorm tracking ID to any details the website collects about the visitor. [34]

It has been speculated that spammers could exploit leaking Phorm UIDs by sending emails to customer's of ISPs that have deployed Phorm containing a web bug which redirects to a https url, to capture both the recipient's Phorm tracking UID and their associated email address if they view the email in their browser using a webmail service. [35]

Advertisers

Advertisers which had initially expressed an interest about Phorm include: ft.com, The Guardian, Universal McCann, Myspace[36], iVillage, MGM OMD and Unanimis.[37]

The Guardian has withdrawn from its targeted advertising deal with Phorm. In an email to a reader, advertising manager Simon Kilby stated "It is true that we have had conversations with them [Phorm] regarding their services but we have concluded at this time that we do not want to be part of the network. Our decision was in no small part down to the conversations we had internally about how this product sits with the values of our company." [38]

In response to an article published in The Register on the 26 March 2008, Phorm has stated that Myspace has not joined OIX as a Publisher [38]

On 29 March 2008, Pete Clifton of the BBC confirmed that the company has "no plans to work with Phorm at this time".[citation needed]

Questions over legality

The UK Home Office has indicated that Phorm's proposed service is only legal if users give explicit consent.[39] The Open Rights Group (ORG) raised questions about Phorm's legality and asked for clarification of how the service would work.[40] The Foundation for Information Policy Research (FIPR) has argued that Phorm's online advert system is illegal in the UK. Nicholas Bohm, general counsel at FIPR, said: "The need for both parties to consent to interception in order for it to be lawful is an extremely basic principle within the legislation, and it cannot be lightly ignored or treated as a technicality." His open letter to the Information Commissioner has been published on the FIPR web site.[41]

Conservative Peer David Carnegie, 14th Earl of Northesk, has questioned whether HM Government is taking any action on the targeted advertising service offered by Phorm in the light of the questions about its legality under the Data Protection and Regulation of Investigatory Powers Acts.[42] Richard Clayton, a Cambridge University security researcher, has produced a technical analysis (released on April 4th 2008) which confirms the FIPR's view that the final deployment of Phorm will be illegal on the grounds that no consent is obtained from webmasters to profile the pages sent to users.[4]

On April 9 2008, the Information Commissioner's Office ruled that Phorm would only be legal under UK law if it were an opt-in service. [43] The Office stated it will closely monitor the testing and implementation of Phorm, in order to ensure data protection laws are observed.[44]

Potential threat to search engines

Alexander Hanff has speculated that as direct competitors to search engines, Phorm could use the same equipment to alter search engine results on their way back to the user. Using deep packet inspection and some trivial regular expressions, Phorm could place OIX partners at the top of the results. Hanff states this would be very difficult to detect if at all possible and has urged major search engines to consider providing SSL search pages to help manage this risk.[45]

Fall in share price

After Phorm's press release of 14 February 2008 and initial reactions from the media[citation needed][who?], the company's share price on AIM became increasingly volatile. The price reached a high of 3,580p on 25 February 2008, falling to a low of 1,225p on 17 April 2008.[46]

References

  1. ^ "Internet Providers Quietly Test Expanded Tracking of Web Use to Target Advertising". The Washington Post. 2008-04-04. Retrieved 2008-04-08.
  2. ^ "American ISPs already sharing data with outside ad firms". The Register. 2008/04/10. Retrieved 2008-04-18. {{cite news}}: Check date values in: |date= (help)
  3. ^ a b "A Company Promises the Deepest Data Mining Yet". The New York Times. 2008/03/20. Retrieved 2008-03-23. {{cite news}}: Check date values in: |date= (help)
  4. ^ a b Clayton, Richard (2008-04-04). "The Phorm "Webwise" System" (PDF). Cambridge University. Retrieved 2008-04-07. {{cite web}}: Cite has empty unknown parameter: |coauthors= (help)
  5. ^ "Phorm Service Privacy Policy". Retrieved 2008-03-14.
  6. ^ Williams, Chris (2008-03-05). "BT targets 10,000 data pimping guinea pigs". The Register. Retrieved 2008-03-12.
  7. ^ "Phorm Frequently Asked Questions". Retrieved 2008-03-29.
  8. ^ "Phorm – Webwise and Open Internet Exchange". Information Commissioner's Office. 2008-04-08. Retrieved 2008-04-10.
  9. ^ Williams, Chris (2008-02-25). "ISP data deal with former 'spyware' boss triggers privacy fears". The Register. Retrieved 2008-03-10.
  10. ^ a b "Phorm Factor". F-Secure. 2008-04-15. Retrieved 2008-04-16.
  11. ^ "F-Secure Spyware Information Pages: PeopleOnPage". F-Secure. Retrieved 2008-04-16.
  12. ^ "F-Secure Spyware Information Pages: Apropos". F-Secure. Retrieved 2008-04-18.
  13. ^ a b Williams, Chris (2008-03-07). "Phorm launches data pimping fight back". The Register. Retrieved 2008-03-08.
  14. ^ Schwartz, Ari (2005-11-03). "Phorm launches data pimping fight back" (PDF). CDT. Retrieved 2008-04-16.
  15. ^ "Spyware, Rootkit Maker Stops Distribution". Eweek. Retrieved 2008-04-17.
  16. ^ a b Armitage, Jim (2008-03-06). "Web users angry at ISPs' spyware tie-up". Evening Standard. Retrieved 2008-03-13.
  17. ^ Edgecliffe-Johnson, Andrew (2008-03-12). "Phorm seeks $65m for overseas expansion". The Financial Times. Retrieved 2008-03-17. {{cite news}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  18. ^ Arthur, Charles (2008-02-11). "Phorm mystified by fall in share price; we interview its chief". Guardian Unlimited. Retrieved 2008-02-17.
  19. ^ O'Connor, Clare (2008-03-30). "Web tool firm in PR fightback". PRWeek. Retrieved 2008-03-30.
  20. ^ Jackson, Mark (2008-03-11). "TalkTalk (Carphone) ISP Makes Phorm Opt-In Only". ISPReview. Retrieved 2008-03-12.
  21. ^ Cellan-Jones, Rory (2008-03-17). "Web creator rejects net tracking". BBC News. Retrieved 2008-03-17.
  22. ^ Waters, Darren (2008-03-06). "Looking at the Phorm". Retrieved 2008-03-17.
  23. ^ Waters, Darren (2008-03-06). "Ad system 'will protect privacy'". BBC News. Retrieved 2008-03-12.
  24. ^ "Your questions please for Kent Ertegrul, CEO of Phorm". Guardian Newspaper. 2008-03-06. Retrieved 2008-03-29.
  25. ^ "Webwise Chat Transcript". 2008-03-11. Retrieved 2008-03-29.
  26. ^ "BT confesses lies over secret Phorm experiments". The Register. 2008-03-17. Retrieved 2008-03-17.
  27. ^ Liversage, Adam (2008-03-14). "BT Develop non-cookie based opt-out". beta.bt.com. Retrieved 2008-03-15.
  28. ^ Williams, Chris (2008-04-01). "BT and Phorm secretly tracked 18,000 customers in 2006". The Register. Retrieved 2008-04-01.
  29. ^ Waters, Darren (2008-04-01). "BT advert trials were 'illegal'". BBC. Retrieved 2008-04-01.
  30. ^ Nzewku, Brigid (2008-04-03). "BT 'spies' on customers". Channel 4 News. Retrieved 2008-04-03.
  31. ^ Williams, Chris (2008-04-14). "BT's 'illegal' 2007 Phorm trial profiled tens of thousands". The Register. Retrieved 2008-04-14.
  32. ^ "BT confesses lies over secret Phorm experiments". The Register. 2008-03-17. Retrieved 2008-03-17.
  33. ^ a b Clayton, Richard (2008-04-04). "The Phorm "Webwise" System". Light Blue Touchpaper. Retrieved 2008-04-04.
  34. ^ Clayton, Richard (2008-04-22). "Stealing Phorm Cookies". Light Blue Touchpaper. Retrieved 2008-04-24.
  35. ^ "Linking email addresses to webwise UID by spamming?". 2008-04-17. Retrieved 2008-04-24.
  36. ^ Kiss, Jemima (2008-02-14). "ISPs sign up to targeted ads deal". The Guardian. Retrieved 2008-04-09.
  37. ^ "Phorm press release". Phorm.com. 2008-02-14. Retrieved 2008-04-12.
  38. ^ a b "The Guardian ditches Phorm". The Register. 2008-03-26. Retrieved 2008-03-26.
  39. ^ Arthur, Charles (2008-03-12). "Home Office on Phorm: it's legal if users consent". Guardian Unlimited. Retrieved 2008-03-12.
  40. ^ "Open Rights Group questions Phorm". BBC News. 2008-03-12. Retrieved 2008-03-12.
  41. ^ "Open Letter to the Information Commissioner". 2008-03-17. Retrieved 2008-03-17.
  42. ^ "House of Lords Cumulative list of unanswered Questions for Written Answer". House of Lords publications. 2008-03-17. Retrieved 2008-04-02.
  43. ^ "Phorm – Webwise and Open Internet Exchange". Information Commissioner's Office. 2008-04-08. Retrieved 2008-04-10.
  44. ^ "Phorm warned about web data rules". bbc.co.uk. 2008-04-09. Retrieved 2008-04-10.
  45. ^ Hanff, Alexander (2008-04-10). "Is Phorm a serious threat to search engines?". Blogspot. Retrieved 2008-04-11.
  46. ^ "Phorm Reg-S (PHRM.L) Historical Prices". Yahoo! UK & Ireland Finance. Retrieved 2008-04-24.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Phorm&oldid=208577989"