Google

Thursday 30 October 2008

How to Disable Phorm

I looked at Phorm in February and again in June, but not really wearing my consumer hat. Now I have an unwelcome opportunity to do just that.

You see, I'm a BT broadband subscriber with multiple users at home, some of whom may not be all that, ahem, technologically inclined. So I'm a bit paranoid that, while I'm not aware of having been asked or consented to using Phorm (branded "WebWise"), other users may have inadvertently switched it on in the course of a BT trial.

Why I am paranoid? Well the service is basically designed to track the browsing habits of all users of the broadband-connected PC or laptop and use this to send more targeted advertising, so that BT and Phorm can make money out of you. But I don't just "browse", I research stuff, work and look after my financial affairs. Other users in the house from time to time will do the same. I don't want this stuff tracked, scanned or whatever else Phorm or BT plan to do with it. And I don't want to be pestered by ads, especially ones that may have nothing do with my real interests. I don't consider that I have a relationship with BT when I use my broadband to access the internet. I permission or de-permission cookies or accept marketing bumph from each of the site I'm happy to deal with. And so on.

I've now done what any good consumer should do. I've looked at the BT WebWise site and even the audit report from Ernst & Young (the mere fact that an audit report is felt necessary chills me to the bone). While these purport to tell me what Phorm is or isn't doing, it doesn't explain BT's role or the data it has access to and retains, or what BT is getting out of using Phorm. The BT terms and conditions (clause 18) aren't exactly encouraging on this point. In fact they are so lacking in material information that they deserve further consideration in light of the Consumer Protection from Unfair Trading Regulations 2008 (which I perhaps rather hastily lampooned - but hey, if they're there, use them). The killer is that the mere presence of this unwelcome "service" casts on me an obligation to constantly police my own computer and all its users to ensure that we're opted-out and remain opted-out. It would be too much to hope that the anti-virus software providers will create a Phorm-killer.

Let's be clear. BT needs to persuade me, as its customer, to opt-in to taking this additional "service". It's not for BT to use my broadband connection to build relationships with people who aren't the accountholder, and get me to police their opt-in/opt-out. It must be BT's problem to ensure that if I don't opt-in (or if I do, but opt-out later) that the effective opt-out works for everybody on my connection all the time.

And to have any chance of persuading me to opt-in, BT must specify in more detail the nature of the data that will be obtained, all the proposed uses of that data, what I am going to receive in return (and don't say targeted ads - show me the reduction in the price of broadband to reflect your opportunity to gain ad revenue), and how I can opt-out and have that data deleted. From a personal standpoint, the "WebWise" service doesn't go far enough in this regard for me to trust it. Nor should the current level of disclosure be enought for BT to be able to claim they have my consent to thing under the Data Protection Act - I simply don't consent, anyway.

So, not trusting BT on the particular issue of how to stay opted out, I did a quick Google search hoping to learn how you would really know that you were not signed up, and how to switch it off completely. No luck.

The Register, which has done a lot of digging on Phorm in the past, and got a very concerning post from Chris Williams on 3 October. According to Chris' discussions with BT, they seem to track your usage whether you're opted in or out... so they can record whether you have opted in or out. You then simply have to trust that they won't sell or otherwise use your data to get extra ad revenue, fall victim to organised criminals, or allow the authorities to mash it with the Communications Database (you'll recall that the UK government has been particularly supportive of Phorm).

All the technical detail is in Richard Clayton's excellent piece on Phorm. His research suggests that you can add the Fraud Act, Computer Misuse Act and the Regulation of Investigatory Powers Act to your reading list before deciding whether or not to sign up to WebWise. And even intellectual property rights owners have a serious set of bones to pick, as Nicholas Bohm and Joel Harrison have fulsomely discussed in their excellent September article for the Society for Computers and Law. But none of that is going to occur to the average consumer, so why is the government not taking their corner instead of Phorm's..?

Who knows. For my money, it's time to switch broadband providers.

Speaking of which, I see that Orange is attempting to make a virtue out of not using Phorm.

7 comments:

Anonymous said...

As a self styled Pragamatist, why would you rely on thoroughly narrow viewed sources like El Reg - I wouldhave thought you'd seek your own truth not others - Chris W has slightly over reacted (due to a lull in intersting stories) and is rather inaccurate- Phorm won't track details of those who opt out - and certainly not sell the details on to organised crime! You'd have to be a little naive to think that private companies can sustain successful business with models like that!!

Pragmatist said...

Thanks very much for taking the time to comment.

My central point is that the truth is very hard to find in all this. El Reg has gone into the whole Phorm thing quite thoroughly, which is why I went there again. That post cites contact with BT and their terms and conditions. The piece makes a good point that I haven't seen cleared up.

I'm not suggesting Phorm, BT or anyone else involved would sell the details to organised crime, but that such concentrated repositories of data are more likely to attract attempts at unauthorised access to them. I've now clarified the wording there to mean that we'd have to trust they won't fall vicitm to such unwelcome access. As a result such repositories should be minimised, and I'm certainly not keen to find my details in any where I am entitled to have a choice.

The jury is very much out on whether Phorm's business model is sustainable or successful.

Unknown said...

You could get around Phorm with a proxy like

http://www.download.com/Hotspot-Shield/3000-2092_4-10594721.html

Makes the internet slower, adds ads and makes sites think you're american though.

Pragmatist said...

Thanks. Let's hope I don't get that desperate!

Of course, the Phorm community could come up with some reassuring messages as to why I should participate...

Anonymous said...

If you're in any doubt as to what Phorm's up to, look at their pages for 'advertisers' and 'partners'. The contents don't quite match up to what they'd have us 'users' believe. Have a search on 'Phorm' and 'patents' and you'll get an isea as to what they'd like to do with your data in the future.

As to Phorm's business model, check their share price.

Pragmatist said...

Ah yes, the vision, the vision ;-)

I agree the pitch to ISPs and advertisers is a good check on what the service is about. And if they believe the service solves a real problem for them, so be it.

A positive reaction from that crowd might well drive the stock price, and help raise capital. But as a check on the business model it's pretty meaningless without revenues and a clear path to profitability in a reasonable timeframe.

My concern is as a consumer, and that should feed into the ISP/advertiser benefit analysis. I can't see that Webwise solves a critical consumer need. I see no economic advantage to my using it. In fact, it creates a hassle for me, as the sternly-worded warning in clause 18 of the Ts and Cs points out. Claims of anti-fraud protection merely feel to me like a sugarcoating for something that is in the interests of the ISPs and advertisers for me to take, not mine. Therefore, I would expect that consumer take up should be fairly low, unless people activate it, or leave it activated, unwittingly. The wording of clause 18 suggests the risk of this has been judged by the lawyers to be quite high.

That's a real problem in itself, which perhaps they could solve. But as I suggested in response to a previous comment, a proportionate and direct benefit to consumers for giving up so much apparently valuable data might be free, or much cheaper, broadband. That might also alter the profile of the service from one of apparent exploitation to one of participation.

Now that would be more like Web 2.0.

Anonymous said...

http://hackaday.com/2008/12/21/tor-hardware-privacy-adapter/

Related Posts with Thumbnails