« OGC High Court Appeal against FOIA disclosure of ID Cards Programme Gateway Reviews now set to start this Monday 3rd March 2008 | Main | Suspiciously timed Climate of Fear propaganda campaign by the Police in the run up to the Counter-Terrorism Bill debates »

Surely the Phorm web page interception scam is illegal ?

The Register has published some diagrams of how the appalling Phorm web advertising scheme will work, Major UK broadband Internet Service Providers British Telecom Retail, Virgin Media and Carphone Warehouse TalkTalk, all seem to have signed a "commercial suicide pact" contract, to abuse their customer's data privacy, without first obtaining their prior informed consent.

See - How Phorm plans to tap your internet connection

Think back to all of the well founded privacy fears about DoubleClick cookies, and about Google keyword searching of all the text of yur emails and documents in your "free" gmail account.

Phorm appears to be a combination of these two direct marketing approaches , except this time it is inflicted on all the web traffic of the unlucky customers of the participating ISPs, via man-in-the-middle attack hardware plugged into their core network infrastructure.

Phorm perpetuate the common misconception amongst advertising weasels, that if your web browser software connects with a particular website, at any time, then that somehow means that you as a person, are positively and genuinely interested in receiving direct advertising related to the vague subject category in which they have arbitrarily categorised that website. They never seem to make adequate allowances for accidental visits to websites, or for visits on behalf of other people, whose consumer preferences do not match those of the regular user of a particular computer. To do so accurately, they would have to compile an individual browsing history.

Even if you believe Phorm's weasel worded hand waving marketing-droid promises about "100% Consumer Privacy", these seem to be impossible to deliver with the architecture described in the BT diagrams, which The Register has published.

Phorm's claims that they will somehow provide an anti-phishing service, cannot be reconciled with their promise that they will ignore https:// SSL encrypted traffic - if they do so, then what real use is their "service" against real phishing attacks on internet banking websites, which all use this ?

How, exactly can any of this be legal ?

Since many people use web based email systems, for example, these ISPs and Phorm should be prosecuted for illegal interception of communications without a warrant signed by the Home Secretary under the Regulation of Investigatory Powers Act 2000 section 1 Unlawful interception, and each of the people responsible should be facing up to 2 years in prison, including those who seem to have already conducted full scale pilot trials of this technology on unsuspecting BT customers.

Criminal liability under RIPA cannot be evaded simply by changing the Terms & Conditions of your civil contract with your Internet Service Provider.

Things to do about Phorm:

  1. Write to your ISP, and get an assurance that they are not selling your data to Phorm or to anything similar.

  2. If you are a customer of BT Retail (or of any other BT divisions e.g. BT Business) , Virgin Media or Carphone Warehouse Talk Talk,, then you might like to write to them quoting the very clear The Data Protection Act 1998 section 11:

    11 Right to prevent processing for purposes of direct marketing

    (1) An individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing for the purposes of direct marketing personal data in respect of which he is the data subject.

    (2) If the court is satisfied, on the application of any person who has given a notice under subsection (1), that the data controller has failed to comply with the notice, the court may order him to take such steps for complying with the notice as the court thinks fit.

    (3) In this section "direct marketing" means the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals.

  3. Complain to the supposedly independent, customer focussed Telecommunication Industry Regulator - Ofcom

    Riverside House
    2a Southwark Bridge Road
    SE1 9HA


    If you have a complaint about a Telecommunications, Broadcast or general issue please call 020 7981 3040, 0300 123 3333 or if you want to complain in Welsh, 020 7981 3042.


  4. Join and Support the Open Rights Group, who will be campaigning to raise awareness of this issue,

  5. Subscribe to the BadPhorm - When good ISPs go bad! website for the latest news on this topic.

  6. Configure your web browser's privacy settings to delete any existing cookies, and to block future cookies from any subdomains and tld extensions of *.phorm.*, *.webwise.*, *.oix.* or *.sysip.*

  7. Consider boycotting any products or services which are advertised through this Phorm Open Internet Exchange direct marketing scheme.

  8. Lobby the anti-spyware and anti-virus software companies to protect you from these snooping cookies automatically.

  9. If you never want to have anything to do with Phorm or Webwise or their OIX network, and you suspect that they might try to intercept other internet protocols which you might be using e.g. SMTP email or Instant messenger chat or peer to peer networks etc, you can try blocking their domain names through your local hosts file, which takes precedence over DNS lookups on most Windows or Unix systems.

    The Windows hosts file (which is a text file named hosts, but with no file extension) is usually found at, for example, C:\WINNT\system32\drivers\etc\hosts

    e.g. Using a text editor, eg..Notepad, add entries like this with the domain name aliases separated from the numeric loopback IP address, by at least one space or by two tab characters:. Unfortunately you have to enter each subdomain explicitly, without any asterisk wildcards , which do work in the Browser cookie Blocking described above. e.g. localhost

    # Phorm a.webwise.com b.webwise.com c.webwise.com bt.webwise.com m01.webwise.com m02.webwise.com ns1.webwise.com ns2.webwise.com www.webwise.com webwise.com a.webwise.net b.webwise.net c.webwise.net bt.webwise.net m01.webwise.net m02.webwise.net ns1.webwise.net ns2.webwise.net www.webwise.net webwise.net a.webwise.org b.webwise.org c.webwise.org bt.webwise.org m01.webwise.org m02.webwise.org ns1.webwise.org ns2.webwise.org www.webwise.org webwise.org a.oix.net b.oix.net c.oix.net m01.oix.net m02.oix.net ns1.oix.net ns2.oix.net www.oix.net oix.net a.oix.com b.oix.com c.oix.com m01.oix.com m02.oix.com ns1.oix.com ns2.oix.com www.oix.com oix.com

    You might need to temporarily change the settings of your anti-virus / anti-spyware protection, which might lock this file from being modified.

    N.B. by doing this you will not be able to check the Phorm or Webwise websites for any news about their scheme such as, hopefully an apology and climbdown in the face the opposition from the computer privacy literate section of UK internet users.

  10. Neither Blocking the cookies nor the DNS lookups in your hosts file will actually prevent the Phorm man-in-the-middle-attack hardware from illegally snooping on your electronic communications, it will just stop you getting the targeted adverts

British Telecom are using this Phorm scheme, which they call BT Webwise, but not, for example, to offer an advertising funded, free broadband service, where the customers would be fully informed about what they are signing up to - they are simply inflicting it, by default, on their existing fee paying customers.

We will be trialling BT Webwise in March before launching for all customers in phases. Please check this page for up-to-date information on BT Webwise.

British Telecom has a FAQ page about their BT Webwise service, which also fails to reassure us about the privacy implications of this technology. They emphasise the supposed anti-fraud feature, which they admit does not actually work very well, without mentioning the advertising revenue they hope to get from interfering with your web page browsing e.g.

I didn't switch on this service. Why do I have to switch it off?

We believe BT Webwise is an important improvement to your online experience -- giving you better protection against online fraud and giving you more relevant advertising.

We realise that you may not want to use the free service, so we've made it quick and easy to switch on and off

The arrogant assumption that everyone should be automatically opted in to this scheme by default, without any consultation or notification, does not engender any trust in their other promises about this commercial snooping and interception scheme.


I'm not sure of the legal technicalities here, but if they are actively processing (and responding to) the information that goes down the line (as opposed to simple cacheing/blocking) do they then lose their status as 'common carrier' (or equivalent)?
If this is the case, can they then become liable (or at least lose deniability) in respect of e.g. extremist websites, libel etc...?
I'm reminded of way-back-when of someone trying to sue an ISP because of a news posting and the ISP claiming it wasn't their responsibility because it was an automated and unfiltered system. I think they caved, but only because it was too much hassle...?

The Information Commissioner's Office has been investigating Phorm:


3 March 2008

Advertising technology company Phorm.

A spokesperson from the ICO said:

"The Information Commissioner's Office has spoken with the advertising technology
company, Phorm, regarding its agreement with some UK internet service providers. Phorm has informed us about the product and how it works to provide targeted online advertising content.

"At our request, Phorm has provided written information to us about the way in which the company intends to meet privacy standards. We are currently reviewing this information.

We are also in contact with the ISPs who are working with Phorm and we are discussing this issue with them.

"We will be in a position to comment further in due course."

Kent Ertugrul - Phorm CEO online interview

There's been quite a lot of interest and discussion following the announcement of the Open Internet Exchange (OIX) and Webwise from Phorm. The company's CEO, Kent Ertugrul will be available to answer your questions in a live web chat via the Webwise site at www.webwise.com/chat on 6 March 2008.

Between 8.30 pm and 9.30 pm tonight, Kent will cover recent announcements from Phorm and give you a chance to ask the founder exactly how Phorm is revolutionising the Internet through more effective anti-fraud technology, more relevant advertising and a new gold standard in privacy. For further information, please visit www.webwise.com or www.phorm.com.

More Questions and some replies from Phorm at
Political Penguin:


There is also a new blog on the Phorm corporate website:


Hi spyblog,

Thought you might be interested in the following pieces:

Chris Williams from The Register came in to see us and published the following:


Jack Marshall from Clickz also paid us a visit:


Also a firm but fair piece by Wendy Grossman. (the title of her blog 'net wars' may give you a clue as to her independence and veracity. She's pretty embedded with ORG and PI too.


FYI and to clarify a misunderstanding: Phorm approached and met with the ICO before our announcement on Feb 14. We have an ongoing dialogue with the office. In addition, Phorm took part in the recent public consultation: The Data Sharing Review. This independent review was conducted by Richard Thomas and Dr Mark Walport.

Thanks for posting the Penguin -- he/she had quite a number of questions. Responses to the first 20 or so are up.

Also there's more info on Bob Piper's site -- clarity if it's needed for your readers on all things Russian, Chinese and so on.

If you have any questions do mail me. Or come and visit us -- we're thinking of holding an event soon. Would you in principle come along?

Best wishes and keep up the good work,

Comms team

I am sick of Phorm and the misleading spin they are placing on this. The patent application clearly shows that the Phorm system. Too many lies have been told by phorm and the PR team. All of which can be proved to be deception to the community.


for example

"where the script is configured to set a cookie in the browser, and where the cookie contains at least a portion of the browsing information. "


"Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed "

Again Phorm have been lying. The truthe of the matter is in the patent.

"Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client"

So you are changing the data stream Changing the requested data. Lie number 3 Phorm.


And you say you dont collect personal data do you. Er this is what your patent says

"As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."

Note the section

"The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."

Er whats that you say -"you dont collect IP addresses. Your patent says... YOU DO.

You Lie Again Phorm

Home office note on the legality of Phorm


@ Bob - even after reading that legal brief by Simon Watkin, there is no way that both the sender and recipient of an email involving a non-Phorm ISP or especially a web email service like hotmail, gmail , yahoo etc. can possibly be asked for, let alone grant, their prior permission for their web page email to be snooped on.

RIPA Part 1 illegal interception of electronic communications still applies - Phorm / BT / Virgin Media management should go to prison for 2 years, for each offence.

Post a comment