UK ISPs To Start Tracking Your Surfing To Serve You Ads
from the pirvacy-please dept
For years now, ISPs have been searching for alternative revenue streams to avoid just being “dumb pipes.” A few years ago, they picked up on the fact that they have a tremendous amount of data about what you (yes, you!) do online. A bunch of ISPs then started selling your clickstream data to companies that could do something useful with it (though, those ISPs probably neglected to tell you they were doing this). Late last year, we heard about a company that was trying to work with ISPs to make use of that data themselves to insert their own ads based on your surfing history — and now we’ve got the first report of some big ISPs moving into this realm. Over in the UK three big ISPs, BT, Carphone Warehouse and Virgin Media have announced plans to use your clickstream data to insert relevant ads as you surf through a new startup called Phorm.
While Phorm claims that it keeps your data private “by tracking individual users with an assigned number only,” that’s hardly assuring. After all, remember that both AOL and Netflix have released similar anonymized data where identifying info was replaced with an assigned number… and it didn’t take long for both sets of data to be de-anonymized. While it’s no surprise that ISPs would want to get into the advertising business, and to think that they could better target ads thanks to their knowledge of your entire surfing history, it’s going to freak some people out (and potentially cause some serious privacy problems). All the more reason to figure out how encrypt your traffic and hide your activities from your ISP.
Filed Under: advertising, clickstream data, isps
Companies: bt, carphone warehouse, virgin media
Comments on “UK ISPs To Start Tracking Your Surfing To Serve You Ads”
Hmmm... copyright violation anyone?
After all, if I operate a website and British ISPs are inserting ads into content I serve up, then aren’t the ISPs creating unauthorized derivative works?
On a different note, I guess “https://” as the default for web surfing is just around the corner.
If the government is your
Big Brother, what does that make your ISP – your “Big Cousin”?
More worryingly...
…since your ISP has full control over the data reaching you, they could replace any image on an html page with an ad without changing the apparent source, thus getting round pretty much all ad-blocking software.
Hmmm, what about multiple users?
What, as is the case, my wife and I are behind a router. How does it separate our clickstreams? What if she got an ad that was based on MY surfing? Eee gads! 😉
phorm
mike,
you’ll love the story behind phorm. they are actually an old spyware outfit that’s changed their name a few times to hide their past.
phorm is the new name of 121media which made the contextplus rootkit infector. just google it.
I actually have way less problem with their knowledge of my surfing history than I do the idea of their inflicting ads upon me.
so...
how long until the ISPs over here in the U.S. start trying to play this game?
Seems to me that this has been going on awhile now
offended...
wait until something ‘adult’ or otherwise offensive comes through, photograph it and sue them.
of course peoples definitions of offensive vary, make yours wide in this case.
and in this country the #1 crime is to cause offence, e.g. a advert for pork products being seen by a muslim rules out pork product advertising, films? well anything other than a ‘U’ is out.
I dare say it will all be financial type ads.
I can’t think of a better reason to start using encrypted traffic. https:// indeed
no one seems to have twigged, makes ads relevent and target correctly, you know make it stuff I may actually be interested in, not stuff you’ve shown me god alone knows how many times before, or i already have, or plain don’t care about.
also you wanna play hardball? hope your tracking how many images i download or block, cus i’ll turn all media ‘off’ and load images one by one if need be.
oh and change the images on *my* website without me knowing and a court case will be headed your way very soon for copyright infringement.
ISPs.. put down the can of worms and walk away slowly.
ADVERT TARGETING
THERE MAYBE SOME GOOD POINTS TO BEING TRACKED ON THE
INTERNET, FOR FILTH DOWN LOADERS BEWARE. I HAVE SPENT MUCH TIME ON MY COMPUTER LOOKING AT SPYWARE AND FACINATED JUST
HOW THE PROTECTION INDUSTRY WORKS WHILE MY WIFE IS ACTUALLY ENJOYING HER PC. I CAN’T STAND CREDIT CARD
ADVERTS.”WHAT’S IN YOUR POCKET?” WILL BE “WHAT’S IN YOUR PC?” I FEEL AT ALL TIMES I AM BEING WATCHED, BUT I HAVE SO MANY INTERESTS IN ALMOST EVERYTHING IT COULD BE VERY CONFUSING AS TO WHO AND WHAT I AM. IT IS SO GOOD TO READ A BOOK IN PRIVICY WHO’S GOING TO TARGET ME THEN! WHILE I’M HERE I HAVE TRIED TO UNDERSTAND WHY THE LIKES OF THE SOME WANT TO DESTROY THE INTERNET. OUR BELOVED PET COULD BECOME A MUCH FEARED MONSTER. MUST SAY I HATE ADVERTS ON TV AND PC. SO UNLESS THEY WANT TO PAY ME DON’T BOTHER.
Re: ADVERT TARGETING
Ooooh, I didn’t know there were still any Apple ][s on the internet! Respect, Brian!
Re: ADVERT TARGETING
Ooooh, I didn’t know there were still any Apple ][s on the internet! Respect, Brian!
Re: ADVERT TARGETING
4mm. You have to move your pinky finger 4mm and press the Caps Lock button for people to actually care what you’re saying.
Assigned Numbers
While Phorm claims that it keeps your data private “by tracking individual users with an assigned number only,” that’s hardly assuring.
Isn’t a social security number or other national ID an example of “an assigned number”? Yeah, that sounds real private.
Time to start running a TOR exit node on my surfing hosts, just too totally fuck up their stats
Re: Re:
Time to start running a TOR exit node on my surfing hosts, just too totally fuck up their stats
How about a little vacation in Gitmo?
Advert targeting
Surely this model will enable the ISP’s to offer quality broadband for free, totaly susidised by these targeted ad’s. And after all, if the end user doesn’t want that, or is worried about be “de-anonymised” then opt out. it aint rocket science. Pay over the odds for your broadband, and dont take the system.
( And the anonymity of the system has been tested by Ernst & young, and some other privacy group)
To Claire Rand- the obvious adult sectors are ignore ( Gmabling, Viagra, Porn, etc etc)
( I own shares in 1 or more of the companies listed in this article)
Re: Advert targeting
E&Y’s report on Phorm’s system – Page 5, second last paragraph, first sentence –
“Because of inherent limitations in controls, error or fraud may occur and not be detected.”
http://www.phorm.com/user_privacy/EY_Phorm_Exam.pdf
Bob W
Another example of why more competition is needed
This is just another example of why more competition in broadband internet service is needed.
When there are only the phone company and the cable company to choose from, or in many place, only one or the other of them, they can get away with all sorts of diddling with your service. We need to find a way to establish true competition in internet service.
If everyone had a choice of ten or so service providers, it is unlikely that all of them would show their customers such lack of respect, and the ones that do would suffer from customers fleeing to more respectful providers.
I like pirvacy and indulge frequently 😉
Seriously though, I agree that these companies will simply lose their more intelligent customers wholesale, which is good, because it means more responsible ISP will have the brighter browsers and Virgin and BT can deal with situations like ‘I unplugged the modem lead and now my Internet doesn’t work!’
If it had been smaller companies, I’d be more inclined to understand their reasons but for large ISP’s such as this, it is purely greed.
Re: Re:
“I unplugged my modem and…”
VirginMedia would *love* to get thousands of people like that! They charge the caller 25 p / minute for support calls.
all
Images on our site are there to inform the visitor of who we are what we offer services and products. any thing added by someone else is an infringment of our rights an ad could be for a rival company. Watch out ISPs you want to do this then you need MY PERMISSION AND APPROVAL OF ALL ADS. OTHERWISE LAWYERS WILL BE CALLING.
hmmm
interesting, i know of these companies and im pretty sure that they dont just hijack pages and insert ads where there were non previously. All advertising is done in conjunction with the publisher who will obviously benefit from the increased prices that advertisers are willing to pay for a more qualified audience.
Techdirt could even benefit from the increased advertising revenues..
Will be interesting to see how this plays out…
Relevance and Privacy protection
Hello Mike,
I’m a member of the Tech team at Phorm. You know – there’s no way the AOL situation would happen with our technology. The OIX throws away raw data instantaneously so there’s no click stream history to be inadvertently released.
I know what we’re doing seems out of the ordinary from what’s been seen previously in the online Ad space – so I just wanted to make a couple of points to clarify how the technology works. After all it is counterintuitive to claim that you can present consumers with more relevant ads without collecting and storing personal information – but that is exactly what our system does.
If a subscriber agrees to participate – maybe because they are tired of receiving ads that have no relevance to the products and services they want to buy – they get a random number. So they are anonymous to the OIX. As they browse anonymously they match advertising channels that have been defined by patterns of URLs, keywords and search terms. But what’s so neat, is that even before each page loads the information observed from that page is deleted. The only data left in the system is just a random number and the channel it matched.
In addition the OIX only looks at information relevant to the ad channels – so it doesn’t scan names, numbers, emails, secure pages and form. Nor does it allow ad Channels to be constructed for a range of sensitive areas like adult content, alcohol, medical – so again browsing behaviour in these areas simply isn’t observed. Since there’s no personal data stored – nothing can be traced to an individual and there’s no information to reverse engineer. There’s no interface or database in the system where a UID can be entered to retrieve profile information.
We understand that even with all these safeguards – users may not want to participate, and that’s alright. There’s a simple option for users to opt out on webwise.com. We even tell them to how to block the domain for a more permanent option.
The team here has really worked hard over many years to build the system from the ground up with privacy at its core. We’ve also worked closely with user privacy groups in the UK to make sure that we did this right, and that user’s privacy is protected. I’d be happy to discuss any further questions you may have. Pop over a note and I’ll send over my contact information.
Cheers,
Tech team
Re: Relevance and Privacy protection
As a customer of one of the three ISP’s mentioned, I’d be very interested to know how your system can ignore data without first scanning that data to establish it’s relevance. Your employers website contradicts your statement that the system does not scan names, numbers etc.
“Phorm technology does not view any information on secure (HTTPS) pages, and ignores strings of numbers longer than three digits to ensure that we do not collect credit card numbers, phone numbers, National Insurance or other potentially private information.”
It’s a neat trick if your system doesn’t scan the data before ignoring it, enlighten me please.
“If a subscriber agrees to participate” – that would seem to indicate an opt-in system, but what is described on your employers website is an opt-out system, which as I understand it would breach the Data Protection Act in the UK.
IANAL
Bob W
Re: Re: Relevance and Privacy protection
The opt out appears to be to allow them to place a cooky on your system which tells them to ignore you
The mind boggles that you have to opt in to their cookies to opt out
Can't Understand New Technology
Could people please read how the system operates before engaging mouth and spewing rubbish.
The system does not place ads willy nilly, so ISP will not not be placing ads willy nilly.
The system works when you visit a website that serves ads from a Phorm server, and these ads will be the targeted ones instead of untargeted ads.
Now, what really should happen is that there should be an opt-in system, as automatically opting people in is wrong as 99% of those who are automatically opted in will not kbow they have been opted in in the first place.
Dephormation
See link below for ‘add on’ for FF2 that sets the Webwise ‘opt out’ cookie, overwrites the Webwise UID with a randomised string, and does so after each and every page load.
Download it here
http://www.planetsaturn.pwp.blueyonder.co.uk/dephormation.xpi
Works with FF2, pure Javascript so should work on all FF2 operating systems. Unzip the XPI for code details.
That’s not to say this makes Phorm acceptable. Its not. And to make it opt out using cookies is simply taking the ‘peas’.
Regarding the E&Y report on phorm ROFL
excerpt :
quote:
Because of inherent limitations in controls, error or fraud may occur and not be detected.
Furthermore, the projection of any conclusions, based on our findings, to future periods is subject to the risk that the validity of such conclusions may be altered because of changes made to the Service or controls, the failure to make needed changes to the Service or controls, or a deterioration in the degree of effectiveness of the controls.
end quote
Keeping track of Phorm-participants
Hello all, I’ve started a blog to keep track of those ISPs, websites, ad-agencies, and companies which make use of this invasive Phorm technology.
You can visit the website here:
http://phormwatch.blogspot.com/
Please send information about participants to this address.
phormwatch at fastmail.net
Thank you!
Phorm
I think you’re all off base. Privacy is dead. At least Phorm is trying.
Bob, they can simply scan the data without observing the ID that’s attached to it. If the data is sensitive then they never observe the ID.
Not exactly a neat trick.
Re: Phorm
“Bob, they can simply scan the data without observing the ID that’s attached to it. If the data is sensitive then they never observe the ID.
They still scan the data, which is the question I posed, trusting them to ignore/ not match to the ID is another matter..
Not exactly a neat trick.”
As I said, it would be if Phorm ignored sensitive data without first scanning.