Amazon To Block Phorm Scans 140
clickclickdrone writes "The BBC are reporting that Amazon has said it will not allow online advertising system Phorm to scan its web pages to produce targeted ads. For most people this is a welcome step, especially after the European Commission said it was starting legal action against the UK earlier this week over its data protection laws in relation to Phorm's technology. Anyone who values their privacy should applaud this move by Amazon."
Re:Stay er... evil??? (Score:5, Informative)
One of Amazon's major selling points, beyond their good logistics, is their ability to use site analytics to make interest based recommendations to customers. Obviously, they have zero interest in letting Phorm piggyback on that, on their own site no less.
I suspect that many other major web presences will be in a similar place. Phorm is potentially lucrative for the ISPs, but it is a nontrivial threat to larger site and ad-network operators. The small guys are more or less resigned to outsourcing analytics and ad placement, so it won't be as much of a change for them; but the big independents will not be pleased.
Re:How do I opt my website out? (Score:5, Informative)
In a statement, Phorm said: "There is a process in place to allow publishers to contact Phorm and opt out of the system, but we do not comment on individual cases."
This would seem to imply that unless you opt out you are in.
Re:How do I opt my website out? (Score:5, Informative)
Phorm claims to look at robots.txt, but it's unclear what exactly they mean. See http://www2.bt.com/static/i/btretail/webwise/help.html#how-do-i-prevent-webwise-from-scanning-my-site
Re:How do I opt my website out? (Score:5, Informative)
I think you have to email them.
http://www2.bt.com/static/i/btretail/webwise/help.html#how-do-i-prevent-webwise-from-scanning-my-site [bt.com]
I've emailed them for my domains (they're very small and insignificant).
Re:How do I opt my website out? (Score:3, Informative)
Phorm is only opt-in to the extent that you agree a contract with them to display Phorm ads on your site.
It is opt-out as regards Phorm traking what your visitors get up to on your site.
Re:So in other words... (Score:5, Informative)
Except with Google ads, the people who actually own the website choose whether or not to serve them. Phorm ads are injected at the ISP level, completely ignoring whether the server wants the ads or not. Yes, they're still interest based, but they're evil for other reasons in my opinion.
Re:So in other words... (Score:4, Informative)
Google doesn't do anything unless you use Google. Phorm gets the information from your ISP.
Re:You're Starting at the Wrong End (Score:5, Informative)
To write to your UK and EU parliamentary representatives, go to http://www.writetothem.com/ [writetothem.com]
Re:So in other words... (Score:4, Informative)
Re:How do I opt my website out? (Score:5, Informative)
Also, as part of the BT trials, they replaced adverts (from a number of charities) on webpages with their own adverts.
Those sites/advertisers weren't given the chance to opt-out.
Comment removed (Score:4, Informative)
Re:How do I opt my website out? (Score:5, Informative)
Reading carefully, they'll obey any robot.txt rule for "*", googlebot, or (yahoo) slurp. They apparently didn't feel it necessary to have their own robots.txt identifier so you can block just them.
Re:Stay er... evil??? (Score:3, Informative)
For a small site, then, having Phorm spy on your visitors via ISP, then having Phorm pay you to run ads, would not be considerably different than using a 3rd party analytics package, google analytics or similar, and then being paid to run ads from a third party ad network. Now, since, under Phorm, the ISP needs to be paid, the site operator would presumably see less money; but it would be a difference of degree rather than kind.
If my understanding of Phorm is wrong(if, for instance, Phorm were tempted to go with the super-sleazy tactic that one sees occasionally, of colluding with the ISP to strip ads from 3rd party websites and insert their own), then the above is of course irrelevant.
Re:But how exactly does it work? (Score:1, Informative)
Phorm wants to inject ads into web pages at the ISP level.
No they don't. They want to monitor all your web browsing (by tapping your ISP) to build up a profile of you. Then they want to sell targeted advertising space to advertisers in much the same was Google does: i.e. a website uses Phorm ads instead of Google ads and Phorm chooses what adverts to place based on the visitor's profile.
Monitoring web browsing is, as far as anyone can tell, illegal, but the govt refuses to enforce the law. That's what the EU is grumbling about. But the other part of the business model is just a standard advertising broker. They're not injecting ads.
Re:How do I opt my website out? (Score:4, Informative)
Opting Out is a bit of a joke to these people it seems.
While the privacy safeguards built into BT Webwise mean that sensitive or private content on websites is not compromised, the system also offers a number of mechanisms by which website owners can prevent pages being profiled if they wish. Website owners may implement any of the following methods:
1. HTTPS: No HTTPS traffic passes through the system or is profiled
2. Standard HTTP password-protection : Pages protected using standard HTTP password protection, as defined by RFC 1945, will not be profiled
3. robots.txt: The Webwise system will observe the rules that a website sets for major search engines using the robots.txt method. If the website's robots.txt file is set such that "*" (any robot) is not permitted to crawl it, then Webwise will not profile its pages.
Alternatively, you may request specifically that your website is not scanned by Webwise. To request that your website not be scanned by Webwise, please email:
website-exclusion{at}webwise.com.
[X]
How are robots.txt files handled by Webwise?
The Webwise system observes the rules that a website sets for the Googlebot, Slurp (Yahoo! agent) and "*" (any robot) user agents. Where a website's robots.txt file disallows any of these user agents, Webwise will not profile the relevant URL. As an example, the following robots.txt text will prevent profiling of all pages on a site:
user-agent: * disallow: /
The following example will restrict profiling of a directory named "images": /images
user-agent: Slurp disallow:
The system will request the robots.txt file from the root of the host e.g. www.domain.com/robots.txt. When requesting the robots.txt file, the system will follow up to 5 redirects. If no robots.txt file or an HTTP error is returned, if the returned file is not in single-byte ASCII (ISO-8859-x) format, or if the file size is greater than 50Kbytes, then the URL will be marked as allowed for profiling.
Website owners should note the following aspects of the Webwise system's interpretation of robots.txt files:
* Malformed robots.txt files will result in the URL being disallowed for profiling.
* Any of the well-established line-termination tokens are interpreted as a newline, i.e. DOS, UNIX, old-style MacOS linefeeds. Multiple linefeeds are ignored.
* Web-encoded URLs are decoded and handled as normal.
* Variable capitalisation within the robots.txt file is converted to lower case and processed.
* The system does not support Google extensions to the robots.txt standard.
So the options are https, or password protect your site, or use robots.txt to block google and yahoo from indexing your site or email them and ask to be opted out.
option a and b inconvenience visitors, option c will reduce visitors since it means your site isnt getting indexed by the major search engines.
option 4 seems the only practical way to get these jokers to desist.
option d) no phorm in the robots text doesnt exist.
Re:So in other words... (Score:2, Informative)
Re:How do I opt my website out? (Score:3, Informative)
Actually it should be quite easy to work out. I expect that phorm does a man-in-the-middle attack and pretends to have the user agent of the web browser that has been tricked. All you need to do is ask some people who are using phorm to add "PhormIP" to their user agents.
It's easy to see if you're using phorm because it does an HTTP redirect to webwise.net.
Re:How do I opt my website out? (Score:2, Informative)
Re:How do I opt my website out? (Score:3, Informative)
Phorm purchased slots to place adverts - when there was a match between what the user was reading and adverts available, the advert would be displayed. When there was not match, the charities advert would be displayed. They weren't stealing anyone's advertising space but they were still intercepting the communications of unsuspecting BT customers who had neither been informed or consented to taking part in the experiment.
Re:How do I opt my website out? (Score:5, Informative)
This is why ISPs should never be allowed to own a top level cert.