Amazon To Block Phorm Scans 140
clickclickdrone writes "The BBC are reporting that Amazon has said it will not allow online advertising system Phorm to scan its web pages to produce targeted ads. For most people this is a welcome step, especially after the European Commission said it was starting legal action against the UK earlier this week over its data protection laws in relation to Phorm's technology. Anyone who values their privacy should applaud this move by Amazon."
How do I opt my website out? (Score:5, Interesting)
It doesn't say anywhere how you opt your own website out of this.
I suggest everyone does this, no-matter how small or insignificant your site it.
Re:How do I opt my website out? (Score:4, Insightful)
Re:How do I opt my website out? (Score:5, Interesting)
Re: (Score:2)
The solution to that is to remove that CA from your browser.
If mozilla and other browser makers would remove that CA this problem would sort it self out very fast.
Re: (Score:2, Informative)
Re:How do I opt my website out? (Score:5, Informative)
This is why ISPs should never be allowed to own a top level cert.
Re: (Score:2)
As far as I can see (although I'm not an expert on the topic) the BlackBerry may already do this when contacting BIS. Hit up Options->Security Options->Certificates and you'll probably see various provider certs (trusted root CA's) that seem to be used to sign for other domains while you browse (may depend on TLS settings). I can mark my providers certs as untrusted, but I suspect if they wanted to they could force my settings to be overridden by service book (RIM seems to allow your provider to monke
Re: (Score:3, Interesting)
How would that work? BT might be a top-level CA but if I have an HTTPS-only site (say, https://www.example.com/ [example.com] they still don't have my private key. Without that private key, they can't do anything to the data flowing between the web server and the end-user's browser without raising some flag or another.
They could create their own certificate for www.example.com in order to fool the end-user's browser, but that would involve a very intelligent proxy and would be incredibly (almost painfully) illegal, even
Re: (Score:2)
Re:How do I opt my website out? (Score:5, Informative)
Phorm claims to look at robots.txt, but it's unclear what exactly they mean. See http://www2.bt.com/static/i/btretail/webwise/help.html#how-do-i-prevent-webwise-from-scanning-my-site
Re:How do I opt my website out? (Score:5, Insightful)
Kind of useless really. Crawlers using robots.txt are supposed to uniquely identify themselves, so that you may block specific crawlers. Phorm doesn't do this - instead, it processes directives intended for Google, Yahoo, and all crawlers.
Effectively, the only way to block Phorm with robots.txt would also block all search engines. That makes it effectively impossible to do, while still allowing them to claim that it can be done.
Bastards.
Anyway, if there were a way to block just Phorm using robots.txt, you can bet that as soon as a couple of major sites start doing it, Phorm will start ignoring it.
Nice catch! Bloody bastards! (Score:2)
This is stunningly devious. The bastards.
Re: (Score:2)
Re:How do I opt my website out? (Score:5, Informative)
Reading carefully, they'll obey any robot.txt rule for "*", googlebot, or (yahoo) slurp. They apparently didn't feel it necessary to have their own robots.txt identifier so you can block just them.
Phraudsters (Score:5, Interesting)
Phorm are liars when it comes to robots.txt.
They say they respect robots.txt but their scraper will only respect it if it also blocks google and yahoo. If it allows Google and Yahoo, they say it's fair game for Phorm. That's not respecting it at all.
But what do you expect from the sort of people who would conduct illegal surveillance on people to test their spyware system and claim that letting opt opt out would have been impossible because it would have been too difficult for them to understand the complicated computery stuff they were doing.
Phraudsters.
Re: (Score:2)
I guess you'd have to write some special processing to return a custom robots.txt to disallow all if the user agent identified the crawler as Webwise and otherwise to return the normal robots.txt.
I don't know but I imagine webservers can do this sort of thing.
Re: (Score:2)
But presumably they spoof the Googlebot string, so you have to either blacklist the IP addresses Phorm might use, or whitelist all the IP adddresses Googlebot might use.
Re: (Score:2)
They mean that the contents of your site's robots.txt file will be used to generate robot ads.
Re: (Score:1)
FTLA:
http://www2.bt.com/static/i/btretail/webwise/help.html#how-do-i-prevent-webwise-from-scanning-my-site [bt.com] [scroll down]
So would that just earn you more bigpenis spam? It's hard to guess what low tricks these scum won't stoop to.
Re:How do I opt my website out? (Score:5, Informative)
I think you have to email them.
http://www2.bt.com/static/i/btretail/webwise/help.html#how-do-i-prevent-webwise-from-scanning-my-site [bt.com]
I've emailed them for my domains (they're very small and insignificant).
Re: (Score:2)
From that page: "robots.txt: The Webwise system will observe the rules that a website sets for major search engines using the robots.txt method. If the website's robots.txt file is set such that "*" (any robot) is not permitted to crawl it, then Webwise will not profile its pages."
First person to capture the User-agent ID gets a cookie!
Re:How do I opt my website out? (Score:4, Insightful)
Re:How do I opt my website out? (Score:4, Interesting)
They've given us an 'all or nothing' ultimatum
Block all Search Robots (and effectivly remove yourself from Google/Yahoo etc) or e-mail them and hope they put you on their no-go list (and as with many hidden services, there will be no easy way of telling if they have)
We will obey the "*" from the robots.txt but we will disregard everything else.
Just keep a look out on http://www.botsvsbrowsers.com/ [botsvsbrowsers.com] and if you really want to block them do a user-agent Server-side script test and send them "FUCK YOU" Pages
Re: (Score:2)
Then you are stuck with one option:
iptables and known Phorm ips. DROP all packets originating from known Phorm addresses. This is ofcourse a pretty much faulty way of approaching it since they can quite easily switch IP-adressess and you will be stuck with outdated adressess on your list.
My thow at it:
any known ip-ranges for phorm and how does blocking phorm impact users(BT or otherwise).
Re: (Score:2)
The trick here is going to be identifying Phorm's IPs. That could be tricky, and if they are essentially impersonating other user agent tags, then it might get very very hard.
Re: (Score:3, Informative)
Actually it should be quite easy to work out. I expect that phorm does a man-in-the-middle attack and pretends to have the user agent of the web browser that has been tricked. All you need to do is ask some people who are using phorm to add "PhormIP" to their user agents.
It's easy to see if you're using phorm because it does an HTTP redirect to webwise.net.
Re:How do I opt my website out? (Score:4, Interesting)
I guess we only need volunteers and we can intercept the right IPs and add them to the blocklist.
I've emailed them too (Score:4, Funny)
For real,
To: website-exclusion@webwise.com
Subject: Exclusion requested from your spyware system
I hereby request that you remove the following domains that I own or may own in the near future from your WebWise / Phorm system:
phorm-is-a-fraud.com
webwise-is-big-brother.com
bt-is-completely-retarded-for.allowing-this-phorm-nonsense-on-their-network.com
webmasters-shouldnt-have-to-opt-out.com
you-dont-respect-robots.txt-you-lying-scumbags.com
Fuck you very much!
Re: (Score:1)
Re: (Score:1)
This seems nothing short of ID theft on a great scale and must be investigated at an EU level if the UK government are too incompetent to protect their own people from this kind of intrusion.
Re:How do I opt my website out? (Score:5, Informative)
In a statement, Phorm said: "There is a process in place to allow publishers to contact Phorm and opt out of the system, but we do not comment on individual cases."
This would seem to imply that unless you opt out you are in.
Re: (Score:2)
I did read the article. In fact I saw it on the BBC before I saw it on slashdot, and would have posted it here myself if someone else hadn't already done so.
There's nothing obvious on Phorm's website about how to opt-out as a website owner.
Re: (Score:2)
The guy saying "RTFA" was not talking to you, but the AC who claimed Phorm is opt-in, not opt-out.
In the AC's defense, though, the wikipedia article on Phorm says that UK Law requires it to be opt-in, and at least one ISP (TalkTalk) has implemented it in an opt-in manner. Other than that, though, it appears to be opt-out
What they don't tell you (Score:5, Funny)
Is that if you opt-out of Phorm, you are automatically entered, for free, in a program called Phorm2. But don't worry, you can opt out. For your convenience, in that case, you will automatically be entered in our new business web marketing program, Phorm++. If you're not interested in Phorm++, no worries, you can very easily opt-out. In fact, it's so easy, we'll do you a favour and give you free, automatic access to PhormDeluxe. PhormDeluxe is completely optional. Just send us a certified letter to opt out.
Re:What they don't tell you (Score:5, Funny)
Can we offer to deliver them complimentary building materials through their windows, with an opt out clause?
Re: (Score:1, Funny)
Actually, if you opt out of PhormDeluxe, you'll be automatically entered for no charge into our basic Phorm program.
Re:How do I opt my website out? (Score:4, Informative)
Opting Out is a bit of a joke to these people it seems.
While the privacy safeguards built into BT Webwise mean that sensitive or private content on websites is not compromised, the system also offers a number of mechanisms by which website owners can prevent pages being profiled if they wish. Website owners may implement any of the following methods:
1. HTTPS: No HTTPS traffic passes through the system or is profiled
2. Standard HTTP password-protection : Pages protected using standard HTTP password protection, as defined by RFC 1945, will not be profiled
3. robots.txt: The Webwise system will observe the rules that a website sets for major search engines using the robots.txt method. If the website's robots.txt file is set such that "*" (any robot) is not permitted to crawl it, then Webwise will not profile its pages.
Alternatively, you may request specifically that your website is not scanned by Webwise. To request that your website not be scanned by Webwise, please email:
website-exclusion{at}webwise.com.
[X]
How are robots.txt files handled by Webwise?
The Webwise system observes the rules that a website sets for the Googlebot, Slurp (Yahoo! agent) and "*" (any robot) user agents. Where a website's robots.txt file disallows any of these user agents, Webwise will not profile the relevant URL. As an example, the following robots.txt text will prevent profiling of all pages on a site:
user-agent: * disallow: /
The following example will restrict profiling of a directory named "images": /images
user-agent: Slurp disallow:
The system will request the robots.txt file from the root of the host e.g. www.domain.com/robots.txt. When requesting the robots.txt file, the system will follow up to 5 redirects. If no robots.txt file or an HTTP error is returned, if the returned file is not in single-byte ASCII (ISO-8859-x) format, or if the file size is greater than 50Kbytes, then the URL will be marked as allowed for profiling.
Website owners should note the following aspects of the Webwise system's interpretation of robots.txt files:
* Malformed robots.txt files will result in the URL being disallowed for profiling.
* Any of the well-established line-termination tokens are interpreted as a newline, i.e. DOS, UNIX, old-style MacOS linefeeds. Multiple linefeeds are ignored.
* Web-encoded URLs are decoded and handled as normal.
* Variable capitalisation within the robots.txt file is converted to lower case and processed.
* The system does not support Google extensions to the robots.txt standard.
So the options are https, or password protect your site, or use robots.txt to block google and yahoo from indexing your site or email them and ask to be opted out.
option a and b inconvenience visitors, option c will reduce visitors since it means your site isnt getting indexed by the major search engines.
option 4 seems the only practical way to get these jokers to desist.
option d) no phorm in the robots text doesnt exist.
Re: (Score:2)
http://www.wisegeek.com/what-is-the-difference-between-http-and-https.htm [wisegeek.com]
In many ways, https is identical to http, because it follows the same basic protocols. The http or https client, such as a Web browser, establishes a connection to a server on a standard port. When a server receives a request, it returns a status and a message, which may contain the requested information or indicate an error if part of the process malfunctioned. Both systems use the same Uniform Resource Identifier (URI) scheme, so that resources can be universally identified. Use of https in a URI scheme rather than http indicates that an encrypted connection is desired.
There are some primary differences between http and https, however, beginning with the default port, which is 80 for http and 443 for https. Https works by transmitting normal http interactions through an encrypted system, so that in theory, the information cannot be accessed by any party other than the client and end server. There are two common types of encryption layers: Transport Layer Security (TLS) and Secure Sockets Layer (SSL), both of which encode the data records being exchanged.
When using an https connection, the server responds to the initial connection by offering a list of encryption methods it supports. In response, the client selects a connection method, and the client and server exchange certificates to authenticate their identities. After this is done, both parties exchange the encrypted information after ensuring that both are using the same key, and the connection is closed. In order to host https connections, a server must have a public key certificate, which embeds key information with a verification of the key owner's identity. Most certificates are verified by a third party so that clients are assured that the key is secure.
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html [apache.org]
The first time a user attempts to access a secured page on your site, he or she is typically presented with a dialog containing the details of the certificate (such as the company and contact name), and asked if he or she wishes to accept the Certificate as valid and continue with the transaction. Some browsers will provide an option for permanently accepting a given Certificate as valid, in which case the user will not be bothered with a prompt each time they visit your site. Other browsers do not provide this option. Once approved by the user, a Certificate will be considered valid for at least the entire browser session.
Also, while the SSL protocol was designed to be as efficient as securely possible, encryption/decryption is a computationally expensive process from a performance standpoint. It is not strictly necessary to run an entire web application over SSL, and indeed a developer can pick and choose which pages require a secure connection and which do not. For a reasonably busy site, it is customary to only run certain pages under SSL, namely those pages where sensitive information could possibly be exchanged. This would include things like login pages, personal information pages, and shopping cart checkouts, where credit card information could possibly be transmitted. Any page within an application can be requested over a secure socket by simply prefixing the address with https: instead of http [slashdot.org]:. Any pages which absolutely require a secure connection should check the protocol type associated with the page request and take the appropriate action if https is not specified.
Finally, using name-based virtual hosts on a secured connection can be problematic. This is a design limitation of the SSL protocol itself. The SSL handshake, where the client browser accepts the server certificate, must occur before the HTTP request is accessed. As a result, the request information containing the virtual host name cannot be determined prior to authentication, and it is therefore not possible to assign multiple certificates to a single IP address. If all virtual hosts on a single IP address need to authenticate against the same certificate, the addition of multiple virtual hosts should not interfere with normal SSL operations on the server. Be aware, however, that most client browsers will compare the server's domain name against the domain name listed in the certificate, if any (applicable primarily to official, CA-signed certificates). If the domain names do not match, these browsers will display a warning to the client user. In general, only address-based virtual hosts are commonly used with SSL in a production environment.
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC17 [modssl.org]
Why does the connection hang when I connect to my SSL-aware Apache server? [L]
Because you connected with HTTP to the HTTPS port, i.e. you used an URL of the form ``http://'' instead of ``https://''. This also happens the other way round when you connect via HTTPS to a HTTP port, i.e. when you try to use ``https://'' on a server that doesn't support SSL (on this port). Make sure you are connecting to a virtual server that supports SSL, which is probably the IP associated with your hostname, not localhost (127.0.0.1).
So while in principle https can be used in place of http there are a few issues, one principle issue might be that its not possible to have multiple secure sites on a single IP address which would tend to increase the hosting cost quite dramatically. It's also a possibility that the users webbrowser may hang if they have used htt
Re: (Score:3, Informative)
Phorm is only opt-in to the extent that you agree a contract with them to display Phorm ads on your site.
It is opt-out as regards Phorm traking what your visitors get up to on your site.
Re:How do I opt my website out? (Score:5, Informative)
Also, as part of the BT trials, they replaced adverts (from a number of charities) on webpages with their own adverts.
Those sites/advertisers weren't given the chance to opt-out.
Re: (Score:3, Informative)
Phorm purchased slots to place adverts - when there was a match between what the user was reading and adverts available, the advert would be displayed. When there was not match, the charities advert would be displayed. They weren't stealing anyone's advertising space but they were still intercepting the communications of unsuspecting BT customers who had neither been informed or consented to taking part in the experiment.
Re: (Score:2)
Re: (Score:2)
You're Starting at the Wrong End (Score:5, Insightful)
Anyone who values their privacy should applaud this move by Amazon.
Thank you for telling me how to think. I believe we are approaching this from the wrong end (why start with websites?).
The article hints at two other points I would encourage Brits who care to be vocal about:
Jim Killock, executive director of the Open Rights Group, said: We expect more sites to block Webwise in the near future and also ISPs to drop plans to snoop on web users.
Write your ISPs. Threaten to change ISPs even if you're not able to. Let them know how this makes you feel.
The European Commission has described the technology as an "interception" of user data and wants UK law to reflect more explicitly the need for consent from users in order for the service to be implemented.
As always, contact your parliamentary representative and also EU representative and let them know how you feel about this.
These would be much more effective options than asking each website that exists to request Phorm not scan their site.
Re:You're Starting at the Wrong End (Score:5, Informative)
To write to your UK and EU parliamentary representatives, go to http://www.writetothem.com/ [writetothem.com]
Re: (Score:2)
The European Commission has described the technology as an "interception" of user data and wants UK law to reflect more explicitly the need for consent from users in order for the service to be implemented.
Actually, I'm not sure that's quite true. The European Commission described the unauthorised trials that BT carried out with Phorm last year as unauthorised interception of user data; I'm not sure they have a problem with the proposed webwise service as such, although that may change.
Stay er... evil??? (Score:2)
Re:Stay er... evil??? (Score:5, Informative)
One of Amazon's major selling points, beyond their good logistics, is their ability to use site analytics to make interest based recommendations to customers. Obviously, they have zero interest in letting Phorm piggyback on that, on their own site no less.
I suspect that many other major web presences will be in a similar place. Phorm is potentially lucrative for the ISPs, but it is a nontrivial threat to larger site and ad-network operators. The small guys are more or less resigned to outsourcing analytics and ad placement, so it won't be as much of a change for them; but the big independents will not be pleased.
Re: (Score:2)
Ah, good insight. It's not like me to not look for the cynical angle first. Well at least Amazon are something I know what they are doing and I can (just about) opt in or out of it. Back on the subject of Phorm, I just created a graph of their share price over the last twelve months [iii.co.uk] which makes for some amusing viewing. I wonder how that's affected their balance sheet?
Re: (Score:2)
Not only that, but phorm would be able to see Amazon's suggestions, and pass them on to Borders / Blackwells or any of their other competitors.
Comment removed (Score:4, Informative)
Re: (Score:3, Informative)
For a small site, then, having Phorm spy on your visitors via ISP, then having Phorm pay you to run ads, would not be considerably different than using a 3rd party analytics package, google analytics or similar, and then being paid to run ads from a third party ad netw
Re: (Score:2)
Re: (Score:2)
I understand your argument, but I don't consider Amazon to be violating my privacy. I *choose* to use Amazon, and the data they collect on me is kept between me and Amazon. If Amazon were selling on your book buying habits and browsing history then that would be different, but as far as I'm aware this is not the case (and is unlikely to be in their interests anyway).
The problem with Phorm is that is monitors communication between you and a website without first asking you or the website operator if that i
Re: (Score:2)
Re: (Score:2)
Your opinion regarding that company appears to be fluctuating by the minute. Mmmmm'kay. You've got no experience with large corporations, huh?
Re: (Score:2)
Well this is a good PR move on the part of Amazon as far as I'm concerned. Cancels out their "censorship" glitch from the other day and puts them back in a healthy credit again.
If all it takes is a single incident... neither of which is overly 'good' or 'bad'... to sway your opinion of a company up and down like a yo-yo, then maybe you should look into being less of a sheep.
Re: (Score:2)
Bah, they were just scared Phorm was going to sell us nasty books...
Not to nitpick ... (Score:4, Insightful)
Re: (Score:2)
They obviously did do it for privacy considerations or the perception of privacy, in addition to competition issues.
An online customer wants a product or service for a good price, fast delivery, and more importantly know that their transaction and personal information is safe from outsiders and abusive 3rd party companies. Anything that could possibly scare a customer away is going to be seen as a threat to amazon's revenue stream, so any privacy fear due to 3rd parties would be very high on the management'
Re: (Score:2)
Ha yes, real eKonomix strikes... (Score:1, Insightful)
Who want to bet that Amazon is actually blocking them because they are not paying to do it?
Incidentally, why would a business let another business makes money out of it for free?
Simple economic strikes: THAT service isn't free.
Another reason for https (Score:3, Insightful)
More sites should provide an option for https, like gmail does. Some still don't even provide it for authentication.
Once upon a time there were wimpy CPUs, and https was a more significant computational burden. Now, not so much. Especially when compared to the resource requirements of most dynamic page generation systems.
Re: (Score:1, Troll)
Re: (Score:1)
Re: (Score:2)
As for your other comment, you are correct, third parties are an essential part of the process. However, the incentives are wrong. Think for a moment: who would suf
Re: (Score:2)
Re: (Score:1)
Yes, handling a few https connections is quite easy for your desktop computer, however on the server side you may have 300 SSL connections open, encrypting/decrypting on perhaps 100 of them at once ontop of the load generated by your web applications.
I'd like to see hardware crypto accelerators come as standard with all server chips, much like a math co-processor of years ago.
Re: (Score:2)
TLS with SNI and CACert (Score:1)
The first problem has already been solved in SSL's successor, TLS. The "Server Name Indication"[1] extension of TLS allows the client to transmit the desired virtual host before the encryption begins. The current versions of most major browsers support this, including: Firefox 2.0 and later, Opera 8 and later, IE7 and later, Chrome, Safari 3.2.1 and later.
Apache, Cherokee, Lighttpd and nginx support SNI on the server side.
Your second problem is not as easy to solve. You could consider CACert[2], a certifica
Re: (Score:2)
Re: (Score:2)
You think dynamic page generation occurs on YOUR computer?
But how exactly does it work? (Score:1)
Re:But how exactly does it work? (Score:4, Insightful)
Phorm wants to inject ads into web pages at the ISP level. They want them to be targeted so not only do they want to alter web content without the owners or receivers consent, they also want to take a look at all web traffic first (deep packet inspection) and keep a history so they can better target the ads. It's opt-out because otherwise no-one would even touch it.
Now, I'm not going to even try to claim that I'm unbiased as living in the UK means that this monstrosity may well hit me but I think that's not an entirely inaccurate explanation. I really hope that the EC manages to step in and squash Phorm and maybe even slap BT with a giant fine.
My website content has been written to look how I want it to look. I block many ads as a policy as I don't want crap clogging up my screen or distracting me. Now they want to bypass both my content layout in my website *and* throw ads at me even though I have zero interest in them. Asshats.
Re: (Score:1, Informative)
Phorm wants to inject ads into web pages at the ISP level.
No they don't. They want to monitor all your web browsing (by tapping your ISP) to build up a profile of you. Then they want to sell targeted advertising space to advertisers in much the same was Google does: i.e. a website uses Phorm ads instead of Google ads and Phorm chooses what adverts to place based on the visitor's profile.
Monitoring web browsing is, as far as anyone can tell, illegal, but the govt refuses to enforce the law. That's what the EU is grumbling about. But the other part of the busine
Re: (Score:2)
Apologies if I've missed something. From what I can gather there were some complaints about ads being messed with in non-participating websites during some of the trials, hence the reason I thought this was a part of the main plan.
Do you know if the ads in participating sites will be there in the actual web page or if they'll be stuffed in during transit of the page to my browser? Curious as the latter might mean having to download the stupid things regardless of whether I want to or not.
Re:But how exactly does it work? (Score:4, Insightful)
Q Why is it an opt-out system?
A Because they couldn't get away with providing no optionality control, so they went for the option which pushed as many users as possible to their system.
Q When did I or Slashdot give implied consent to anyone to inspect the packets for reasons other than routing?
A You didn't, but Phorm and the spineless UK government has decided you did.
Q What data do they collect and what do they do with it?
A Browsing habits to produce targeted advertising.
Re: (Score:1)
Re: (Score:1)
The scary part (Score:4, Interesting)
As explained on the Customer Choice Process page, when a user opts into the BT Webwise service, a Webwise UID cookie, containing a unique random number is placed on the userâ(TM)s computer. This master cookie is held is the Webwise.net domain. When the user then visits other websites, the Webwise system stores a copy of the Webwise UID cookie within the browser in each the website domains visited by the user. The cookies are clearly labelled as belonging to Webwise as noted above and as a result can be easily identified as different to those cookies which may be placed by the website itself.
Since it claims to need no client software, I must assume they do this by injecting extra cookie headers into all the HTTP responses sent to my browser....
Re: (Score:2)
scans... (Score:2)
"Anyone who values their privacy should applaud this move by Amazon" /golfclap
Supplication before our Robotic Overlord. Check.
Suspend free-thought. Check.
Check-out cart. Check.
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
WTF?! Even ignoring all the privacy issues everyone else is talking about, isn't that still blatantly illegal? It's copyright infringement! By modifying the web page, Phorm is creating a derivative work, and that requires permission of the copyright holder.
Re: (Score:2)
Re:So in other words... (Score:5, Informative)
Except with Google ads, the people who actually own the website choose whether or not to serve them. Phorm ads are injected at the ISP level, completely ignoring whether the server wants the ads or not. Yes, they're still interest based, but they're evil for other reasons in my opinion.
Re: (Score:2, Informative)
Re: (Score:2)
Re:So in other words... (Score:4, Informative)
Google doesn't do anything unless you use Google. Phorm gets the information from your ISP.
Re: (Score:2, Funny)
Do only Evil.
Re: (Score:1)
Re:So in other words... (Score:4, Informative)
Re: (Score:2)
In fact, even if you do set the Phorm 'opt out' cookie on all browsers/devices/profiles that you use in your house, all of you HTTP requests still go through multiple redirects before getting to the intended destination.
If your ISP implements Phorm, then there is no way of opting out of having your HTTP requests being directed through Phorm's servers before finally redirecting back to the server you wanted in the first place.
All that the 'opt out' cookie does is to stop them serving up customised advertisme
Re: (Score:2)
Well no, because when Google does it you have to visit a site that uses Google's technology, you can easily choose not to, you can also just opt-out.
When Phorm does it they are searching through every single action you take on the internet, whether it's a site that has anything to do with Phorm or not. Phorm works at ISP level by watching all the data that goes in and out on your connection. There's no avoiding it, you just have to go through it no matter what.
You see the fundamental difference is this, wit
Re: (Score:2)
or similar should do it. For extra bonus points, inject your own links and/or images into the ads. How long before advertisers pull out of Phorm if the goatse guy or something equally horrific keeps appearing in their ads? It is, after all, your content and you should be able to do with it what you please.
Re: (Score:2)
I think you've misunderstood. Apart from some questions about early trials by BT, the Phorm system inserts customised advertisments only where the site owner has requested them. It won't insert advertisments into pages served up by owners who don't want Phorm advertisments. There won't be any Phorm advertisments (or any other for that matter) appearing on my personal website, or any other websites that I maintain.
No, the real objections most people have to Phorm are:
1. It spies on information that is privat
Re: (Score:2)
Re: (Score:2)
Right. I'm not seeing the difference, except that Google -- says -- they use the contextual system of adsense ads on a page to categorize it as to "interests," so they are only tracking your route between pages that carry Google ads, not the whole web. They wouldn't take note of your visit to a government agency page, for instance, supposedly.
A distinction without a difference in practical terms at best.
Re: (Score:2)
I'm no fan of AdSense, but Phorm's scheme is technically quite different. Google does not, nor can it, do the kind of packet inspection that Phorm is doing.
Re: (Score:1, Offtopic)