ISPs Make a Tidy Profit Selling Your Browsing HistoryWould you trust an ex-spyware firm with data privacy and PC security? ( old news - 03:15PM Monday Feb 18 2008) tags: business · privacy · world · networkingLast week we spoke to the CEO of NebuAD, a behavioral advertising company that uses deep packet inspection hardware on the ISP network to track your browsing activity, and provide ads more tailored to your interests. Techdirt directs our attention to a similar outfit over in the UK named Phorm which, like NebuAD, is insisting that their system maintains user privacy by converting user data into randomized numbers. Phorm has struck a deal with BT, Carphone Warehouse and Virgin Media -- who collectively comprise more than two-thirds of all broadband access in the UK. The International Herald Tribune guesstimates that British Telecom alone could stand to make $167 million in annual revenue from the new system in 2009. As Techdirt notes this, combined with traffic shaping, will likely result in a drastic increase in encrypted traffic (though users can opt-out of both NebuAD & Phrom's systems). Phorm makes additional promises about privacy and outlines the way their technology works here. Unlike NebuAD, Phorm is trying to take the creepiness out of their technology by also marketing it as a anti-phishing solution. This is also an effort to try and keep users from opting out of the service, though from first glance it offers no protection users can't get elsewhere: Webwise helps protect consumers from online "phishing" fraud by showing users a strong warning page in real time, before they reach the potentially dangerous site. . .Despite firewalls, antivirus and anti-spam programs, fraudulent emails continue to get through and create a threat to consumer security. With Webwise, the ISP adds a key layer of safety by warning users before they reach those sites. Interestingly it looks like Phorm used to be named 121Media. 121Media used to be in the Spyware business, with some loose evidence suggesting a possible former involvement in rootkits.
Related:- Will ICANN Scrap WHOIS Database?
- Swiss Bank, CA Court Censor Whistleblower Website
- Phorm Gets Proactive in Addressing Privacy Concerns
- Embarq: Selling User Browsing Data 'Empowers' Users
- Monday Evening Links
- Thursday Morning Links
- Friday Morning Links
- Thursday Evening Links
|
 |  | 
DaneJasper
Sonic.Net
Premium,VIP
join:2001-08-20
Santa Rosa, CA
clubs:
| Re: Just kill the cookies They track your browsing by intercepting every packet and seeing where it's going to/from - not using cookies. If your ISP imposes this on you, there's little you can do aside from participate in their "opt out" process (if you trust it).
-Dane | |
| | | baj475
join:2004-11-02
Chico, CA
| Re: Just kill the cookies said by DaneJasper  :They track your browsing by intercepting every packet and seeing where it's going to/from - not using cookies. If your ISP imposes this on you, there's little you can do aside from participate in their "opt out" process (if you trust it). -Dane Dane,
Can we correctly assume that Sonic does not impose this on its customers?
If it is used to provide "ads more tailored to your interests," as the article says, would not blocking the ad sites in my router defeat their stated purpose?
Robert | |
| | | |
DaneJasper
Sonic.Net
Premium,VIP
join:2001-08-20
Santa Rosa, CA
clubs: | Re: Just kill the cookies No, of course we don't. That's for big national corporations who care little about your privacy. 
-Dane | |
| | | | 
Karl Bode
News Guy
join:2000-03-02 | Re: Guestimate Someone needs a nap. | |
| | | 
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs: | Re: Guestimate said by Karl Bode :Someone needs a nap. ;) | |
| | 
DataDoc
Nilsson Schmilsson
Premium
join:2000-05-14
Greenville, NC | It's a perfectly cromulent word. | |
| | | james1
join:2001-02-26
antarctica | Re: Guestimate Your mastery of the English language Embiggens us all. | |
| | | |
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs:
 ·Embarq
| Re: Guestimate said by james1 :Your mastery of the English language Embiggens us all. "Let's face it. Some people have a way with the English language. And others ... well ... not have a way, I guess." - Steve Martin | |
| | 
Packeteers
Premium
join:2005-06-18
Forest Hills, NY
·Verizon Online DSL
| I actually work with electrical contracting estimators, and we use that word all the time to describe the gray area between an estimate and a guess, where an estimate is based on facts and figures known about a project, while a guess is nearly baseless in specifics about a project. thus a guesstimate is where many facts and figures are known, but not enough to rise to the level of being a credible estimate who's figures we can then use to sell a job to a customer. so guesstimate may be an annoying word for literature, or to deduct points on a high school essay, but it is still very useful back in the real world. | |
| 
en102
Canadian, eh?
join:2001-01-26
Valencia, CA | Who watches the watchers ? Since this company works in the background, and has full access to sniff and resell your traffic, who is going to ensure that these companies operate legit ?
Absolute power corrupts... absolutely.
--
Canada = Hollywood North | |
| |
Karl Bode
News Guy
join:2000-03-02 | Re: Who watches the watchers ? Yeah I really see no transparency here with either NebuAD or this UK outfit. I'm not sure who exactly will be confirming claims of privacy protection in an age where everybody wants their regulators blindfolded and toothless. | |
| | | amigo_boy
join:2005-07-22
Tempe, AZ
 ·magicjack.com
·EarthLink
edit:
February 18th, @04:30PM
| Re: Who watches the watchers ? said by Karl Bode :Yeah I really see no transparency here with either NebuAD or this UK outfit. I'm not sure who exactly will be confirming claims of privacy protection in an age where everybody wants their regulators blindfolded and toothless. To me this relates back to so-called wiretapping and amnesty. The government's not allowed to maintain a database of personal information about individuals. So, an industry has developed (Lexus Nexus, et. al.) to do it, and the government is their largest customer. Without it being governed by law, they lose data all the time, selling it to imposter businesses, etc.
I suspect that will be the same thing that happens as the government has a need to examine network "demographic" information using raw data they are prohibited from collecting. Industries like the one under discussion will pop up as long as there's money in it (serving the government as the largest customer).
Mark | |
| | | 
No to Phorm
@co.uk
| Phorm is NOT a UK outfit, it is registered in Delaware; the director is a Russian crook responsible for the 121 spyware rootkits, and the laughable so-called opt out will be processed on servers in China. The ISP will send every page you retrieve to them (content not just URL) including for example the text of any webmail you use or your facebook pages etc. | |
| | 
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| said by »www.phorm.com/user_privacy/no_pe···info.php : Phorm technology doesn't gather personally-identifiable information. It does not view any information on secure (HTTPS) pages, and ignores strings of numbers longer than three digits to ensure that it does not collect credit card numbers, phone numbers, National Insurance numbers or other potentially private information. It doesn't store IP addresses or retain browsing or search histories. In other words, they have the capability to easily capture all the data they claim it doesn't, but merely promise not to capture more than they say.
At this point, the invasion of privacy has already occurred. The claim that the 3rd party won't do any harm when it monitors all the customer's traffic does not redeem the original violation, when the ISP makes all the data (including "personally identifiable" data) available to a marketing company.
said by »www.phorm.com/user_privacy/no_pe···info.php :At first, Phorm's technology collects information on browser type, response to advertising, the URLs of some of the web pages viewed, and search terms entered. Neither URLs nor search terms are stored - they are discarded immediately. The matching information that's left is assigned to an anonymous, randomly-generated ID number. The random ID marks an anonymous list of the categories of products or services in which a user appears to be interested. This "ID number" may be all that's shown to advertisers, but the device at the ISP must necessarily match it with the ISP customer's IP address; there's no other way it could deliver ads selectively.
Websense/Phorm/OIX claims it's audited by a big accounting firm to verify it complies with its own claims about how limited its data-mining supposedly is. Never mind the conflict of interest in that it's Websense/Phorm/OIX itself paying for these audits. They'll wait until customers get used to it, then sooner or later there will be a notice from the ISP saying "Our clickstream maketing company has changed, please read the new Terms of Service" or "Websense/Phorm/OIX has changed its terms of service" or similar, and then they'll be data-mining everything, and you still won't have any competitor with better terms to go to.
It's going to take legislation to force ISPs to offer "pure" internet access. We need either a prohibition of the customer-exploitation schemes, if ISPs are to remain oligoipolies; or internet-access markets being forced open to competition so abundant that eventually fair terms will be available to the end-user.
said by »www.webwise.com/how-it-works/faq.html :How do I switch off Webwise?Simply go to www.Webwise.com and click Webwise Off. If you have several computers using the same internet connection, or use different log-ins or browsers, be sure to switch off Webwise from each one. What happens when I switch off Webwise?When Webwise is off, you will no longer receive warnings before reaching suspected fraudulent sites. Webwise will also no longer analyse any data from the web pages that you browse to see if there are better ads to show you. We’ll assign a new anonymous cookie on your computer to tell our system to ignore that computer. You will still receive ads in the normal course of visiting a website. So apparently the opt-out is based on a cookie. But a browser will send cookie data back only to the domain that set the cookie. This implies that the scheme works in the following way. Ad agencies sign up for Websense/Phorm/OIX service and have their ads placed through one of those domains; something in the ad scripts checks with Websense/Phorm/OIX. If the web surfer is on an infected (collaborating) ISP, Websense/Phorm/OIX will select an ad for the page based on the user's categories; otherwise the regular ad gets placed.
The following implies the above is correct. Apparently it depends on accessing certain domains:
said by »www.webwise.com/how-it-works/faq.html :I delete my cookies regularly, and I want to keep Webwise switched off. How do I do that?If you regularly delete your cookies and want to ensure that Webwise is permanently switched off, simply add [OIX.net] to the Blocked Cookies settings in your browser. Better yet, make sure nothing gets past your firewall to or from any variation of websense.com, phorm.com or oix.net, or any other domains these companies use. | |
| | | patcat88
join:2002-04-05
Jamaica, NY
edit:
February 19th, @05:04AM
| Re: Who watches the watchers ? There is no way in hell you will stop your packets from going through their servers. This is probably implemented as a transparent HTTP proxy that you CAN NOT disable, otherwise why would you need the cookie? They could just have a list of the customers/IPs that opt-ed out, couldn't they?
Time to colocated a server in a datacenter and VPN to it for privacy.
Edit: Your right this will get silently sneaked into TOS/AUPs eventually, and you won't be able to opt-out. If you don't agree, cancel your broadband account. T1s don't gave clickstream monitoring right (only because govt won't let a Baby Bell interfere with a T1, but one of these days T1s are going to be deregulated and then baby bells will be able to collect clickstream data, since instead of the govt's TOS/AUP, your now following the baby bell's TOS/AUP). | |
| 
gjrhine
join:2001-12-12
Pawleys Island, SC | . Does Phorm rhyme with porn? | |
| rodriro
join:2007-05-21
Palo Alto, CA
| ISPs Make a Tidy Profit Selling Your Browsing History Amendment 4. Search and Seizure
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated; and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
This amendment protects Americans from unreasonable searches and seizures. A reasonable search is defined as one authorized by a judge who issues a search warrant. A warrant is issued only if there is probable cause. This means that it is likely the search will produce evidence that a particular crime has been committed. A warrant must specify the exadt place to be searched and the things to be seized.
Courts have ruled that in some cased searches are permissible without a warrant. For example, courts have held that police may search a person who is under arrest. The Supreme Court has also upheld the right of police to stop and search a person if the officer reasonably concludes that the suspect may be armed. Furthermore, a warrant is not needed if a person freely consents to a search.
The Supreme Court has ruled that items discovered in the course of an unlawful search may not be used as evidence against the accused during trial for a criminal offense. This ban is called the exclusionary rule. | |
| | SilverSurfer
join:2007-08-19
| Re: ISPs Make a Tidy Profit Selling Your Browsing History said by rodriro :Amendment 4. Search and Seizure
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated; and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
That's really nice that you know what the 4th Amendment is and all, but if the telcos don't have to follow any laws when it comes to snooping, and they're just going to get retroactive immunity anyway thanks to their pets in Congre$$, then nobody else has to follow the laws, either. That's the beauty of having the funds to buy a Senator. | |
| | amigo_boy
join:2005-07-22
Tempe, AZ
·magicjack.com
·EarthLink
| said by rodriro :This amendment protects Americans from unreasonable searches and seizures. The Bill of Rights were originally intended as a bar against Congress only. This is instructional because the Founders weren't necessarily opposed to these things at the state or private level. Just at the Federal level.
It wasn't until 70 years later that the 14th Amendment *intended* to apply the BoR to state and private infringement. I emphasize "intended" because it wasn't for another 60 years that the Supreme Court began "selectively" incorporating the BoR into the 14th Amendment. Therefore, it wasn't reality until the 1920s, to the 1970s (depending on the clause of the BoR).
However, even after the 14th Amendment and 50 years of "selective incorporation" nobody would say that your consensual, contractual relationship with an ISP that chooses to inspect your packets is an "unwarranted search."
It might be bad. There may be reasons to lobby for greater regulation of ISPs. But, it's not a violation of your 4th amendment protection against unreasonable search.
Mark | |
| | | SilverSurfer
join:2007-08-19
| Re: ISPs Make a Tidy Profit Selling Your Browsing History said by amigo_boy :
However, even after the 14th Amendment and 50 years of "selective incorporation" nobody would say that your consensual, contractual relationship with an ISP that chooses to inspect your packets is an "unwarranted search."
Right idea. Wrong analysis. | |
| | | patcat88
join:2002-04-05
Jamaica, NY
| said by amigo_boy :However, even after the 14th Amendment and 50 years of "selective incorporation" nobody would say that your consensual, contractual relationship with an ISP that chooses to inspect your packets is an "unwarranted search." It might be bad. There may be reasons to lobby for greater regulation of ISPs. But, it's not a violation of your 4th amendment protection against unreasonable search. Mark Yep, you signed away your clickstream data by private contract. No govt can go there. If you don't like it, why did you sign up? No choice, boo hoo, start your own phone company/build your own internet. Can't do that? Not our problem. | |
| 
tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
·Verizon Online DSL
| History and Anti-Phishing I'm at a loss to understand how monitoring my browsing history will protect me from Phishing exploits. The last company I'd trust with protecting me from Phishing attacks is someone compiling information on my browsing habits to sell to the highest bidder.
I just want my ISP to deliver the bits.
1) I don't want them to protect me from objectionable material.
2) I don't want them to spy on me and provide my browsing habits to the government.
3) I don't want them to suggest which web site I may mean if I mistype a URL.
4) I don't want them to monitor download/uploads because it might infringe on RIAA/MPAA material.
5) I don't want them to prohibit VPNs on residential accounts because "that is business class usage."
6) I don't want third parties to compile information on me to inundate me with even more advertising.
Currently we are in the market to upgrade our TV and over-the-air antenna system, repair a 25 year old electric dryer, and install a while house sediment filter. Using the power of the Internet I have managed to find out what I need to know about all these items without someone looking over my shoulder.
/Tom | |
| | SilverSurfer
join:2007-08-19
| Re: History and Anti-Phishing said by tschmidt :Currently we are in the market to upgrade our TV and over-the-air antenna system, repair a 25 year old electric dryer, and install a while house sediment filter. Using the power of the Internet I have managed to find out what I need to know about all these items without someone looking over my shoulder. /Tom C'mon Tom...you know that's not nearly enough due diligencing...you need some middle man peering over your shoulder "selling" you on the FABs and injecting the FUD at appropriate junctures of the spiel.  | |
| | patcat88
join:2002-04-05
Jamaica, NY | Too bad. Start your own phone company or rent dark fiber and create a new internet, or get your party elected to 100% of congress. Can't do that? Too bad, were the govt. | |
| mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
·RoadRunner Cable
| Browsing History We can't stop deep packet inspection at our ISP's. But it is not difficult at all to stop ads from reaching our desktops. Kill the revenue stream, and you will kill this privacy intrusion. Use AdBlock, Privoxy, Proxomitron, etc. One of the few times that we can actually fight back. | |
| Mr Matt
join:2008-01-29
Eustis, FL
·Comcast
| Big Brother ISP is watching. No one seems to get it. Deleting your cookies does not help protect you from having your ISP or a third party, with the cooperation of your ISP, observe your surfing habits. Your ISP will keep a record of the IP Address you are assigned and when. If your IP address changes your ISP will keep a record your new IP address. That information combined with the URLs you select can be collected by a monitoring and recording system. The ISP knows who you are from your IP address and your surfing habits from feedback from their DNS Server. They now have a record of who you are and which websites that you have browsed. By-by privacy. By the way if you have Digital Cable and/or use a Cable Card your viewing habits can be tracked, down to what channel you view and when. | |
| | SilverSurfer
join:2007-08-19
| Re: Big Brother ISP is watching. said by Mr Matt : The ISP knows who you are from your IP address and your surfing habits from feedback from their DNS Server. They now have a record of who you are and which websites that you have browsed. By-by privacy. By the way if you have Digital Cable and/or use a Cable Card your viewing habits can be tracked, down to what channel you view and when. If you surf with Tor, methinks thou has no worries? | |
| | | 
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
·Comcast
| Re: Big Brother ISP is watching. said by SilverSurfer :said by Mr Matt : The ISP knows who you are from your IP address and your surfing habits from feedback from their DNS Server. They now have a record of who you are and which websites that you have browsed. By-by privacy. By the way if you have Digital Cable and/or use a Cable Card your viewing habits can be tracked, down to what channel you view and when. If you surf with Tor, methinks thou has no worries? Except running slow as molasses.
--
My BLOG .. .. Internet News .. .. My Web Page | |
| | | | patcat88
join:2002-04-05
Jamaica, NY | Re: Big Brother ISP is watching. What if the exit points of TOR are on ISP's that collect clickstream data? Although that info wouldn't be of much use, since it represents 100s/1000s of people that you can't do any statistical modeling on, since it looks like 1 person. | |
| | mikenolan7
Premium
join:2005-06-07
Torrance, CA
·Sprint Mobile Broa..
·RoadRunner Cable
| But just think how grand life will be when they call us to tell us it's time to watch our favorite TV show, with our own targeted commercials: "Mr. Matt, the GPS on your cell phone informed us that you are not now in front of your television. Please report to your living room, immediately, or we will be forced to add a non-viewer's fee to your next bill." | |
| | | patcat88
join:2002-04-05
Jamaica, NY | Re: Big Brother ISP is watching. Not far, not far. I expect one day soon to see a fee for not watching the TV, to offset the loss of impressions for locally inserted ads. | |
| | | diesector
join:2002-09-18
Austin, TX
| To carry this one step further, when you comply with the summons to watch your favorite show, the servers in the background have *already* determined which ads you'll be forced to view and when. Each viewer will get his own unique selection of ads to watch. If you step away from the TV, your GPS fone will skip the reminder to go back to the TV, but rather play the ads on its own beautiful LCD screen. Now *THAT'S* entertainment! | |
| | |
Oar Wellin
@co.uk | Damn you are sooo right about that Mike.The scariest thing is that there will still be a significant portion of the population that won't have a problem with that. | |
| |
batti
@rr.com | That's "Bye Bye", Privacy. | |
| | patcat88
join:2002-04-05
Jamaica, NY
| said by Mr Matt :By the way if you have Digital Cable and/or use a Cable Card your viewing habits can be tracked, down to what channel you view and when. They already do. Read privacy policies. It only covers personally identifiable information. If they make you only a number, they can do whatever they want with your information.
Also I have a feeling this system may start to change/insert new ads, Gator style. Except now pages will have floaters. Also NebuAd can partner with existing advertising networks, so that there is no "you replaced my ad and cost me the revenue from that ad" lawsuits. | |
| amungus
Premium
join:2004-11-26
America
clubs:
·Cox HSI
| those "poor" broke people... I mean, as if they aren't already making money like crazy from everyone's cable bill...
This should be illegal.
Question - how can you find out if your ISP is doing this? Any way to test for such things, or is it completely invisible to the user? | |
| |
See 8 replies to this post | |
garmst
join:2000-09-17
New York, NY
| What is this fuss? Me personally I just don't care what they compile. Aggregate data is personally un-identifiable. Even if they posted it to me personally I likely would not care. I have nothing to hide. Others I'm sure have PLENTY of things to hide.
If it is aggregated or abstracted let them do it. If they tie it to personally identify me then they run afoul of current privacy laws. Then attack them for violation of current privacy laws.
I don't begrudge them making a buck out of selling the info, profit is good. It may help defray service cost to myself.
Look, my credit card company knows virtually everyday where I go, when I do it, what I buy, how often I buy it. They share and sell this information as well.
The business world (private to an extent) gets a crack at looking at my credit records. Government public records show where I live and what I live in among other things.
The IRS get the motherload of information about my life every year at tax time. And they have the rights to go anywhere they please.
So, I just won't get bothered by my ISP telling someone I go to DSLREPORTS, DRUDGE (wow - I know that'll get some reaction!), GMAIL, and other long lists of sites.
OK, they'll see VOYEURWEB once in a while. I hope they get off on it better than I do! | |
| | patcat88
join:2002-04-05
Jamaica, NY | Re: What is this fuss? Be part of the machine. | |
| | | garmst
join:2000-09-17
New York, NY | Re: What is this fuss? We already are part of the machine. I enjoy turning my assigned cogs! | |
| | | | 
T1 Rocky
join:2002-11-15
Dallas, TX
 ·Time Warner Telecom
·ygnitionnet
| Re: What is this fuss? I have a question. What is competition like in England? Do users have the option of finding competition or is it like over here where you have either the telcos or cable company?
Also, how would the information have any value unless it's assigned to a user? Why would advertisers pay top dollar to find out 200 out of 1 million users hit their website and can't they already use this information with webalizer or any hit traffic software? I think I'm missing something... | |
|
Nebulous
@pacbell.net | Privacy Please! I don't like the privacy issue if my ISP wants to overstep it. This is a deal breaker for my relationship with my ISP. If they come up with a better solution that is free of cookies then I don't mind being fed localized ads on occassion. | |
| rfarmer
join:2008-02-01
New Albany, IN |  hay smart guys with big jobs and no brains
"anonymous proxy server" hello any one been living in the reality zone hello hello any one !!!! | |
| | rfarmer
join:2008-02-01
New Albany, IN | Re: hay smart guys with big jobs and no brains must be alone in this world with the solution think about it 40gb a week of 256bit encrypted crap to sort throw ow the misery they would face | |
| | rfarmer
join:2008-02-01
New Albany, IN | must be alone in this world with the solution think about it 40gb a week of 256bit incripted crap to sort throw ow the missory thay would face | |
|
thorne
@rogers.com
| who really cares meh.. personal data is everywhere, everyone gives it out willy nilly to anyone that has anything they want...
I say if these ppl are looking at every packet they should be obligated to monitor for hate propaganda, child porn/exploitation, etc..
let them provide some kind of service beyond 'phishing protection'
firefox + noscript + ad block plus + no persistant cookies except from whitelist = early 90's internet simulator | |
| | | |
|
|
Anti-phishing sales pitch a weak argument
Guestimate