Questions for Phorm
- Why is this system opt-out instead of opt-in.
- If I have a cookie that has previously been tracking my "interests" and I delete that cookie, when I next browse the net with webwise turned on will I be assigned a new, unique ID that has no relationship with the old cookie ?
- What happens to the data assigned with the old cookie ID ?
- How long is that old data kept for ?
- My ISP has details of all my other preferences relating to my internet connection so why can they not record the fact that I do/do not wish to have my data scanned & tagged instead of using a cookie ?
- Can you show us what information an opt in cookie holds and what information an opt out cookie holds ?
- Does OIX take any precutions against the insertion of malicious advertising (ie. iframe exploits) by advertisers subscribed to the Phorm system?
- These are my demands to my ISP and, I believe, my lawful entitlements. Will Phorm ensure that this is easily adhered to?
1) There must be opt-in at all levels.
2) You must obtain explicit, positive consent.
3) No requirement can exist so that the customer's connected equipment is responsible for maintaining any status of point 1 and 2, in particular point 2 not being obtained.
Point 3 implies that opt-out is assumed where no information to the contrary is present.
- You say webmail sites are exluded - how? I run my own domain and access e-mail via my domains webmail site, not one of the big branded ones.
- There have been reports that you ignore form fields, yet you clearly don't if you gather search terms and search terms are submitted via form fields. Can you clarify this?
- Phorm's servers within the ISP :
) Are these servers prebuilt (OS & software wise) by Phorm, or are they built by ISP technical groups following
instructions given by Phorm?
ii) Is all Phorm proprietary software delivered in unobfuscated source form to the ISPs and compiled by trustworthy employees of the ISP?
iii) Will the Phorm source code be made openly available for public inspection (without of couse impacting on Phorm's proprietary rights)?
iv) Do Phorm or Phorm agents have any physical access to these servers?
v) Do Phorm or Phorm agents have any remote access to these servers, other than to passively download information?
vi) In particular, can Phorm perform any remote configuration on these servers?
- Did 80/20 perform a forensic audit of the source code of your applications?
If not, what did they audit?
- Could you release the names amd contact details of the authors of this report, with details of their technical competencies to undertake the work?
- Can you assure us that an opt-out ensures that no data of any kind passes through or is mirrored to the profiler?
- Phorm claim to have an unpublished white list of application 'agents' which they don't target. Show us the list.
- Phorm claim to have a black list of webmail sites which they don't target. Show us the list.
- Phorm categorise you, but have not published the categories your identity will be associated with. Show us the list.
- Phorm do not publish the specification for their cookies. Show us the specification.
- Just to confuse things they say that in order to permanently opt-out you just block webwise.net and never get the cookie. Oh hang on don't you need to opt-out and GET a cookie. Therefore, how does the cookie opt-out actually work?
- If I have a cookie that has previously been tracking my "interests" and I delete that cookie, when I next browse the net with webwise turned on will I be assigned a new, unique ID that has no relationship with the old cookie ?
- What happens to the data assigned with the old cookie ID ?
- How long is that old data kept for ?
- My ISP has details of all my other preferences relating to my internet connection so why can they not record the fact that I do/do not wish to have my data scanned & tagged instead of using a cookie ?
- Can you show us what information an opt in cookie holds and what information an opt out cookie holds ?
- Does OIX take any precutions against the insertion of malicious advertising (ie. iframe exploits) by advertisers subscribed to the Phorm system?
- These are my demands to my ISP and, I believe, my lawful entitlements. Will Phorm ensure that this is easily adhered to?
1) There must be opt-in at all levels.
2) You must obtain explicit, positive consent.
3) No requirement can exist so that the customer's connected equipment is responsible for maintaining any status of point 1 and 2, in particular point 2 not being obtained.
Point 3 implies that opt-out is assumed where no information to the contrary is present.
- You say webmail sites are exluded - how? I run my own domain and access e-mail via my domains webmail site, not one of the big branded ones.
- There have been reports that you ignore form fields, yet you clearly don't if you gather search terms and search terms are submitted via form fields. Can you clarify this?
- Phorm's servers within the ISP :
) Are these servers prebuilt (OS & software wise) by Phorm, or are they built by ISP technical groups following
instructions given by Phorm?
ii) Is all Phorm proprietary software delivered in unobfuscated source form to the ISPs and compiled by trustworthy employees of the ISP?
iii) Will the Phorm source code be made openly available for public inspection (without of couse impacting on Phorm's proprietary rights)?
iv) Do Phorm or Phorm agents have any physical access to these servers?
v) Do Phorm or Phorm agents have any remote access to these servers, other than to passively download information?
vi) In particular, can Phorm perform any remote configuration on these servers?
- Did 80/20 perform a forensic audit of the source code of your applications?
If not, what did they audit?
- Could you release the names amd contact details of the authors of this report, with details of their technical competencies to undertake the work?
- Can you assure us that an opt-out ensures that no data of any kind passes through or is mirrored to the profiler?
- Phorm claim to have an unpublished white list of application 'agents' which they don't target. Show us the list.
- Phorm claim to have a black list of webmail sites which they don't target. Show us the list.
- Phorm categorise you, but have not published the categories your identity will be associated with. Show us the list.
- Phorm do not publish the specification for their cookies. Show us the specification.
- Just to confuse things they say that in order to permanently opt-out you just block webwise.net and never get the cookie. Oh hang on don't you need to opt-out and GET a cookie. Therefore, how does the cookie opt-out actually work?
