大象传媒

* The firm says the new meeting "follows on from last year where we engaged with the concerned, the curious and the enthusiasts".

* I was at that meeting and while there were plenty of the first and some of the second, I certainly don't recall any of the third group.

While I was not there, I have talked to several who were. The impression I got was that while Phorm were interested in engaging with the curious and any enthusiasts, their "engagement" with the concerned consisted primarily of dismissing their concerns as irrelevant.

Phorm still refuse to give any information on how web site owners can stop their content being scraped and used to profile the people who browse their sites.

Their stock response so far seems to have been that if you block search engines from your site then they won't scrape you, but if you want to let search engines in to help people find your site then you are giving consent for anyone to use the material. They did reluctantly say that if you could prove you owned a site and did not want it profiling then you could request it be removed from ever being profiled but frankly they've lied so much about things that I doubt that this really is something they'll do.

So in effect if you let Google in then you have to allow Phorm to "steal" your content - so they make money off your work. Comparisons to GoogleAds are disingenuous because if I run a website I get the money from the GoogleAds which are profile from MY content. If Phorm profile my users using my content then I do not get a penny.

Is it right for the content published on the 大象传媒 (which as licence fee payers we've paid for) be used to profile people to earn money for a third party? I'd like to see the 大象传媒 pursue this angle because its something that just gets ignored over and over again.

These guidelines seem relevant to the likes of Google and other "server side" trackers which rely purely on what they can learn from their visitors from what they do on affiliated sites, but seem wholly inadequate for ISP-based trackers, who can 鈥渟ee the whole internet鈥� (to quote an industry senior exec in the Washington Post last year).

The problem with ISP-based tracking is oversight over what the software actually does, not what the ad companies claim it does. Oversight to prevent backdoors and security exploits in what is a piece of software watching everything someone does online. These guidelines make no mention of the thorny issues of oversight and software validation for ad tracking software installed at the very heart of an ISP.

True, it may only store pseudonymous snippets of information, but even this could be useful to a blackmailer (interests: leather, underwear, toys, rubber, restraints, Swindon club). Just this list could be embarrassing to me if my wife received it. Even if ISP-based advertisers claim to avoid adult themes, the context is important. Leather is not adult, rubber is not adult, restraints could be any number of non-adult. Put them together, he presto!

Despite claims by some ISP-based ad tracking companies about the data being 鈥渁nonymous鈥� and stored against a 鈥渞andom鈥� cookie, all implementations I鈥檝e studied to date (3 from leading companies) actually link each profile to a single PC or to a hash of the connection identity (ISP account). So whilst the profile is not stored against a user鈥檚 real name and address, the link is there and could be followed given sufficient will. The data is not anonymous but pseudonymous: stored against a pseudonym as a basic means of protecting the individual鈥檚 identity. Nor is any cookie 鈥渞andom鈥�. Firstly on a technical point 鈥� must computers can鈥檛 generate truly random numbers, well not without specialist hardware (thermal noise or other quantum effect). But secondly whilst the user pseudonym may be assigned on a pseudo-random basis, the use of the word random by these companies is in my mind deliberate to create an illusion of privacy.

A second problem with ISP-based trackers is that they could actually be illegal under RIPA (Regulation of Investigatory Powers Act) unless they guarantee to filter out all private communications (email, Facebook chats, etc). But with new social networking sites being launched frequently and a myriad of private unencrypted web-based email services being used by companies, charities and hobbyists this type of filtering will be neigh-impossible. A further twist in the wording of RIPA is that it may be illegal even to look at the data stream for the purposes of determining whether it is something that you are allowed to profile 鈥� Catch 22!

Why there hasn鈥檛 been a prosecution or transparent investigation into the UK ISP(s) who may have used ISP-based tracking to date is beyond me, but the failure of the police and authorities to uphold the law may lead to a flood of companies handling extremely sensitive personal information without due care.

Let's see - recently on my BT Yahoo homepage, I started to get adverts which had only ever appeared on ONE other webpage that I visit.

I had never agreed to any Phorm style tracking system. I had never been asked if I agreed to it. And yet, adverts that I only ever saw on one website were now popping up elsewhere. I found this curious and checked for Webwise cookies. Lo and behold, I found them on my PC.

End result, one happy, new Sky Broadband customer who has a faster linespeed than BT said was possible.

That's the results of Phorm with BT and they had better make note of it!

How soon before the government use Phorm saying that web habits are a matter for national security? Yet they will do it on the quiet. Has any-one thought that the reason that the government says it is not a breach of civil liberties is to this end?

I have no problem with this, as long as my information is treated appropriately.

I'd far rather see adverts for something i would actually be interested in, than some of the inappropriate ads currently shown.

Why haven't Sky, the cable networks and BT sent demographic data about who is watching their shows?

I remember being shown ads for stair lifts and adjustable beds while watching Buffy the Vampire Slayer - surely a waste of advertiser's money.

These days with TV we record and forwardwind through the adverts. Very occasionally we'll rewind and watch an interesting one.

targetted ads should equal advertising things i might actually consider buying, and I want to see those ads. unfortunately i'm being shown so much irrelevant dross, i don't pay any attention to the others.

One year on and it is interesting to note that nearly 21000 people have signed the petition I created on the PM's website. The petition has stayed in the top 5 on the 10 downing street website for almost a year (today is the last day to sign up). I hope this shows that there are a lot of concerned people out there.

Those of us from the 'concerned' section are probably still no further forward. We still don't now if 'opt out' is really an opt out, or will they still monitor all of our web browsing, but just not send the adverts. We still seem to be dealing with a flawed cookie based opt in/out system whereby if you want to opt out you are required to have a cookie written to your machine, or modify your browser to refuse cookies from certain domains.

We are still no further forward in anyone coming forward to explain why we should trust a company like Phorm who have alledged past links with spyware/adware products and who seem to operate very aggressively with regards to threatening people with legal action. Not the sort of company I want to trust with my browsing habits thankyou very much,

"Is it right for the content published on the 大象传媒 (which as licence fee payers we've paid for) be used to profile people to earn money for a third party? I'd like to see the 大象传媒 pursue this angle because its something that just gets ignored over and over again."

A very salient point, given that the 大象传媒 have, I understand, recently had to admit that they were giving personal information including postcodes and IP addresses to Omniture, a behavioural targetting company based in the US, without permission.

Oddly enough, but not unexpectedly, I've not seen much coverage of the 大象传媒's apology about this episode amongst all the hostile coverage of behavioural targetting by 大象传媒 technology reporters. But you can read about it on the Register here:

At 12:30pm on 04 Mar 2009, Tidylenny wrote:

* These guidelines seem relevant to the likes of Google and other "server side" trackers which rely purely on what they can learn from their visitors from what they do on affiliated sites, but seem wholly inadequate for ISP-based trackers, who can "see the whole internet" (to quote an industry senior exec in the Washington Post last year).

* The problem with ISP-based tracking is oversight over what the software actually does, not what the ad companies claim it does.

The other thing is what the guidelines VERY carefully do NOT say.

What they say is:

* Consent. A company collecting and using online data for behavioural advertising must provide a mechanism for users to decline behavioural advertising and where applicable seek a consumer's consent.

Notice that there is ONLY a requirement to allow users to OPT OUT - not a specific requirement that they are given an informed choice and then have to OPT IN.

And notice too that there is only a requirement to let them opt out of the advertising itself - there is no suggestion in the standards that users should have any right to opt out of the data collection, still less that this should also be opt in.

This seems to me to be a magician's sleight of hand applied to OUR privacy.

If the industry cannot clean its act up beyond such abusive and misleading "standards", legislation MUST be passed to ensure that data cannot be collected in this way without explicit consent.

I am aware of the amount of data which can be collected on the internet and I am opposed to it. I would not willingly be involve with data collection of any sort.

Phorm believe it can "wrestle some power back from ad firms like Google and put it into the hands of smaller enterprises."

Now I'm no expert on this matter. I know little about the details of it. But don't Phorm make money from this? So shouldn't that statement read more to the likes of Phorm believing that power from ad firms like Google will actually be turned into the power of ad firms like Phorm.