Phorm

Phorm has made the mainstream press and more and more people are becoming aware that their ISPs have sold their personal data to the highest bidder.

In no time at all Phorm will be tapped into your ISP's servers and will have access to all your web traffic. They will monitor all the web pages you request and the data the webservers send back to you. On top of that they will also be modifying the web pages on the fly. Apparently the intention is that they can service you with ads that best suits a web profile they generate for you and so that they can warn you of phishing sites. You see they can see every site you access so they can check against a database of phishing sites and modify the code you download from that site to let you know it's bad. Anyone that uses IE7 already has antiphising enabled. Other browsers or software probably provide something similar by now.

Phorm do offer an opt out of the features available (i.e. the directed adds/the anti phishing warnings) but you have to visit their site and install a cookie to tell Phorm that you don't want those features. Of course that cookie has to be installed on the browser you are using to access the web. If you are using different browsers/accounts/computers/wifi devices/etc that's a lot of cookies that you have to maintain. On top of that Phorm is accessing your browser everytime to log onto the internet to check for that cookie.

For many people the targeted ads and antiphishing "protection" is only going to be a nuisance. The much greater concern is that Phorm will have direct access to your web traffic, in both directions, whether you opt out or not. Now, Phorm do promise to delete all your data as soon as they've analysed it and produced the relevant statistics for their purposes. So I guess the questions is whether you trust Phorm to always do the right thing, provided that they will have unfettered access and they will be self policing.

It has been reported that the servers Phorm use for data processing are based in China. On top of trusting Phorm, its employees and contractors there is also the small matter of trusting a government of dubious history of respecting personal liberties and privacy. All your web data could be going to China.

In a world where ID theft is of growing concern, and crime is being internationalised I have ask if this is the right move by ISPs. Either way it seems that in a modern world our privacy is something that is under more and more threat. In the end we have to ask ourselves if we really want to leave in a world where more and more of the "data elite" have access to more and more of our private details.

If you are the sort of person that likes signing petitions there is one here for you:
http://petitions.pm.gov.uk/ispphorm/

So far it's been up for a couple of days and far it's gotten less that a thousands signatures. Sadly privacy is not an emotive issue for most people to be interested. Perhaps I should have mentioned that Phorm will equally track the webtraffic of children, adults, cute ferry creatures and whales.

The Register have been busy bringing the issue to peoples' attention:
http://www.theregister.co.uk/2008/02/29/phorm_roundup/

Sadly most of their audience is of a limited spectrum (techies and the like). So I expect this issue will not reach mass attention until it the system is up running. It's expected that BT will be running trials this month. Will users be told that their data is being compromised? I somehow doubt it.

The mass media has started paying some attention to this story but I fear their willingness to accept Phorm's assurances will do no favours to their readers.
http://www.guardian.co.uk/technology/2008/mar/06/internet.privacy

It's worth pointing out that the Guardian has admitted that they will be one of the beneficiaries if this scheme goes ahead, as they use the ad service Phorm will be tied to.

This issue has been brought to the attention of several MPs and government organizations. It is hoped that data protection legislation may drive a nail through these plans. But one has to worry whether in the end the government will see this as an opportunity to increase the surveillance society for their own purposes.