I just e-mailed webwise

Story: Amazon and Wikipedia phactor Phorm out of the privacy equationTotal Replies: 5
Author Content
Sander_Marechal

Apr 22, 2009
5:32 PM EDT
I just sent webwise a not-so-nice e-mail demanding that they exclude all my domain names. I suggest that anyone of you who runs a website does the same. I also stated that I find it utterly insufficient that I have to opt-out and moreover that the only decent way of doing so is by e-mail. Using HTTPS, HTTP AUTH or blocking major search engines is not an option for most (if not all) webmasters. At the *very* least they should create a unique user-agent for phorm so that I can block then using robots.txt without also blocking googlebot and yahoo. E.g:

user-agent: phorm disallow: /

At the moment phorm excludes you only when you block googlebot, yahoo slurp or user-agent * with robots.txt. That's just plain insane. See http://www2.bt.com/static/i/btretail/webwise/help.html#how-a...
theboomboomcars

Apr 22, 2009
9:37 PM EDT
So Phorm is spyware installed on the server?

It seems that if spyware installed on a persons computer spying on them is illegal, having the servers they visit do the spying should be as well.
jdixon

Apr 22, 2009
10:30 PM EDT
> ...having the servers they visit do the spying should be as well.

As I understand current US law, It's a privacy invasion, but not necessarily illegal. That would depend on whether the owner of the server gave them permission or not. Note that under current law as I understand it (IANAL), the owner has to GIVE permission, they can't assume they have it and only let the owner opt out. Otherwise it's "unauthorized use of a computer" and would be illegal.

I'd like to point out that the very act of creating a web page and making the links therein available to the public via a webserver is an explicit "welcome mat" granting anyone the right to visit and peruse those pages. There is no other obvious reason to put the links on a publicly available webserver, so there's a reasonable expectation of that being the case. That's why pretty much anyone who understands the technology considers the suits against "deep linking" frivolous. If you don't want someone visiting a page available on a publicly accessible server, you need to take steps to make those pages unavailable except to authorized users. Something the equivalent of locking the door or putting up a no trespassing sign in the nonvirtual world..

Phorm is (in theory at least) doing far more than visiting and perusing, and therefore greatly exceeding the welcome mat mentioned above. The fact that you may be willing to let someone enter your home doesn't mean you want them to eat dinner from your refrigerator, take a shower, and take a nap in your bed while they're there.
caitlyn

Apr 23, 2009
12:21 AM EDT
I'm going to send a very carefully and not so subtle e-mail in the morning. Phorm is something that bothers me no end. I really believe we are getting to the point where privacy and privacy rights are a myth.
moopst

Apr 23, 2009
5:05 PM EDT
I have to admit I didn't know what phorm was, but based on what I could infer from the technical details I could find and based on this diagram on Wikipedia http://en.wikipedia.org/wiki/File:Phorm_cookie_diagram.png I've concluded that it's simply a man in the middle attack being done with the ISP's complicity. Apparently as 121media they were pushing adware / malware, now they're doing MITM.

You would think they might get a clue and stop spying on people.
Sander_Marechal

Apr 23, 2009
6:22 PM EDT
moopst: That's a complicated diagram. The dummy explanation is this.

Normal operation when you go to a website:

Request: user->ISP->internet->webserver Response: webserver->internet->ISP->user

The same with Phorm:

Request: user->ISP->internet->webserver Response: webserver->internet->ISP->Phorm->ISP->user

So, Phorm sees all pages requested by the user, can scan it for keywords, build profile data, read cookies, etcetera.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!