Personally I say let the hackers have at Phorm if it's taken live.

It will be rather a large, evil target, won't it? >;->

Isn't this like dragging a table, a chair, some merchandise and folded-up display board through the front door of shop, setting up a stall which blocks access to the rest of the shop and then selling passers-by your own goods from the stall?

How is this not trespassing?

One of my ADSL lines is from BT so I got angry with them and told them to either assure me that they would not be using Phorm to snoop on me or else close the account. Their reply was:

"Unfortunately I am in no position to give assurances about anything related to what services BT Business consider using in future, however based on the BT Webwise situation I can tell you that any such thing will be publicised before launch. It will also almost certainly be an opt-in system, as this was a condition imposed by the regulator on BT Webwise."

So; the system is to be opt-in, not because that's the way BT want it but because 'the regulator' says so. Now how many people are going to opt-in to a scheme that spies on their browsing habits and then throws more ads at them? Not very many IMO and those that do so will only be potential purchasers of masochist gear and straitjackets.

Webwise is only for BT Home customers. BT Business Broadband is not part of the system.

I was categorically told that by BT. But then, back in July 2007 I was categorically told by them that there was no testing of 121media / Phorm going on.

Can anyone trust them?

As for how many people will opt-in that will depend on the question they put in the consent box.

Remember, the whole benefit for users of Webwise is that they get a super-duper anti-phising tool to protect them from all the nasty websites out there.

If the question is framed in such a way that Joe Punter thinks he's getting something for nothing then the opt-in rate could be better than the 10% now expected.

I currently see three options to counter this thievery:

1. Block all IP-ranges from ISPs who implement this. Redirect users to a page that tells them 'this service is unavailble to customers of your internet service provider'. Explain your potential user what is going on and how they can improve their own internet experience (ie. switch ISP)

2. A massive class-action lawsuit on behalf of all webpublishers.

3. All get a certificate and go SSL

Block all IP-ranges from ISPs who implement this

To re-iterate, it's a cookie based system. Many users of the ISPs will not opt in (or 'opt in' to opting out, depending on how they want play it), so IP-based blocking is not a very effective option.

I guess that makes it easy to detect; if not through foreign cookie handling, then through page hashing. Redirection could then occur selectively, so that only those who opted in (likely unknowingly through some obscure line in the TOS) could be redirected to our 'not for you'-page. Ofcourse, SSL is a viable option in any case, given that ISPs don't tap into secure streams. This might affect hosting providers though, since server load will increase as a result of en/decryption.

I must say, this development is both deeply disturbing and thought-provoking at the same time.

Don't forget that it has not been confirmed yet that not opting in means that the none of the users traffic gets Phormed.

Originally not opting in only meant that the user was not protected by the Webwise phising tools and would not receive the targeted ads. His traffic was still to be processed by Phorm so your pages will still be processed if a BT user (opted in or not) visits your site.

Phorm have created a procedure for webmasters to ask for their sites to be excluded from all Phorm processing but I would advise not to do that.

You have to write in with the domain name and proof of ownership. That has it's problems itself but the main reason for not doing this is because it is forcing us web site owners to have to opt-out our sites.

If Phorm want our sites to be used for their marketing they should ask us to opt-in our sites.

By the way: If google doesn't get its share of this bargain, it's likely going to hunt this down till it crashes, burns and rests in its ashes. I'd like to see what happens when google bans phorm-users for replacing adwords ads on the SERPs.

We need to take an active stand againts this. From reading here there are 3 suggestions already on how to fight this spyware (cause that's it trully is):
* generating a hash of the page you server and use this hash to see if it was changed (not sure if this can work, won't AdSense and other 3rd party generated content on your page break this?)
* use gzip compression (sounds good)
* detect webwise cookies and act on their existence (the question here is, HOW to act)

Now, I haven't tested any of this, but someone with a large website and a substantial number of users in the Uk should try this, and then create a post with suggestions on how we should react. Thanks in advance.

Check out the Dephormation extension for Firefox.

That's the user end catered for already.

If you do check it out do so within the next few hours!

Later today the creator is suspending it in protest at today's ICO announcement.

The head of the ICO Richard Thomas has to resign for this latest announcement. It is beyond fantasy.

[pcpro.co.uk...]

[edited by: encyclo at 1:02 am (utc) on June 10, 2008]
[edit reason] fixed link [/edit]

That is outrageous. We haven't heard the last of this.

Hmmm, the Wiki page is currently unavailable,

<snip>

I'm imagining BT have bullied them sufficiently into removing the content, anyone here copy it?

There is one simple answer to this: everyone boycot the ISP's involved, currently BT, Virgin and TalkTalk.

It should be fairly easy to make a JS/CGI page validation system with something like Perl, based on a hash of the page. You could have a JS file that calls a CGI script on your server, that returns a hash of the calling page (use the referrer string). The JS then compares that with a hash of the actual page.

Something like that anyway, I'll have a think.

[edited by: engine at 4:14 pm (utc) on June 12, 2008]
[edit reason] removed broken link [/edit]

You could try the same url but at .org instead of .be

ok, I found a copy on another site, if anyone needs it let me know; it's 17Mb.

[edited by: lawman at 12:03 pm (utc) on June 12, 2008]

Ooo even simpler, an advert will always be attached to a link right, so the validation could simply use the DOM to count the A tags, and validate with the server.

guys, i work for virgin media and this phorm program isn't going down so well. People don't want phorm tracking what they do on the internet as what they do is there business. I can tell you virgin are still deciding weather or not to use it so its not final.I'm in the complaints department and we've had huge amounts of complaints about it. by the way its optional customers don't have to use if they don't want to. i'll post more as i find out

Article confirming above post...
[theregister.co.uk...]

EU tells UK to "sort it out or we will"...

[theregister.co.uk...]

More good reading regarding the protest at the BT AGM.

[nodpi.org...]
[dephormation.org.uk...]