Get the NEW Torrent Search NOW!!


Forum Talk

We have been following the Phorm controversy for some time now and now some new developments have emerged. These developments consist of a leaked internal report which suggests that Phorm broke the law 113 million times during the controversial trials.



Wikileaks has freshly leaked internal report which says some very interesting things. Here's the Wikileaks summary of the report:

The internal British Telecom report shows that the carrier committed at least 18,875,324 allegedly illegal acts of interception and modification during its controversial covert "Phorm" trials.

The report also indicates that personal identifying IP addresses were likely used, despite BT previously assuring the public and ICO that no personally identifiable data was used. IP addresses are recognised by the Data Protection Act.

In addition to the 18 million regular advertising injections or hijackings, it appears charity advertisements were hijacked and replaced with Phorm advertisements.


The report concludes that the "opt-out" system would not work, since BT customers find themselves opted back in every time they changed computers or wiped their cookies


The report is currently making the rounds on various news sites including Open Rights Group which points to Alexander Hanff's analysis. Hanff notes the following:

There were a number of things in the report which left me believing that BT had misled ICO (and the public) with regards the covert trials.

BT have repeatedly stated the trials involved no personally identifiable data and this is one of the points ICO touched on in their letter to one of the victims of the 2007 trials as reported on this web site last week.

However, and this will be obvious to the technically minded although I have not seen anyone mention it to date, if we return to the table on page 45 we have a row called “IP addresses seen through the Proxy Servers” for the same period as above but also no data for 24th September due to a technical fault. So it is evident that the PageSense servers (running multiple instances of SQUID proxy server) were in possession of customer IPs; and in fact due to the way PageSense worked, they needed to have these IPs in order to forward the web page back to the user once it had been grabbed by SQUID.


He then notes that there was a claim that the trials were trivial, but after a look on page 45, he notes that nearly 19 million tags were inserted into users web pages. He then does an analysis of British law with specific references to the following:

  • Regulation of Investigatory Powers Act 2000

  • Privacy and Electronic Communications (EC Directive) Regulations 2003

  • Computer Misuse Act 1990

  • Torts (Interference with Goods) Act 1977

  • Copyright, Designs and Patents Act 1998 (see derivative works)

  • Data Protection Act 1998 (IP addresses are legally defined as personally identifiable data)


He then tallies up the total number of "highly probable" law infractions and comes to a total of 113,252,124.

"still think that looks trivial?" asks Hanff, "And that is just in 8 days."

Hanff isn't the only one that took notice of these developments. Ryan Singel of threat level noted these developments as well and finds that the Phorm technology also causes web browser instability.

Those boxes inserted JavaScript code into every web page downloaded by the users. That script then reported back to Phorm the contents of the web page, which Phorm used to create ad profiles of a user. Additionally, Phorm purchased advertising space on prominent web sites, showing a default ad for a charity. But when a user who had previously looked at car sites visited one of those pages, he instead got an advertisement for car insurance.

The users were not informed they were being made guinea pigs for a new revenue system for BT and had no way to opt out of the system, according to the report. The JavaScript caused flickering problems for some users as the script reported back information about the content of the web page to a Phorm server. The script also crashed browsers that loaded a website that relied excessively on anchor tags. Additionally, the rogue JavaScript showed up unexpectedly in user's posts to some web forums.

Despite these problems, the technical assessment concluded the test was successful and was largely went unnoticed by most users.


Think all of this is just an issue with British users and not U.S. users specifically? Think again. The report also notes an earlier report which points to a company called NebuAds attempting to do similar things in the US with US ISP Charter only to be asked to stopped by Massachusetts Democrat Edward Markey and Texas Republican Joe Barton saying it would be a violation of the Communications Act. Wired obtained a copy of the letter which can be read here (PDF) No word yet on what the next move would be by NebuAds or Charter.

It's interesting to note that there seems to be a similar trend to what happened previously in another major incident in the past. First secrecy, then covert implementation (though, in this case, "trials"), discovery by advocates that laws are being broken, etc. may sound familiar to those who followed the Sony Rootkit fiasco. If one were to look at it from this angle, there may be a happy ending for consumers in the future. One can only hope the same will be said for those facing Javascript intercepting technology for the purpose of pushing ads.

  • #1    Well I can see a quicker adaption of Firefox with the Adblock Plus extension. Removes all items from web pages that you don't want (ads, flash, java, etc.) and fully customizable. Phorm won't get to far if its blocked by the browser.

    And, if all else fails people will start disabling JavaScript in their browsers. It might reduce the functionality of some web pages, but that might be better then getting spied on, and having your browser hijacked.
    posted by Gamer8585 175 days 13 hours 21 minutes ago
  • #2    GAMER8585, messing with your browser won't stop you from being spied on. Even if you opt out, information can still be stored about your activities and later retrieved. This is because your ISP is directly involved in the spying.

    Many articles here about Phorm: http://www.theregister.co.uk/2008/02/29/phorm_roundup/

    The only real way to be safe is to switch to an ISP that doesn't use Phorm.

    Try this site: http://www.antiphormleague.com/

    Click on "ISP" for a list of ISPs that have explicitly stated they will not use Phorm, and also click on "PhormWatch" for other ISPs that have promised not to sign a contract with Phorm.

    I left Virgin before this controversy erupted - though in Britain, the apathy is so widespread, "controversy" is really too strong a word - anyway, I'm with a smaller ISP now, and the speed of my connection at peak times is much better.

    I was nervous about moving to a smaller ISP, but after reading other people's reviews, I jumped ship and happy that I did so. Though I'm paying a little more, the contract is monthly and speeds are much improved, and Phorm is nowhere to be seen!
    posted by Richard9999 174 days 8 hours 22 minutes ago

Login to ZeroPaid.com
Username
 Password

* Be sure that you have cookies enabled in your browser, without them you will not be able to login correctly.

Register here if you are not a member of Zeropaid.com.

members that voted for this story

    © 2000 - 2008 Zeropaid Inc, All rights reserved.
    Company Info | Contact Us | Zeropaid Crew | Advertise | Cheap Cars     		Hosting Provided by:
    San Diego Colocation - Complex Drive