Phorms Answers (part3)
Welcome to Webwise Live Chat - this is a moderated forum. Due to the large volume of questions, we will make every attempt to answer the range of concerns but may not get to everyone in the time allotted.
adminis: "You previously stated that the categories ("Channels") are policed to ensure they do not contain personal information, if no personal information can be captured, why do you need to do this policing?"
KentErtugrul: The vetting is not just about personal information, it is also to avoid allowing channels which relate to sensitive areas. For example, we do not carry adult advertising. As a result there are no "adult" channels. Therefore it is not possiblt to capture even fully anonymouse adult browing behavour and associate this agains the random number of the browser. The vetting process give us ultimate control over which product categories are noted since we cannot note anything other than predefined categories
phail: please can you explain why you feel the need to spy on everyone?
KentErtugrul: I understand the emotional reaction whcih you have but I would lke to point out the difference between what we are doing and what you describe.
1) The is a clear and absolute choice on the part of everyone participating. NOBODY is forced in
2) This represents a dramatic step forward in online privacy. Look in your browser right now. You have probably been cookied by over one hundred different sites, which have noted your presence, stored your IP address and possibly tied it into other information which you may have given up elsewhere. You never gave permission for this to happen. People are losing privacy today because there is no place which serves advertisers' purpose of maximising relevance whilst at the same time handing consumers a clear on off switch. And which does this without storing any browsing history. This is what this does and this is why Webwise in fact represents the best defense which consumers have AGAINST spying
Dean_Lee: I hear that if I take my laptop abroad, and use a Phorm ISP there, my channel info will be fetched across from the UK, so my ads stay targeted . That’s pretty cool. But which ISP gets to share the revenue, my UK one or my foreign one?
KentErtugrul: Revenue is attributed to whichever ISP is providing you with the connectin at the time. In due course, this provides users with the real possibility of cheap / free wireless internet connections wherever they may roam
narcosis: If you read RFC2965 you'll see there is no such thing as a TLD multi site cookie or a global style cookie. How does your cookie get read by different sites to display ad's or ignore the user (due to being opted out) ?
MBurgess: Yes, you are right. But this is a standard cookie that is only read by Phorm system, i.e. the webwise.net domain. Ads are displayed by the Phorm system only - Advertisers and the sites on which their ads are shown never see the cookie, and no user data is ever passed to them.
tinfoilhat: When connecting to a website that carries OIX ad space, does that site have any access to the UID cookie? Is the random user number visible to that site?
phail: Why should anyone trust you, you are well known for creating spyware / adware, I think the phrase "a leopard never changes their spots" is appropriate, what's to stop you changing the collection of our personal data to suit your own ends?
KentErtugrul: If you in fact look at the facts of the case rather than some of the things which have been written, you will see that we have one of the most "blue chip executive teams, boards, business partners and investors of any publicly traded internet company in the UK, that our history in the adware business is a matter of public record as the only adware company ever to be traded on the stock exchange. As far as changing the system is concerned, we have invited Ernst and Young to regularly inspect all of our claims. We are issuing an open invitation to the privacy community to do the same. We have nothing to hide now, and we never will.
MBurgess: No, per the answer to the last question the website cannot see the random number.
MarkH: we've seen constant claims that 80/20 were supporting the phorm systems, yet after reading the report, most people seem to interpret it as they have raised more questions than they have given support, so did you knowingly mislead people?
KentErtugrul: The content of the report is self evident. We fully support sharing its contents and conclusions and we believe that anybody reading it with an open mind will agree that it supports our claims
phail: Wrong. Virgin and BT are both currently operating an OPT-OUT solution, which would mean all users are opted in by default, and even if they are opted out OUR data is mirrored on phorm servers, regardless of whether the data is used, you ARE collecting it. I am quite capable of securing my own internet, without the need of some poor excuse of an anti phising filter, packaged with adware & data collection, which I haven't given my permission for you to collect!
KentErtugrul: When a user opts out, the system is OFF. There is no data collection at all
narcosis: As you have a (temporary) copy of each webpage everyone visits (for offline profiling purposes) and you SAY you discard irrelenvant information, should you be asked to by an authorative figure/body could you easily change the code in the profiler to store/forward the webpages visited to said figure/body ?
MBurgess: No, in these situations, the bodies you describe can request information that is stored in the normal course of operations, but they cannot request a change in the system itself. In our case, the information we store is only advertiser category, random number, and timestamp, which contains nothing of interest to the authorities and far less than can be obtained from the ISP under a court order.
harry_tuttle: How do Phorm/OIX envisage the nature of profiling web users advancing into the future? It surely won't remain a limited list of simple keywords and categories forever?
KentErtugrul: We believe that we have come up with a way of providing a very powerful tool for advertisers which does not need to change in order to provide ever greater value to both advertisers and consumers. It can never evlove past the point where it compromises privacy, since privacy is the essential condition which makes this technology possible. We also believe that in due course anybody who objects to the system will feel that it is safe once they have understand how it works, and that until then they will freely exercise their ability to opt out and not take part
canonicaluser: What is your relation to the NebuAd company in the US, who seem to have the same technology; whose technology is it?
MBurgess: We have no relationship to NebuAd, and our technology is our own...
tinfoilhat: Will I be able to see the channels against which I am matched? If so, would I be able to disable a particular channel if I am no longer interested in its contents (eg, I've recently been searching for cars, then got a new one and don't want anymore car ads)?
KentErtugrul: In fact, not even we can see the channels which any particular random number can match. There is no interface for that as a privacy safeguard. Anybody opting out or deleting their cookie will be permantly disassociated from previous channel matches by either being assigned another number (cookie delete) or opted out. Think of how much more powerful that is than other systems which store your IP address and everything you search for. In those cases, information stored is PERMANENTLY associated with you. We believe that we provide a much better way forward and leading privacy advocates who have taken the time to see how our system works agree
narcosis: FIPR have stated "Users should have to opt in to such a system" & "We believe this is also required under European data protection law; failure to establish a clear and transparent "opt-in" system is likely to render the entire process illegal and open to challenge in UK and European courts.". Do you have any response for this ?
KentErtugrul: We believe that once we have met with FIPR hey will have a better understanding of how the system works and will be supportive of us as an example to others of state of the art privacy protection. We will be doing so shortly
paul: why should I user your anti phishing service instead of say firefox? Where is the value there? Firefox is free.
KentErtugrul: It turns out that the people who are most likely to download browser plug-ins and update security systems are the ones who are the least likely to be the victims of a phishing attack. The general public, time after time in polling, see it as perfectly natural that they should be automatically protected by their ISP by default if they can do so
JoeUser: Are ads fetched from ISP local servers that are behind the anonymizer or do the ad servers see your IP Address? Is the UID cookie sent to the ad servers?
MBurgess: The ad-servers are colocated within the ISP, and they do see the UID cookie, but they do NOT see the IP address.
paul: Are you not trying to solve a problem that just does not exist for the user? I think my ad targeting is fine thank you, I do not want it to be more targeted.
KentErtugrul: In that case it is the simplest thing in the world for you not to take part. However when you ask general internet users what their biggest concerns / irritations are over the internet, they consistenly say two things: online fraud and the amount of untargeted advertising with which they are bombarded on the internet. That is what webwise addresses. Furthermore, why is it a bad thing to create an environment where all websites, not just a handful, can make money by providing interesting content on the internet? We believe, and many consumers believe, that that would make the web a far more interesting place. That being said, as I said at the start, IT IS A CHOICE. YOU DO NOT HAVE TO TAKE PART IN IT
harry_tuttle: Now that Phorm have said that the 14-day logs will only include system 'health' information and no 'anonymised' user data, how will they debug and refine the system? How is it possible to do anything if you only ever see what comes out and never what goes in? How can a system like that be audited?
MBurgess: Debugging will proceed on the basis of the exceptions raised, and the usual process of attempting to replicate and diagnose the error in a test system. The error will be localized in a particular module and traced down from there.
The question on auditing is slightly different - you can audit a system precisely by looking at what goes in and what comes out (which the ISP and external auditors can do). We are also investigating the possibility of having an independent technical expert audit the source code of the data capture elements of the system (subject to protecting our intellectual property, of course).
phail: Why do you feel that it is acceptable to track my browsing history, then force feed me targeted advertising based on that history? What gives you the right to look at MY personal history? It doesn't belong to the ISP, it belongs to ME. Will you be paying me for the dubious privilege of "targetted advertising"?
KentErtugrul: It is a choice. You do not have to take part in it if you do not wish
paul: "The general public, time after time in polling, see it as perfectly natural that they should be automatically protected by their ISP by default if they can do so." Are you saying that you are the only way an ISP can protect its users?
KentErtugrul: No but this is a great opportunity to extend such a real time protection nationwide and snuff out phishing sites as they occur. We will soon be extending that to spyware download sites
Bob: I see the point in your system to block unwanted content. However where/why does advertising come into it? Apart from giving you and the isp new revenue streams. You could make money out of enhancing the users control of their internet access (phishing, adult filtering) and not focusing on delivering relivant adds. as this is sort of pulls against what the main point of the system is. ie. to protect users from phishing sites.
KentErtugrul: Some people see most value in blocking content, others see it in reducing irrelevant advertising. If you ar convinced of neither, you are absolutely free to not take part. Large scale polling sugested that there was strong interest in both
Dean_Lee: I can see the effort to preserve anonymity, but I don’t quite grasp the details of the process of ad serving, and what the dialogue sequence is. Can you please walk us through the User/Phorm/OIX/Website dialogue steps when I visit website XYZ which is in OIX , and is going to serve me an ad based on my UID cookie?
MBurgess: OK - deep breath:
1. The web site creates the web page with a hole in it for an ad (which could come from Phorm or e.g. DoubleClick) into which they insert a Phorm tag.
2. Your browser downloads the page and processes the tag, which directs it to request an ad from the Phorm ad server, which is in the domain webwise.net. 3. Your browser sends the UID cookie value as part of the request, and the ad-server, which has access to the channel-match information including that UID, can therefore select and return an appropriate ad.
4. Your browser displays the ad inside the web page.
paul: how do you know a user has opted out, surely that in itself is a breach of my privacy?
KentErtugrul: There are different wasy of opting out, 1) cookie based by placing and OPTED OUT cookie 2) by excluding cookies from our domain in your browser which is permanent and browser side and 3) a permanent network based opt out which will opt you out while you are on the current network. I personally believe that 2) is the most effective long term permanent opt out, but all will be available. Any of these, however, is far cry from the present system where you are effectively leaking data as you browse through the dropping of traking cookies wherever you go. We believe that this represents a major and necessary upgrade to the present, broken system of privacy protection
paul: "Think of how much more powerful that is than other systems which store your IP address and everything you search for. In those cases, information stored is PERMANENTLY associated with you. " Those systems are distributed across hundreds of organisations, which is not a threat to my privacy they may hold 1% of my online activity. Your are one organisation, holding data up to 100% of my activity and you are operating on a service basis (i.e. at the ISP) is that not a bigger threat to my privacy?
KentErtugrul: In fact although the organisations holding data may appear to be discparate, the data is more often than not tied into larger databases. You have no control over that. We give you back control
j8jweb: What do you perceive as the biggest threats to your business model?
KentErtugrul: The inability to address the concerns of every member of the public who does not fully understand that this represents a giant leap forward for privacy rather than the opposite
MarkH: so why have BT staff stated they are having to design an opt-out mechanism that will ensure the customers data will never enter your systems despite your claim that no data passes to it when the customer opts out?
KentErtugrul: because it more effectively addresses the perception issue. The reality is that the current opt out system fully and effectively prevents the collection of dta
Annon101: How can you claim this is an increase in privacy when you get to view all of our web surfing habits compared to Google and Amazons small slice?
KentErtugrul: because once you have given up your search information, control over that aspect of our privacy is lost to you forever. Since we do not store any information and only ever know you by a random number stored on a cookie, deleting the cookie or opting out permanently breaks the association with anything which that cookie may have done in the past
harry_tuttle: Marc, you must mean the co-located ad-servers see your IP address but don't record it. At least one server needs to know the UID and IP address at the same time to forward the right add to the right user?
MBurgess: No Harry, the request passes through the anonymizer, which masks the iP address so the ad-server does not see it at all.
KentErtugrul: Once again, thank you all for taking part in this. Feel free to email [email protected] and we now have an interactive blog on webwise.com and phorm.com. Thanks again Kent
MBurgess: Sorry, time's up again. Thanks again and bye for now ...
adminis: "You previously stated that the categories ("Channels") are policed to ensure they do not contain personal information, if no personal information can be captured, why do you need to do this policing?"
KentErtugrul: The vetting is not just about personal information, it is also to avoid allowing channels which relate to sensitive areas. For example, we do not carry adult advertising. As a result there are no "adult" channels. Therefore it is not possiblt to capture even fully anonymouse adult browing behavour and associate this agains the random number of the browser. The vetting process give us ultimate control over which product categories are noted since we cannot note anything other than predefined categories
phail: please can you explain why you feel the need to spy on everyone?
KentErtugrul: I understand the emotional reaction whcih you have but I would lke to point out the difference between what we are doing and what you describe.
1) The is a clear and absolute choice on the part of everyone participating. NOBODY is forced in
2) This represents a dramatic step forward in online privacy. Look in your browser right now. You have probably been cookied by over one hundred different sites, which have noted your presence, stored your IP address and possibly tied it into other information which you may have given up elsewhere. You never gave permission for this to happen. People are losing privacy today because there is no place which serves advertisers' purpose of maximising relevance whilst at the same time handing consumers a clear on off switch. And which does this without storing any browsing history. This is what this does and this is why Webwise in fact represents the best defense which consumers have AGAINST spying
Dean_Lee: I hear that if I take my laptop abroad, and use a Phorm ISP there, my channel info will be fetched across from the UK, so my ads stay targeted . That’s pretty cool. But which ISP gets to share the revenue, my UK one or my foreign one?
KentErtugrul: Revenue is attributed to whichever ISP is providing you with the connectin at the time. In due course, this provides users with the real possibility of cheap / free wireless internet connections wherever they may roam
narcosis: If you read RFC2965 you'll see there is no such thing as a TLD multi site cookie or a global style cookie. How does your cookie get read by different sites to display ad's or ignore the user (due to being opted out) ?
MBurgess: Yes, you are right. But this is a standard cookie that is only read by Phorm system, i.e. the webwise.net domain. Ads are displayed by the Phorm system only - Advertisers and the sites on which their ads are shown never see the cookie, and no user data is ever passed to them.
tinfoilhat: When connecting to a website that carries OIX ad space, does that site have any access to the UID cookie? Is the random user number visible to that site?
phail: Why should anyone trust you, you are well known for creating spyware / adware, I think the phrase "a leopard never changes their spots" is appropriate, what's to stop you changing the collection of our personal data to suit your own ends?
KentErtugrul: If you in fact look at the facts of the case rather than some of the things which have been written, you will see that we have one of the most "blue chip executive teams, boards, business partners and investors of any publicly traded internet company in the UK, that our history in the adware business is a matter of public record as the only adware company ever to be traded on the stock exchange. As far as changing the system is concerned, we have invited Ernst and Young to regularly inspect all of our claims. We are issuing an open invitation to the privacy community to do the same. We have nothing to hide now, and we never will.
MBurgess: No, per the answer to the last question the website cannot see the random number.
MarkH: we've seen constant claims that 80/20 were supporting the phorm systems, yet after reading the report, most people seem to interpret it as they have raised more questions than they have given support, so did you knowingly mislead people?
KentErtugrul: The content of the report is self evident. We fully support sharing its contents and conclusions and we believe that anybody reading it with an open mind will agree that it supports our claims
phail: Wrong. Virgin and BT are both currently operating an OPT-OUT solution, which would mean all users are opted in by default, and even if they are opted out OUR data is mirrored on phorm servers, regardless of whether the data is used, you ARE collecting it. I am quite capable of securing my own internet, without the need of some poor excuse of an anti phising filter, packaged with adware & data collection, which I haven't given my permission for you to collect!
KentErtugrul: When a user opts out, the system is OFF. There is no data collection at all
narcosis: As you have a (temporary) copy of each webpage everyone visits (for offline profiling purposes) and you SAY you discard irrelenvant information, should you be asked to by an authorative figure/body could you easily change the code in the profiler to store/forward the webpages visited to said figure/body ?
MBurgess: No, in these situations, the bodies you describe can request information that is stored in the normal course of operations, but they cannot request a change in the system itself. In our case, the information we store is only advertiser category, random number, and timestamp, which contains nothing of interest to the authorities and far less than can be obtained from the ISP under a court order.
harry_tuttle: How do Phorm/OIX envisage the nature of profiling web users advancing into the future? It surely won't remain a limited list of simple keywords and categories forever?
KentErtugrul: We believe that we have come up with a way of providing a very powerful tool for advertisers which does not need to change in order to provide ever greater value to both advertisers and consumers. It can never evlove past the point where it compromises privacy, since privacy is the essential condition which makes this technology possible. We also believe that in due course anybody who objects to the system will feel that it is safe once they have understand how it works, and that until then they will freely exercise their ability to opt out and not take part
canonicaluser: What is your relation to the NebuAd company in the US, who seem to have the same technology; whose technology is it?
MBurgess: We have no relationship to NebuAd, and our technology is our own...
tinfoilhat: Will I be able to see the channels against which I am matched? If so, would I be able to disable a particular channel if I am no longer interested in its contents (eg, I've recently been searching for cars, then got a new one and don't want anymore car ads)?
KentErtugrul: In fact, not even we can see the channels which any particular random number can match. There is no interface for that as a privacy safeguard. Anybody opting out or deleting their cookie will be permantly disassociated from previous channel matches by either being assigned another number (cookie delete) or opted out. Think of how much more powerful that is than other systems which store your IP address and everything you search for. In those cases, information stored is PERMANENTLY associated with you. We believe that we provide a much better way forward and leading privacy advocates who have taken the time to see how our system works agree
narcosis: FIPR have stated "Users should have to opt in to such a system" & "We believe this is also required under European data protection law; failure to establish a clear and transparent "opt-in" system is likely to render the entire process illegal and open to challenge in UK and European courts.". Do you have any response for this ?
KentErtugrul: We believe that once we have met with FIPR hey will have a better understanding of how the system works and will be supportive of us as an example to others of state of the art privacy protection. We will be doing so shortly
paul: why should I user your anti phishing service instead of say firefox? Where is the value there? Firefox is free.
KentErtugrul: It turns out that the people who are most likely to download browser plug-ins and update security systems are the ones who are the least likely to be the victims of a phishing attack. The general public, time after time in polling, see it as perfectly natural that they should be automatically protected by their ISP by default if they can do so
JoeUser: Are ads fetched from ISP local servers that are behind the anonymizer or do the ad servers see your IP Address? Is the UID cookie sent to the ad servers?
MBurgess: The ad-servers are colocated within the ISP, and they do see the UID cookie, but they do NOT see the IP address.
paul: Are you not trying to solve a problem that just does not exist for the user? I think my ad targeting is fine thank you, I do not want it to be more targeted.
KentErtugrul: In that case it is the simplest thing in the world for you not to take part. However when you ask general internet users what their biggest concerns / irritations are over the internet, they consistenly say two things: online fraud and the amount of untargeted advertising with which they are bombarded on the internet. That is what webwise addresses. Furthermore, why is it a bad thing to create an environment where all websites, not just a handful, can make money by providing interesting content on the internet? We believe, and many consumers believe, that that would make the web a far more interesting place. That being said, as I said at the start, IT IS A CHOICE. YOU DO NOT HAVE TO TAKE PART IN IT
harry_tuttle: Now that Phorm have said that the 14-day logs will only include system 'health' information and no 'anonymised' user data, how will they debug and refine the system? How is it possible to do anything if you only ever see what comes out and never what goes in? How can a system like that be audited?
MBurgess: Debugging will proceed on the basis of the exceptions raised, and the usual process of attempting to replicate and diagnose the error in a test system. The error will be localized in a particular module and traced down from there.
The question on auditing is slightly different - you can audit a system precisely by looking at what goes in and what comes out (which the ISP and external auditors can do). We are also investigating the possibility of having an independent technical expert audit the source code of the data capture elements of the system (subject to protecting our intellectual property, of course).
phail: Why do you feel that it is acceptable to track my browsing history, then force feed me targeted advertising based on that history? What gives you the right to look at MY personal history? It doesn't belong to the ISP, it belongs to ME. Will you be paying me for the dubious privilege of "targetted advertising"?
KentErtugrul: It is a choice. You do not have to take part in it if you do not wish
paul: "The general public, time after time in polling, see it as perfectly natural that they should be automatically protected by their ISP by default if they can do so." Are you saying that you are the only way an ISP can protect its users?
KentErtugrul: No but this is a great opportunity to extend such a real time protection nationwide and snuff out phishing sites as they occur. We will soon be extending that to spyware download sites
Bob: I see the point in your system to block unwanted content. However where/why does advertising come into it? Apart from giving you and the isp new revenue streams. You could make money out of enhancing the users control of their internet access (phishing, adult filtering) and not focusing on delivering relivant adds. as this is sort of pulls against what the main point of the system is. ie. to protect users from phishing sites.
KentErtugrul: Some people see most value in blocking content, others see it in reducing irrelevant advertising. If you ar convinced of neither, you are absolutely free to not take part. Large scale polling sugested that there was strong interest in both
Dean_Lee: I can see the effort to preserve anonymity, but I don’t quite grasp the details of the process of ad serving, and what the dialogue sequence is. Can you please walk us through the User/Phorm/OIX/Website dialogue steps when I visit website XYZ which is in OIX , and is going to serve me an ad based on my UID cookie?
MBurgess: OK - deep breath:
1. The web site creates the web page with a hole in it for an ad (which could come from Phorm or e.g. DoubleClick) into which they insert a Phorm tag.
2. Your browser downloads the page and processes the tag, which directs it to request an ad from the Phorm ad server, which is in the domain webwise.net. 3. Your browser sends the UID cookie value as part of the request, and the ad-server, which has access to the channel-match information including that UID, can therefore select and return an appropriate ad.
4. Your browser displays the ad inside the web page.
paul: how do you know a user has opted out, surely that in itself is a breach of my privacy?
KentErtugrul: There are different wasy of opting out, 1) cookie based by placing and OPTED OUT cookie 2) by excluding cookies from our domain in your browser which is permanent and browser side and 3) a permanent network based opt out which will opt you out while you are on the current network. I personally believe that 2) is the most effective long term permanent opt out, but all will be available. Any of these, however, is far cry from the present system where you are effectively leaking data as you browse through the dropping of traking cookies wherever you go. We believe that this represents a major and necessary upgrade to the present, broken system of privacy protection
paul: "Think of how much more powerful that is than other systems which store your IP address and everything you search for. In those cases, information stored is PERMANENTLY associated with you. " Those systems are distributed across hundreds of organisations, which is not a threat to my privacy they may hold 1% of my online activity. Your are one organisation, holding data up to 100% of my activity and you are operating on a service basis (i.e. at the ISP) is that not a bigger threat to my privacy?
KentErtugrul: In fact although the organisations holding data may appear to be discparate, the data is more often than not tied into larger databases. You have no control over that. We give you back control
j8jweb: What do you perceive as the biggest threats to your business model?
KentErtugrul: The inability to address the concerns of every member of the public who does not fully understand that this represents a giant leap forward for privacy rather than the opposite
MarkH: so why have BT staff stated they are having to design an opt-out mechanism that will ensure the customers data will never enter your systems despite your claim that no data passes to it when the customer opts out?
KentErtugrul: because it more effectively addresses the perception issue. The reality is that the current opt out system fully and effectively prevents the collection of dta
Annon101: How can you claim this is an increase in privacy when you get to view all of our web surfing habits compared to Google and Amazons small slice?
KentErtugrul: because once you have given up your search information, control over that aspect of our privacy is lost to you forever. Since we do not store any information and only ever know you by a random number stored on a cookie, deleting the cookie or opting out permanently breaks the association with anything which that cookie may have done in the past
harry_tuttle: Marc, you must mean the co-located ad-servers see your IP address but don't record it. At least one server needs to know the UID and IP address at the same time to forward the right add to the right user?
MBurgess: No Harry, the request passes through the anonymizer, which masks the iP address so the ad-server does not see it at all.
KentErtugrul: Once again, thank you all for taking part in this. Feel free to email [email protected] and we now have an interactive blog on webwise.com and phorm.com. Thanks again Kent
MBurgess: Sorry, time's up again. Thanks again and bye for now ...
