Phorm Did Track IP Addresses, Replaced Charity Ads With Behavioral Ads

from the how-nice-of-them dept

Phorm, the extremely controversial former adware company that reinvented itself as a behavioral advertising firm that would work with ISPs to look at your clickstream data and serve you special ads instead of the ones you were supposed to see, has been working overtime to defend its program as being perfectly legitimate and no risk to anyone's privacy. Of course, that's not satisfying many, as it later came out that, despite claims of openness, BT and Phorm had secretly tested the service without letting anyone know their clickstream data was being used this way. Even worse, after this news came out, BT and Phorm downplayed the test, only to later have it come out that it was quite extensive.

And, now, it gets even worse. More information has been leaked out about that test. As for it being super duper secret without your IP address ever being compromised? Well, not so much. It turns out that an internal BT analysis found that IP addresses were likely used as the identifier, which is the exact opposite from what Phorm has insisted. And, as for how well the system works? Well, it was successful in covering up ads for various charities and replacing them with "targeted" behavioral ads instead. Wouldn't want those darn charities to have anyone see their ads.

Update: A representative of Phorm has gotten in touch to note that there were some incorrect statements in the original report on this. Specifically, it appears that Phorm purchased the original charity ads that were replaced -- so it's not as though the charity lost anything here. It's easy to understand why the original interpretation of the BT report would make one think this was not the case, as it stated: "The advertisements were used to replaced [sic] a 'default' charity advertisement (one of Oxfam, Make Trade Fair or SOS Children's Villages) when a suitable contextual or behavioural match could be made by the PageSense system." It does not appear to say that the ads were purchased by Phorm -- at least not in that same section. At this time, there is still no indication whether or not the charities knew their ads were going to be "covered up" in this manner. None of this, of course, answers the questions about whether or not this test was legal.

Update 2: And now BT has also gotten in touch with us to complain -- though they falsely accuse us of making false statements, saying that the headline still says they "hijacked" charity ads. It does not and has not. It has always said "replaced" which, I'll remind BT, is the exact word used in their own report. Unless BT was falsifying its own report, the word "replace" is correct. The mistake was in suggesting that Phorm had not purchased that ad space -- and that has already been corrected quite clearly. BT also is upset that we accused them of "misleading ICO." The only problem: we made no such statement. Finally, BT complains that no personal information was used in the trials -- which is a point that is still disputed. The original researcher who researched the report claims that IP addresses were passed to Phorm's proxy server and that personal info was requested on a web form. BT notes that the IP addresses were not stored -- but that doesn't mean they weren't used, which was what was in question. Also, to both Phorm and BT, the comments on this post are open, and you are free to make your case here where anyone else can see it. Contacting me personally, with vague, slightly threatening and sometimes incorrect statements is certainly less effective that making your case to the public. Part of the reason you're in this PR situation is because of your secrecy. Being a bit more open might help.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: advertising, clickstream tracking, ip addresses, isps, privacy, uk
Companies: bt, phorm


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Chronno S. Trigger, 6 Jun 2008 @ 7:08am

    How would this work?

    I don't know about Britain but over here in the US, companies like Verizon have been known to change the public IP of their clients every 30min. How would something like this work if they are using the IP as the identifier.

    The better question is why do I have to ask this. No one should ever have to ask that specific question because no one should ever have to deal with hidden behavioral advertising.

    link to this | view in chronology ]

    • icon
      ConceptJunkie (profile), 6 Jun 2008 @ 7:41am

      Re: How would this work?

      No one should ever have to ask that specific question because no one should ever have to deal with hidden behavioral advertising.

      So who even sees advertising any more? Oh, I guess it's those 80% of people too powerless or ignorant to move away from Internet Explorer. Their loss.

      And before a bunch of you whine in shrill voices about how advertising is the backbone of the Internet, I will respond that it's not my responsibility to support someone else's flawed business model. If advertising eventually collapses (and I believe it will in the next decade), I will happily either pay for content or do without.

      link to this | view in chronology ]

  • identicon
    Big Mike, 6 Jun 2008 @ 7:47am

    How can this be legal?

    Imagine if the cable companies somehow did this on TVs and did it during the Superbowl. Instead of seeing the million dollar ads all you seen was what some program thought you wanted to see based on the type of shows you watched. You think Budwiser and Coors would put up with that?

    link to this | view in chronology ]

    • icon
      Ron (profile), 6 Jun 2008 @ 8:52am

      Re: How can this be legal?

      Right now, Comcast overlays transmitted advertising with its own content; not on superbowl, but on regular broadcast. I routinely see just the first couple of seconds of a Rosetta Stone ad, or similar, just before it's chopped off for an ad for a local auto body shop or health food store. It's part of Comcast's targeted advertising for the SF Bay Area Counties.

      link to this | view in chronology ]

      • identicon
        linlu, 6 Jun 2008 @ 10:13am

        Re: Re: How can this be legal?

        Ad replacement also happens on Cox Cable. I believe all cable providers do this, it's not illegal. Only the broadcast is copyrighted. I don't believe commercials would stand up in court as part of the "broadcast".

        link to this | view in chronology ]

    • icon
      Mike (profile), 6 Jun 2008 @ 4:04pm

      Re: How can this be legal?

      Imagine if the cable companies somehow did this on TVs and did it during the Superbowl. Instead of seeing the million dollar ads all you seen was what some program thought you wanted to see based on the type of shows you watched. You think Budwiser and Coors would put up with that?

      I just posted an update, based on a message sent from Phorm. It appears that the ads that were replaced were also purchased by Phorm -- so I would imagine the plan would be to simply buy ad space, and put in the "most relevant" ad. So rather than replace someone else's ad, you still buy the ad slot, but dynamically place the ad based on the user.

      link to this | view in chronology ]

  • identicon
    mike allen, 6 Jun 2008 @ 7:54am

    what

    what or which charities? NAME THEM SO THEY CAN SUE PHORM!
    some ISPs in the UK change IP address every 2 mins.

    link to this | view in chronology ]

    • identicon
      chad, 6 Jun 2008 @ 8:30am

      Re: what

      How can you run any long-connected process, like instant messengers when your IP changes every 2 minutes?

      link to this | view in chronology ]

  • identicon
    Saragon, 6 Jun 2008 @ 8:28am

    Legality of replacing ads

    I hadn't thought about it before, but this post and Big Mike's comment got me wondering - if a webpage serves an ad and Phorm replaces it with another ad, the original advertiser is still losing out on the ad revenue they've paid for. If I pay for a hundred thousand views of that ad, and even 10% are covered up by Phorm, that's a significant loss. I have to think Phorm would be liable for fraud or theft.

    link to this | view in chronology ]

  • icon
    MadJo (profile), 6 Jun 2008 @ 8:32am

    ISPs have no business altering ads on sites

    It's a bit weird for an ISP to let some company change the ads on a certain site.
    Those original ads pay to be displayed on that site, so the ISP has NO business changing them, because that would bereave the website of their income.

    It'd be a bit weird for a magazine stand to replace the ads in a magazine for other ads from companies that pay the magazine stand.

    link to this | view in chronology ]

    • identicon
      SteveD, 6 Jun 2008 @ 8:57am

      Re: ISPs have no business altering ads on sites

      Thats not how it works; Phorm buys the advertising and puts up a default add (in the test case for a charity), then subsitutes it for others depending on what data it has on you.

      The illegal part should surely be that you can't legally monitor channels of communication in a free society. Its an argument ISPs always fall back on whenever a copyright group wants them to check for infringement on their networks, and utter hypocrisy that its now being ignored when the circumstances switch to the ISPs favour (I suppose what’s right is only worth noting when its in line with your commercial interests).

      And I’d seriously question Phorms definition of ‘anonymous’. From my understanding it means “a person who can’t be identified”, but Phorm seem to think it means “a person who is identified by number rather then name”. For Phorms system to work clearly it needs to be able to connect an individual’s clickstream data back to them, so by what definition could it be considered anonymous?

      It doesn't matter what system you use. If it were letters rather then numbers would it be any different to me calling myself SteveD here rather then my full name? Its still a manner by which I may be identified.

      My bank knows me first through my account number, and the government knows me first through my national insurance number. Sure they know my names too, but even if they didn’t I’d hardly consider myself anonymous to either body.

      The only hope is that privacy groups (which gain a great deal of attention in the UK) can sink this before it gets too far.

      link to this | view in chronology ]

  • icon
    Ron (profile), 6 Jun 2008 @ 8:58am

    Further Disruptions

    There was also an online article last night (might have been Wired; can't find it right now) that stated the test also made it appear that the computers being tracked had acquired a virus. Apparently there were on screen oddities (a "flickering" address window) and excessive waits for content load. The article seemed to state that while people thought they had a virus, no one suspected that their communications were being intercepted or mucked about with. Not really sure if that was Phorm being proud or an implicaton that the operation was appreantly successfully covert.

    link to this | view in chronology ]

  • identicon
    James, 6 Jun 2008 @ 9:42am

    Spammers and a-holes...

    ..and mal-ware advertisting bs businesses should be have their employees stand in line for the firing squad.

    link to this | view in chronology ]

  • identicon
    David Conway, 6 Jun 2008 @ 6:32pm

    In the UK you have a choice

    Since BT have been broken up, the general telephone network that enables broadband access is still controled by BT. The broadband section of BT is BT Retail which has been forced to become a seperate entity by regulators.

    Therefore there is a good selection of competing broadband suppliers you can change to. If Uk customers do not want to be profiled by Phorm, they can simply change. There are already some broadband suppliers advertising as Phorm free.

    Obviously there are those that are not tech savvy, these are the money machines BT/Phorm are hoping to cash in on.

    Hopefully with sites like http://www.DoNotTrustWebwise.org we can reach these people and stamp out this use of DPI early on.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Jun 2008 @ 7:13am

    So, Phorm was not screwing over charities. Was this a PR stunt ?

    They still screwed some ISP customers and they want to expand their form of "business".

    It would be fun to pollute their database with bogus websearch and site browsing via software running while you are elsewhere.

    link to this | view in chronology ]

  • identicon
    Just another IP addr, 7 Jun 2008 @ 1:37pm

    re: update 2

    Both BT and Phorm have lost all credibility at this point and it is apparent that they are not concerned about it. If given a choice, I would avoid them both like the plague.

    link to this | view in chronology ]

  • identicon
    Josh, 9 Jun 2008 @ 8:47am

    Update, still screwing the charities

    Whether or not BT or Phorm paid to replace the charity ads with something else, they still potentially deprived those charities of money.

    Those charities paid for eyeballs to actually see their banners. Not someone at a telecom or adware firm to replace them. Genuine users who saw a charity banner may have actually clicked on it to donate money far in excess of what BT/Phorm paid to replace it.

    link to this | view in chronology ]

  • identicon
    Madmen, 3 Sep 2008 @ 4:22am

    Advertising funds the internet

    Isn't the reason the web is such a rich experience because of advertising?

    More effective advertising = better web

    Just my thought for all you luddites.

    link to this | view in chronology ]

  • identicon
    scaffold, 4 May 2009 @ 10:42pm

    Lava Bar at Hot Rocks

    During our nights at Lava Bar, we met an entire cast of characters, including two young American dentists—Dave and John—who not only bought us a round, but offered to provide free teeth-whitening procedure if we visited them in Portland and Seattle. We re-met a freaky Danish guy who’d already approached us in Auckland with an offer to snap our photo, and who did the same again in Rotarua. Somehow, over the course of the next month, this determined, bearded dude “re-met” us so many times and in so many plastic injection molding places, we were convinced that he was stalking us! As for me, I ended up chatting with a gorgeous English guy whom I was planning to make my next boyfriend—until I learned that he’d just graduated high school. I normally love younger men, but when I found out that Jack was a mere babe of 18 years, I had to politely dip out of our China printing flirtation. Oh my god, when did I become the dirty old woman at the bar?!!?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.