from the how-nice-of-them dept
And, now, it gets even worse. More information has been leaked out about that test. As for it being super duper secret without your IP address ever being compromised? Well, not so much. It turns out that an internal BT analysis found that IP addresses were likely used as the identifier, which is the exact opposite from what Phorm has insisted.
Update: A representative of Phorm has gotten in touch to note that there were some incorrect statements in the original report on this. Specifically, it appears that Phorm purchased the original charity ads that were replaced -- so it's not as though the charity lost anything here. It's easy to understand why the original interpretation of the BT report would make one think this was not the case, as it stated: "The advertisements were used to replaced [sic] a 'default' charity advertisement (one of Oxfam, Make Trade Fair or SOS Children's Villages) when a suitable contextual or behavioural match could be made by the PageSense system." It does not appear to say that the ads were purchased by Phorm -- at least not in that same section. At this time, there is still no indication whether or not the charities knew their ads were going to be "covered up" in this manner. None of this, of course, answers the questions about whether or not this test was legal.
Update 2: And now BT has also gotten in touch with us to complain -- though they falsely accuse us of making false statements, saying that the headline still says they "hijacked" charity ads. It does not and has not. It has always said "replaced" which, I'll remind BT, is the exact word used in their own report. Unless BT was falsifying its own report, the word "replace" is correct. The mistake was in suggesting that Phorm had not purchased that ad space -- and that has already been corrected quite clearly. BT also is upset that we accused them of "misleading ICO." The only problem: we made no such statement. Finally, BT complains that no personal information was used in the trials -- which is a point that is still disputed. The original researcher who researched the report claims that IP addresses were passed to Phorm's proxy server and that personal info was requested on a web form. BT notes that the IP addresses were not stored -- but that doesn't mean they weren't used, which was what was in question. Also, to both Phorm and BT, the comments on this post are open, and you are free to make your case here where anyone else can see it. Contacting me personally, with vague, slightly threatening and sometimes incorrect statements is certainly less effective that making your case to the public. Part of the reason you're in this PR situation is because of your secrecy. Being a bit more open might help.