Phorm answers your questions
Below is the response we received to your questions (you can find the original question list here). We have purposely posted this unedited, feel free to discuss and analyise the answers on the forums.
OPT OUT/OPT IN COOKIE
Q1. If I have a cookie that has previously been tracking my "interests" and I delete that cookie, when I next browse the net with Webwise turned on will I be assigned a new, unique ID that has no relationship with the old cookie?
A1. Yes, a new pseudorandom cookie is assigned to the browser and it has no relationship to the old cookie or anything else.
Q2. What happens to the data assigned with the old cookie ID?
A2. The data will expire.
Q3. How long is that old data kept for?
A3. Channel associations are stored for no longer than 6 months – remember that we do not store personally identifiable information, do not store IP addresses and do not store browsing history
Q4. Can you show us what information an opt in cookie holds and what information an opt out cookie holds?
A4. The Opt-in cookie has the name “UID” and holds a 16-byte pseudorandom value. It is not encrypted and has an expiry time of 1 year. The opt-out cookie has the name “OPTED_OUT”, and the value “YES”.
Q5. Phorm do not publish the specification for their cookies. Show us the specification.
A5. See A4 above.
Q6. Just to confuse things they say that in order to permanently opt-out you just block webwise.net and never get the cookie. Oh hang on don't you need to opt-out and GET a cookie. Therefore, how does the cookie opt-out actually work?
A6. The system only analyzes the data of opted-in users (i.e. those with a valid UID cookie). That cookie cannot be set if the domain is blocked or if there is an OPTED_OUT cookie, so either method is valid.
SECURITY
Q7. Does OIX take any precautions against the insertion of malicious advertising (ie. iframe exploits) by advertisers subscribed to the Phorm system?
A7. Yes we QA all content
Q8. Are Phorm's servers within the ISP prebuilt (OS & software wise) by Phorm, or are they built by ISP technical groups following instructions given by Phorm?
A8. Prebuilt by Phorm.
Q9. Is all Phorm proprietary software delivered in unobfuscated source form to the ISPs and compiled by trustworthy employees of the ISP?
A9. No, ISPs don’t get access to the source code.
Q10. Will the Phorm source code be made openly available for public inspection (without of course impacting on Phorm's proprietary rights)?
A. We are looking into the possibility of an independent software expert reviewing our code, but in a way which protects our intellectual property.
Q11. Do Phorm or Phorm agents have any physical access to these servers?
A11. No, unless there is a need for maintenance or an update, authorized by the ISP.
Q12. Do Phorm or Phorm agents have any remote access to these servers, other than to passively download information?
A12. No, and there isn’t such access even to passively download information.
Q13. In particular, can Phorm perform any remote configuration on these servers?
A13. No, unless there is a need for maintenance or an update, authorized by the ISP.
PRIVACY
Q14. My ISP has details of all my other preferences relating to my Internet connection so why can they not record the fact that I do/do not wish to have my data scanned & tagged instead of using a cookie?
A14. There’s no reason why your ISP could not decide to take a non cookie approach to opting out. They will inform you of any such arrangements.
Q15. You say webmail sites are excluded - how? I run my own domain and access e-mail via my domain’s webmail site, not one of the big branded ones.
A15. We maintain a list of webmail sites and we do not analyze their pages. In any case the content of all sites is protected by the way the system works: it takes a 'top 10' of the repeated keywords from the page and matches them against a list of advertising categories, then throws the keywords away. The categories ("Channels") are policed to ensure they do not contain personal information or match sensitive behaviours such as medical or porn. This means that unless a word from a page is a) repeated b) is one of the top 10 and c) is found in a legitimate list of advertising keywords, then it is ignored. This means that your personal information cannot be matched and it passes unnoticed by the system.
Q16. Did 80/20 perform a forensic audit of the source code of your applications?
If not, what did they audit?
A16. 80/20 Strategic Thinking is current producing a privacy impact assessment of the Phorm technology ranging from an analysis of the privacy functionality of the system and privacy reporting procedures to privacy training for employees. They have not completed a forensic audit of the source code, but we are looking into the possibility of an independent software expert reviewing our code, in a way which protects our intellectual property.
Q17. Could you release the names amd contact details of the authors of this report, with details of their technical competencies to undertake the work?
A17. The 80/20 Strategic Thinking report is being produced by privacy experts Simon Davies.
80/20 Thinking is a consulting business founded and run by Managing Director Simon Davies, who is also a director of Privacy International, one of the leading privacy advocacy bodies. We chose 80/20 Thinking because Simon Davies has spent the best part of thirty years championing consumer privacy and railing against infringements. We wanted our systems and policies to be open to the kind of unforgiving scrutiny Simon brings.
Q18. Phorm claim to have an unpublished white list of application 'agents' which they don't target. Show us the list.
A18. Phorm operates a white-list of supported user agent strings, comprising the leading browsers Internet Explorer, Firefox and Opera. All other user-agents, including non-browser types, are ignored.
Q19. Phorm claim to have a black list of webmail sites which they don't target.
Show us the list.
A19. We maintain a list of the top webmail sites and we do not analyze their pages. In any case, however, the content of all sites is protected by the way the system works: it takes a 'top 10' of the repeated keywords from the page and matches them against a list of advertising categories, then throws the keywords away. The categories ("Channels") are policed to ensure they do not contain personal information or match sensitive behaviours such as medical or porn. This means that unless a word from a page is a) repeated b) is one of the top 10 and c) is found in a legitimate list of advertising keywords, then it is ignored. This means that personal information cannot be matched and it passes unnoticed by the system.
The list is continually being expanded. We have no plans to publish this list as anything published today would be quickly out of date.
Q20. Phorm categorise you, but have not published the categories your identity will be associated with. Show us the list.
A20. That’s not accurate – we don’t categorise individuals.
It's important to understand there are two distinctly separate processes in the Phorm system: data capture and ad serving. The data capture system only stores one item of information on your computer -- a random number. The random number is the only thing that distinguishes your browser from the millions of others on the internet. It does not contain any information about you or your computer. The only person able to make that connection is you, as you have that cookie in your browser.
As you browse your browsing behaviour is matched against pre-defined advertiser categories for everyday products e.g. travel or sport.
No urls, browsing histories or IP addresses are retained and the raw data used to make the match is deleted in real time -- by the time the page loads. There is, in essence, no data other than the categories and the random number stored in the system and so it's impossible to know (or indeed reverse engineer from that) who you are or where you've been.
In the ad serving phase, when your computer requests an advert from the OIX (because a website has included our tag in their page), the browser sends the random number and the categories are used to deliver the targeted ad, not the details of your browsing, or anything about you or your computer.
OPT OUT
Q21. Why is this system opt-out instead of opt-in.
A21. We are offering user a choice. They can opt out or in at any time
It’s worth noting that the very first thing you will see when you go online after the technology has been deployed is a full-page notice and at that point you can decide to opt out. In line with our commitment to transparency, you will see banner ads saying that Webwise is on. So if you don't want it, you will be able to click on these ads and switch them off.
Q22. There have been reports that you ignore form fields, yet you clearly don't if you gather search terms and search terms are submitted via form fields. Can you clarify this?
A22. So to be clear: we obtain search terms from GET submissions to known search engines. All other form fields are ignored.
Q23. Can you assure us that an opt-out ensures that no data of any kind passes through or is mirrored to the Profiler?
A23. ISP infrastructures and server installations vary widely, so discussion of particular servers is not useful. When you opt out -- or switch the system off -- it's off. No browsing data whatsoever is passed from the ISP to Phorm. It should also be stressed that the Phorm servers are located in the ISP's network and browsing data is not transmitted outside the ISP.
MISCELLANEOUS
Q24. These are my demands to my ISP and, I believe, my lawful entitlements. Will Phorm ensure that this is easily adhered to?
i) There must be opt-in at all levels.
ii) You must obtain explicit, positive consent.
iii) No requirement can exist so that the customer's connected equipment is responsible for maintaining any status of point 1 and 2, in particular point 2 not being obtained. Point 3 implies that opt-out is assumed where no information to the contrary is present.
A24. What we can say is that it is very clear and transparent that users have a choice. They can opt out or in at any time
It’s worth noting that the very first thing you will see when you go online after the technology has been deployed is a full-page notice and at that point you can decide to opt out. In line with our commitment to transparency, you will see banner ads saying that Webwise is on. So if you don't want it, you will be able to click on these ads and switch them off.
OPT OUT/OPT IN COOKIE
Q1. If I have a cookie that has previously been tracking my "interests" and I delete that cookie, when I next browse the net with Webwise turned on will I be assigned a new, unique ID that has no relationship with the old cookie?
A1. Yes, a new pseudorandom cookie is assigned to the browser and it has no relationship to the old cookie or anything else.
Q2. What happens to the data assigned with the old cookie ID?
A2. The data will expire.
Q3. How long is that old data kept for?
A3. Channel associations are stored for no longer than 6 months – remember that we do not store personally identifiable information, do not store IP addresses and do not store browsing history
Q4. Can you show us what information an opt in cookie holds and what information an opt out cookie holds?
A4. The Opt-in cookie has the name “UID” and holds a 16-byte pseudorandom value. It is not encrypted and has an expiry time of 1 year. The opt-out cookie has the name “OPTED_OUT”, and the value “YES”.
Q5. Phorm do not publish the specification for their cookies. Show us the specification.
A5. See A4 above.
Q6. Just to confuse things they say that in order to permanently opt-out you just block webwise.net and never get the cookie. Oh hang on don't you need to opt-out and GET a cookie. Therefore, how does the cookie opt-out actually work?
A6. The system only analyzes the data of opted-in users (i.e. those with a valid UID cookie). That cookie cannot be set if the domain is blocked or if there is an OPTED_OUT cookie, so either method is valid.
SECURITY
Q7. Does OIX take any precautions against the insertion of malicious advertising (ie. iframe exploits) by advertisers subscribed to the Phorm system?
A7. Yes we QA all content
Q8. Are Phorm's servers within the ISP prebuilt (OS & software wise) by Phorm, or are they built by ISP technical groups following instructions given by Phorm?
A8. Prebuilt by Phorm.
Q9. Is all Phorm proprietary software delivered in unobfuscated source form to the ISPs and compiled by trustworthy employees of the ISP?
A9. No, ISPs don’t get access to the source code.
Q10. Will the Phorm source code be made openly available for public inspection (without of course impacting on Phorm's proprietary rights)?
A. We are looking into the possibility of an independent software expert reviewing our code, but in a way which protects our intellectual property.
Q11. Do Phorm or Phorm agents have any physical access to these servers?
A11. No, unless there is a need for maintenance or an update, authorized by the ISP.
Q12. Do Phorm or Phorm agents have any remote access to these servers, other than to passively download information?
A12. No, and there isn’t such access even to passively download information.
Q13. In particular, can Phorm perform any remote configuration on these servers?
A13. No, unless there is a need for maintenance or an update, authorized by the ISP.
PRIVACY
Q14. My ISP has details of all my other preferences relating to my Internet connection so why can they not record the fact that I do/do not wish to have my data scanned & tagged instead of using a cookie?
A14. There’s no reason why your ISP could not decide to take a non cookie approach to opting out. They will inform you of any such arrangements.
Q15. You say webmail sites are excluded - how? I run my own domain and access e-mail via my domain’s webmail site, not one of the big branded ones.
A15. We maintain a list of webmail sites and we do not analyze their pages. In any case the content of all sites is protected by the way the system works: it takes a 'top 10' of the repeated keywords from the page and matches them against a list of advertising categories, then throws the keywords away. The categories ("Channels") are policed to ensure they do not contain personal information or match sensitive behaviours such as medical or porn. This means that unless a word from a page is a) repeated b) is one of the top 10 and c) is found in a legitimate list of advertising keywords, then it is ignored. This means that your personal information cannot be matched and it passes unnoticed by the system.
Q16. Did 80/20 perform a forensic audit of the source code of your applications?
If not, what did they audit?
A16. 80/20 Strategic Thinking is current producing a privacy impact assessment of the Phorm technology ranging from an analysis of the privacy functionality of the system and privacy reporting procedures to privacy training for employees. They have not completed a forensic audit of the source code, but we are looking into the possibility of an independent software expert reviewing our code, in a way which protects our intellectual property.
Q17. Could you release the names amd contact details of the authors of this report, with details of their technical competencies to undertake the work?
A17. The 80/20 Strategic Thinking report is being produced by privacy experts Simon Davies.
80/20 Thinking is a consulting business founded and run by Managing Director Simon Davies, who is also a director of Privacy International, one of the leading privacy advocacy bodies. We chose 80/20 Thinking because Simon Davies has spent the best part of thirty years championing consumer privacy and railing against infringements. We wanted our systems and policies to be open to the kind of unforgiving scrutiny Simon brings.
Q18. Phorm claim to have an unpublished white list of application 'agents' which they don't target. Show us the list.
A18. Phorm operates a white-list of supported user agent strings, comprising the leading browsers Internet Explorer, Firefox and Opera. All other user-agents, including non-browser types, are ignored.
Q19. Phorm claim to have a black list of webmail sites which they don't target.
Show us the list.
A19. We maintain a list of the top webmail sites and we do not analyze their pages. In any case, however, the content of all sites is protected by the way the system works: it takes a 'top 10' of the repeated keywords from the page and matches them against a list of advertising categories, then throws the keywords away. The categories ("Channels") are policed to ensure they do not contain personal information or match sensitive behaviours such as medical or porn. This means that unless a word from a page is a) repeated b) is one of the top 10 and c) is found in a legitimate list of advertising keywords, then it is ignored. This means that personal information cannot be matched and it passes unnoticed by the system.
The list is continually being expanded. We have no plans to publish this list as anything published today would be quickly out of date.
Q20. Phorm categorise you, but have not published the categories your identity will be associated with. Show us the list.
A20. That’s not accurate – we don’t categorise individuals.
It's important to understand there are two distinctly separate processes in the Phorm system: data capture and ad serving. The data capture system only stores one item of information on your computer -- a random number. The random number is the only thing that distinguishes your browser from the millions of others on the internet. It does not contain any information about you or your computer. The only person able to make that connection is you, as you have that cookie in your browser.
As you browse your browsing behaviour is matched against pre-defined advertiser categories for everyday products e.g. travel or sport.
No urls, browsing histories or IP addresses are retained and the raw data used to make the match is deleted in real time -- by the time the page loads. There is, in essence, no data other than the categories and the random number stored in the system and so it's impossible to know (or indeed reverse engineer from that) who you are or where you've been.
In the ad serving phase, when your computer requests an advert from the OIX (because a website has included our tag in their page), the browser sends the random number and the categories are used to deliver the targeted ad, not the details of your browsing, or anything about you or your computer.
OPT OUT
Q21. Why is this system opt-out instead of opt-in.
A21. We are offering user a choice. They can opt out or in at any time
It’s worth noting that the very first thing you will see when you go online after the technology has been deployed is a full-page notice and at that point you can decide to opt out. In line with our commitment to transparency, you will see banner ads saying that Webwise is on. So if you don't want it, you will be able to click on these ads and switch them off.
Q22. There have been reports that you ignore form fields, yet you clearly don't if you gather search terms and search terms are submitted via form fields. Can you clarify this?
A22. So to be clear: we obtain search terms from GET submissions to known search engines. All other form fields are ignored.
Q23. Can you assure us that an opt-out ensures that no data of any kind passes through or is mirrored to the Profiler?
A23. ISP infrastructures and server installations vary widely, so discussion of particular servers is not useful. When you opt out -- or switch the system off -- it's off. No browsing data whatsoever is passed from the ISP to Phorm. It should also be stressed that the Phorm servers are located in the ISP's network and browsing data is not transmitted outside the ISP.
MISCELLANEOUS
Q24. These are my demands to my ISP and, I believe, my lawful entitlements. Will Phorm ensure that this is easily adhered to?
i) There must be opt-in at all levels.
ii) You must obtain explicit, positive consent.
iii) No requirement can exist so that the customer's connected equipment is responsible for maintaining any status of point 1 and 2, in particular point 2 not being obtained. Point 3 implies that opt-out is assumed where no information to the contrary is present.
A24. What we can say is that it is very clear and transparent that users have a choice. They can opt out or in at any time
It’s worth noting that the very first thing you will see when you go online after the technology has been deployed is a full-page notice and at that point you can decide to opt out. In line with our commitment to transparency, you will see banner ads saying that Webwise is on. So if you don't want it, you will be able to click on these ads and switch them off.
