There is nothing wrong with behavioral targeted advertising but there is something not right with using deep packet inspection.

And don't forget: a person can opt out of certain types of advertising by using ad blockers, cookie blockers, host file nullifying etc.

There is no way to opt out of DPI tracking. It monitors and records near enough everything you read and write whether you want their ads or not.

The ads will be no different to other types of ads - injected into a page.

You will be able to block the ads if you wish to do that but you will not be able to stop your personal browsing information from being intercepted, copied and processed*

*Only way to prevent this is to switch to a non phormed ISP, or use a secure vpn for your browsing.

I for one will not be serving my content to people with phorm 'on'. Instead, I'll present them with a page that teaches them how to turn it off.

They are two totally different technologies.

Frank_Rizzo - Thanks for this explanation, I've been trying to wrap my head around it!

So if I understand this correctly:

AdSense = The Ads can be blocked if the user wants to regardless of ISP

Phorm = The Ads can only be blocked from a phorm free ISP?

Can Phorm ads be blocked by disabling javascript or is this one of the major issues with it?

I for one will not be serving my content to people with phorm 'on'. Instead, I'll present them with a page that teaches them how to turn it off.

and if they don't want to turn it off, because they are happily seeing ads that have landed them a couple of bargains and are ads more closely aligned with things they want to see, and they are comfortable with the concept of phorm advertising? are you happy to lose that customer?

Lets face it, how many every day users actually know how to turn adsense off, how many gmail users know how to turn off personalised search? how many would even if they could. To try, as a website owner, to force your customers to switch off something they may find beneficial, is just as bad as the ISP's not giving them a choice over having it in the first place imo.

They are two totally different technologies.
There is nothing wrong with behavioral targeted advertising but there is something not right with using deep packet inspection.

And don't forget: a person can opt out of certain types of advertising by using ad blockers, cookie blockers, host file nullifying etc.

There is no way to opt out of DPI tracking. It monitors and records near enough everything you read and write whether you want their ads or not.

AdSense = The Ads can be blocked if the user wants to regardless of ISP

Phorm = The Ads can only be blocked from a phorm free ISP?

Can Phorm ads be blocked by disabling javascript or is this one of the major issues with it?

Adsense (and most other types of ads) can be blocked at the browser level using third party adblocker type apps. These types of ads can also be blocked by adding 127.0.0.1 domain to your hosts file.

Phorm ads can also be blocked this way but the issue is not that of blocking ads. The issue with phorm is the way that the information on how to serve those ads is generated.

Google will know what type of ads you should see based on the keywords you enter on a site. That's fine - you can sort of block that if you are worried about that type of non intrusive privacy.

Google will also know what type of ads you should see on an adsense enabled website due to a sites page content or theme. Again that can sort of be blocked if you are concerned about this non intrusive privacy.

What you can not block is the intrusive way in which phorm gathers information about you.

It will not only know about your keywords, where you have been, what you do but it reads EVERY word you read and write.

Three sites:

Site1 is about dogs and hosts no ads
Site2 is about cats and hosts Adsense ads
Site3 is about fish and hosts Yahoo ads

Two visitors:

Non Phormed Visitor
Visits Site1. Does not need to worry about privacy at all. No other site knows about the visitor reading this sites pages.

Visits Site2. Google knows very basic info about the page and possibly that the visitor searched for cats. No other ad site knows this info.

Visits Site3. Yahoo knows very basic info about the page and possibly that the visitor searched for fish. No other ad site knows this info.

Phormed Visitor

Visits Site1. Phorm reads and copies every page which the user reads. Only phorm know what the person is interested in. Not URL's, not keywords, every word which the browser downloaded is copied and processed.

Visits Site2. Google knows very basic info about the page and possibly that the visitor searched for cats. No other ad site knows this info. But Phorm know all that and much more. As with Site1 phorm will copy and process everything the browser reads and in some cases what the user writes back to the server.

Visits Site3. Yahoo knows very basic info about the page and possibly that the visitor searched for fish. No other ad site knows this info. But Phorm know all that and much more. As with Site1 phorm will copy and process everything the browser reads and in some cases what the user writes back to the server.

Phorm uses Deep Packet Inspection (DPI) technology. It is not a lojack which records locations a driver visits. It is more like a spy-in-the-cab which records and copies not just locations but communications at those locations.

[edited by: Frank_Rizzo at 4:10 pm (utc) on April 20, 2009]

Lets face it, how many every day users actually know how to turn adsense off, how many gmail users know how to turn off personalised search? how many would even if they could. To try, as a website owner, to force your customers to switch off something they may find beneficial, is just as bad as the ISP's not giving them a choice over having it in the first place imo.

Being a webmaster, I simply want control over what my visitor sees. It is my domain, and it is my right to decide who gets to display his or her adverts on it. Whether this be google or some direct partner; my site is my property and I decide where it goes.

In addition, I want to be the one reaping off any potential benefits that may arise from visitor behavior. Having produced the content the visitor is using, that too is my hard-earned right. If some ISP decides to take that right away from me, then I refuse to cooperate and will be left with no other option than to block access. I'm sorry, but I'm not giving up my rights that easily; it's my effort, my time, my content and in the end, MY visitor. I refuse to let some third party run away with the benefits. I'd rather serve a 'your ISP is not suported'-page than help finance those who bring this blight upon us.

I know it's bad luck for the unknowing visitor who came for the content but got nothing instead. I'd be most delighted to help these innocent people opt out or switch ISPs. Then, and only then, will they be able to use my (and undoubtedly other people's) websites to their heart's content.

This 'Phorm' system is downright theft, and we should be fightng it tooth and nail. I for one, will.

I think your explanation needs sending to the EU etc since, for sure, the legislators won't understand it and will probably not have it so clearly explained by their "assistants"!

Only way to prevent this is to switch to a non phormed ISP

If Phrom and similar networks are in full swing, I will be making sure that any sites I own are only hosted at non phromed ISPs and will be displaying this fact proudly in my privacy statement and elsewhere on my site. The only way to kill this beast is to vote with your feet. if phrom is is hosted at ISP level, then lets hope that ISP's who participate will feel the repercussions.

[edited by: Scurramunga at 10:35 pm (utc) on April 20, 2009]

This 'Phorm' system is downright theft, and we should be fightng it tooth and nail. I for one, will.

I think that one way to fight this scourge is to educate our visitors, especially those who are least likely to know what to do. Use a non phromed ISP and let that visitor know that they have nothing to fear by visiting your site. It' would simple; No need for opt outs, disabling cookies, javascript etc (as the visitor would need to do with other forms of advertising. Lets make our attempts to stifle this piece of feces at the onset

El Reg has had several pieces in recent days with more news.

The EU is looking at taking action against the UK

Therefore do I assume, as a UK taxpayer, I am being sued by the EU because of "my government" not supervising what two UK publicly-traded companies are attempting to implement without an approved authorisation?

Doesn't anyone know the UK has been bankrupted by Brussels and our present incumbents in Downing Street?

Does anyone know the ISPs which use Phorm at the the moment?

Virgin Media did 'lab trials' and are taking a wait and see position (If BT go ahead, they go ahead, if BT don't they dont)

Carphonewarehouse (Talk Talk) also took an interest but seem to have backed off.

All other major UK ISPs have clearly distanced themselves with this hot potato and came out and said they will not use such technology.

Phorm do not seem to be welcome in the US so they have turned their attention to the far east with 'trials announced' on one of the largest South Korean ISPs.

---

The EU have already stated that any such system has to be opt in only. They are going to enforce that.

What they are taking the UK government to court for is the lack of any kind of criminal procedings against companies which trialled the system in the past.

Previously BT had trialled the app in 2006 and 2007 WITHOUT notifying customers. They did this in secret and when questioned about it they covered it up.

If you have time you can read their validation report on the 2006 trial via

wikileaks.org

/wiki/British_Telecom_Phorm_PageSense_External_Validation_report

(pdf on that page)

Various acts and laws were broken with that and the 2007 trials. Even the 2008 trial (where customers were this time given the option to opt in or out) are deemed to be illegal because none of the websites those customers visited were asked if they wanted their copyright material copied and processed.

The EU are taking action over the UK government's failure to uphold law and protect the rights of individuals who had their privacy invaded.

The UK government departments / agencies (Home Office, BERR, ICO) and the City of London Police did not perform the duties expected of them and all tried to pass the buck.

Once you delve deeper into the murky world of government ministers / lords / ex ofcom / ex BT personal you will see what a back covering bunch they are, and it is clear how the situation of how the illelgal trials took place and why no one was prosecuted.

Note too that there is a CPS investigation going on which may change the outcome of this.

Therefore do I assume, as a UK taxpayer, I am being sued by the EU because of "my government" not supervising what two UK publicly-traded companies are attempting to implement without an approved authorisation?

actually as a UK tax payer you are paying the EU to sue you because of "your government" not supervising what 2 UK publicly -traded companies are attempting to impliment

actually as a UK tax payer you are paying the EU to sue you

Absolutely correct, I'm paying taxes to sue myself!...Doh...now why didn't I think of some self-generating jobsworth trial?

I've been having an in-depth catch-up of all this stuff and technologically it's very interesting however all this cloak and dagger/smoke and mirrors stuff just makes me wonder if any of these so-called captains of industry have a clue what is really going on in their businesses?

Nah...of course they don't!

Oh, and I'll have a barrow-load of that cash when it's passed around soon:-( This afternoon will be the first phase of it I forecast!

that's the master plan

interesting choice of words to accompany mental images of barrow loads of cash :\