SUMware
Premium
join:2002-05-21
| Anti-Spyware Coalition Probes Data Pimping (Phorm, NebuAd)
From The Register
25th April 2008 - said by TR :
The Anti-Spyware Coalition has launched a review of Phorm, NebuAd, and other behavioral targeting firms that track user data from inside the world's ISPs.
Today, the ASC - a collection of anti-spyware companies, academics, and various consumer advocates - announced a new internal working group to decide how Phorm and the Phormettes will affect the organization's overarching policies on spyware.
These policies serve as guidelines for the leading anti-spyware apps. "We update our documents when a new potential threats and new potentially-unwanted technologies emerge," says Ari Schwartz, the vice president and chief operating officer at the Center for Democracy and Technology, which first organized the ASC. "Some [anti-spyware companies] have said that behavioral advertising is a gray area when it comes to the ASC definitions. And if some people think this a gray area, it's something we need to look at."
Through partnerships with ISPs on both sides of the Atlantic, companies such as Phorm, NebuAd, and Front Porch track search and browsing activity in an effort to target online ads. Phorm and NebuAd serve up ads on their own, while Front Porch licenses its data to third-party ad networks.
In some cases, anti-spyware tools already flag the ad-server cookies laid down by the likes of Phorm and NebuAd - as well as cookies used by Front Porch partners. The big question is how the cookies should be flagged.
"We need to go into detail on how the consent factors work here. Does someone clearly know they're being tracked or not?" Schwartz says. "We must determine what level of risk is tied to these things."
All three of these behavioral ad firms insist the data they collect includes no personally identifiable information. But it's unclear whether users are properly notified before these services are turned on.
NebuAd says that ISP partners are required to "directly notify" users via letter or email, but this hasn't always happened in the past. In some cases, Front Porch notifies users with a conspicuous in-browser message. But in other cases, it does not.
Phorm hasn't officially rolled out its service, but it has agreements with BT, Carphone Warehouse, and Virgin in the UK (though Virgin insists this does not mean it will actually use the service). Carphone has said it will ask for user consent before turning Phorm on, but the others have not. In 2006 and 2007, Phorm conducted trials on BT's network without telling customers diddly.
Other operations that appear to be working on similar services include a Bay Area company called Adzilla; and Project Rialto, a "stealth company" created by Alcatel-Lucent, but these firms have not responded to our interview requests.
|
|
Mele20
Premium
join:2001-06-05
Hilo, HI
edit:
April 26th, @05:06AM
| Why would The Anti-Spyware Coalition need to launch a review? Obviously they do not understand ANYTHING about Phorm and the others! If the Coalition is that ignorant I really fear for USA users.
"We need to go into detail on how the consent factors work here. Does someone clearly know they're being tracked or not?" Schwartz says. "We must determine what level of risk is tied to these things."
There is NO CONSENT! The cookie issue is completely irrelevant...don't they even understand that basic simple fact? God, they have to be educated really fast otherwise I guess I will be giving up my computer because if Road Runner signs a deal with Phorm (or any of them) I will not stand for ALL DATA FROM MY COMPUTER being tracked ALL THE TIME NO MATTER WHETHER I OPT OUT OR IN. The damn hardware is Man in the Middle Physical Attack on ALL COMPUTERS ON THE NETWORK that has installed the hardware. There is no escape. The cookie stuff is irrelevant. It doesn't make any difference if you opt out. You are STILL TRACKED ALL THE TIME and your browser is still hijacked on every request it makes and redirected to a Phorm server in Russia. Trick code is still inserted into your browser. Opting out only means that you won't be served specialized ads. Opting out does not mean that Phorm will not track all data from your computer, build a profile on you and sell it.
There isn't anything for the Antispyware Coalition to decide. There can be NO middle ground. Phorm must be condemned in EVERY RESPECT. Phorm is highly invasive of the user's privacy and opting out does not in any way protect the user's privacy. The Antispyware Coalition should have immediately issued a public statement CONDEMNING ANY ISP THAT ADOPTS this hardware. What good is the Antispyware Coalition if they have to "study" this when there can be nothing more invasive of privacy than an ISP turning on Phorm?
How can the AntiSpyware Coalition be so NAIVE? They should already know a great deal more about this than I do. Yet, it appears they know nothing. That is extremely frightening and depressing.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Smokey Bear
veritas odium parit
Premium
join:2008-03-15
netherlands
edit:
April 26th, @07:55AM
| said by Mele20  How can the AntiSpyware Coalition be so NAIVE? They should already know a great deal more about this than I do. Yet, it appears they know nothing. That is extremely frightening and depressing.
: Take a look at the ASC Member List and make up your mind.
I have a negative judgement about that organisation. 
--
Smokey's Security Forums »www.smokey-services.eu/
Smokey's Security Weblog »smokeys.wordpress.com/
ASAP Site Member »asap.maddoktor2.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to SUMware
Hi Guys and Gals,
Do not be so hasty to throw the baby out with the bath water.
Be advised that in the "Advertising Industry"...
The Business Model states the consumer is not a CUSTOMER they are considered to be PRODUCT.
An "Adware Coalition" is not pratical since you can't control other players.
That is why to me Anti-Spyware Coalition make sense.
In the end the USER will Rule.
For instance Etrust certifies at the application level and not at the company level which is a step forward.
Now I will agree that to date, if you just took a quick review of the documents they have put out today you would never be impressed.
»antispywarecoalition.org/documents/index.htm
But if you looked at some of the EVENTS they have had you might be changing your minds on a fews things.
»antispywarecoalition.org/events/index.htm
That said..I have always had an appreciation in this DSLR Security Forum for Mele20's keen eye and knowledge..so IF ANY of you have the desire to know more about what they are really doing..spending 50 minutes listening to this very good session will help.
11:00 am – 11:50 am Panel: Shades of Grey – Can Self-Regulatory Efforts Help Bring Clarity to Advertisers, Consumers, Software Makers and Anti-Spyware Companies
Moderator:
Jules Polonetsky – AOL
Panel:
Bill Day – WhenU
David Fewer – CIPPIC
Jim Meem – PC Tools
Fran Maier – TrustE
Here is the MP3
»antispywarecoalition.org/events/···nel3.mp3
Here you can find others from that specific Event.
»antispywarecoalition.org/events/···enda.htm
BTW I read all their stuff..and have listened to almost all of the Event Session.
--
Gladiator Security Forum »www.gladiator-antivirus.com/
*
A fun/friendly/informative forum for the mature elder crowd
»www.theover50goldengroup.net
|
|
Smokey Bear
veritas odium parit
Premium
join:2008-03-15
netherlands
edit:
April 26th, @09:57AM
| reply to SUMware
To me this thread and content, Anti-Spyware Coalition, is an interesting read.
I can't agree with several arguments but it is a valuable discussion  |
|
Just Basics
join:2003-06-08
Painter, VA
| reply to SUMware
I'd say that they are about 2 years too late to join this party.
Are they really unaware that this has been an ongoing problem in the U.S. way before Phorm was introduced in Europe?
»www.lightreading.com/document.as···id=89020
BTW, Adzilla is based in Vancouver.
It will take government intervention and Network Neutrality laws to clean up the tubes that are already fouled by these advertising scumbags.
From a recent correspondence to my Representative regarding H.R. 5252 which would have in part provided the FCC with authority to ensure Net Neutrality:
"I believe it is always in the consumers' best interest to have choice and increased competition and I will continue to vote against legislation that would propose government regulation of the internet."
Notice she used the word CHOICE - without guidelines regulating the ISP's there will soon not be a choice available to us. Changing service providers will not be a choice especially when many are considering adding revenue streams to their service and you will not know when they are doing it.
As much as I hate to say it I believe that government intervention will be necessary so the consumer will always have a choice when using the internet.
If one wants to see content target ads there is nothing wrong with that as long as they have the choice to decide that for themselves and not have it force fed to them by ISP's and network providers. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
 ·RoadRunner Cable
| reply to SUMware
What would happen with one of these "services" in place, if you used a firewall rule to block redirects, and set your browser to not accept automatic redirections? I tried it, and yes, browsing was a pain in the neck, but it could be done. I haven't seen any evidence that my ISP has done this yet, so my little test is pretty meaningless. The paper SUMware linked on a similar topic about Phorm indicated that they were duplicating your traffic to accomplish the data gathering. |
|
SUMware
Premium
join:2002-05-21
| said by mikenolan7 :The paper SUMware linked on a similar topic about Phorm indicated that they were duplicating your traffic to accomplish the data gathering. It's here: »www.cl.cam.ac.uk/~rnc1/080404phorm.pdf
The paper was revised 3 days ago. |
|
Just Basics
join:2003-06-08
Painter, VA
| reply to mikenolan7
You would have to block your own ISP. There presently is not a way to reach the internet when an ISP chooses to use these services in the U.S..
Even if your ISP does not subscribe to these services on their server you can still be affected if they subscribe to a larger network they go through where the software can be running on a remote server. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
·Sprint Mobile Broa..
·RoadRunner Cable
| reply to SUMware
There is the option of just becoming as ignorant as the originators of this practice. I believe that there was a Firefox extension that would just continuously make random http connections from your machine. Ugly from a bandwidth viewpoint, but sometimes you have to do things you wouldn't normally do to get someone's attention. Turn the GIGO factor on institutionalized spyware. It's not something I would resort to, but it is an option.
There are other ways to make the data worthless, without using excess bandwidth. Neighborhood wireless meshes with a randomizer for which internet link gets used are one possibility. Wouldn't be difficult to set up with cheap wireless routers and third party firmware. |
|
SUMware
Premium
join:2002-05-21
edit:
April 26th, @01:50PM
| said by mikenolan7 :there was a Firefox extension that would just continuously make random http connections from your machine. Ugly from a bandwidth viewpoint, but sometimes you have to do things you wouldn't normally do to get someone's attention. This one?
TrackMeNot
Protects users against search data profiling by issuing randomized queries to popular search-engines.
Unfortunately, it won't help here.
As stated before, this is an insidious wholesale hijacking of all user complete data streams, at indiviudal ISP and/or external net levels, apparently with no escape (at this time, anyway). |
|
