This article posted on The Register is quite alarming – apparently BT secretly trailed the Phorm tracking system in 2006 with 18,000 of it’s customers. Apart from the fact that the trial was probably illegal, it shows just how little BT care about their customers privacy.
The second page of the article has an amazing quote from Phorm claiming that their service “enhances privacy” by not storing any data. Well, Google don’t store data about me either, because I delete their cookies every time I close my browser and my IP is both dynamic and shared. Unlike Google, I can’t simply opt out of Phorm by blocking their cookies or just not using their service.
2 Comments
Hi there
I work on behalf of Phorm here in the UK. While we welcome the healthy debate around online privacy, there are one or two elements in your post that need clarification. Search engines keep your data for 13+ months before it is anonymised. Just because you delete the cookies doesn’t mean that you cannot be identified at a later date, which is what AOL unfortunately found. By comparison, Webwise saves no data so that cannot happen with the Phorm system, even if you do or don’t delete the cookie.
You make a great point about the trade off people often feel they have to make between getting a personalised service on the one hand and giving up personal data on the other. But with innovation and technology we’ve created something that resolves that tension. Our system gives you advertising that’s relevant to your interests without storing details on your browsing behaviour.
No URLs, browsing histories or IP addresses are retained and the raw data used to make the match is deleted in real time — by the time the page loads. There is, in essence, no data other than the categories and the random number stored in the system and so it’s impossible to know (or indeed reverse engineer from that) who you are or where you’ve been.
With Webwise participation is always a choice. The very first thing you will see when you go online after the technology has been deployed is a full-page notice and at that point you can decide to opt out. In line with our commitment to transparency, you will see banner ads saying that Webwise is on. So if you don’t want it, you will be able to click on these ads and switch them off.
You can ask questions about the system and get loads more information by visiting http://blog.webwise.com or http://www.webwise.com or http://www.phorm.com
“Search engines keep your data for 13+ months before it is anonymised. Just because you delete the cookies doesn’t mean that you cannot be identified at a later date, which is what AOL unfortunately found.”
This is unfortunately somewhat true. However, it would be extremely difficult to do to someone who has a shared, dynamic IP address. Also, Google has much better privacy policies than you do, and are far more open rather than just trying to spin they way out of the situation.
At least Google is entirely opt-in.
“Our system gives you advertising that’s relevant to your interests without storing details on your browsing behaviour.”
So when some poor guy’s mum gets ads for but plugs and gay chatlines because her in-the-closet son has been doing some private surfing, that’s relevant to his interests?
Seriously, how can your results be relevant to my interests if I don’t store your cookies, my IP address is dynamic and I’m on a shared connection?
Also, my interests include not seeing ads, which is why I use Adblock+.
How will you be sure to not scan private emails read by webmail, or online shopping carts etc? How do you know what I think is private? Can I send you a list of all the web site I need you to block so they are never ever scanned at all?
“it’s impossible to know (or indeed reverse engineer from that) who you are or where you’ve been”
Well, say there are two people in a household and one look at sites about cars and visits the Nuts magazine site a lot. The other is a woman. I think I could probably identify which one a set of data belongs to.
“With Webwise participation is always a choice.”
Make it opt-in then. Opt-out is not really a choice, especially when the opt-out is a cookie which doesn’t stop your data passing through your servers.
Opt-in is you making the choice for people, and them having to reverse it.
Also, if you are collecting this information, don’t you have some responsibility to monitor it? I mean, if someone visits a page that your sever sees the words “child porn” on, shouldn’t that be reported to the police? If you don’t think so, I expect that the police and MI5 will soon demand access.
I just hope no-one creates a “joke” page with those words on them, and then tricks people into going there. Or sends them an email with those words.
If VM adopt your technology, I will be reducing my bill by 5 euros a month to cover the cost of a VPN service.