homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

EC to start legal action against UK over Phorm
UK laws may have to change

 11:52 am on Apr 14, 2009 (gmt 0)

I'm sure there's a better place for this, but wasn't sure where...

The European Commission has started legal action against Britain over the online advertising technology Phorm.

At the heart of the legal action by the EC is whether users have given their consent to have their data intercepted by the advertising system.

"We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of the EU rules on the confidentiality of communications," says EC Commissioner.

From the BBC [news.bbc.co.uk].



Lord Majestic

 12:26 pm on Apr 14, 2009 (gmt 0)

It should have taken them 24 hours to do that, not like almost 24 months.


 1:15 pm on Apr 14, 2009 (gmt 0)

Good, that should at least dampen anything similar in other EU countries from getting beyond the planning phase.


 3:20 pm on Apr 14, 2009 (gmt 0)

I still don't understand what problems people have with what phorm is doing, could someone please elaborate for me?


 4:41 pm on Apr 14, 2009 (gmt 0)

I still don't understand what problems people have with what phorm is doing

Or how its different from Google's ad tracking?


 11:01 pm on Apr 14, 2009 (gmt 0)

It tracks *all* your activity by intercepting all traffic at your ISP.

Something like adsense might be able to track you to some extend -should google care- to but only on those sites that actively participate in the adsense content network.

It adds/changes advertising on sites -> iow: at the expense of those making the site available to you.
- either the site will look like it's overloaded with ads
- either the legitimate ads are replaced
in any case:
- it violates the copyright of the original site IMHO
- it will reduce income for the original site owner

Anyway there are de-phormization scripts out there that tell users of affected ISPs to switch ISPs, and/or to opt the customer out by sending an opt-out cookie.


 2:34 am on Apr 15, 2009 (gmt 0)

It adds/changes advertising on sites -> iow: at the expense of those making the site available to you.

I've seen that posted many times however the only instance I've heard of them doing it was possibly when they ran a test. and replaced "charity" ads with real ads.

As I understand it the phorm ads are only displayed on sites that are participating in the phorm program.

@yoshimi, assuming they are serving ads on sites that are participating in the program and besides the privacy issues for the customers there is only really two legitimate issues that I've seen pointed out that would be of concern for a site owner. Firstly they are collecting data that belongs to you and you're not being compensated for it, you could argue Google does the same thing but you can block Google. This data collection cannot be blocked or controlled by the site owner.

Secondly and probably more important is it can collect data behind logins that do not go over https. For example if you run a forum you might have private access forums or even the ACP itself if you're the site owner. Webmail... lots of examples where they could be collecting data they have absolutely no right to as it's not a publicly accessible resource.

Receptional Andy

 11:11 am on Apr 15, 2009 (gmt 0)

Amazon have announced that they will block phorm from their sites (via an opt out):



 5:46 pm on Apr 15, 2009 (gmt 0)

From that BBC article:
In a statement, Phorm said: "There is a process in place to allow publishers to contact Phorm and opt out of the system, but we do not comment on individual cases."

So, how does one do that ?


 8:00 pm on Apr 15, 2009 (gmt 0)


Be careful with the opt your site out method. You have to email them, prove the site is yours (providing registration details) and then watch out for crawls from all over the place.

more information on that at the nodpi org site. Interesting responses from some who did opt out their domains...

Note that webmasters should NOT have to opt out anyway. If companies like phorm wish to profit from our site content they should ask us to opt in.


yoshimi. Phorm places a black box in the center of an ISP. It records all data going in and data going out (ssl currently excluded).

If you are phormed everything you read and write on this site will be copied by phorm. Even if you read and write in the webmaster world supporters private forum, or any secret moderators forum all that information will be copied and processed by phorm.


The EU have previously stated that any type of advertising like this has to be opt-in only. ISP customers must be fully informed that their browsing information will be processed in order to serve them targeted ads, and that it is their choice to be profiled if they wish.

The EU announcement yesterday specifically addresses the UK governments failure to take action against BT/Phorm for their illegal trials in 2006 and 2007.

In 2006 and 2007 they trialled the system on an alleged 100,000+ users. This included not only home users but businesses and minors.

None of those users had the choice to opt in or even opt out - it was done in stealth and when they were rumbled they tried to cover it up.

The police, home office, ICO, BERR all passed the buck saying it was the other departments remit and not theirs. The EU announcement yesterday is that legal action is being taken against the UK government for not doing what they should have done and a) fined companies for clear breaches of numerous acts and laws, b) prevented those and similar companies from continuing to work in their current state.


Anyone heard of Kip Meek?

Kip Meek joined the board of Phorm in December 08 and was issued with 100,000 shares options...

The same Kip Meek is a tax payer funded broker for the UK internet policy working on the Digital Britain review. Effectively he advises Lord Carter of BERR.... a government department which should have taken action against phorm.

Lord (Stephen Carter) used to work for OFCOM - the industry regulator which surprisingly backed phorm last year.

Kip Meek used to work for OFCOM...

Prior to becoming a peer Carter used to work for PR and lobbying group Brunswick, whose current clients include Phorm...

Kip Meek used to work for .... BT

Now maybe you can see a pattern here, and why no action has been taken against BT or Phorm?

[edited by: Frank_Rizzo at 8:04 pm (utc) on April 15, 2009]


 8:40 pm on Apr 15, 2009 (gmt 0)

Digging in deeper into it I found a paper describing the technicalities behind Phorm, which was actually reviewed by webwise, so it should be fairly accurate:


 12:33 pm on Apr 16, 2009 (gmt 0)

yoshimi. Phorm places a black box in the center of an ISP. It records all data going in and data going out (ssl currently excluded).

If you are phormed everything you read and write on this site will be copied by phorm. Even if you read and write in the webmaster world supporters private forum, or any secret moderators forum all that information will be copied and processed by phorm.

but they don't keep any information about who I am, so what exactly is the problem with them seeing information that my ISP sees anyway?

Receptional Andy

 12:51 pm on Apr 16, 2009 (gmt 0)

swa66 - Richard Clayton has done a lot of good research into phorm, also on his blog.

Yoshimi - it's about consent, and how that is acquired. You might have no problem with this, and want to opt in - I have a problem with it and don't want my information intercepted by third parties.

It seems phorm are well aware that the system is unlikely to attract many opt-ins - hence their attempts to make it opt out, and them tagging on to what is essentially an advertising system the ability to block phishing websites etc. If you read a lot of the consumer-facing stuff phorm put out originally, it is all about safety and protecting web users - scarcely a mention of advertising. IMO this is an attempt to bypass consumer distaste for their system.

My ISP must access the data in order to deliver a service that I have asked of and paid for. Phorm should not access my data, since I do not want or like their service, and do not wish to grant them permission to access my data. Apparently, phorm would rather people were not able to make this choice, other than by silly opt out mechanisms (that, when I last looked, still meant phorm took all the data. Just they assure us they won't use it for anything).

And of course, should this ever come online, I wouldn't be surprised if we see still more examples of technical ineptitude on the part of those charged with careful handling of our data.


 8:03 pm on Apr 16, 2009 (gmt 0)

Yoshimi do you have curtains in your house?

If you do why?

It's not that you may have something to hide it is just that you have a right to privacy.


The ISP does not see your information: it is a mere conduit connecting you to websites. What deep packet inspection technology does is put a bug in the center of the ISP to copy and process most of all that goes in and out - for customers who opt in AND who opt out.

Here's a few analogies.

The Royal Mail delivers mail in the UK. It's purpose is to collect mail from mail boxes and deliver to recipients addresses. They are not allowed to open that mail.

Now what DPI technology does is to open up the letter, scan it (to make a full copy), process the keywords, then seal up the letter and send it on it's way (without either the sender or recipient noticing the intercept and copy).

The DPI technology will then make a profile of the recipient and start sending 'a better class / more relevant' junk mail to that person.

Even if the person does not 'opt-in to the ads' he / she will still have letters intercepted and processed.

Website owners
It's not just customers who should be worried about DPI it should be website owners.

Let's say you have a site which sells cameras. If a phormed visitor goes to your site you will allow phorm to build up a profile of that visitor.

The visitor may read reviews and articles on Canon cameras - reviews you spent ages researching and creating.

Now when that visitor goes to other sites (phorm partners: ft.com ....) he /she will start seeing ads for Canon cameras supplied by your COMPETITORS.

Think long and hard about that one until it sinks in.

You see the difference between google and phorm is that google uses keywords from your site to drive traffic to your site.

Phorm uses keywords from your site to drive traffic to your competitors.


 8:31 am on Apr 17, 2009 (gmt 0)

For anyone wanting to opt-out of phorm here is a real example:


Yes. All of wikimedia's domains have opted out.

"Thank you for your submission to the Phorm website exclusion list. If
there are no obvious grounds to doubt the legitimacy of the request the
URL will be blocked as soon as possible, usually within 48 hours.

Requests must be made by the legitimate owner of the domain. If we have
questions regarding your domain Phorm may take a number of steps,
including attempting to contact the domain administrator by email for
confirmation of this request. If the request remains questionable and is
not confirmed within 10 days, the URL will be removed from the exclusion
list and an email will be sent informing you of this decision.

Where applicable, please ensure that the Administrative Contact details
for this domain are up to date. If you need to update them, please
resubmit your request when the amended details are visible in the WhoIs
database - (use a public whois service such as
[ godaddy ] if you are unsure it has been

I will repeat again though that sites should NOT have to opt-out. If phorm wish to profit from our sites (by copying and processing our copyright work and then potentially steering our visitors to rival sites) then they should ask us to opt-in only.

Phorm have always said that they see your site as fair game. If you do not block googlebot in your robots file they believe they have the right to copy from your site any page one of their phorm customer reads. Only if you ask to add your site to the blacklist, or if you deny /* to googlebot will phorm not copy and process your site.


 11:04 am on Apr 17, 2009 (gmt 0)

[quoteYoshimi do you have curtains in your house?

If you do why?

It's not that you may have something to hide it is just that you have a right to privacy. [/quote]

I like that analogy, but not for the reasons you might think, surely me having curtains in my house is me "opting out" of people looking in. The windows are there, I have not opted in to having windows, just opted out from having my life visible inside. Similarly, I am able to Opt out of having Phorm look at my internet activity.


 12:12 pm on Apr 17, 2009 (gmt 0)

The curtains question is purely to judge your views on privacy. Either you value your privacy or you don't whether that privacy is online or offline.


Phorm is not a peeping tom leering at you from the bushes in your backyard.

DPI technology is more like a camera permanently perched on your shoulder. It records nearly all that you read and nearly all that you say. If it is installed in your ISP it is permanently installed on your shoulder and follows you wherever you go. You can not turn it off and you can not use any kind of ad blocking, cookie blocking, host files blocking, dns blocking to stop it.

Another analogy is customer visiting a shopping mall.

Search engines will use cookies and and basic tracking software to record:

CUSTOMERXYZ left AMCO visited House of Waffles
CUSTOMERXYZ went to information desk and asked for directions to Pizza Rut
CUSTOMERXYZ visited the restrooms

Some may be content with that as it only records where the customer went, and in some cases where they came from or what they searched for. The tracking is done by cookie so the customer can choose to block cookies.

It's like when the customer visits the mall a greeter pins a button on their lapel CUSTOMERXYZ. The customer can choose not to have the button (cookie) and thus they have better privacy.

DPI technology is so much intrusive than that. Rather than a greeter pin a button on the customers lapel the greeter follows that customer around the whole mall.

The greeter has a clipboard and records everything that customer sees, says, and listens.

"CUSTOMERXYZ went into Camerworld and asked about digital cameras. Sales assistant informed customer that the CN2000 was the best camera as it has built in flash, 2000Gigapixels....

Everything the customer read and asked will be copied and processed.

Now when that customer leaves that store he / she starts seeing adverts:

"Buy the CN2000 Camera at CamsRus. Just $99"

This is a two fold problem with DPI. The first is that it is very intrusive to the customer in that it records and processes just about everything the customer does, says, and hears.

The second is that Cameraworld should feel pretty much cheesed off that they gave the sales patter to the customer and yet the DPI software copied that information and is now directing the customer to Camerworlds main competitor!

What Camerworld has to do is to inform the DPI company that they must not allow their store to be profiled. The analogy being that any customer must 'leave their greeter at the door' and pick them up again when they leave the store.


 7:09 pm on Apr 17, 2009 (gmt 0)

So, this DPI 'box' installed at the ISP conduits a copy of everything going on, and sends it out to a third party.

What's to say that the Gov't stick a splitter in there, and syphon off another copy for their own analysis?

Once there's a snooping box in there for one purpose, it becomes easier for another party to add another one for some other purpose...

Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved