Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Tips & Breaking News :: Media Sightings |
|
<< Previous thread | Next thread >> |
| Finally the 80/20 Thinking report | ||
| Go to page << >> | |
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy
|
| Author | Post | ||
| TheOtherSteve |
| ||
 Registered Member #178 Joined: Thu Mar 13 2008, 03:55PMPosts: 46 | The more of this I read, the more I become concerned, and the more I start to worry that 80/20 have not actualy paid any attention to the technical implmentation. Take for instance this gem from pages 12/13 : "- If a user regularly deletes cookies then this would result in that user being monitored again. Ideally a user would be able to notify his or her ISP that he or she is uninterested in participating in the advertising scheme altogether and this would result in a permanent non-processing of Internet traffic. Is such an implementation possible?" WTF ? You really ought to know the answer to that if you've seen the technical implementation, as well as the answers to some of the other questions posed. SD told the BBC "We think we've seen everything". Clearly not. And he still doesn't seem to have grasped the PII link between cookies and IP addresses. I have even more concerns after reading this than I had before. Mind you, it wasn't, of course, designed to allay MY fears, but to allay Phorm's, and by the looks of it, they didn't bother to read it at all, since they have apparently ignored all the recommendations. (Transparency, opt-in, etc) | ||
| Back to top | | ||
| TheOtherSteve |
| ||
| Registered Member #178 Joined: Thu Mar 13 2008, 03:55PMPosts: 46 | RichieISPs : "Phorm liaised with the Home Office to assess whether its system could infringe the UK law that regulates communications surveillance. The Home Office concluded that Phorm's system is consistent with the Regulation of Investigatory Powers Act and does not intercept communications." That doesn't sound at all right. | ||
| Back to top | | ||
| serial |
| ||
 Registered Member #100 Joined: Wed Mar 05 2008, 06:22PMPosts: 158 | Everyone should keep in mind that this is just the INITIAL ASSESSMENT, the authors like us had a lot of questions they needed answers to before they publish the full report. Hopefully they haven't been asking PhormPRTeam, though that would explain the long wait. | ||
| Back to top | | ||
| Phormic Acid |
| ||
| Registered Member #22 Joined: Mon Feb 25 2008, 11:11PMPosts: 93 | Is that it? I note: 2 × ‘function creep’, 2 × Phorm may disclose information to third parties under ‘legal requirements’ and 10 × stakeholder(s). Phorm are not doing terribly well at the stakeholder engagement, where those stakeholders are the ISP customers. Even if more educated coverage notes that only web-browsing is covered this will not resolve immediate responses from audiences that the system is 'spying' on their activities online to the profit of ISPs. This fails to appreciate that web-browsing is the bulk of Internet activity and that, while many activities pre-date HTTP/HTML, if you can do it on the Internet you can most probably do it with HTTP/HTML. The report fails to properly distinguish spam filtering from advertising. Spam filtering is near stateless with regard to the user; each message is categorised in isolation. Where there is a component of state in the filtering, it is normally rules that are under the control of the user or from analysis of examples the user chooses to leave in the spam folder. Advertising, by necessity, is stateful with regard to the user; to market effectively, a detail picture of the user needs to be built up over time. Phorm’s system excludes forms, and therefore would exclude content from sites where an individual is drafting an email. This doesn’t take into account that, once submitted, the email will most probably reappear in returned HTML, in the form of a preview, spelling checker or in the user’s sent box. Communications surveillance laws at the very least require consent to be re-affirmed at regular intervals particularly as multiple users may make use of a single Internet connection and machine. This is something that I know I’ve droned on about. The frequent reappearance of the consent page is going to cause significant annoyance to many users. It could be the single biggest reason for driving customers away from ISPs using systems like Phorm. (The PDF could do with being hosted on the BadPhorm website. I’m not going to try to uploaded. When this website says “Allowed filetypes: .zip | .gz | .jpg | .png | .gif | .jpeg | .doc. Any other filetypes uploaded will be instantly deleted”, it really means it. It wouldn’t even accept my completely plain-text vector graphics files, so there’s no way it’s going to like a PDF that’s internally compressed.) | ||
| Back to top | | ||
| EtherDreams |
| ||
| Registered Member #185 Joined: Fri Mar 14 2008, 09:27PMPosts: 33 | Simon Davies posted a followup message suggesting that some in depth information will be released very soon. We shall see ;-) Speaking of which, I recently found something interesting in the advertisers FAQ. FWIW, the advertisers can target their ads via combining multiple channels. I don't know if it supports C1 && C2, C1 || C2, or both. How that works could have a bearing on how people should interpret their "we attempt to make sure that each channel matches a minimum of 5000 users" comments. | ||
| Back to top | | ||
| Oblonsky |
| ||
| Registered Member #132 Joined: Sat Mar 08 2008, 10:59AMPosts: 91 | EtherDreams wrote ... How that works could have a bearing on how people should interpret their "we attempt to make sure that each channel matches a minimum of 5000 users" comments. Until "creep" sets in and advertisers can target all women over the age of 65 and living alone, or any other (arguably) vulnerable section of the community. The more I think about this it's wrong from every angle. The system infrastructure could be abused (without safeguards), so why think it's legal in the first place? Even without "abusing" the base system, some system somewhere is serving ads to these people, so a server knows the IP address of the person who requested the advert. And to top it all off, unless the ISPs offer a proper opt-out, they will fail to exclude people who make a submission in writing to the Data Controlller or the ISP saying they want nothing more to do with this. The Data Controller can't ensure opt-out cookies remain on every computer in that house forever. | ||
| Back to top | | ||
| Jim Murray |
| ||
 Registered Member #1 Joined: Thu Feb 21 2008, 08:29PMPosts: 133 | Phormic Acid wrote ... (The PDF could do with being hosted on the BadPhorm website. I’m not going to try to uploaded. When this website says “Allowed filetypes: .zip | .gz | .jpg | .png | .gif | .jpeg | .doc. Any other filetypes uploaded will be instantly deleted”, it really means it. It wouldn’t even accept my completely plain-text vector graphics files, so there’s no way it’s going to like a PDF that’s internally compressed.) If you want to mail or PM me with the file types you'd like added then I'll make the necessary changes. Jim Admin/press enquiries : [email protected] | ||
| Back to top | | ||
| PhormUKPRteam |
| ||
| Registered Member #110 Joined: Thu Mar 06 2008, 05:05PMPosts: 47 | Hi all The Privacy Impact Assessment is a review of Phorm systems and policies. Since this preliminary, initial report was written several weeks ago, we have addressed several claims in it. Among them, we have confirmed to 80/20 Thinking that Webwise does not track behaviours across sensitive sites; that anonymous cookies cannot be traced back to users; and that Webwise deliberately ignores "https" pages used by banks, and other personal data. We will work with 80/20 Thinking on an ongoing basis throughout the year to complete the assessment and ensure we confirm our leading privacy standards. In the press, Mr Davies has openly commented: "In our view, Phorm has implemented privacy as a key design component in the development of its system. In particular, Phorm has quite consciously avoided the processing of personally identifiable information." In particular, Mr Davies told BBC News: "Phorm does advance the whole sector of protecting personal information by two to three steps." Just in case of any re-emerging confusion: Privacy International, one of the leading privacy advocacy bodies, did not endorse us and do not endorse any companies. We engaged Mr Davies (founder and director of Privacy International, though not acting in that capacity to produce the report) because of his expertise and experience. He has spent decades railing against infringements of privacy. We expect that he and his team in a consulting capacity would apply the same intellectual rigour to their assessment of companies that they do in campaigning for privacy rights. As a consultancy, 80/20 Thinking conducts audits for companies and it charges a fee to do so. Audits take time and resources, as the one conducted by Ernst & Young did, and we haven't yet found a free audit service that is worth our trust or anyone else's. We await a date for the final Assessment to be issued and will update this page when we know. The full interim report is at http://www.phorm.com/user_privacy/privacy_impact_report.php and you can ask questions on the site too | ||
| Back to top | | ||
| Paladine |
| ||
| Registered Member #181 Joined: Thu Mar 13 2008, 10:48PMPosts: 50 | PhormUKPRTeam you are lying, it is that simple. The advertisers themselves will be in a position to match IP addresses to "anonymous" cookies. It would then be a very simple task to write a script to link every single anonymous cookie to an IP. Epic Phail Alexander Hanff [ Edited Wed Mar 19 2008, 12:07PM ] Deny Phorm the right to intercept web pages and support the Deny Phorm Campaign Visit: http://denyphorm.blogspot.com/ | ||
| Back to top | | ||
| Oblonsky |
| ||
| Registered Member #132 Joined: Sat Mar 08 2008, 10:59AMPosts: 91 | Alex - may not strictly be true. The Phorm system at some point could strip either the UUID or the IP Address when relaying the request to the advertiser, but the basic principal holds that the advert has to get from the ad server to the target computer. But the technical arguments are so complex. For this system to be properly validated would take a specialist team of System Architects working in conjunction with privacy specialists to thrash out the potential loopholes. I'm drafting my thoughts to the ICO to supplement the view of FIPR. Just because Phorm have taken steps to protect what they intercept doesn't make the fact they're intercepting any better. We simply can't pick and choose here. Either we allow intercepts, the floodgates open and as many Phorm-alike companies get in on the game, the ICO will not be focussing on enforcement and everyone is at risk, or we ban the technology on the grounds of what it's capable of. Simple. [ Edited Wed Mar 19 2008, 12:21PM ] | ||
| Back to top | | ||
| Go to page << >> | |
Powered by e107 Forum System