Phorm Did Track IP Addresses, Replaced Charity Ads With Behavioral Ads

from the how-nice-of-them dept

Phorm, the extremely controversial former adware company that reinvented itself as a behavioral advertising firm that would work with ISPs to look at your clickstream data and serve you special ads instead of the ones you were supposed to see, has been working overtime to defend its program as being perfectly legitimate and no risk to anyone's privacy. Of course, that's not satisfying many, as it later came out that, despite claims of openness, BT and Phorm had secretly tested the service without letting anyone know their clickstream data was being used this way. Even worse, after this news came out, BT and Phorm downplayed the test, only to later have it come out that it was quite extensive.

And, now, it gets even worse. More information has been leaked out about that test. As for it being super duper secret without your IP address ever being compromised? Well, not so much. It turns out that an internal BT analysis found that IP addresses were likely used as the identifier, which is the exact opposite from what Phorm has insisted. And, as for how well the system works? Well, it was successful in covering up ads for various charities and replacing them with "targeted" behavioral ads instead. Wouldn't want those darn charities to have anyone see their ads.

Update: A representative of Phorm has gotten in touch to note that there were some incorrect statements in the original report on this. Specifically, it appears that Phorm purchased the original charity ads that were replaced -- so it's not as though the charity lost anything here. It's easy to understand why the original interpretation of the BT report would make one think this was not the case, as it stated: "The advertisements were used to replaced [sic] a 'default' charity advertisement (one of Oxfam, Make Trade Fair or SOS Children's Villages) when a suitable contextual or behavioural match could be made by the PageSense system." It does not appear to say that the ads were purchased by Phorm -- at least not in that same section. At this time, there is still no indication whether or not the charities knew their ads were going to be "covered up" in this manner. None of this, of course, answers the questions about whether or not this test was legal.

Update 2: And now BT has also gotten in touch with us to complain -- though they falsely accuse us of making false statements, saying that the headline still says they "hijacked" charity ads. It does not and has not. It has always said "replaced" which, I'll remind BT, is the exact word used in their own report. Unless BT was falsifying its own report, the word "replace" is correct. The mistake was in suggesting that Phorm had not purchased that ad space -- and that has already been corrected quite clearly. BT also is upset that we accused them of "misleading ICO." The only problem: we made no such statement. Finally, BT complains that no personal information was used in the trials -- which is a point that is still disputed. The original researcher who researched the report claims that IP addresses were passed to Phorm's proxy server and that personal info was requested on a web form. BT notes that the IP addresses were not stored -- but that doesn't mean they weren't used, which was what was in question. Also, to both Phorm and BT, the comments on this post are open, and you are free to make your case here where anyone else can see it. Contacting me personally, with vague, slightly threatening and sometimes incorrect statements is certainly less effective that making your case to the public. Part of the reason you're in this PR situation is because of your secrecy. Being a bit more open might help.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Chronno S. Trigger, Jun 6th, 2008 @ 7:08am

    How would this work?

    I don't know about Britain but over here in the US, companies like Verizon have been known to change the public IP of their clients every 30min. How would something like this work if they are using the IP as the identifier.

    The better question is why do I have to ask this. No one should ever have to ask that specific question because no one should ever have to deal with hidden behavioral advertising.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    ConceptJunkie (profile), Jun 6th, 2008 @ 7:41am

    Re: How would this work?

    No one should ever have to ask that specific question because no one should ever have to deal with hidden behavioral advertising.

    So who even sees advertising any more? Oh, I guess it's those 80% of people too powerless or ignorant to move away from Internet Explorer. Their loss.

    And before a bunch of you whine in shrill voices about how advertising is the backbone of the Internet, I will respond that it's not my responsibility to support someone else's flawed business model. If advertising eventually collapses (and I believe it will in the next decade), I will happily either pay for content or do without.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Big Mike, Jun 6th, 2008 @ 7:47am

    How can this be legal?

    Imagine if the cable companies somehow did this on TVs and did it during the Superbowl. Instead of seeing the million dollar ads all you seen was what some program thought you wanted to see based on the type of shows you watched. You think Budwiser and Coors would put up with that?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    mike allen, Jun 6th, 2008 @ 7:54am

    what

    what or which charities? NAME THEM SO THEY CAN SUE PHORM!
    some ISPs in the UK change IP address every 2 mins.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Saragon, Jun 6th, 2008 @ 8:28am

    Legality of replacing ads

    I hadn't thought about it before, but this post and Big Mike's comment got me wondering - if a webpage serves an ad and Phorm replaces it with another ad, the original advertiser is still losing out on the ad revenue they've paid for. If I pay for a hundred thousand views of that ad, and even 10% are covered up by Phorm, that's a significant loss. I have to think Phorm would be liable for fraud or theft.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    chad, Jun 6th, 2008 @ 8:30am

    Re: what

    How can you run any long-connected process, like instant messengers when your IP changes every 2 minutes?

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    MadJo (profile), Jun 6th, 2008 @ 8:32am

    ISPs have no business altering ads on sites

    It's a bit weird for an ISP to let some company change the ads on a certain site.
    Those original ads pay to be displayed on that site, so the ISP has NO business changing them, because that would bereave the website of their income.

    It'd be a bit weird for a magazine stand to replace the ads in a magazine for other ads from companies that pay the magazine stand.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Ron (profile), Jun 6th, 2008 @ 8:52am

    Re: How can this be legal?

    Right now, Comcast overlays transmitted advertising with its own content; not on superbowl, but on regular broadcast. I routinely see just the first couple of seconds of a Rosetta Stone ad, or similar, just before it's chopped off for an ad for a local auto body shop or health food store. It's part of Comcast's targeted advertising for the SF Bay Area Counties.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    SteveD, Jun 6th, 2008 @ 8:57am

    Re: ISPs have no business altering ads on sites

    Thats not how it works; Phorm buys the advertising and puts up a default add (in the test case for a charity), then subsitutes it for others depending on what data it has on you.

    The illegal part should surely be that you can't legally monitor channels of communication in a free society. Its an argument ISPs always fall back on whenever a copyright group wants them to check for infringement on their networks, and utter hypocrisy that its now being ignored when the circumstances switch to the ISPs favour (I suppose what’s right is only worth noting when its in line with your commercial interests).

    And I’d seriously question Phorms definition of ‘anonymous’. From my understanding it means “a person who can’t be identified”, but Phorm seem to think it means “a person who is identified by number rather then name”. For Phorms system to work clearly it needs to be able to connect an individual’s clickstream data back to them, so by what definition could it be considered anonymous?

    It doesn't matter what system you use. If it were letters rather then numbers would it be any different to me calling myself SteveD here rather then my full name? Its still a manner by which I may be identified.

    My bank knows me first through my account number, and the government knows me first through my national insurance number. Sure they know my names too, but even if they didn’t I’d hardly consider myself anonymous to either body.

    The only hope is that privacy groups (which gain a great deal of attention in the UK) can sink this before it gets too far.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Ron (profile), Jun 6th, 2008 @ 8:58am

    Further Disruptions

    There was also an online article last night (might have been Wired; can't find it right now) that stated the test also made it appear that the computers being tracked had acquired a virus. Apparently there were on screen oddities (a "flickering" address window) and excessive waits for content load. The article seemed to state that while people thought they had a virus, no one suspected that their communications were being intercepted or mucked about with. Not really sure if that was Phorm being proud or an implicaton that the operation was appreantly successfully covert.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    James, Jun 6th, 2008 @ 9:42am

    Spammers and a-holes...

    ..and mal-ware advertisting bs businesses should be have their employees stand in line for the firing squad.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    linlu, Jun 6th, 2008 @ 10:13am

    Re: Re: How can this be legal?

    Ad replacement also happens on Cox Cable. I believe all cable providers do this, it's not illegal. Only the broadcast is copyrighted. I don't believe commercials would stand up in court as part of the "broadcast".

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jun 6th, 2008 @ 12:09pm

    Re: Re: How would this work?

    For those who use IE you can remove the adds and add several features with www.ie7pro.com

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Mike (profile), Jun 6th, 2008 @ 4:04pm

    Re: How can this be legal?

    Imagine if the cable companies somehow did this on TVs and did it during the Superbowl. Instead of seeing the million dollar ads all you seen was what some program thought you wanted to see based on the type of shows you watched. You think Budwiser and Coors would put up with that?

    I just posted an update, based on a message sent from Phorm. It appears that the ads that were replaced were also purchased by Phorm -- so I would imagine the plan would be to simply buy ad space, and put in the "most relevant" ad. So rather than replace someone else's ad, you still buy the ad slot, but dynamically place the ad based on the user.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    David Conway, Jun 6th, 2008 @ 6:32pm

    In the UK you have a choice

    Since BT have been broken up, the general telephone network that enables broadband access is still controled by BT. The broadband section of BT is BT Retail which has been forced to become a seperate entity by regulators.

    Therefore there is a good selection of competing broadband suppliers you can change to. If Uk customers do not want to be profiled by Phorm, they can simply change. There are already some broadband suppliers advertising as Phorm free.

    Obviously there are those that are not tech savvy, these are the money machines BT/Phorm are hoping to cash in on.

    Hopefully with sites like http://www.DoNotTrustWebwise.org we can reach these people and stamp out this use of DPI early on.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jun 7th, 2008 @ 7:13am

    So, Phorm was not screwing over charities. Was this a PR stunt ?

    They still screwed some ISP customers and they want to expand their form of "business".

    It would be fun to pollute their database with bogus websearch and site browsing via software running while you are elsewhere.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Just another IP addr, Jun 7th, 2008 @ 1:37pm

    re: update 2

    Both BT and Phorm have lost all credibility at this point and it is apparent that they are not concerned about it. If given a choice, I would avoid them both like the plague.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Josh, Jun 9th, 2008 @ 8:47am

    Update, still screwing the charities

    Whether or not BT or Phorm paid to replace the charity ads with something else, they still potentially deprived those charities of money.

    Those charities paid for eyeballs to actually see their banners. Not someone at a telecom or adware firm to replace them. Genuine users who saw a charity banner may have actually clicked on it to donate money far in excess of what BT/Phorm paid to replace it.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Madmen, Sep 3rd, 2008 @ 4:22am

    Advertising funds the internet

    Isn't the reason the web is such a rich experience because of advertising?

    More effective advertising = better web

    Just my thought for all you luddites.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    scaffold, May 4th, 2009 @ 10:42pm

    Lava Bar at Hot Rocks

    During our nights at Lava Bar, we met an entire cast of characters, including two young American dentists—Dave and John—who not only bought us a round, but offered to provide free teeth-whitening procedure if we visited them in Portland and Seattle. We re-met a freaky Danish guy who’d already approached us in Auckland with an offer to snap our photo, and who did the same again in Rotarua. Somehow, over the course of the next month, this determined, bearded dude “re-met” us so many times and in so many plastic injection molding places, we were convinced that he was stalking us! As for me, I ended up chatting with a gorgeous English guy whom I was planning to make my next boyfriend—until I learned that he’d just graduated high school. I normally love younger men, but when I found out that Jack was a mere babe of 18 years, I had to politely dip out of our China printing flirtation. Oh my god, when did I become the dirty old woman at the bar?!!?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    China Tent, Oct 8th, 2010 @ 11:58pm

    I was actually looking for this resource a few weeks back. Thanks for sharing with us your wisdom.This will absolutely going to help me in my projects .

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This