Phorm Did Track IP Addresses, Replaced Charity Ads With Behavioral Ads

from the how-nice-of-them dept

Phorm, the extremely controversial former adware company that reinvented itself as a behavioral advertising firm that would work with ISPs to look at your clickstream data and serve you special ads instead of the ones you were supposed to see, has been working overtime to defend its program as being perfectly legitimate and no risk to anyone’s privacy. Of course, that’s not satisfying many, as it later came out that, despite claims of openness, BT and Phorm had secretly tested the service without letting anyone know their clickstream data was being used this way. Even worse, after this news came out, BT and Phorm downplayed the test, only to later have it come out that it was quite extensive.

And, now, it gets even worse. More information has been leaked out about that test. As for it being super duper secret without your IP address ever being compromised? Well, not so much. It turns out that an internal BT analysis found that IP addresses were likely used as the identifier, which is the exact opposite from what Phorm has insisted. And, as for how well the system works? Well, it was successful in covering up ads for various charities and replacing them with “targeted” behavioral ads instead. Wouldn’t want those darn charities to have anyone see their ads.

Update: A representative of Phorm has gotten in touch to note that there were some incorrect statements in the original report on this. Specifically, it appears that Phorm purchased the original charity ads that were replaced — so it’s not as though the charity lost anything here. It’s easy to understand why the original interpretation of the BT report would make one think this was not the case, as it stated: “The advertisements were used to replaced [sic] a ‘default’ charity advertisement (one of Oxfam, Make Trade Fair or SOS Children’s Villages) when a suitable contextual or behavioural match could be made by the PageSense system.” It does not appear to say that the ads were purchased by Phorm — at least not in that same section. At this time, there is still no indication whether or not the charities knew their ads were going to be “covered up” in this manner. None of this, of course, answers the questions about whether or not this test was legal.

Update 2: And now BT has also gotten in touch with us to complain — though they falsely accuse us of making false statements, saying that the headline still says they “hijacked” charity ads. It does not and has not. It has always said “replaced” which, I’ll remind BT, is the exact word used in their own report. Unless BT was falsifying its own report, the word “replace” is correct. The mistake was in suggesting that Phorm had not purchased that ad space — and that has already been corrected quite clearly. BT also is upset that we accused them of “misleading ICO.” The only problem: we made no such statement. Finally, BT complains that no personal information was used in the trials — which is a point that is still disputed. The original researcher who researched the report claims that IP addresses were passed to Phorm’s proxy server and that personal info was requested on a web form. BT notes that the IP addresses were not stored — but that doesn’t mean they weren’t used, which was what was in question. Also, to both Phorm and BT, the comments on this post are open, and you are free to make your case here where anyone else can see it. Contacting me personally, with vague, slightly threatening and sometimes incorrect statements is certainly less effective that making your case to the public. Part of the reason you’re in this PR situation is because of your secrecy. Being a bit more open might help.

Filed Under: , , , , ,
Companies: bt, phorm

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Phorm Did Track IP Addresses, Replaced Charity Ads With Behavioral Ads”

Subscribe: RSS Leave a comment
Chronno S. Trigger says:

How would this work?

I don’t know about Britain but over here in the US, companies like Verizon have been known to change the public IP of their clients every 30min. How would something like this work if they are using the IP as the identifier.

The better question is why do I have to ask this. No one should ever have to ask that specific question because no one should ever have to deal with hidden behavioral advertising.

ConceptJunkie (profile) says:

Re: How would this work?

No one should ever have to ask that specific question because no one should ever have to deal with hidden behavioral advertising.

So who even sees advertising any more? Oh, I guess it’s those 80% of people too powerless or ignorant to move away from Internet Explorer. Their loss.

And before a bunch of you whine in shrill voices about how advertising is the backbone of the Internet, I will respond that it’s not my responsibility to support someone else’s flawed business model. If advertising eventually collapses (and I believe it will in the next decade), I will happily either pay for content or do without.

Big Mike says:

How can this be legal?

Imagine if the cable companies somehow did this on TVs and did it during the Superbowl. Instead of seeing the million dollar ads all you seen was what some program thought you wanted to see based on the type of shows you watched. You think Budwiser and Coors would put up with that?

Ron (profile) says:

Re: How can this be legal?

Right now, Comcast overlays transmitted advertising with its own content; not on superbowl, but on regular broadcast. I routinely see just the first couple of seconds of a Rosetta Stone ad, or similar, just before it’s chopped off for an ad for a local auto body shop or health food store. It’s part of Comcast’s targeted advertising for the SF Bay Area Counties.

Mike (profile) says:

Re: How can this be legal?

Imagine if the cable companies somehow did this on TVs and did it during the Superbowl. Instead of seeing the million dollar ads all you seen was what some program thought you wanted to see based on the type of shows you watched. You think Budwiser and Coors would put up with that?

I just posted an update, based on a message sent from Phorm. It appears that the ads that were replaced were also purchased by Phorm — so I would imagine the plan would be to simply buy ad space, and put in the “most relevant” ad. So rather than replace someone else’s ad, you still buy the ad slot, but dynamically place the ad based on the user.

Saragon says:

Legality of replacing ads

I hadn’t thought about it before, but this post and Big Mike’s comment got me wondering – if a webpage serves an ad and Phorm replaces it with another ad, the original advertiser is still losing out on the ad revenue they’ve paid for. If I pay for a hundred thousand views of that ad, and even 10% are covered up by Phorm, that’s a significant loss. I have to think Phorm would be liable for fraud or theft.

MadJo (profile) says:

ISPs have no business altering ads on sites

It’s a bit weird for an ISP to let some company change the ads on a certain site.
Those original ads pay to be displayed on that site, so the ISP has NO business changing them, because that would bereave the website of their income.

It’d be a bit weird for a magazine stand to replace the ads in a magazine for other ads from companies that pay the magazine stand.

SteveD says:

Re: ISPs have no business altering ads on sites

Thats not how it works; Phorm buys the advertising and puts up a default add (in the test case for a charity), then subsitutes it for others depending on what data it has on you.

The illegal part should surely be that you can’t legally monitor channels of communication in a free society. Its an argument ISPs always fall back on whenever a copyright group wants them to check for infringement on their networks, and utter hypocrisy that its now being ignored when the circumstances switch to the ISPs favour (I suppose what’s right is only worth noting when its in line with your commercial interests).

And I’d seriously question Phorms definition of ‘anonymous’. From my understanding it means “a person who can’t be identified”, but Phorm seem to think it means “a person who is identified by number rather then name”. For Phorms system to work clearly it needs to be able to connect an individual’s clickstream data back to them, so by what definition could it be considered anonymous?

It doesn’t matter what system you use. If it were letters rather then numbers would it be any different to me calling myself SteveD here rather then my full name? Its still a manner by which I may be identified.

My bank knows me first through my account number, and the government knows me first through my national insurance number. Sure they know my names too, but even if they didn’t I’d hardly consider myself anonymous to either body.

The only hope is that privacy groups (which gain a great deal of attention in the UK) can sink this before it gets too far.

Ron (profile) says:

Further Disruptions

There was also an online article last night (might have been Wired; can’t find it right now) that stated the test also made it appear that the computers being tracked had acquired a virus. Apparently there were on screen oddities (a “flickering” address window) and excessive waits for content load. The article seemed to state that while people thought they had a virus, no one suspected that their communications were being intercepted or mucked about with. Not really sure if that was Phorm being proud or an implicaton that the operation was appreantly successfully covert.

David Conway (user link) says:

In the UK you have a choice

Since BT have been broken up, the general telephone network that enables broadband access is still controled by BT. The broadband section of BT is BT Retail which has been forced to become a seperate entity by regulators.

Therefore there is a good selection of competing broadband suppliers you can change to. If Uk customers do not want to be profiled by Phorm, they can simply change. There are already some broadband suppliers advertising as Phorm free.

Obviously there are those that are not tech savvy, these are the money machines BT/Phorm are hoping to cash in on.

Hopefully with sites like we can reach these people and stamp out this use of DPI early on.

Josh says:

Update, still screwing the charities

Whether or not BT or Phorm paid to replace the charity ads with something else, they still potentially deprived those charities of money.

Those charities paid for eyeballs to actually see their banners. Not someone at a telecom or adware firm to replace them. Genuine users who saw a charity banner may have actually clicked on it to donate money far in excess of what BT/Phorm paid to replace it.

scaffold (user link) says:

Lava Bar at Hot Rocks

During our nights at Lava Bar, we met an entire cast of characters, including two young American dentists—Dave and John—who not only bought us a round, but offered to provide free teeth-whitening procedure if we visited them in Portland and Seattle. We re-met a freaky Danish guy who’d already approached us in Auckland with an offer to snap our photo, and who did the same again in Rotarua. Somehow, over the course of the next month, this determined, bearded dude “re-met” us so many times and in so many plastic injection molding places, we were convinced that he was stalking us! As for me, I ended up chatting with a gorgeous English guy whom I was planning to make my next boyfriend—until I learned that he’d just graduated high school. I normally love younger men, but when I found out that Jack was a mere babe of 18 years, I had to politely dip out of our China printing flirtation. Oh my god, when did I become the dirty old woman at the bar?!!?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...