Bad Behavior

This month’s bad behavior pick is a subject that has been stirring up heated controversy about online advertising and privacy – Phorm. Keep reading for more information so you can weigh in on the debate.

Understanding the Threat
With the Phorm debate, we’re dealing with what many users and privacy advocates consider a privacy invasion – user behavior being monitored, by default, at the Internet service provider (ISP) level for marketing purposes.

What is Phorm? Phorm Inc., formerly known as 121Media, is an online marketing company that is trialing a new system in the United Kingdom to target relevant advertising at participating Internet users.

Participating UK ISPs, which currently include three of the UK’s largest providers – Virgin Media, BT and TalkTalk – are set to deploy this system at the ISP level. Therefore, if all goes as Phorm planned, anyone using these providers would be subject to this service unless they opt-out.

The Bad Behavior
Phorm targets its advertising based on your browsing history, which it gathers from your ISP. In other words, as a Virgin Media, BT or Talk Talk customer, your browsing history, by default, will be sent to Phorm in order to feed you targeted advertising. This differs from the way a program like Google’s advertising works, as its advertisements are based on the content of the page viewed; Google does not use browsing history unless users specifically opt-in. Phorm’s method of being opt-in by default is considered highly suspect.

As stated in our Lavasoft Research blog, in an in-depth post on this subject, “User behavior is being monitored and the quality and reliability of choices available to the user in opting-out is questionable. One could argue that people are being used as subject for cheap, real-time market research.”

What information is able to be seen? According to Badphorm.co.uk, a site dedicated to setting the facts on Phorm straight, “Phorm doesn't just see the URL of every page you visit, they see the entire content of every single web page…they can read your mail if you use most types of webmail, view all the posts you make or read on web forums, obtain the content of most webforms you complete, in fact just about anything you do on the web that is not encrypted can be hoovered up by Phorm.”

While Phorm maintains that its system’s privacy controls are sound, privacy advocates have protested this gathering of information, and critics maintain that the program violates data protection laws. As this controversy has heated up, the European Information Commissioner Office (ICO) has stepped in with a warning to Phorm. European data protection laws demand that users must choose to enroll in Phorm’s controversial proposed system, according to a recent BBC News article.

Winning Strategies
While the ICO is set to monitor the trials and rollout of the Phorm system, as a consumer, learn more and decide for yourself as the issue unfolds. Keep in mind, Lavasoft cannot do anything to detect Phorm’s products; this new system is set to be deployed at the ISP level.

If you do not want this service, it’s up to you to contact your ISP to make your voice heard. With that said, our Lavasoft Research team is keeping a close eye on how Phorm’s system evolves. Check the Lavasoft Research blog for updates on this and other privacy and security concerns.