Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Phorm Discussion :: Phorm Talk |
|
<< Previous thread | Next thread >> |
| Can someone explain what is going on here? | ||
| Go to page << >> | |
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy
|
| Author | Post | ||
| JohnHorb |
| ||
 Registered Member #63 Joined: Sat Mar 01 2008, 08:00AMPosts: 6 | One question - are you happy with this direct quote? "We have been supported or endorsed by all of the leading stakeholders," Phorm chief executive Kent Ertugrul told BBC News. "Ofcom, the Information Commissioner's Office, the Home Office, leading privacy advocates like Simon Davies, the advertising industry and publishers have all backed our service," he said. | ||
| Back to top | | ||
| O2 |
| ||
| Registered Member #381 Joined: Wed Apr 30 2008, 08:16AMPosts: 89 | I await the announcement from Simon and/or PI over the next day or so. In the mean time I would like Simon for you to consider that sometimes public opinion rarely takes the time to consider the subtleties of a precise viewpoint on a particular issue, rather "they" see a simplified digest of opinion with perhaps 5 tiers, ranging from strongly against through to strongly in favour. Whilst as an engineer with a scientific background I see and understand your position I urge you to consider how the general public see your position and also, as John points out above, how a complex position can be spun into a simple position by someone in either camp. | ||
| Back to top | | ||
| warescouse |
| ||
 Registered Member #452 Joined: Sat Jun 21 2008, 02:16PMPosts: 11 | Simon, as far as I am concerned whether it is opt in or opt out is actually irrelevant because I feel the point in question is that DPI should not be used for intercepting a customers raw data stream for the purposes of advertising, behavioural or otherwise. It should not happen or be allowed to happen in my opinion. While the opt-in / out-out argument is good for privacy discussions I feel it should never have been up for discussion in this particular case. I have no cross to bear regarding behavioural advertising, just the DPI bit used to achieve these ends. It is this bit that PI seem to neatly avoid. I also feel PI should have been against it from the start promoting it as a none starter. Just because something is technically possible, doesn't mean that it should be done or that we should work out a way of how it could, or can be done. PI has said that it should be opt in and they have some concerns. I have many concerns! I have a worrying suspicion as to what happens next for 80/20. I hope my suspicion is wrong. [ Edited Mon Apr 13 2009, 03:41PM ] | ||
| Back to top | | ||
| Midnight_Voice |
| ||
 Registered Member #180 Joined: Thu Mar 13 2008, 08:51PMPosts: 503 | Specifically, any privacy assessment of Phorm is incomplete without describing the apparent difficulties that it will encounter with obtaining the permission of *both* parties to an interception, as required by RIPA. An opt-in will cover this for the website user, but Phorm's current "request an opt-out, and/or cut yourself off from Google as well as Phorm" is clearly grossly unsatisfactory for the website owner. I don't recall this minor inconvenience of UK law being covered by you? Why not? I'm a nonconPhormist; I won't be conned by Phorm | ||
| Back to top | | ||
| felixcatuk |
| ||
felixcatuk   Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 1656 | >Just to avoid (or add to?) confusion, I'll write this with both hats on - 80/20 and PI. Sorry, but you miss the point. That is precisely the problem. You cannot wear both those 'hats' simultaneously. You claim to be an independent as director of PI. Yet you contract with Phorm while wearing the 80/20 hat. And the position you quote as PI director is heavily skewed toward the interests of 80/20's fee paying clients. That is not independence, and you won't solve that contradiction with a press release. I have read your report, and read it in its entirety, and was completely gobsmacked that you made the concious decision to ignore the privacy rights of people who publish web sites, and their right to communicate freely with others. Its not just large corporates who run web sites; its individuals, charities, political groups, clubs, small businesses, campaign groups, social networks. You said "We believe that Phorm should also allow for website owners to opt-out". Opt out? Why should I or anyone else have to opt out of illegal interception by every ISP on the face of the planet? Do you consider that is desireable? How on earth is that consistent with the aims of Privacy International? Is there a conflict between your role in PI and our role in 80/20? Absolutely there is. The only person who can't see it is you. [ Edited Mon Apr 13 2009, 07:49PM ] [ image disabled ] BT/Virgin/TalkTalk customers - you don't need Webwise and Phorm, pure and simple. Regulators will not protect you from Phorm. Protect your privacy. Protect your web content. Phorm must be stopped. www.Dephormation.org.uk: Free Anti-Phorm Countermeasures for Firefox Users and Web Sites 21,000 people signed the No. 10 Downing Street Petition Ready to leave BT? Call 0800 800 030 / 0800 328 6738, get your MAC code PhormUKPRTeam/PhormUKTechTeam is a PR consultant from Citigate Dewe Rogerson. | ||
| Back to top | | ||
| madslug |
| ||
  Registered Member #266 Joined: Tue Apr 01 2008, 12:11PMPosts: 686 | Simon, every time I read the Home Office comment about Phorm, Webwise the ISP, the user, the website and the advertising script I am reminded that a number of different questions were asked. The first question question is: Do targeted online advertising services involve the interception of a communication within the meaning of sections 2(2) and 2(8) or the Regulation of Investigative Powers Act 2000 (RIPA)? The answer is very clear: 6. The provision of a service to deliver targeted online advertising will tend to involve a person (an ISP and/or a targeted advertising provider on behalf of an ISP) monitoring transmissions made by means of a relevant telecommunications system so as to make some of the contents of a communication available, while being transmitted, to a person (the ISP and/or the targeted advertising provider) other than the sender or intended recipient of the communication. The second question is: To the extent that targeted online advertising services might involve interception of communications, can they be offered lawfully without an interception warrant in accordance with section 3 of RIPA. Section 3(1) requires both parties to the communication to give consent and the document acknowledges that the ISP customer can consent. However it only covers opting out of the advertising service and not offering customers a service where their communications are not intercepted. (A failure to understand the DPI system, perhaps?) Then it falls down completely because in para 15 in one part it uses the word interception and then concludes that interception has been consented to because the website has allowed the page to be downloaded. Allowing a web page to be downloaded by a visitor to their browser is not synonymous to a web page being downloaded and intercepted so that an ISP can make a simultaneous copy of that page to a proxy without applying for a licence to reproduce that content and then have a commercial use applied to that copy. If the advertising system identified itself to the web page in such a way that any web host made it possible for the web page to either deny access or allow the download, then the argument could stand. However, the advertising system does not offer any such header request nor do the majority of websites have access to sufficient control over the hosting for a website to include within its design scripts which can read that header and decide whether or not to supply the content. (Currently no web standard exits to offer such an advertising/interception header from the browser.) As far as the website is concerned, the advertising system is not part of the telecommunication service of supplying content to a user's browser. The website only knows that the browser and not a bot/script is the end point of the communication. The website does not have an arrangement with the ISP with regard to any advertising service, so to claim that such a service is part of the communication between the website and the browser fails to understand the way in which a website communicates with a browser. The website is supplying content to a browser and has no way of knowing that the ISP is making a simultaneous commercial copy. The website should be ISP neutral. For over a year, websites have been asking for a means of identifying whether or not the communication between them and their customers is being intercepted but no such method has been offered. For over a year, websites have been asking the ISPs to provide some method whereby royalties and licence fees can be arranged but the ISPs have refused to acknowledge that they have any duty to request permission and pay a licence fee before taking the simultaneous copy which is used by the advertising service. As the websites have been asking for a means of identifying the interception to deny access or been asking for payment of a royalty licence, which the ISP (BT Retail) has been refusing, the point in para 21 is no longer valid as the ISP can not argue that "The implied consent of a web page host (as indicated in paragraph 15 above) may stand in the absence of any specific express consent." The conclusion of the Home office document would be laughable if it were not such a serious issue: "The purpose of Chapter 1 Part 1 or RIPA is not to inhibit the legitimate business practice particularly in the telecommunications sector." If Phorm goes ahead, many ISP customers will find that they are not able to gain access to the same content as those ISP customers who do not have their communications intercepted. Many states in the USA have intercept laws: will all that content no longer be available to customers whose ISP decide to offer interception of communications as standard? Simon, your short response did not mention PECR. The ICO has not yet answered how Phorm complies with PECR when it forges webwise cookies in the name of every domain visited. If your 80/20 remit to Phorm only covered the DPA that does not mean that you are required to be silent on the other issues. Least of all when the advice of the Home Office is based on a false premise. And Copyright has been ignored completely by all the 'legal arguments' offered by Phorm. If you feel that your engagement with Phorm is productive, why have none of the issues raised by website owners been addressed? Why is it that a website has to ask Phorm not to profile visitors and a website owner has to provide so much personal data before Phorm will comply? - that the OIX offers advertisers the option of targeting the visitors to a specific website URL should never be allowed without the permission of a website rather than expecting a website to opt out of that 'feature'. Phorm should never be given access to data which makes possible the identification of a specific visitor to a specific website. (At least HitWise, ComScore, Neilsen, etc remove identifiable visitor data from the ISP logs.) Why is there no mechanism whereby a website can ask the ISP not to make a copy of content. Why is there no method whereby the ISP pays royalties or a website can claim damages for copyright infringement? Websites should not have to do anything to avoid Phorm either for their visitor traffic data or for the content of the site. The internet should just work and be open to all. Proud to be a Phorm free ISP - www.mADSLax.co.uk - Griffin reseller | ||
| Back to top | | ||
| madslug |
| ||
| Registered Member #266 Joined: Tue Apr 01 2008, 12:11PMPosts: 686 | Sorry, one other question that needs to be answered by Phorm and has so far been ignored by them: As password authentication sends usernames, passwords and content in the clear how does using this protocol prevent the DPI system from seeing the data and from sending the data stream to the proxy mirror and then on to the profiler? Only SSL encrypts the data. Proud to be a Phorm free ISP - www.mADSLax.co.uk - Griffin reseller | ||
| Back to top | | ||
| icsys |
| ||
 Registered Member #398 Joined: Tue May 13 2008, 11:46PMPosts: 13 | PI wrote ... Will people please read our report to Phorm. Read it in its brief entirety. Once you'll do, you'll realise that there are no conflicts whatever. In that report we argue that the system should be opt-in, that there are unresolved questions, that the matter of legal compliance is irrelevant to the issue of intrusion. For example, from page 10 of our PIA: "Phorm liaised with the Home Office to assess whether its system could infringe the UK law that regulates communications surveillance. The Home Office concluded that Phorm's system is consistent with the Regulation of Investigatory Powers Act and does not intercept communications. I believe the matter of legal compliance is very relevant to the issue of intrusion. By their own admission, the Home Office are not qualified to make any conclusions that Phorm's system is consistent with RIPA or that it does not intercept communications: As a reminder of the Home Office defence of their 'informal guidance note' which is referenced in the 80/20 interim PIA: Source - http://www.theregister.co.uk/2008/04/24/home_office_phorm_fipr_bt/ In a statement, the Home Office emphasised that the note should not be taken as gospel by anyone. It said: "We can't comment on the legal position of targeted online advertising services. It is up for [sic] the courts to interpret the law. "We did prepare an informal guidance note. It should not be taken as a definitive statement or interpretation of the law, which only the courts can give. It wasn't, and didn't purport to be, based upon a detailed technical examination of any particular technology." [ Edited Tue Apr 14 2009, 12:05AM ] | ||
| Back to top | | ||
| PI |
| ||
| Registered Member #635 Joined: Mon Apr 06 2009, 11:42PMPosts: 10 | Felix whoever you are, might want to actually read what I wrote. I said I support "opt in". Or is that too hard a concept for you to understand? Anyway, as promised the announcement is up at http://www.8020thinking.com/news/24.html?task=view As you'll see, we are now discontinuing all consulting and advisory work and all involvement with any industry association or group, including with Phorm. That I trust will end for all time the claim of conflict of interest. This has been a heart breaking decision. We have already issued one redundancy notice to staff, and laid off one contractor. However I hope our decision makes you alll very happy and that you can feel satisfied that we are now doing the right thing by any imaginable standard on earth. I have effectively wound up the income generating arm of the company. For a team that dreamed of funding privacy work in developing countries, this decision has been nothing short of devastating. But I understand that the roles were in the end going to be incompatible. Now please leave me and Privacy International and 80/20 Thinking to get on with what we need to do. And that goes for the trolls and the vested interests who have wrecked an otherwise dignified and just campaign. And just for the record, and directed solely at the founders of this campaign, I salute you and I hope you will continue to conduct your valuable work as we enter the turbulent times ahead. There is a privacy apocalypse in the near distance, and I hope you are ready for it. Simon | ||
| Back to top | | ||
| Cowherd |
| ||
 Registered Member #352 Joined: Fri Apr 18 2008, 08:28AMPosts: 160 | Simon, There are two parties involved in the traffic that may be intercepted by Phorm. While the ISP customer may have the benefit of an opt-in, the other side of the 'conversation', the web site, does not. Phorm only offers a very crude opt-out to web sites and it was this opt-out that felixcatuk was referring to. The communication between a website and its visitor is private. The only occasion when that data may be intercepted are with the agreement of both parties (the visitor and the web site). Currently Phorm are supposedly constrained to operate on an opt-in basis only for the ISP customer (the web site visitor), not the sites being visited. Without an explicit opt-in for web sites, Phorm is effectively carrying out industrial espionage. ISP customers who are being tracked by Phorm may well find themselves barred from many web sites as those sites seek to protect their intellectual property and commercial intelligence from this espionage. One further point. In all of their press conferences / "town hall" meetings, Phorm's people constantly talk about opt-outs, never opt-ins. You might like to consider why that is. I suspect it is because the original opt-in will be burried in the ISP contract small print and the ISP customer will be opted-in by that. They will sign up to BT Broadband and be opted-in to Phorm (Webwise). They will then have to opt-out of the contract based opt-in. I hope you are making it clear to Phorm that ISP customers must be opted-in to Phorm, and that opt-in must be an explicit customer choice (not a condition of contract). You should also make it clear that the traffic of ISP customers that are not explicitly opted-in should not pass through any Phorm equipment. Phorm, just say NO! | ||
| Back to top | | ||
| Go to page << >> | |
Powered by e107 Forum System