UK ISPs To Start Tracking Your Surfing To Serve You Ads

from the pirvacy-please dept

For years now, ISPs have been searching for alternative revenue streams to avoid just being "dumb pipes." A few years ago, they picked up on the fact that they have a tremendous amount of data about what you (yes, you!) do online. A bunch of ISPs then started selling your clickstream data to companies that could do something useful with it (though, those ISPs probably neglected to tell you they were doing this). Late last year, we heard about a company that was trying to work with ISPs to make use of that data themselves to insert their own ads based on your surfing history -- and now we've got the first report of some big ISPs moving into this realm. Over in the UK three big ISPs, BT, Carphone Warehouse and Virgin Media have announced plans to use your clickstream data to insert relevant ads as you surf through a new startup called Phorm.

While Phorm claims that it keeps your data private "by tracking individual users with an assigned number only," that's hardly assuring. After all, remember that both AOL and Netflix have released similar anonymized data where identifying info was replaced with an assigned number... and it didn't take long for both sets of data to be de-anonymized. While it's no surprise that ISPs would want to get into the advertising business, and to think that they could better target ads thanks to their knowledge of your entire surfing history, it's going to freak some people out (and potentially cause some serious privacy problems). All the more reason to figure out how encrypt your traffic and hide your activities from your ISP.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Panaqqa, Feb 18th, 2008 @ 10:31am

    Hmmm... copyright violation anyone?

    After all, if I operate a website and British ISPs are inserting ads into content I serve up, then aren't the ISPs creating unauthorized derivative works?

    On a different note, I guess "https://" as the default for web surfing is just around the corner.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Satiricohen, Feb 18th, 2008 @ 10:32am

    If the government is your

    Big Brother, what does that make your ISP - your "Big Cousin"?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Peet McKimmie (profile), Feb 18th, 2008 @ 10:38am

    More worryingly...

    ...since your ISP has full control over the data reaching you, they could replace any image on an html page with an ad without changing the apparent source, thus getting round pretty much all ad-blocking software.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Bill W, Feb 18th, 2008 @ 10:41am

    Hmmm, what about multiple users?

    What, as is the case, my wife and I are behind a router. How does it separate our clickstreams? What if she got an ad that was based on MY surfing? Eee gads! ;-)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    hater, Feb 18th, 2008 @ 10:45am

    phorm

    mike,

    you'll love the story behind phorm. they are actually an old spyware outfit that's changed their name a few times to hide their past.

    phorm is the new name of 121media which made the contextplus rootkit infector. just google it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Matt Bennett, Feb 18th, 2008 @ 10:52am

    I actually have way less problem with their knowledge of my surfing history than I do the idea of their inflicting ads upon me.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Feb 18th, 2008 @ 11:23am

    so...

    how long until the ISPs over here in the U.S. start trying to play this game?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Dementter, Feb 18th, 2008 @ 12:02pm

    Seems to me that this has been going on awhile now

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    claire rand, Feb 18th, 2008 @ 1:16pm

    offended...

    wait until something 'adult' or otherwise offensive comes through, photograph it and sue them.

    of course peoples definitions of offensive vary, make yours wide in this case.

    and in this country the #1 crime is to cause offence, e.g. a advert for pork products being seen by a muslim rules out pork product advertising, films? well anything other than a 'U' is out.

    I dare say it will all be financial type ads.

    I can't think of a better reason to start using encrypted traffic. https:// indeed

    no one seems to have twigged, makes ads relevent and target correctly, you know make it stuff I may actually be interested in, not stuff you've shown me god alone knows how many times before, or i already have, or plain don't care about.

    also you wanna play hardball? hope your tracking how many images i download or block, cus i'll turn all media 'off' and load images one by one if need be.

    oh and change the images on *my* website without me knowing and a court case will be headed your way very soon for copyright infringement.


    ISPs.. put down the can of worms and walk away slowly.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Brian Fearns, Feb 18th, 2008 @ 2:00pm

    ADVERT TARGETING

    THERE MAYBE SOME GOOD POINTS TO BEING TRACKED ON THE
    INTERNET, FOR FILTH DOWN LOADERS BEWARE. I HAVE SPENT MUCH TIME ON MY COMPUTER LOOKING AT SPYWARE AND FACINATED JUST
    HOW THE PROTECTION INDUSTRY WORKS WHILE MY WIFE IS ACTUALLY ENJOYING HER PC. I CAN'T STAND CREDIT CARD
    ADVERTS."WHAT'S IN YOUR POCKET?" WILL BE "WHAT'S IN YOUR PC?" I FEEL AT ALL TIMES I AM BEING WATCHED, BUT I HAVE SO MANY INTERESTS IN ALMOST EVERYTHING IT COULD BE VERY CONFUSING AS TO WHO AND WHAT I AM. IT IS SO GOOD TO READ A BOOK IN PRIVICY WHO'S GOING TO TARGET ME THEN! WHILE I'M HERE I HAVE TRIED TO UNDERSTAND WHY THE LIKES OF THE SOME WANT TO DESTROY THE INTERNET. OUR BELOVED PET COULD BECOME A MUCH FEARED MONSTER. MUST SAY I HATE ADVERTS ON TV AND PC. SO UNLESS THEY WANT TO PAY ME DON'T BOTHER.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Feb 18th, 2008 @ 3:48pm

    Assigned Numbers

    While Phorm claims that it keeps your data private "by tracking individual users with an assigned number only," that's hardly assuring.

    Isn't a social security number or other national ID an example of "an assigned number"? Yeah, that sounds real private.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Feb 18th, 2008 @ 3:51pm

    Time to start running a TOR exit node on my surfing hosts, just too totally fuck up their stats

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Feb 18th, 2008 @ 5:29pm

      Re:

      Time to start running a TOR exit node on my surfing hosts, just too totally fuck up their stats

      How about a little vacation in Gitmo?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Punter, Feb 18th, 2008 @ 11:28pm

    Advert targeting

    Surely this model will enable the ISP's to offer quality broadband for free, totaly susidised by these targeted ad's. And after all, if the end user doesn't want that, or is worried about be "de-anonymised" then opt out. it aint rocket science. Pay over the odds for your broadband, and dont take the system.
    ( And the anonymity of the system has been tested by Ernst & young, and some other privacy group)

    To Claire Rand- the obvious adult sectors are ignore ( Gmabling, Viagra, Porn, etc etc)

    ( I own shares in 1 or more of the companies listed in this article)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    KD, Feb 19th, 2008 @ 1:14am

    Another example of why more competition is needed

    This is just another example of why more competition in broadband internet service is needed.

    When there are only the phone company and the cable company to choose from, or in many place, only one or the other of them, they can get away with all sorts of diddling with your service. We need to find a way to establish true competition in internet service.

    If everyone had a choice of ten or so service providers, it is unlikely that all of them would show their customers such lack of respect, and the ones that do would suffer from customers fleeing to more respectful providers.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Flipside, Feb 19th, 2008 @ 5:31am

    I like pirvacy and indulge frequently ;)

    Seriously though, I agree that these companies will simply lose their more intelligent customers wholesale, which is good, because it means more responsible ISP will have the brighter browsers and Virgin and BT can deal with situations like 'I unplugged the modem lead and now my Internet doesn't work!'

    If it had been smaller companies, I'd be more inclined to understand their reasons but for large ISP's such as this, it is purely greed.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      brianlj, Feb 25th, 2008 @ 8:41am

      Re:

      "I unplugged my modem and..."

      VirginMedia would *love* to get thousands of people like that! They charge the caller 25 p / minute for support calls.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    mike allen, Feb 19th, 2008 @ 6:29am

    all

    Images on our site are there to inform the visitor of who we are what we offer services and products. any thing added by someone else is an infringment of our rights an ad could be for a rival company. Watch out ISPs you want to do this then you need MY PERMISSION AND APPROVAL OF ALL ADS. OTHERWISE LAWYERS WILL BE CALLING.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Rupskin, Feb 20th, 2008 @ 5:57am

    hmmm

    interesting, i know of these companies and im pretty sure that they dont just hijack pages and insert ads where there were non previously. All advertising is done in conjunction with the publisher who will obviously benefit from the increased prices that advertisers are willing to pay for a more qualified audience.

    Techdirt could even benefit from the increased advertising revenues..

    Will be interesting to see how this plays out...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Techteam at Phorm, Feb 22nd, 2008 @ 3:01am

    Relevance and Privacy protection

    Hello Mike, I’m a member of the Tech team at Phorm. You know - there’s no way the AOL situation would happen with our technology. The OIX throws away raw data instantaneously so there’s no click stream history to be inadvertently released. I know what we're doing seems out of the ordinary from what’s been seen previously in the online Ad space - so I just wanted to make a couple of points to clarify how the technology works. After all it is counterintuitive to claim that you can present consumers with more relevant ads without collecting and storing personal information - but that is exactly what our system does. If a subscriber agrees to participate – maybe because they are tired of receiving ads that have no relevance to the products and services they want to buy – they get a random number. So they are anonymous to the OIX. As they browse anonymously they match advertising channels that have been defined by patterns of URLs, keywords and search terms. But what’s so neat, is that even before each page loads the information observed from that page is deleted. The only data left in the system is just a random number and the channel it matched. In addition the OIX only looks at information relevant to the ad channels - so it doesn’t scan names, numbers, emails, secure pages and form. Nor does it allow ad Channels to be constructed for a range of sensitive areas like adult content, alcohol, medical - so again browsing behaviour in these areas simply isn’t observed. Since there’s no personal data stored – nothing can be traced to an individual and there’s no information to reverse engineer. There’s no interface or database in the system where a UID can be entered to retrieve profile information. We understand that even with all these safeguards - users may not want to participate, and that's alright. There's a simple option for users to opt out on webwise.com. We even tell them to how to block the domain for a more permanent option. The team here has really worked hard over many years to build the system from the ground up with privacy at its core. We’ve also worked closely with user privacy groups in the UK to make sure that we did this right, and that user's privacy is protected. I'd be happy to discuss any further questions you may have. Pop over a note and I'll send over my contact information. Cheers, Tech team

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Bob W, Feb 22nd, 2008 @ 5:25pm

      Re: Relevance and Privacy protection

      As a customer of one of the three ISP's mentioned, I'd be very interested to know how your system can ignore data without first scanning that data to establish it's relevance. Your employers website contradicts your statement that the system does not scan names, numbers etc.

      "Phorm technology does not view any information on secure (HTTPS) pages, and ignores strings of numbers longer than three digits to ensure that we do not collect credit card numbers, phone numbers, National Insurance or other potentially private information."

      It's a neat trick if your system doesn't scan the data before ignoring it, enlighten me please.

      "If a subscriber agrees to participate" - that would seem to indicate an opt-in system, but what is described on your employers website is an opt-out system, which as I understand it would breach the Data Protection Act in the UK.

      IANAL
      Bob W

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        tobyjugg2, Feb 27th, 2008 @ 4:16pm

        Re: Re: Relevance and Privacy protection

        The opt out appears to be to allow them to place a cooky on your system which tells them to ignore you

        The mind boggles that you have to opt in to their cookies to opt out

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    WTF, Mar 3rd, 2008 @ 2:17pm

    Can't Understand New Technology

    Could people please read how the system operates before engaging mouth and spewing rubbish.

    The system does not place ads willy nilly, so ISP will not not be placing ads willy nilly.

    The system works when you visit a website that serves ads from a Phorm server, and these ads will be the targeted ones instead of untargeted ads.

    Now, what really should happen is that there should be an opt-in system, as automatically opting people in is wrong as 99% of those who are automatically opted in will not kbow they have been opted in in the first place.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Pete, Mar 5th, 2008 @ 3:05pm

    Dephormation

    See link below for 'add on' for FF2 that sets the Webwise 'opt out' cookie, overwrites the Webwise UID with a randomised string, and does so after each and every page load.

    Download it here
    http://www.planetsaturn.pwp.blueyonder.co.uk/dephormation.xpi

    Works with FF2, pure Javascript so should work on all FF2 operating systems. Unzip the XPI for code details.

    That's not to say this makes Phorm acceptable. Its not. And to make it opt out using cookies is simply taking the 'peas'.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Toby Jugg, Mar 9th, 2008 @ 6:41am

    Regarding the E&Y report on phorm ROFL

    excerpt :

    quote:

    Because of inherent limitations in controls, error or fraud may occur and not be detected.
    Furthermore, the projection of any conclusions, based on our findings, to future periods is subject to the risk that the validity of such conclusions may be altered because of changes made to the Service or controls, the failure to make needed changes to the Service or controls, or a deterioration in the degree of effectiveness of the controls.

    end quote

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    phormwatch, Mar 12th, 2008 @ 5:12pm

    Keeping track of Phorm-participants

    Hello all, I've started a blog to keep track of those ISPs, websites, ad-agencies, and companies which make use of this invasive Phorm technology.

    You can visit the website here:

    http://phormwatch.blogspot.com/

    Please send information about participants to this address.

    phormwatch at fastmail.net

    Thank you!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    RM, Feb 25th, 2009 @ 5:27pm

    Phorm

    I think you're all off base. Privacy is dead. At least Phorm is trying.

    Bob, they can simply scan the data without observing the ID that's attached to it. If the data is sensitive then they never observe the ID.

    Not exactly a neat trick.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Bob W, Oct 10th, 2009 @ 5:12pm

      Re: Phorm

      "Bob, they can simply scan the data without observing the ID that's attached to it. If the data is sensitive then they never observe the ID.

      They still scan the data, which is the question I posed, trusting them to ignore/ not match to the ID is another matter..

      Not exactly a neat trick."

      As I said, it would be if Phorm ignored sensitive data without first scanning.

       

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This