Phorm and internet privacy

internet privacy

For about two years, in 2008 and 2009, Phorm's web snooping technology was one of the UK's biggest technology stories.

TalkTalk, Virgin Media and BT all signed up to use it and, in the case of BT, even went ahead without informing their customers.

In this guide we look back on the controversial company, into the future of Phorm and its new equivalents and ask: should we really be worried about internet privacy?

Phorm: the basics

Phorm are an amorphous international company selling targeted advertising. The general idea is that by directly recording browsing habits advertisers can sell more effectively.

In the UK, this service was called Webwise. The company has raised millions from investors to sell the idea worldwide, however, and, most recently, has succeeded in persuading ISPs in Brazil and Romania to sign up.

Phorm claim that their web monitoring tech could offer broadband providers a significant slice of advertising revenue and, potentially, decrease the price of broadband deals for consumers.

The company has also claimed that its steely eye could offer extra protection against phishing and other web security attacks.

How does Phorm work?

Phorm monitors online browsing and then puts viewed pages in their entirety into categories that correspond with advertising groups.

This is very different to, say, Google who also offer targeted advertising.

Whereas Google only targets based on the page that's being viewed (unless users have an iGoogle account) Phorm collates an entire browsing history, tracked with your IP address.

Why is it so controversial?

Phorm raised hackles right from the off: it was built out of an older company called 121media, a spyware provider.

121media's big targeted advertising programme ContextPlus was shut down in 2006 following a series of major lawsuits elsewhere in the industry.

Phorm's own controversies followed.

Opt out vs. opt in: The main criticism of Phorm, as it was planned to be implemented in the UK, was that it would be an opt-out service.

That meant that unlike iGoogle or similar programs the user has given no implicit or explicit consent to have their data monitored.

In addition, users that do decide to opt out of the service will still continue to have their browsing histories mirrored (stored) by Phorm, although the company wouldn't have any right to do anything with that information.

In the UK, many government officials and technology think tanks questioned the legality of an opt-out programme. In 2008, the independent body for protecting personal information - the ICO - stated that Phorm would only be legal as an opt-in product.

BT and Phorm: In April 2008, The Register revealed that BT had worked with Phorm and BT to conduct two trials of the technology on tens of thousands of customers during 2006 and 2007.

The trials took place without their broadband users' knowledge or consent and company documents that called the operation "stealth" showed that both companies knew that.

BT and Phorm parted ways in 2009.

In April 2011, the Crown Prosecution Service (CPS) finally confirmed that it wouldn't be prosecuting any parties for the secret trials.

BT's behaviour was "the result of an honest mistake or genuine misunderstanding of the law" CPS said, adding that no users had suffered loss or harm as a result of the trials.

Even so, though, the affair completely destroyed Phorm's reputation in the UK and led to it beating a retreat.

Reputation management: Perhaps the most memorable aspect of the Phorm affair was that while the company raised huge questions about online privacy it was also spectacularly (some would say suspiciously) poor at responding to the criticism it generated.

Top Phorm execs set up websites to tell their side of the story while simultaneously warning that critics claims were just, "designed to intimidate our partners and potential partners and drive down the stock."

The 'new Phorm'

Phorm no longer has an active presence on these shores and, with UK courts unwilling to legislate but privacy bodies no less angry for that, we can expect it to remain that way.

In January 2012 the European Commission (EC) closed its privacy infringement case against the UK in recognition of the UK's Governments updated stance on the EU's privacy laws.

But what about what Phorm is doing elsewhere? And are other companies now stamping over online privacy in much the same way?

Phorm now

In 2010, Phorm lost 27.9 million USD.

Amazingly, though, the company didn't make any revenue until early 2011 and, even then, only made 17,336 USD. You don't need to be maths whizz to see that doesn't add up.

Even more amazingly, investors continue to drink the Phorm 'Kool-Aid', allowing the company to raise even more millions based on its always optimistic profit predictions.

The company is very active in South America and, at the byline date of this article, was raising equity for a Chinese subsidiary.

Amazon Silk

Web connections on Amazon's Kindle Fire will connect via Amazon, speeding up the time it takes to retrieve web pages.

In the process, though, Amazon's cloud will record users' every move online in much the same way that Phorm did.

Amazon reserves the right to record URLs, IP addresses and MAC addresses and keep that information for 30 days, although Amazon claim that information is collected and stored anonymously.

TalkTalk Homesafe trials

In July 2010, TalkTalk was caught following its users round the internet as part of trials for what is now its HomeSafe security and parental control system.

TalkTalk denied that it was engaging in Phorm-like practices. "We are not interested in who has visited which site", a spokesperson said.

» Read more of the latest news

» Search for more guides on broadband and mobile

Follow us or subscribe for FREE updates and special offers