Phorms Answers (part2)
KentErtugrul: Hello thank you for joining us again - look forward to answering any questions you might have
davews: Who supplies the database used for the Antiphishing function - the ISP, Phorm or an external recognised organisation?
KentErtugrul: We use a number of external sources and are constantly evaluating the best source
007: will you still continue even though ISP's are pulling out
KentErtugrul: No indication at all that any ISPs are pulling out. They have polled their customers and their customers want this. I would like to make it very clear that nobody is being forced into this and this is a clear and absolute optional offer to everbody. Nobody has to do it
www.StopPhorm.bebo.com: Explain the drop in your Share Price, please.
KentErtugrul: Our share price has performed very well historically - we clearly have a duty to explain to both consumers and shareholders the facts around the offering:
1) It is clear choice
2) It brings clear benefits to consumers
3) It represents a breakthrough in online privacy by offering, for the very first time, way of making advertising relevant BY STORING NO DATA AT ALL as to users browsing habits and by making the system COMPLETELY ANONYMOUS
4) It represents a big step forward against online fraud, particularly in protecting less computer literate consumers than the ones who have been so vocally opposed to it
Huw_Jerse: One of the perceived benefits that the Phorm system is to bring is an enhanced anti-phishing capability. Can you explain (and be as technical as you like) the technical barriers that would stop an ISP from placing this kind of anti-phishing protection on their network without the invasion of privacy represented by the tracking of browsing – after all the ISPs laudably manage (for free) to block access to child pornography websites via WebWatch apparently without requiring this recording and analysis of normal browsing habits.
MBurgess: Hi "Huw". In your example, the WebWatch system sends all data for blacklisted sites to a routing 'black-hole". If you do that, it's not possible to give users the choice of continuing on to the site or turning back, as we do with Webwise. The Webwise solution is only one of many implementation possibilities, but its messaging ability does make the provision of the anti-phishing service easier.
suz: Only heard about this on BBC working Lunch today. Im with BTinternet, is this thing up and running now or is it due to be launched later?
KentErtugrul: It will be launched shortly and there is no chance of your being unaware of when it is launched. There will be a full page browser window offering the service, and you will have a clear and transparrent choice as to whether or not to take part
Jim_Murray: You will find a list of questions submitted by concerned users at http://www.badphorm.co.uk/page.php?11 I appreciate it may not be possible to answer all of them tonight but would you be prepared to undertake to provide answers to them by e-mail within the next week or so?
KentErtugrul: Hello Jim, I very much appreciate that you are concerned about privacy online. So are we. Not only do we undertake to answer all of your questions, but I would be happy to speak with you directly should you so wish
phil: why have the isp's not given us user more information about the service?
KentErtugrul: Quite frankly because it has not launched yet. I believe that much of the concern stems from the fact that we are halfway between announcing that we will launch and actually launching. I know for a act that the number one goal of ISPs is transparency. Each and every consumer being offered the service will be aware of the fact that it is on and that it is a choice, when the time comes to launch
phil: Could you explain how your system works if no data is stored - how do you categorise information relating to my web browsing
MBurgess: The system works by matching a data digest of information from each web page browsed (URL, page keywords and search terms) to advertiser-defined product categories we call 'Channels'. The data digest is first cleaned to remove as far as possible information like email addresses, numbers, and names (and we ignore form fields) and once the match is made, the data is immediately thrown away. All that is left is a note of which advertising category was matched, the random number we have allocated to your browser, and a timestamp. This is enough information to accurately target an ad in future, but cannot be used to find out a) who you are, or b) where you have browsed.
Privacy.Watch: Hi. We're a loose coalition of IT developers worried about the impact of such edge-of-protocols technology as Phorm is about to deploy. The consensus reached after examining all information released by Phorm is that, because the unique [random] user ID is stored in a cookie on the client machine, and only stored in a cookie, that Phorm must use some level of HTTP redirection in order to read the UUID for each HTTP request transmitted. This is deeply worrying to a protocols expert as there could be unintended side effects, the most obvious of which is the redirect counter in the browser being decrimented at least once or twice before the initial target site is reached. BT report trials are about to start, so the software must be ready for open public trial. 10,000 people in a trial is a lot of homes and businesses to put at risk. My question is what level of testing and review has been undertaken to ensure that the new technology does not break existing features of the internet that have come to be relied on?
MBurgess: The system has been very thoroughly tested, and operates on a whitelist basis - it checks the HTTP user-agent and confirms that the specific browser is one of those for which detailed testing has been carried out.
Jim_Murray: Perhaps the most often asked question is 'Why is this opt-out and not opt-in?' Could you explain why, when so many people have expressed this as a concern you do not insist to all partner ISP's that participation can be on an opt-in basis only?
KentErtugrul: I think that the real issue is transparency. When users were polled as to their reaction to a product which reduces the amount of rubbish advertising and protects people from online fraud, the most common response was not "how horrible please don't do it". It was "why is it that ISPs, if they can do this, are not doing it automatically already? I have a question for you: Imagine that your mother has a credit card number stolen through a phishing attack and all of her money is stolen. This happens thousands of times a year. How would you explain to her that she had the opportunity to protect herself but did not because the capability was not switched on automatically? The main goal as we move forward is to strike the right balance by achieving full transparency and knowledge of what is being offered.
Jim_Murray: You claim you store, and I quote, 'NO DATA AT ALL' - how then are you able to match a user's likely interests with an advertiser? To do this, at least some information must surely be stored?
KentErtugrul: Thank you for the opportunity to answer factual question. Here is how it works: as the random number representing the user browses, we match the behavour to product categories in real time based on hat they are doing. But then, in REAL TIME, we delete the reasons for matching the number to a product category: Where they were, what they searched for, and so on: We only retain three things: a random number, product categories against those number, and time stamps representing when they were matched to he product category. NOTHING ELSE.
This is why this is truly a revolution in online privacy: Compare and contrast this with some of the largest websites: they store everything you search, everywhere you go, together with IP addresses and a great deal of information. This represents a giant step forward for online privacy, because not only does it work better for advertisers, it does not store browsing history, is completely anoymous and gives users a clear ON/OFF switch
phil: Could you explain the difference between the phorm system and google - until i read about phorm i was not aware that google even stored information about my web browsing?
MBurgess: Many web-sites and search engines record information about the connections that you as a user make to their site. Typically this will include your IP address, and information such as URLs and the search terms you enter ("Clickstream data"). They will also often drop a cookie into your browser so that this clickstream data can be referenced later on, or even associated with data from other sites. The clickstream data is often used for data analysis or even sold on to third parties, and is typically retained for long periods - months or years.
We use a cleaned subset of clickstream information to mach with advertising channels, store the match, and throw the data away. We use a cookie only to distinguish your browser from others on the internet, and we never share data with anyone.
Jim_Murray: Thank you for your undertaking, I can be reached via e-mail at [email protected] and look forward to hearing from you shortly.
KentErtugrul: I will contact you shortly. Thank you for the opportunity to respond
compo: you say It represents a big step forward against online fraud, how can we be sure that your system will not cause fraud?
KentErtugrul: I am not sure how that would be remotely possible. It never knows who you are, never knows where you have been and is simply an engine to show advertising and phishing warnings. How could it be used to cause fraud?
suz: You say customers have been polled. Im a BT customer and I have not been polled. Why not?
KentErtugrul: Not all customers were polled, just a sample. That being said, you could consider the notice which you will receive when webwise is switched on as a sort of poll. If you do not find it useful, it is extremely simple to have no part of it
www.StopPhorm.bebo.com: Further to the Opt-in question by Jim_Murray, were the Customers advised what the Software would entail? Therefore were they aware what they were polling for?
KentErtugrul: yes - the goal was to receive a true estimation of what the broad customer reaction to be, not to generate the "right answer". The ISPs value nothing more than the bond of trust with their customer
not-telling: Will browser add-ons like TrackMeNot cause you any problem in profiling browsing habits?
MBurgess: I think there are two questions here - 1. will browser add-ons cause a problem when browsing under the Webwise service? - to which the answer is no. 2. Are add-ons a way to avoid profiling? - to which I would say it's easier to opt out of the service using one of the browser-based methods we provide.
compo: If you want full transparency why are you not being honist about your past with rootkits and spywear
KentErtugrul: I think that you will find it hard to find an interview where I do not acknowledge our history in the adware business. I talk about the fact that it is systematically confused with spyware, that nevertheless we decided that it was inconsistent with our goals and we discontinued that business despite the fact that we were a profitable, publicly traded company
Huw_Jerse: Follow-up question: You're improving security by allowing the (non-literate) user the choice to carry on to a site that's phishing?
MBurgess: Yes, in the end you have to give people the choice, having first warned them that the site is potentially fraudulent. We make the warning clear and the process easy, but the final say has to be with the user.
www.StopPhorm.bebo.com: Will you provide a Child Safe Option so that after I play Poker, my kids will not be bombarded with PokerSite Ads?
KentErtugrul: We are taking a broader approach than that. We are not accepting any advertising at all which, i shown to the wrong person, could cause discomfort. So, for example, no adult, no medical
system: How does the system deal with POST requests? IE, when a form is submitted via the POST method.
MBurgess: Hi, POSTs are not analyzed.
narcosis: Many new phishing sites appear all the time. What assurances do you give that this list is THE most current up-to-date list available ? Is this list maintained by another 3rd party or by users reporting sites to yourselves ?
KentErtugrul: We cannot guarantee that this will always contain a full list of all of the current phishing sites. What we can say is that this will be as real time a system as there is, that you will not need to download, maintain or switch anything on, and that we will constantly work to imporve the quality of the service. We also intend, as soon as possible, to extend the service to know spyware / malware download sites based on consumer feedback
compo: Is the opt out a full opt out or an opt out of your advertising
MBurgess: When you opt out, you will no longer see our targeted advertising, and no browsing data will be analysed. Of course, you'll still see ads in the pages you visit, they are just likely to be irrelevant ones.
PaulB: Kent, I raise the issue in the last chat about the lies going around about Phorm and the webwise system. We are still to get any more information realsed on the system is their any reason for this? I am still swaying on whether to say yay or neh to the system. Before it was a big no no but it doesn't seem all that bad now
KentErtugrul: Over time, we are very confident that the system will bring grat benefits. It will make it possible for ads to be relevant / helpful wherever you browse. Think of it as "google while browsing". It will make the creating websites a much more worthwhile exercise for all sites, not just a few. It will stimulate the creation of masses of additional, free content for consumers to enjoy. But most of all, it will always remain a choice. If you have any doubts at all about the system, I suggest that you not take part until such time, if ever, that you become comfortable
not-telling: I'm getting conflicting information in the articles I read. If I block cookies from webwise.net will my data be processed by the profiler server?
MBurgess: ISPs' networks all vary and their implementation of the Phorm system will vary accordingly, but ignoring for a moment the specifics of the network and the names of servers, the bottom line is: If you block cookies from webwise.net, you will be treated as opted-out and the ISP will not pass any of your browsing data to Phorm.
compo: please explain the following in your patent "The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc.". Do you collect IP addresses or not. If it is not you have misrepresented yourself at the patent office
KentErtugrul: We absolutely do not collect or use IP addresses in any shape or form. Remember that a patent is not a description of how a system works. The patent lawyer's job is to decribe all of the possible ways in which a system might have worked in order to protect the company's intellectual property. We believe that IP addresses are personally identifiable information and should never be used
no_ads: how much did you pay the bbc to show you in a good light?
KentErtugrul: lol - nothing I promise. All we ask for is the chance to describe the system as it is and not as it is being described for us
Southern_Spur: How did you get Privacy International to endorse your system?
KentErtugrul: This was my confusion I apologise. The endorsement was in fact from Simon Davies, the MD of 80 / 20 who is also a director of privacy international. My apologies for the confusion. I will however say that we welcome the scrutiny of any privacy organisation. We are proud of the breakthrough which we have achieved on privacy and believe that it sets an example for all to follow
narcosis: Why are you using a cookie when it is obviously possible to route users data around the Phorm equipment/profiler as shown by recent statements by Carphone Warehouse ?
MBurgess: We favour a browser-based approach for several reasons:
1. It allows different people who share the same broadband connection to make their own choice about using the system.
2. It allows that choice to move with them if they, e.g. if they use the same laptop at home and at work, or travelling.
3. It is transparent - the user knows their status and it is consistent.
compo: why have you not had an audit done in the UK under Uk law
KentErtugrul: we would be happy to do that. In fact we believe that meet the highest privacy standards anywhere. We believe that we go even further and achieve a standard not even contemplated by legislation. No knowledge of who you are, no storage of browsing histroy, full and transparent choice
PaulB: Kent, another question. You say this is a privacy revolution and no data is stored yet I have seen you quoted on some websites as saying its kept for 6 months
KentErtugrul: No we do no store data for six months. What we store for six months are only the product categories against random numbers
serial: Why have you decided to "pilot" your system in the UK and not the US?
KentErtugrul: I grew up here. Despite the accent, this is home.
serial: Is the profiler machine given to the ISP by phorm or just the software?
narcosis: Follow up to compo's question: You said "and no browsing data will be analysed." , but it still goes TO the profiler ?
MBurgess: Answering the points from "compo" and "serial" together -
The particular server or software is less important than who controls them. The ISP will own the equipment but it may be running software from Phorm. However, the ISP has full visibility of the data that is flowing, and full control over it. As I said, the bottom line is that the ISP ensures that if you opt out, your data is never passed to Phorm.
KentErtugrul: It has been a long day and I have to get to bed. I promise that we will do this as often as necessary. There were a number of questions which we could not get to. We will try to thoroughly address all areas of concern. Virtually all of the answers can be found in our general FAQs on our website. Nevertheless I look forward to doing this again. Good night. Best, Kent
-------------
Unanswered questions :
Q: With due resepect, anyone using anything aproaching a modern internet browser is already protected from such attacks automatically. Further, once the actual system is explained to people the overwhelming reaction has been highly negative, not positive. Your answer does not address the core question of why this technology is not opt-in only, if it is of such benefit to users then surely they will enable it themselves and not require to be coerced into it by their service provider?
Q: It has been pointed out that the user-agent string used by mail clients such as outlook (and potentially others) when retrieving remote images or embedded pages is identical to that of the installed version of internet explorer. How do you intend to avoid profiling the content of these requests in line with your stated policy not to profile (web)mail?
davews: Who supplies the database used for the Antiphishing function - the ISP, Phorm or an external recognised organisation?
KentErtugrul: We use a number of external sources and are constantly evaluating the best source
007: will you still continue even though ISP's are pulling out
KentErtugrul: No indication at all that any ISPs are pulling out. They have polled their customers and their customers want this. I would like to make it very clear that nobody is being forced into this and this is a clear and absolute optional offer to everbody. Nobody has to do it
www.StopPhorm.bebo.com: Explain the drop in your Share Price, please.
KentErtugrul: Our share price has performed very well historically - we clearly have a duty to explain to both consumers and shareholders the facts around the offering:
1) It is clear choice
2) It brings clear benefits to consumers
3) It represents a breakthrough in online privacy by offering, for the very first time, way of making advertising relevant BY STORING NO DATA AT ALL as to users browsing habits and by making the system COMPLETELY ANONYMOUS
4) It represents a big step forward against online fraud, particularly in protecting less computer literate consumers than the ones who have been so vocally opposed to it
Huw_Jerse: One of the perceived benefits that the Phorm system is to bring is an enhanced anti-phishing capability. Can you explain (and be as technical as you like) the technical barriers that would stop an ISP from placing this kind of anti-phishing protection on their network without the invasion of privacy represented by the tracking of browsing – after all the ISPs laudably manage (for free) to block access to child pornography websites via WebWatch apparently without requiring this recording and analysis of normal browsing habits.
MBurgess: Hi "Huw". In your example, the WebWatch system sends all data for blacklisted sites to a routing 'black-hole". If you do that, it's not possible to give users the choice of continuing on to the site or turning back, as we do with Webwise. The Webwise solution is only one of many implementation possibilities, but its messaging ability does make the provision of the anti-phishing service easier.
suz: Only heard about this on BBC working Lunch today. Im with BTinternet, is this thing up and running now or is it due to be launched later?
KentErtugrul: It will be launched shortly and there is no chance of your being unaware of when it is launched. There will be a full page browser window offering the service, and you will have a clear and transparrent choice as to whether or not to take part
Jim_Murray: You will find a list of questions submitted by concerned users at http://www.badphorm.co.uk/page.php?11 I appreciate it may not be possible to answer all of them tonight but would you be prepared to undertake to provide answers to them by e-mail within the next week or so?
KentErtugrul: Hello Jim, I very much appreciate that you are concerned about privacy online. So are we. Not only do we undertake to answer all of your questions, but I would be happy to speak with you directly should you so wish
phil: why have the isp's not given us user more information about the service?
KentErtugrul: Quite frankly because it has not launched yet. I believe that much of the concern stems from the fact that we are halfway between announcing that we will launch and actually launching. I know for a act that the number one goal of ISPs is transparency. Each and every consumer being offered the service will be aware of the fact that it is on and that it is a choice, when the time comes to launch
phil: Could you explain how your system works if no data is stored - how do you categorise information relating to my web browsing
MBurgess: The system works by matching a data digest of information from each web page browsed (URL, page keywords and search terms) to advertiser-defined product categories we call 'Channels'. The data digest is first cleaned to remove as far as possible information like email addresses, numbers, and names (and we ignore form fields) and once the match is made, the data is immediately thrown away. All that is left is a note of which advertising category was matched, the random number we have allocated to your browser, and a timestamp. This is enough information to accurately target an ad in future, but cannot be used to find out a) who you are, or b) where you have browsed.
Privacy.Watch: Hi. We're a loose coalition of IT developers worried about the impact of such edge-of-protocols technology as Phorm is about to deploy. The consensus reached after examining all information released by Phorm is that, because the unique [random] user ID is stored in a cookie on the client machine, and only stored in a cookie, that Phorm must use some level of HTTP redirection in order to read the UUID for each HTTP request transmitted. This is deeply worrying to a protocols expert as there could be unintended side effects, the most obvious of which is the redirect counter in the browser being decrimented at least once or twice before the initial target site is reached. BT report trials are about to start, so the software must be ready for open public trial. 10,000 people in a trial is a lot of homes and businesses to put at risk. My question is what level of testing and review has been undertaken to ensure that the new technology does not break existing features of the internet that have come to be relied on?
MBurgess: The system has been very thoroughly tested, and operates on a whitelist basis - it checks the HTTP user-agent and confirms that the specific browser is one of those for which detailed testing has been carried out.
Jim_Murray: Perhaps the most often asked question is 'Why is this opt-out and not opt-in?' Could you explain why, when so many people have expressed this as a concern you do not insist to all partner ISP's that participation can be on an opt-in basis only?
KentErtugrul: I think that the real issue is transparency. When users were polled as to their reaction to a product which reduces the amount of rubbish advertising and protects people from online fraud, the most common response was not "how horrible please don't do it". It was "why is it that ISPs, if they can do this, are not doing it automatically already? I have a question for you: Imagine that your mother has a credit card number stolen through a phishing attack and all of her money is stolen. This happens thousands of times a year. How would you explain to her that she had the opportunity to protect herself but did not because the capability was not switched on automatically? The main goal as we move forward is to strike the right balance by achieving full transparency and knowledge of what is being offered.
Jim_Murray: You claim you store, and I quote, 'NO DATA AT ALL' - how then are you able to match a user's likely interests with an advertiser? To do this, at least some information must surely be stored?
KentErtugrul: Thank you for the opportunity to answer factual question. Here is how it works: as the random number representing the user browses, we match the behavour to product categories in real time based on hat they are doing. But then, in REAL TIME, we delete the reasons for matching the number to a product category: Where they were, what they searched for, and so on: We only retain three things: a random number, product categories against those number, and time stamps representing when they were matched to he product category. NOTHING ELSE.
This is why this is truly a revolution in online privacy: Compare and contrast this with some of the largest websites: they store everything you search, everywhere you go, together with IP addresses and a great deal of information. This represents a giant step forward for online privacy, because not only does it work better for advertisers, it does not store browsing history, is completely anoymous and gives users a clear ON/OFF switch
phil: Could you explain the difference between the phorm system and google - until i read about phorm i was not aware that google even stored information about my web browsing?
MBurgess: Many web-sites and search engines record information about the connections that you as a user make to their site. Typically this will include your IP address, and information such as URLs and the search terms you enter ("Clickstream data"). They will also often drop a cookie into your browser so that this clickstream data can be referenced later on, or even associated with data from other sites. The clickstream data is often used for data analysis or even sold on to third parties, and is typically retained for long periods - months or years.
We use a cleaned subset of clickstream information to mach with advertising channels, store the match, and throw the data away. We use a cookie only to distinguish your browser from others on the internet, and we never share data with anyone.
Jim_Murray: Thank you for your undertaking, I can be reached via e-mail at [email protected] and look forward to hearing from you shortly.
KentErtugrul: I will contact you shortly. Thank you for the opportunity to respond
compo: you say It represents a big step forward against online fraud, how can we be sure that your system will not cause fraud?
KentErtugrul: I am not sure how that would be remotely possible. It never knows who you are, never knows where you have been and is simply an engine to show advertising and phishing warnings. How could it be used to cause fraud?
suz: You say customers have been polled. Im a BT customer and I have not been polled. Why not?
KentErtugrul: Not all customers were polled, just a sample. That being said, you could consider the notice which you will receive when webwise is switched on as a sort of poll. If you do not find it useful, it is extremely simple to have no part of it
www.StopPhorm.bebo.com: Further to the Opt-in question by Jim_Murray, were the Customers advised what the Software would entail? Therefore were they aware what they were polling for?
KentErtugrul: yes - the goal was to receive a true estimation of what the broad customer reaction to be, not to generate the "right answer". The ISPs value nothing more than the bond of trust with their customer
not-telling: Will browser add-ons like TrackMeNot cause you any problem in profiling browsing habits?
MBurgess: I think there are two questions here - 1. will browser add-ons cause a problem when browsing under the Webwise service? - to which the answer is no. 2. Are add-ons a way to avoid profiling? - to which I would say it's easier to opt out of the service using one of the browser-based methods we provide.
compo: If you want full transparency why are you not being honist about your past with rootkits and spywear
KentErtugrul: I think that you will find it hard to find an interview where I do not acknowledge our history in the adware business. I talk about the fact that it is systematically confused with spyware, that nevertheless we decided that it was inconsistent with our goals and we discontinued that business despite the fact that we were a profitable, publicly traded company
Huw_Jerse: Follow-up question: You're improving security by allowing the (non-literate) user the choice to carry on to a site that's phishing?
MBurgess: Yes, in the end you have to give people the choice, having first warned them that the site is potentially fraudulent. We make the warning clear and the process easy, but the final say has to be with the user.
www.StopPhorm.bebo.com: Will you provide a Child Safe Option so that after I play Poker, my kids will not be bombarded with PokerSite Ads?
KentErtugrul: We are taking a broader approach than that. We are not accepting any advertising at all which, i shown to the wrong person, could cause discomfort. So, for example, no adult, no medical
system: How does the system deal with POST requests? IE, when a form is submitted via the POST method.
MBurgess: Hi, POSTs are not analyzed.
narcosis: Many new phishing sites appear all the time. What assurances do you give that this list is THE most current up-to-date list available ? Is this list maintained by another 3rd party or by users reporting sites to yourselves ?
KentErtugrul: We cannot guarantee that this will always contain a full list of all of the current phishing sites. What we can say is that this will be as real time a system as there is, that you will not need to download, maintain or switch anything on, and that we will constantly work to imporve the quality of the service. We also intend, as soon as possible, to extend the service to know spyware / malware download sites based on consumer feedback
compo: Is the opt out a full opt out or an opt out of your advertising
MBurgess: When you opt out, you will no longer see our targeted advertising, and no browsing data will be analysed. Of course, you'll still see ads in the pages you visit, they are just likely to be irrelevant ones.
PaulB: Kent, I raise the issue in the last chat about the lies going around about Phorm and the webwise system. We are still to get any more information realsed on the system is their any reason for this? I am still swaying on whether to say yay or neh to the system. Before it was a big no no but it doesn't seem all that bad now
KentErtugrul: Over time, we are very confident that the system will bring grat benefits. It will make it possible for ads to be relevant / helpful wherever you browse. Think of it as "google while browsing". It will make the creating websites a much more worthwhile exercise for all sites, not just a few. It will stimulate the creation of masses of additional, free content for consumers to enjoy. But most of all, it will always remain a choice. If you have any doubts at all about the system, I suggest that you not take part until such time, if ever, that you become comfortable
not-telling: I'm getting conflicting information in the articles I read. If I block cookies from webwise.net will my data be processed by the profiler server?
MBurgess: ISPs' networks all vary and their implementation of the Phorm system will vary accordingly, but ignoring for a moment the specifics of the network and the names of servers, the bottom line is: If you block cookies from webwise.net, you will be treated as opted-out and the ISP will not pass any of your browsing data to Phorm.
compo: please explain the following in your patent "The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc.". Do you collect IP addresses or not. If it is not you have misrepresented yourself at the patent office
KentErtugrul: We absolutely do not collect or use IP addresses in any shape or form. Remember that a patent is not a description of how a system works. The patent lawyer's job is to decribe all of the possible ways in which a system might have worked in order to protect the company's intellectual property. We believe that IP addresses are personally identifiable information and should never be used
no_ads: how much did you pay the bbc to show you in a good light?
KentErtugrul: lol - nothing I promise. All we ask for is the chance to describe the system as it is and not as it is being described for us
Southern_Spur: How did you get Privacy International to endorse your system?
KentErtugrul: This was my confusion I apologise. The endorsement was in fact from Simon Davies, the MD of 80 / 20 who is also a director of privacy international. My apologies for the confusion. I will however say that we welcome the scrutiny of any privacy organisation. We are proud of the breakthrough which we have achieved on privacy and believe that it sets an example for all to follow
narcosis: Why are you using a cookie when it is obviously possible to route users data around the Phorm equipment/profiler as shown by recent statements by Carphone Warehouse ?
MBurgess: We favour a browser-based approach for several reasons:
1. It allows different people who share the same broadband connection to make their own choice about using the system.
2. It allows that choice to move with them if they, e.g. if they use the same laptop at home and at work, or travelling.
3. It is transparent - the user knows their status and it is consistent.
compo: why have you not had an audit done in the UK under Uk law
KentErtugrul: we would be happy to do that. In fact we believe that meet the highest privacy standards anywhere. We believe that we go even further and achieve a standard not even contemplated by legislation. No knowledge of who you are, no storage of browsing histroy, full and transparent choice
PaulB: Kent, another question. You say this is a privacy revolution and no data is stored yet I have seen you quoted on some websites as saying its kept for 6 months
KentErtugrul: No we do no store data for six months. What we store for six months are only the product categories against random numbers
serial: Why have you decided to "pilot" your system in the UK and not the US?
KentErtugrul: I grew up here. Despite the accent, this is home.
serial: Is the profiler machine given to the ISP by phorm or just the software?
narcosis: Follow up to compo's question: You said "and no browsing data will be analysed." , but it still goes TO the profiler ?
MBurgess: Answering the points from "compo" and "serial" together -
The particular server or software is less important than who controls them. The ISP will own the equipment but it may be running software from Phorm. However, the ISP has full visibility of the data that is flowing, and full control over it. As I said, the bottom line is that the ISP ensures that if you opt out, your data is never passed to Phorm.
KentErtugrul: It has been a long day and I have to get to bed. I promise that we will do this as often as necessary. There were a number of questions which we could not get to. We will try to thoroughly address all areas of concern. Virtually all of the answers can be found in our general FAQs on our website. Nevertheless I look forward to doing this again. Good night. Best, Kent
-------------
Unanswered questions :
Q: With due resepect, anyone using anything aproaching a modern internet browser is already protected from such attacks automatically. Further, once the actual system is explained to people the overwhelming reaction has been highly negative, not positive. Your answer does not address the core question of why this technology is not opt-in only, if it is of such benefit to users then surely they will enable it themselves and not require to be coerced into it by their service provider?
Q: It has been pointed out that the user-agent string used by mail clients such as outlook (and potentially others) when retrieving remote images or embedded pages is identical to that of the installed version of internet explorer. How do you intend to avoid profiling the content of these requests in line with your stated policy not to profile (web)mail?
