Bad Phorm

[Saracen]

But it is out in, if you choose an ISP that opts in. Such a change in contract and T&C would surely let you escape any contract.

If this scheme operates the way I understand it to operate, your data will be analysed if your ISP has their equipment installed. The opt-in or opt-out refers just to whether you get the targeted ads or not, not whether you data is being read and analysed or not. If that is the case, then to me it is utterly unacceptable.

Also no one has said how this is evil. Plenty of people use loyalty cards at the supermarket, for less than a 1% saving.

Plenty of people use do indeed use loyalty cards. But you have to apply for one, and then you have to present it at the checkout. It's the customers decision about whether to have their data analysed or not, and it's easy to change your mind at any time and prevent any future collection of data. Just get rid if the reward card and, if necessary, pay cash.

Also, I rather suspect that a lot of people have no idea of the degree of data mining that goes on with reward cards, and the depth and accuracy of the picture that that allows companies to build. It may well be that many people wouldn't use them if they knew. Obviously, some would, because they want the points, or cashback, or whatever. But that's their choice.

Personally, I do not have a reward card, and refuse point blank to have one. I quite cheerfully forego the few quid it would gain me in order to keep my buying habits out of the grasp of stores as far as possible. That is also why I pay cash the bulk of the time.

[Lucio]

Also, I rather suspect that a lot of people have no idea of the degree of data mining that goes on with reward cards, and the depth and accuracy of the picture that that allows companies to build. It may well be that many people wouldn't use them if they knew. Obviously, some would, because they want the points, or cashback, or whatever. But that's their choice.

However, with store reward cards the data is mined for both the store's and the customer's benefit. In addition, it's a pretty limited subset of data, which as you've pointed out, is voluntary to provide. In essence, it's the acceptable face of directed advertising, because it does help the consumer. For example, my last quarter's vouchers were used up all on one shop because they were all things that I buy regularly. When I first got a reward card, half the vouchers I recieved went unused.


The question becomes though, would Phorm be more acceptable if it attached a reward scheme or is the data they want to collect far too generic to be entrusted to any private company?

Secondly, what if the government had wanted to gather this level of information, with a privso that it only gets looked at if they have a court order?

[Salazaar]

If this scheme operates the way I understand it to operate, your data will be analysed if your ISP has their equipment installed. The opt-in or opt-out refers just to whether you get the targeted ads or not, not whether you data is being read and analysed or not. If that is the case, then to me it is utterly unacceptable.

As I understood it, it's the data-mining that's been deemed illegal and that it's that which should be opt-in.

The consumers currently targeted are to be those of Virgin Media, Talk Talk and BT; that sucks in millions of people most of whom have no idea that this Phorm thing is going on. The intention of this thread is to open eyes. If after opening your eyes you decide penny-pinching apathy is more important to you than preserving your civil liberty, go back to bed and sleep it off until it's all over.

I hate to spoil it for you Santa, but the general readership of sites like Hexus are completely aware of the concepts and methods behind Phorm. We're quite and enlightened user-base as far as that sort of thing goes. So ranting about it here only serves to highlight your oddly reactionary views.

And as far a reward cards go, has anyone considered that all online, catalogue and direct marketed shops everywhere have been doing things like this since year dot? Scan, Amazon, OcUK, Ebuyer, Microdirect etc. etc. Anyone who can correlate sales data with specific customers (i.e. all mail order) has done so in order to drive up sales. I was one of those bastards in direct marketing for a while, I spent most of my time ploughing through sales data trying to pick the most responsive sections of our customer database. Reward cards are just an extension of that, as applied to shop floor retail. If they really wanted to track us (and were prepared to break the law to do so) it would be increadibly simple to monitor by tracking credit/debit card numbers!

[Blitzen]

Which ISPs are using this then?
I have looked but cant find a list.

[Lucio]

Which ISPs are using this then?
I have looked but cant find a list.

According to the press release that I've seen on the register it's BT Retail (so BT Openworld, their Yahoo thingy and Plusnet), Virgin Media (cable and broadband) and Carphone Warhouse (TalkTalk)

[iranu]

Plusnet is definitely NOT included. It may well be owned by BT but it operates as a separate entity.

As far as PlusNet is concerned it's been confirmed that we aren't planning to implement any system like this, and I don't think any more input from us is needed is it?

By all means discuss this (as much as possible for me) on the community site, but in terms of the 'community support' forum it strikes me that this thread has run it's course?

Ian

Phorm | Community Site

[Nickg]

can the technology just be leveraged at provider level, ie if BT implements it then all traffic over BT's network will be exposed to these companies, regardless of whom you actually pay the bill too, i.e Plusnet, Tiscali or whomever.

Similarly with cable, if Virgin implement it its game over.

[Saracen]

However, with store reward cards the data is mined for both the store's and the customer's benefit. In addition, it's a pretty limited subset of data, which as you've pointed out, is voluntary to provide. In essence, it's the acceptable face of directed advertising, because it does help the consumer. For example, my last quarter's vouchers were used up all on one shop because they were all things that I buy regularly. When I first got a reward card, half the vouchers I recieved went unused.

The essence of the store card is that it's not foisted on every customer, whether they want it or not. It's simple to avoid.

As for whether the data mining is for the customer's benefit .... well, I guess that's subjective. The customer does benefit, but I'd argue that that is a byproduct, a necessary bribe to get people to use them, and not what it's for. But nonetheless, the customer does benefit. And that's fine with me, because it's entirely opt-in .... even if the implications of opting in aren't spelt out.

But that is precisely why store cards are not analagous to Phorm.

If Phorm works the way it's being said it does, it gives Phorm the ability to datamine EVERYTHING you do on the net. They can analyse DNS data and see what sites you go to, they can read emails, andthat isn't only emails sent by you, but those to you, too. And the person sending that email out has no idea if it's being Phormed, and absolutely certainly hasn't consented to it. It will even analyse IM sessions.

Supermarkets don't get the right to stand just outside your front door and intercept and open your personal mail, do they?

The reward card thing is a red herring. It's an entirely different concept to what's being proposed. If someone wants to sign up for a reward card, give the company their data and get their points or pounds in return, that's entirely legit. The consumer is made an offer and accepts. Or not, as he/she wishes.

You choose to accept. I choose not to. I have no problem with reward cards except that the true capabilities of data mining aren't commonly understood. But still, it's a choice for the individual.

The question becomes though, would Phorm be more acceptable if it attached a reward scheme or is the data they want to collect far too generic to be entrusted to any private company?

Not to me it wouldn't. There are no circumstances under which I'd find it acceptable for my data to be passed through Phorm, and I quite literally don't care what size bribe they offer. The answer is no.

But I'd have no real issues with Phorm doing what they do PROVIDED the consumer gets the choice to opt in, and I mean genuinely opt in to having their data passed to Phorm at all. A system that allows the consumer to opt out of having the ads delivered, but still gets their data analysed is as unacceptable as the one where you get the ads. It is not the ads that are so pernicious, it's the unauthorised passing of my data to Phorm, and it's subsequent analysis. I'm as likely to agree to that analysis by Phorm as I am to invite then to install a CCTV camera in my bedroom. In other words, hell will freeze over first.

And yes, the data they stand to collect is far too generic, but it's that they collect it (or are sold it by my ISP) at all without my explicit consent that gives me a problem. If you want to sell it, or allow your ISP to sell it in return for some bonus given to you, that's your decision - providing they don't sell mine too, not only without my permission but expressly against my adamant wishes.

Secondly, what if the government had wanted to gather this level of information, with a privso that it only gets looked at if they have a court order?

I would not be happy about it at all, but it wouldn't necessarily stop me using the net. Phorm might well stop me using it, or at the very least, curtail it VERY significantly.

But again, it's a different scenario. I rather suspect that governments already can gather much or all of this data, and probably more, if they wish. That is, if Echelon is anything like as capable as it's believed to be. But the back end to that is very different. The motive isn't pure profit, and the ways in which the data is used, or stored and analysed, are likely to be very different. I assume the objective is to focus on items of specific interest, such as crime, terrorism, etc. Then again, maybe that assumption is naive. But even if so, it's one thing a government doing it, and another thing a private company selling that sort of data about me to another private company for pure greed.

[Saracen]

As I understood it, it's the data-mining that's been deemed illegal and that it's that which should be opt-in.

No, absolutely not. I mean, that's not what should be opt-in.

It's not the mining, or not just the mining. It's the data interception. That is what should be opt-in. A user's data should not go anywhere near Phorm unless that user consents to the process.

Let me be clear what I'm saying :-

1) Acceptable. Some scheme where the user consents to Phorm, and their data is then diverted, datamined, etc. That consent might be because the user is somehow rewarded (like a store reward card), or just wants targeted ads. Some people do like targeted ad's. That's fine.

2) Unacceptable. An ISP installs hardware that diverts ALL customers via Phorm, who then do their thing, record and capture, datamine, etc, where the consumer has not given full, explicit and informed consent. It is absolutely not, in my opinion, acceptable to intercept data, divert it to Phorm, who then analyse it if the customer has not opted out, or only if they have opted in. In other words, if there is an opt-out, it MUST be at the ISP stage, and unless full informed consent is given, customer data does not go anywhere near Phorm.




I object to my data being intercepted and diverted to this (or any similar) company, absolutely regardless of what they do with it. I don't want it captured and diverted in the first place. The mining only occurs after the interception.

That's the acid test for me - do Phorm get to see my data. It is not acceptable that they do, unless I, as the customer, have agreed .... and as I said, I mean full, explicit and informed consent.


I have no idea what has been "deemed" illegal. As far as I can see, so far, nothing has. Various bodies have given opinions about that, but that is all they are - opinions.

[Saracen]

can the technology just be leveraged at provider level, ie if BT implements it then all traffic over BT's network will be exposed to these companies, regardless of whom you actually pay the bill too, i.e Plusnet, Tiscali or whomever.

Similarly with cable, if Virgin implement it its game over.

Which is why I talked earlier about giving up net use completely, or limiting it to anonymous usage, like the local library or net cafe.

Or perhaps starting up a company offering a service whereby my customers connect to an ISP via an anonymising service. Phorm can't datamine you if they don't know who you are. There's a business opportunity here, and if enough people agree with my viewpoint, BT, Virgin etc will pay a price for their arrogance.

[pauldarkside]

Let me be clear what I'm saying :-

1) Acceptable. Some scheme where the user consents to Phorm, and their data is then diverted, datamined, etc. That consent might be because the user is somehow rewarded (like a store reward card), or just wants targeted ads. Some people do like targeted ad's. That's fine.

2) Unacceptable. An ISP installs hardware that diverts ALL customers via Phorm, who then do their thing, record and capture, datamine, etc, where the consumer has not given full, explicit and informed consent. It is absolutely not, in my opinion, acceptable to intercept data, divert it to Phorm, who then analyse it if the customer has not opted out, or only if they have opted in. In other words, if there is an opt-out, it MUST be at the ISP stage, and unless full informed consent is given, customer data does not go anywhere near Phorm.

Agreed completely. The process of a third-party filtering unencrypted data (the data in which Phorm are interested in) without my explicit consent is unacceptable.

One question I do have, would Hexus, for example, have its adverts automatically replaced by a participating ISP thus effecting the revenue it generates from them?

[sammyc]

I hate to spoil it for you Santa, but the general readership of sites like Hexus are completely aware of the concepts and methods behind Phorm. We're quite and enlightened user-base as far as that sort of thing goes. So ranting about it here only serves to highlight your oddly reactionary views.

can i just say again, not all of us. i'm here to be enlightened, so the more discussion of this sort the better as far as i'm concerned. it's not about whose views are odd and whose aren't - i'd like to read everyone's views if it helps fill out gaps in my knowledge. i don't have to take those views on board but rather they were here than just have it presumed we're all up to the same speed.

[Salazaar]

It's not the mining, or not just the mining. It's the data interception. That is what should be opt-in. A user's data sshould not go anywhere near Phorm unless that user consents to the process.

Sorry, I used the wrong phrase. As I understood it, it's the interception that has been ruled illegal by FIPR without an explicit opt-in system.

There's a business opportunity here, and if enough people agree with my viewpoint, BT, Virgin etc will pay a price for their arrogance.

Hence my earlier point about market forces, it'll only take one or two non-Phorm ISPs and a smattering of marketing to tip the balance away from the big three. If they did loose a large number of customers over the issue they would inevitably dump Phorm - Balance restored.

[Salazaar]

can i just say again, not all of us. i'm here to be enlightened, so the more discussion of this sort the better as far as i'm concerned. it's not about whose views are odd and whose aren't - i'd like to read everyone's views if it helps fill out gaps in my knowledge. i don't have to take those views on board but rather they were here than just have it presumed we're all up to the same speed.

My point was that Santa hasn't actually put forward any view yet (or at least none backed up with any information), all he's done is spout a great deal of sensationalist hysterics which wouldn't be out of place in a tabloid hack rag.

Phorm is bad, it's a nasty, dirty way of doing business.

But it is a business, it will be subject to market forces and it won't be forced on us without any kind of recourse. It certainly isn't going to erode our civil liberties or bring about the end of society. And I rather object to being called penny pinching or apathetic because I'm a realist rather than a sensationalist.

[Salazaar]

Agreed completely. The process of a third-party filtering unencrypted data (the data in which Phorm are interested in) without my explicit consent is unacceptable.

One question I do have, would Hexus, for example, have its adverts automatically replaced by a participating ISP thus effecting the revenue it generates from them?

I think the idea is that they'd sell ads in the same was any other company does, Phorm targeted ads would only appear on site which actually use them rather than Google, Adtech or whoever.

[sammyc]

My point was that Santa hasn't actually put forward any view yet (or at least none backed up with any information)

i don't disagree with you there - as i say i'm not here to imbibe anyone's view, just interested to see the subject raised at all. i'm screening out all the accusations of penny-pinching (obviously not so easy if they are aimed at you..) & just following the topic, at worst i'll know fractionally more than i did to start with.