UK ISPs To Start Tracking Your Surfing To Serve You Ads

TechDirt has an interesting article about a UK-based company that is trying to work with ISPs to make use of user surfing data to serve targeted ads. "Late last year, we heard about a company that was trying to work with ISPs to make use of that data themselves to insert their own ads based on your surfing history -- and now we've got the first report of some big ISPs moving into this realm. Over in the UK three big ISPs, BT, Carphone Warehouse and Virgin Media have announced plans to use your clickstream data to insert relevant ads as you surf through a new startup called Phorm."

hmm

[RMH101]

So it's bad when ISPs do this, but OK when Google does it?

Re:hmm

[FireballX301]

Presumably there's an alternative to Google search. Not so for some regional ISPs, where it's either them or dial-up.

Re:hmm

[N7DR]

So it's bad when ISPs do this, but OK when Google does it?

Yes. It's part of the data returned by Google. The ISP has to snoop the data stream and insert its own traffic into it.

ISPs should be forbidden from altering the data stream unless they own the content that's being transferred.

Re:hmm

As a content provider, you are free to get paid for letting Google add targeted adds to the site - on ISP level however, you cannot control what the content will look like. What if the add inserted by the ISP claims something contrary to the article and request the surfer to go for the true story or something?

Re:hmm

[NMagic]

Yeah, most of your search pages already do logical banners. You search for something and they post up related products next to it. Hell, even most of your free webmail providers do it. As long as the ISP isn't dropping cookies on your box, I don't have too many problems with it... However, the one problem I see here comes when the ISPs start charging for bandwidth, and your browsing becomes as fast as using a 56k, due to the sheer amounts of tracking being done. Why should I have to pay for their ads?

Re:hmm

[pembo13]

Well the ISP is an internet provider. Google is as advertisement provider... I don't think they've ever been secretive about that fact.

Re:hmm

[corsec67]

Wouldn't copyright law already cover that?

You can't take a copy of my website, insert a little bit, and then serve that. Couldn't google sue any ISP that alters their pages in any way?

Re:hmm

[BSAtHome]

Use tor... Sure, it is slower, but it bypasses the ISP tracking.

Re:hmm

[moderatorrater]

It's the difference between a company advertising to you when you call them (or trying to upsell, etc) and the phone company listening into your calls and breaking in when they have something to sell you. You're dealing with the company on the other side (google, in this case) as an equal. Your ISP holds a lot of power over you, and abusing it's wrong.

Re:hmm

[ATMD]

Actually DSL competition is excellent in the UK. Cable, on the other hand - you're pretty much stuck with Virgin.

Still, big ISPs starting to do this is a worrying trend...

Re:hmm

[pdbaby]

It seems from the article that they're forming a new ad network which site operators can opt into, so they're not altering your requested page content... I really wish they were modifying existing ad content, though - that would be a nice way to kill this dead and establish some precedent against ISPs forging data (as if it should be needed!)

They say there will be an opt-out feature but they'll try to discourage people by saying something about increased security or something. I know of one company name string that's going in my adblock list right away, though... (I'm on one of the affected ISPs)

Re:hmm

[STrinity]

No, it's bad when Google does it, and anyone who is really concerned about privacy sends Google's cookies to the bitbucket and blocks the ads.

Re:hmm

[STrinity]

Use tor... Sure, it is slower, but it bypasses the ISP tracking.

However the last node in the chain can see anything you do that isn't using HTTPS/SSL, and if anything you do gives away your identity, they can figure out who you are.

Oh, and some of them may be run by governments and criminal organizations.

Re:hmm

[Dan541]

Is there no Privacy act in the UK?

Im surprised this is even legal.

Re:hmm

AFAIK, Google bases ads on a website's content--it scans the website at request of the webmaster to serve up relevant ads. ISPs tracking your data would produce ads based on the user's surfing--so my constant surfing of tech sites would cause tech ads to come up when searching for new furniture. Google doesn't track search results for ad display; google tracks search results for better search results.

Re:hmm

[cheater512]

Google is opt-in. It is extremely easy and completely free to use a different search engine.
With ISPs thats not the case.

I also highly doubt that the ads will be discrete.

Re:hmm

[internewt]

DSL competition is a fucking joke in the UK. Almost all the DSL services you can buy are still over BT's hardware, and BT charge other ISPs by the byte transferred: this means that unless you use an ISP that has their own kit in exchanges you will be playing by BTs rules. And even those ISPs that do have their own kit in exchanges barely undercut BT because charging/byte is very profitable.

I should think there are a few towns in the UK that maybe do have some real competition and inturn good fast 'net access, but for most people the choice is BT, someone else over BT (like me on Zen), or an unbundled ISP..... like fucking Murdoch's Sky!

Re:hmm

[rolfwind]

I can CHOOSE to use google to surf the net. There are many search engines. I can also use Tor to access Google anonymously if I'm paranoid.

My ISP choices are limited, and I can't change them as fast as a search engine either. Plus once I click onto a site, google pretty much loose track where I am, especially if I block ads.

ISP can know every place I go.

Moreover, I don't pay google to use their service. I do pay an ISP. They have an revenue stream.

So I think your analogy is flawed.

Re:hmm

[rtb61]

You know what the craziest thing about it all is. It is completely pointless matching the add to the user history. You match the add to the current content.

Simple example; you search and check out notebook computers for a week and then buy one, not based upon any adds but upon reviews and user experiences, for the next month after you have bought the computer they pointlessly continue to send you new notebook adds.

So you tie the add to the current content, to the web pages not to internet users. It is all just privacy invasive marketing B$. Now if governments can accept common carriers, intercepting , monitoring, recording and altering you internet traffic, will they also allow ISP's to add a telephone sales force to their VOIP service, monitor your calls and if key words come up, interrupt your call to try sell you something.

Just think with an ISP, you also get the added benefit, if you don't click yhe banner add they can interrupt you service, or even better just reroute your clicks to where ever will earn them the most money, but then of course, as an ISP they can simply create a whole fake mirror of their user base and create a click fraud system that would be completely undetectable.

Re:hmm

[Anonymous+Brave+Guy]

ISPs should be forbidden from altering the data stream unless they own the content that's being transferred.

IMHO, ISPs should be forbidden from even snooping on your data stream. They've no more business monitoring your on-line activities than the Royal Mail has opening all your letters.

The data protection implications of this development are alarming, and frankly I don't care what some big accounting firm says about them. The day my ISP (which is not one of the three mentioned) says it will adopt a similar policy will be the day that I start the process of moving elsewhere, and I'd probably send a letter to the Information Commissioner expressing my concern as well.

But hey, if the ISPs are spying on where I go and what I do (actually, they're legally required to record it anyway these days — another draconian privacy invasion, this time mandated by our terrorist-fearing government) and acting on the data they have, presumably that absolves them of any immunity they might otherwise have had when they supply files to copyright infringers, kiddie porn to sickos, and the like. May the money-grabbing lawsuits and company-killing PR sink them quickly.

Re:hmm

No, I don't think so. Transparently altering data is permissible according to RFC 2616 (the HTTP specification) unless you include the Cache-Control: no-transform header, which virtually nobody has ever heard of. Thus, if intermediate alteration is part of the protocol you are using and you haven't availed yourself of the opportunity to deny that action, it can be argued that the permission is implicitly granted, just the same way it's implicitly granted that they can cache it at all.

Re:hmm

[CSMatt]

Not good enough. Google records the IP address that you use with the search terms.

Re:hmm

[CSMatt]

On the other hand, considering the UK's abysmal privacy record, this isn't surprising in the least.

Re:hmm

[penix1]

This would be legal in the US too. There is nothing in the Privacy Act of 1974 that forbids it.

http://www.usdoj.gov/oip/privstat.htm

Re:hmm

[Daimanta]

Misquoting Steve Ballmer:

Education! Education! Education!

Teach people that this is possible. You taught me and I till teach someone else. Spread the knowledge so we don't get fucked by greedy ISPs

Re:hmm

like fucking Murdoch's Sky!

Perhaps you're confusing this public IP service with his platinum VIP member dating service called broadland?

You know...

1 letter can make all the difference. When in doubt, just remember this little diddy: fsck cleans your filesystem; the other, your frustration.

\\//_

Re:hmm

[Workaphobia]

God I hope not. Copyright law is absurd enough as it is. We don't need its interpretation extended to prohibit yet another technology based on its profoundly poorly defined limitations.

Re:hmm

[William-Ely]

I don't pay Google to provide me with a service. If an ISP wants to inject ads into your browser they should at least give you a discount.

Re:hmm

Bad analogy. Phone service is typically regulated. Internet service is unregulated. You lose certain "rights" with an unregulated service.

Re:hmm

[Drakin020]

Uhh...when was the last time Google charged you for something?

I'm OK with Ad's if they bring the price down of the service I am using. This does not appear to be the case.

Re:hmm

I don't pay Google, but they let me use their search engine. They pay themselves by putting ads on those search pages. I pay my ISP for access to the internet, not to clutter up my screen. Let me re-iterate. I pay my ISP for access, not content.

Re:hmm

If I wanted my ISP to push a bunch of crap onto my screen, I would use AOL, uh, UKOL?

Re:hmm

[LingNoi]

They don't do it to me, I have no script installed. Of course this wouldn't matter to the ISP.

Re:hmm

[palegray.net]

I predict a large number of technically savvy people (a) creating new tunneling networks to allow for encrypted surfing to an Internet endpoint not controlled by traffic-sniffing ISPs, and (b) a large number of technically savvy people making use of the provisions described in (a). It could be as simple as buying a router with the functionality built in. Speaking of which, why hasn't anyone marketed such a device to consumers? While it might be expensive compared to "plain vanilla" home routers, it would certainly have a devoted following of geeks.

Re:hmm

[Mathinker]

> a click fraud system that would be completely undetectable.

I can imagine a system which would be practically undetectable, but I don't think it would generate enough income to justify the risk involved. Either you have forgotten about differential statistical analysis or you know something I don't (perhaps you have real information about the variance in click rates between competing ISPs, something which I think only Google has?). I'm curious how this system would work...

Re:hmm

[XavidX]

yes because you choose to use google but when all the ISP's do it you do not have a choice. It just feels like an ISP is like spying on you. I dunno. It just doesn't feel right.

Re:hmm

[Yetihehe]

Or use relakks. Works good on a 100mbit connection. Sure, it costs 50 a year, but is worth when your isp tries to filter torrents (campus network).

Re:hmm

[julesh]

Presumably there's an alternative to Google search. Not so for some regional ISPs, where it's either them or dial-up.

This is simply not the case in the UK. Anywhere you can get service from any of these 3 big names, there are tens of other ISPs who can provide a service as good (if not actually better).

Re:hmm

[julesh]

DSL competition is a fucking joke in the UK. Almost all the DSL services you can buy are still over BT's hardware, and BT charge other ISPs by the byte transferred.

I'm not sure what your information source on this is, but AFAICT it is simply not true. See here for pricing information for BT IPStream as of November 2006. Unless this charge is new, there is no per-byte charge.

Re:hmm

[julesh]

Wouldn't copyright law already cover that?

You can't take a copy of my website, insert a little bit, and then serve that. Couldn't google sue any ISP that alters their pages in any way?

It depends on the process used. If no additional copy is made (e.g. if the packet stream is manipulated directly), I can't see that copyright law is even relevant.

Re:hmm

[rtb61]

Quite simply when ever a user is inactive the ISP could simply implement a bot to mimic the activity of a shopaholic user. Now remember this is an ISP, not an end user, so work on about 10,000 shopaholic robots, all with unique IPs (and of course the ISP has access to all the users internet data). It could all be quite successfully implemented in the back end, a fully automated system, as soon as the user becomes inactive the bot kicks in and keeps those clicks ticking over.

Now as you know major corporations completely lack honest and integrity, the only goal is to bloat the pockets of the corporate executive team, now you can mimic a few hundred thousand users, it doesn't take much, 10 to 100 hundred clicks per bot spread over hundred thousand bots, every day, adds up to substantial amounts of money, what modern corporation could resist. Of course it would only be an 'er' glitch in system, a programming error, that was meant as an 'er' security measure, yeah, the new guy did it.

From googles point of view, or from any other privacy invasive freaks point of view they would just see an increase in traffic from an IP, quite explainable especially as internet is still in a growth and acceptance phase.

Re:hmm

[arevos]

Recently it's been impossible to connect to Relakks. I stopped using it because it was so busy it would never accept a connection. No reply to any emails, either.

Re:hmm

[ATMD]

Almost all the DSL services you can buy are still over BT's hardware

Be that as it may, my point is that (unless I'm mistaken) BT only has the option to play with your traffic if it's your actual ISP. If another ISP is using BT's hardware to provide your internet, then it's up to them (not BT).

Re:hmm

[Yetihehe]

Hmm, maybe your isp somehow filters it? I'm writing this post through it, and didn't have any problems lately.

Re:hmm

[ATMD]

Isn't that quoting Tony Blair? (Around the time he first get elected)

Re:hmm

BT have a site about this, called Webwise, http://www.webwise.bt.com/webwise/index.html?com.bea.event.type=linkclick&oLName=link.searchresults&oLDesc=KB_1167
They state customers, like me, can turn this new "service" off, here's the FAQ, http://www.webwise.bt.com/webwise/help.html?_faqs=13,14,15,16,17,18#f13
Bloody BT. This is the final nail in the coffin for me.

Re:hmm

[delinear]

More to the point it comes down to money. I "pay" Google for its service by viewing their ads. I pay for my ISP with money. I don't expect to have to pay them twice.

Re:hmm

[igb]

Almost all the DSL services you can buy are still over BT's hardware, and BT charge other ISPs by the byte transferred:

It isn't, and they don't. Apart from that, your point is well made. You need to look up LLU, and note the proportion of the market it now covers (indeed, there's half a million lines of LLU being managed from twenty feet from my desk) and then look up how IP Stream and IP Central are priced. Even if an ISP is buying wholesale IP Stream, and many are --- including Vodafone, who are rarely wrong --- and doing their backhaul over IP Central it is not charged by the byte. It is charged by bandwidth: how else would you like it charged?

Re:hmm

[DiarrhoeaChaChaCha]

The ISP's would be messing around with your data streams whereas Google is not doing so. I think that's a significant difference.

Re:hmm

[jacksonj04]

Google isn't pretending to be a common carrier, and I'm not paying Google to use their service.

Re:hmm

Ctrl-Shift-Delete clears my ID with Google. Using another browser allows me to have separate sessions with Google. I have only one connection.

There are some sites that I go to that I'd rather not have any random visitor who uses my computer or network connection seeing ads targeted at. They're not illegal or wrong, it's just that my cancer treatment made a mess of my innards and I'm now left coping with that and try not to make it public. Nothing to be embarrassed about given what's happened, but also not something you want flashed on the screen.

Re:hmm

[FireFury03]

Couldn't google sue any ISP that alters their pages in any way?

I thought Google already did (but no, I can't cite a source off the top of my head).

Re:hmm

[Jaseoldboss]

They're using cookies to track behaviour. OIX.net is the address you need to block by the looks of it. Link

I delete my cookies regularly, and I want to keep Webwise switched off. How do I do that?

If you regularly delete your cookies and want to ensure that Webwise is permanently switched off, simply add [OIX.net] to the Blocked Cookies settings in your browser.

Re:hmm

[M-RES]

But this is only relevant if you ALREADY have a BT line. If, however, you're with Virgin in a cabled area (I am, and I am... so to speak) your phone service comes through the optical cabling along with the TV service and broadband. So if I decide to switch ISP's I'm looking at a fair old price hike to get the equivalent 10Mb+ connection. It means paying an install charge for a BT line, and then line rental on top of the ISP charge each month. At the moment the line rental is ZERO and the downstream bandwidth is the most solid and stable of any ISP I've used, so I'm not too enthralled about the expense of trying a different ISP just to avoid adverts I don't fscking want in the first place. Grrrr... this makes me so mad!

Re:hmm

[redndallas]

Instead of being a bunch of sheep and panicking have you actually read what this does? No I didn't think so. Well what is does is the ad company that owns the appliance also owns the ad space on websites and what this does is localizes the ads being served so lets say you go to Google and they own a ad there for hemorrhoid cream they change the ad to something in the local community and that is more relevant to your history. I don't really see an issue here it tries to keep the dollars in your community and they are only changing their ads not inserting over an ad, no pop ups, and it is their ad in the first place.

Re:hmm

[arevos]

Yeah, maybe. I brought up that possibility in an email to them, but the Relakks guys don't appear to answer email, so I couldn't confirm whether the problem was at their end or mine. I gave up on them partly because I couldn't connect 95% of the time, partly because there's no way to contact them. Other VPNs seem to work fine, so if it is my ISP, then they're just doing it for Relakks.

I've been playing around with the idea of switching ISPs anyway. Maybe when I've changed I'll see Relakks works.

Re:hmm

[KDR_11k]

Google is a partner to your communication, either the receipent (when you use Google for searching or stuff) or a contracted ad deliverer of the receipent. The ISP is a man in the middle and supposed to stay out of your communication.

Re:hmm

[StarvingSE]

Google serves up ads based on keywords on the page you are currently viewing. This would track everywhere you go. Let's say you accidentally stumbled on some pr0n site. Your isp now has a record of it and will start serving up pr0n ads, which could be quite embarrassing when someone wants to jump on your computer to check their gmail...

Re:hmm

[PurPaBOO]

Or use Firefox and the Adblock extension.

Re:hmm

[RiotingPacifist]

Use tor... Sure, it is slower, but it bypasses the ISP tracking.

However the last node in the chain can see anything you do that isn't using HTTPS/SSL, and if anything you do gives away your identity, they can figure out who you are.

Oh, and some of them may be run by governments and criminal organizations.

Re:hmm

[julesh]

Fair enough. However, the original poster was clearly thinking about the many regions of the USA where only one broadband provider is able to offer any service at all.

Re:hmm

[electrictroy]

That sounds similar to how Cable Television works - inserting local ads over national channels, thereby tailoring the product to the specific community.

My only concern is if the ISP can provide tracking to advertisers,
they can do the same for the future Clinton or Obama-run government.

Re:hmm

[ncc74656]

Transparently altering data is permissible according to RFC 2616 (the HTTP specification) unless you include the Cache-Control: no-transform header, which virtually nobody has ever heard of.

This needs to be nominated for Slashdot Post of the Year. :-)

It's a one-line fix in your Apache config to get this header added to each virtual host you serve up. In the top-level directory block (usually for /var/www/foo/htdocs, or something like that), add this:

Header append Cache-Control "no-transform"

I've verified that it shows up in the HTTP header for static pages, SSI, and PHP. It's applied to all content types (checked with HTML, PDF, and JPEG so far).

(Of course, none of this guarantees that some scumware ad-inserting proxy vendor won't go ahead and ignore this header, but I suspect there are some applications (web-hosted office apps, for instance) where silent rewriting could wreak havoc with a website's functionality, so hopefully that possibility will keep scumware vendors from going there.)

Re:hmm

[sacrilicious]

So it's bad when ISPs do this, but OK when Google does it?

Precisely. Just like it's fine when you call your mother and she asks that you help her around the house that weekend by painting the walls, but bad when AT&T spies on that phone call and then contacts you urging you to buy paint products. AT&T is the "carrier"; your mother is the entity with whom you are USING the carrier to communicate. The carrier is getting paid per your contractual arrangement with them.

Re:hmm

[coats]

Doesn't really qualify as legally binding under US copyright law (I don't know about UK). Permission must be specific and written.

fwiw

Re:hmm

[atlasdropperofworlds]

When google does this, it's in agreement with the content owner - likely he is using google's adsense program to make ad money and pay for his server.

If the ISP were to alter the stream so that the ads served would belong to it, and not the content owner/google, they are in reality 'stealing money' from the content owner.

This practice, if it takes off, will have a seriously detrimental effect on the 'free' internet, unless of course some kind of encryption is used. I don't think HTTPS alone is up to the task because the ISPs could sniff the key exchange.

Re:hmm

[EdIII]

(a) creating new tunneling networks to allow for encrypted surfing to an Internet endpoint not controlled by traffic-sniffing ISPs

Wrong. They will all be traffic-sniffing ISPs . Make that your first assumption when considering a design for a countermeasure.

I think the better idea is to not to try to get your exit node to be at a "friendly" internet location, but to obfuscate, or otherwise make worthless, the marketing information.

There are performance considerations here, which is why it has been hard for TOR and Freenet to gain "marketshare" if you will. Limiting the exit node can further limit the performance of all the clients using the system. Quite severely I suspect.

I have a grocery club card for several stores. They offer you the further discounts since the information on your spending habits is so valuable. From the application they also get valuable age, gender, and ethnicity information. From your payment methods they can also infer your relative level of affluence. All very valuable information, hence the discounts for it.

Now I strongly resented the fact that I could not save 10-15$ per visit without it. My solution was to keep losing the card and getting new ones. Currently we have at least a dozen people using each actual card and probably upwards of 100 hundred people using the phone number on the account to gain access to it.

Now how valuable is that information now? It would take a fair bit of investigation just to analyze it, and that extra effort will cost them. Some may say that I am wrong in doing so, and I will accept that.

This same method can be applied to Internet communications. When a single exit node is serving thousands upon thousands of people per month with it's bandwidth the resultant marketing information will be useless. Considering the exit node as an individual will reveal surfing and purchasing habits reflected by all ages, genders, and ethnicities.

That is where we need to go. It will effect Privacy and Anonymity, and by its very nature make it impossible to associate any one "surfing" session with a single individual. The benefits to all people within societies will be more than simply evading targeted ads.

Speaking of which, why hasn't anyone marketed such a device to consumers? While it might be expensive compared to "plain vanilla" home routers, it would certainly have a devoted following of geeks

I often wonder the exact same thing. I suspect it is not nefarious conspiracies between governments and corporations, but just that the technology may not be as well developed as it needs to be and public understanding of its benefits is lacking. The problem with latencies and performance is also crucial, since the average user will not accept delays loading pages for more privacy and anonymity.

Re:hmm

why not? If federal express, which is a private company, started cramming ads into all your packages' crevices and into envelopes that have a small unsealed opening, how is that not adding shareholder value? Frankly I don't understand why they don't do that now...

Re:hmm

[palegray.net]

I have a grocery club card for several stores. They offer you the further discounts since the information on your spending habits is so valuable. From the application they also get valuable age, gender, and ethnicity information. From your payment methods they can also infer your relative level of affluence. All very valuable information, hence the discounts for it. While I agree with the majority of your post, I think it's worth pointing out that every time I've shopped in a grocery store that used discount cards the clerk has scanned his/her employee issued discount card when I asked. Hence, I still get the discount without compromising my personal information (at least when paying in cash). When asked if I'd like a card of my own, the answer is always a flat "no, thanks."

Re:hmm

[paulatthehug]

The problem is that your ISP is still handing over your browser history to Phorm. Blocking the cookie just means it's not used to serve you adverts. So your privacy has still been breached.

Re:hmm

[paulatthehug]

The data protection implications of this development are alarming, and frankly I don't care what some big accounting firm says about them.

That's a US accounting firm talking about the implications under american law (something which is less than clear from Phorm's press release).

And even their report leaves me less than impressed where it says "Because of inherent limitations in controls, error or fraud may occur and not be detected."
-- (Page 5, second last paragraph, first sentence)

Re:hmm

[Mathinker]

Google would immediately see that users from that particular ISP have a higher probability of ad clicking than users from a competing ISP with the same demographics (and averaged over some time period). Unless the difference caused by the bot clicking would be under the expected random fluctuations, which are a function of the variance of clicking habits between ISP's, it should be quite noticeable.

As far as I can see, the ISP cannot know this variance unless it conspires with other ISPs to collect the data, so it can't know how much clicking would go undetected. So IMHO, it is unlikely to start to do this.

ISPUK apparently

does this not break privacy laws? for that matter, why can an ISP snoop on what you're doign when the government can not?

Re:ISPUK apparently

[glesga_kiss]

does this not break privacy laws?

I think so! Under my understanding of the UK Data Protection Act (IANAL), this would have to be an opt-in scheme via a tick box on the contract. It used to be opt-out but this was changed.

Under the terms of the law an organization may not share personal data to another party without your consent. It's a pretty decent law, I don't know how the hell it got passed.

Re:ISPUK apparently

[Enuratique]

Is this the type of "opt-in" used in a lot of AOL's software (damn you AIM)? Wherein, during the install of the latest and "greatest", you are presented with the "recommended" install package (which essentially hijacks your computer with crap third party software) or the custom install where you have to specifically uncheck all those options (checked by default).

Re:ISPUK apparently

[derrida]

Unless some sort of EULA (filled up with terms and conditions) is signed by you I suppose.

Re:ISPUK apparently

[Anonymous+Brave+Guy]

There are actually very few basic privacy laws in the UK; this is an increasing concern for many people, if media coverage is at all representative.

And actually, under the Regulation of Investigatory Powers Act, everyone is already snooping on you. Most people just don't realise it.

Re:ISPUK apparently

[I+confirm+I'm+not+a]

> And actually, under the Regulation of Investigatory Powers Act, everyone is already snooping on you. Most people just don't realise it.

Oh we realise it alright. We're just not legally allowed to tell you it's happening.

/Posting safely from !UK.

Re:ISPUK apparently

[namgge]

Under the terms of the law an organization may not share personal data to another party without your consent. It's a pretty decent law, I don't know how the hell it got passed.

Allow me to enlighten you. It's because it can only be enforced by an organisation that doesn't have sufficient power/resources/motivation to do anything about infringement beyond asking them politely to stop,

Namgge

Re:ISPUK apparently

Why do they have to share personal information?

If the ISP collects it all (and I'm certain the ISP has the authority to, if it's only for themselves, probably subscribers have signed away the right when they signed up if they didn't), then all the ISP needs to do is ask advertisers to tag ads with what type of customer is is to be delivered to. The advertiser gets none of your personal information, but they still get to advertise to you personally.

Hopefully they never thought about that and never read my comment! HA!

Re:ISPUK apparently

[julesh]

Under the terms of the law an organization may not share personal data to another party without your consent. It's a pretty decent law, I don't know how the hell it got passed.

By EU directive.

Re:ISPUK apparently

[julesh]

Is this the type of "opt-in" used in a lot of AOL's software (damn you AIM)? Wherein, during the install of the latest and "greatest", you are presented with the "recommended" install package (which essentially hijacks your computer with crap third party software) or the custom install where you have to specifically uncheck all those options (checked by default).

No. As I understand the situation, the EU data protection laws require you to take some clear action to opt in. Boxes checked by default are opt-out, and as such not adequate to authorize data sharing.

Re:ISPUK apparently

Possibly because it protects the personal data of politicians, also, and it could be argued that they have a lot more to fear.

Re:ISPUK apparently

[delinear]

The problem there is this only affects companies who obey the law. When the only disincentive to breaking the law is a minor financial slap on the wrist and the potential benefits are so great, who thinks any of the companies involved in this will have the integrity to resist? (Bearing in mind the, ahem... spotless record of companies involved in ad-serving schemes online to date...)

Re:ISPUK apparently

Yeah but there is no sharing of personal information involved, so it's perfectly legit.

Re:ISPUK apparently

[julesh]

When the only disincentive to breaking the law is a minor financial slap on the wrist and the potential benefits are so great, who thinks any of the companies involved in this will have the integrity to resist?

Actually, the disincentives are substantially more than minor financial slaps on the wrist. Knowingly disclosing private information to an unauthorised third party is a criminal offence, and the directors of any companies involved could be prosecuted personally.

So who's paying the extra bsandwidth used?

[trolltalk.com]

After all, if your ISP is serving you ads you don't want, they shouldn't be charging you the bandwidth used ...

Re:So who's paying the extra bsandwidth used?

[wizardforce]

don't you see! without serving these ads we would not have enough money to maintain the tubes! we may even need to raise prices without them... the simplist solution for them is to keep prices the same or even raise them and claim the prices would be higher without them. perhaps even offer a higher priced ad-free version of their services.

Re:So who's paying the extra bsandwidth used?

[TheVelvetFlamebait]

Yeah, but if we don't have the bandwidth excuse, how else are we going to justify AdBlock Plus?

Classy, very classy

[FireballX301]

All you have to do is also lower prices, and you'll see how many 'citizens' are willing to sell their privacy.

And it's interesting how three big ISPs banded together like this. It's almost like they're trying to shut out alternatives...

Re:Classy, very classy

[ATMD]

I'll be sticking with UKFSN. No throttling, no traffic shaping, no "fair use" - and no stream tampering for the foreseeable future, I'll bet.

I'd recommend them to anyone.

Re:Classy, very classy

[Pax681]

www.bethere.co.uk are also great for not filtering, thgrottling or anything like that. i haev BePro, costs £22 GBP per month and i get 24 mb down and 2.5 mb up9i actually get those speeds due to being 300metres by wires from my local exchange) they are the mutts nuts and i wold recommend them to anyone. they even have 24 hours tech and customers support who aren;'t in india9they are i think in romanian..lol) but their english is clear and they are very keen to help. no ads, no nothing... just lovwely fast conections!

Re:Classy, very classy

[TheVelvetFlamebait]

I'll be sticking with UKFSN. No throttling, no traffic shaping, no "fair use" - and no stream tampering for the foreseeable future, I'll bet.

Does that mean you can't even cache a page without them informing the copyright owner, and serving you with a subpoena?

Re:Classy, very classy

[Lyrael]

I'm not sure if you were attempting to be funny or being serious, so I'm gonna assume the latter and explain that the "fair usage policy" is something 90% of UK ISP's put in their fine print so that they can throttle heavy users during peak hours without them complaining.

Re:Classy, very classy

[ATMD]

Nice if you can get it. But only one static IP as standard? Pah!

Re:Classy, very classy

[gbjbaanb]

the other 10% of ISPs who don't throttle the bandwidth during peak hours leave that duty to their users :)

Re:Classy, very classy

[TheVelvetFlamebait]

I'm not sure if you were attempting to be funny

I was. I thought it was funny because the internet is built upon the concept of a different kind of "fair use", yet it's now come to denote something negative.

Re:Classy, very classy

[6Yankee]

Sounds OK, from what I've read - thanks for the tip. Do they give you any sort of kickbacks if I say you referred me?

I just got my MAC code from BT, told the very nice lady I wasn't prepared to tolerate this sort of behaviour from an ISP. Of course, I was suddenly entitled to a discount... "No, I won't tolerate it at any price." She didn't even put up a fight though - I wonder how many similar calls she's had today?

BT "customers": The number's 0800 328 6738. Use it.

Re:Classy, very classy

[Lyrael]

When I say throttling I mean of the kind where it actually becomes impossible to play games (3000ms and constant DC's during peak times when I was using Sky Broadband - not good for a main tank when peak times coincide with raid schedules). Sure, without throttling on Be at peak times people don't get their full 24mbps, but the drop is barely noticeable and only really affects torrents, not games. Who cares if your downloads drop a bit during peak times? Most people will leave them running overnight anyway.

Re:Classy, very classy

[ATMD]

Do they give you any sort of kickbacks if I say you referred me?

I don't think so. I used to use PlusNet, who do, but they've gone downhill in recent years - they're in with the "fair usage" crowd now, like almost everyone else.

Re:Classy, very classy

[TractorBarry]

I second that recommendation. I moved to UKFSN about two years and I couldn't be happier.

Should you need it, their help facilities are excellent too. I asked a couple of technical questions and got useful, technical responses within a decent timescale.

Re:Classy, very classy

Hats off to you !

It's not often you get people actually voting with their wallet !

Now if only more people would care...

Re:Classy, very classy

[Pax681]

i must admit i pay for more IP's!

common carrier

[freedumb2000]

There ought to be some kind of common carrier type of regulation to prevent this kind of intrusive data mining and tracking.

nice

[R3N3G4D3]

so now my family can enjoy the advertisements based on the porn I was watching earlier that week?

Re:nice

[moderatorrater]

Everybody likes horses and other farm animals, right?

Re:nice

[Mr.+Roadkill]

Everybody likes horses and other farm animals, right?

Maybe his kids will appreciate seeing pictures of others their own age with similar interests. Plus, most kids these days don't get to see anywhere near enough of Grandma.

Porn ads?

[PIPBoy3000]

So if my wife starts getting a lot of ads for porn, do you think she'll put two and two together?

Re:Porn ads?

[Wandering+Wombat]

Will she put two and two together? Probably not... http://www.xkcd.com/

Re:Porn ads?

[edwardpickman]

So if my wife starts getting a lot of ads for porn, do you think she'll put two and two together?

She may just assume it's because of her own porn surfing?

Re:Porn ads?

If she gets too upset, just be logical to her (we all know women need logical arguments, specially in situations like this).
Tell her that getting thinner would help things a bit, and that perhaps she could do a bit better with her personal hygiene.

I've never tried that myself, but I think it will sort things out.

Re:Porn ads?

[GodfatherofSoul]

Two and Two...is that one of the titles? Wait, that's Two IN Two.

Reason Number

[Smordnys+s'regrepsA]

Just reason #86 to switch to Firefox with Adblock Plus (lets 86 those adds)!

Re:Reason Number

[moderatorrater]

How can adblock possibly work against this? If your ISP wants to, they can make those text ads appear inline with the text of the article, or make the image or flash look like it's coming from the site you're hitting instead of wherever it really came from. Adblock relies on knowing where the content came from in the first place, and if your ISP's lying to your browser, it's going to get harder by orders of magnitude.

Re:Reason Number

[freedumb2000]

Personnaly I am much more concenered with the fact that the ISP might track and store my surfing habits than the fat that i will ahve ads on my screen (i do already). And AdBlock won't help me there unfortunatly. If this really does ever happen I will have to surf the web proxied only.

Re:Reason Number

[STrinity]

Unless the ISP stores the ads in random directories with random names, it'll be possible to construct an Adblock filter for them. The bigger concern is that even if I block the ads, the ISP is still aggregating information about my surfing habits and distributing it to third parties.

Re:Reason Number

[SilentChasm]

Why does your browser need to know where they are stored if they can insert them directly into the document you are viewing?

Re:Reason Number

[STrinity]

An ISP can't just insert an ad in a page -- if they just send you a .jpg or flash file when you open a site, the browser won't know where to put it and discard it. They'd have to modify the HTML so it contains a tag that says "place http://isp.com/ad.jpg here," and once that happens you can nuke it with Adblock.

Re:Reason Number

[Allicorn]

Not exactly, since they can modify your HTTP responses at will and detect every HTTP request, regardless of target host, they need not insert...

    [img src=http://isp.com/ads/somead.jpg]

into the stream at all. They could instead insert...

    [img src=http://thesiteyouwereonalready.com/randomappearingnumber.jpg]

and then sniff your subsequent requests for that specific URI. Not easy to block with a plain old regular expression unfortunately.

Alli

Re:Reason Number

That may stop ads from being shown, but it won't stop the gizmos at the ISP from tracking and logging your web browsing.

Re:Reason Number

[STrinity]

But keep in mind that the URL and filename are just the most obvious ways to filter ads -- even if they obfuscate those, you can filter based upon link targets, and image size/location.

Re:Reason Number

[Allicorn]

Checking link targets and blocking images that conform to the standard ad unit sizes is definitely something that could help, yep. I used to run a proxy, long ago, that selected images based on filter-matching their source URI and would also select based on the dimensions matching common ad sizes. Replace the ad with a blank GIF of the same size and you're laughing.

I guess, if the ISPs were going to fiddle with your HTTP responses in such a way, your best bet would be to do the same. :-)

How?

[raeb]

Seems silly. Where the hell will these advertisements be? Certianly not on the websites I visit.

Re:How?

[flyingfsck]

Exactly - what are these advertisements people keep moaning about?

Power corrupts

[Statecraftsman]

Please oh please, can we start working on an open source(wimax) router with two bands(backbone and local) so we can build our own huge mesh network and say buh-bye to ISPs forever? We don't need your email address, we don't need your antivirus software, we do not need your bills, and finally we don't need you messing with our connections. That is all.

Re:Power corrupts

[easyTree]

+10E99 insightful

Re:Power corrupts

[FooAtWFU]

Please oh please, can we start working on an open source(wimax) router with two bands(backbone and local) Hooold up there, buddy. Where exactly are you going to get the money to buy the spectrum you need for your precious WiMAX to work?

Re:Power corrupts

[Dunbal]

This would work great inside urban sprawl, but you'll still need the telcos for rural and inter-continental stuff and that's where they will bite you in the ass. Unless of course you make enough money to lay your own trans-ocean cables.

Re:Power corrupts

[Statecraftsman]

We shouldn't need to purchase spectrum. We should purchase some lobbyists and maybe start some kind of calling campaign so the next useful chunk of spectrum will not be sold to the highest bidder. Instead it should be reserved like a national park for the public good...except instead of allowing us to enjoy the outdoors take hikes, collect our thoughts, this resource will grease the wheels of business, society and innovation.

Re:Power corrupts

Me and a friend were attempting this, but then the "buying spectrum" thing popped up and has pretty much killed off any plans for now.
Shame really, we had loads of plans for it drawn out, mapped areas, security and so on...

But i really do agree with you, counties should come together and form their own networks, screw these big businesses!
I already moved off of BT just recently after they said that my phone number didn't exist and cut my connection, i was going to try fix it, but no, they had to be stupid, so screw them!
I should sue them to be honest, but i'm too lazy to go through all the shit needed to do it.

Re:Power corrupts

[kegon]

Simple, just sell some advertising and insert it into any HTTP traffic... um, hang on...

Re:Power corrupts

[TheVelvetFlamebait]

Maybe the ISPs will shut down business, sell their assets, and buy the spectrum for us, if we ask very nicely?

Re:Power corrupts

[wall0159]

Uhh... It's our spectrum - all we need to do is not sell it...

(privitisation is not always automatically a good thing)

Re:Power corrupts

[ncryptd]

What is this "buying" of which you speak? Since when did hackers decide they were going to bow down to the FCC?

Re:Power corrupts

[rastilin]

The point about not selling public spectrum was an excellent one, so was the one for getting lobbyists. It's entirely dependent on how irritating the ISP's get. Worst case scenario, we hold a poll to figure out which company we like the least, set the routers to their spectrum and jack up the power.

In other news....

[maillemaker]

...advertisements for KY Jelly skyrocket...

Porn ads from Virgin Media?

[EmbeddedJanitor]

Makes sense!

Open Wide

[Smordnys+s'regrepsA]

Tell her you're not gay, you just got tricked into visiting goatse a few dozen times.

Re:Open Wide

[Dunbal]

Turnabout is fair play.

"I have no idea - have you been visiting a lot of porn sites dear?"

Mmm bad summary?

[saikou]

When people say "Insert relevant ads" it usually means ISP hacked the page you got from remote server and inserted and ad that wasn't there, or replaced one on the page with something else. Bad thing. Here, they organize new ad platform. Any site that uses it will be showing something Phorm servs up, and it, in turn, will try to figure out what to show by using ALL of your surfing history, no matter what sites you visit. So, if you go to golf sites A, B, C (that serve ads via yahoo, for example), and then to Phorm-using site M that has articles on electronics, site M will show you golf ads, due to your click-stream.

Of course advertisers will be disappointed to find out, that many people actually use one connection for a household. So, while from the point of view of ISP user clicked Cooking A, Cooking B, Valentine's day, Heavy metal band, Banking, Myspace ... in reality it's 2-3-4 individual users. And showing wife an ad for a new heavy album won't make CTR go through the roof. And teenager might actually barf at the sight of the cooking ads.

p.s. ISPs sell the data anyways, not usre how this opt-out would work...

I thought Sandvine would be behind this...

I guess those smart fellas there at Sandvine didn't think of doing that as well as their other nefarious craft.

Phorm?

[vimh42]

Well I guess it's pretty obvious what type of ads they expect to be serving up.

it's actually very very illegal

[QX-Mat]

Privacy, Art 8 and 10 aside, its actually very very illegal contractually. No doubt they will find a way of avoiding the contractual obligations through a shrink wrap, but there are issues here with the laws of confidence, the duty of care bestowed on the ISP etc. Not to mention cartel practice.

No no no no. This is BAD captialism. Stop. Think. Or I will sue.

Re:it's actually very very illegal

[pdbaby]

This is BAD captialism

Then we should fight it the only way an advertiser will understand - by making the return on investment approach 0 for advertisers

We write an agent that sits on peoples machines. It browses around google search results for various advertiser-happy keywords in the background. Immediately their database gets very noisy and their click-through ratio drops.

Of course, if these companies had a flag to let me say 'don't bother with the ads, I use AdBlock' we could both save ourselves some cpu time and bandwidth

Re:it's actually very very illegal

[Anonymous+Brave+Guy]

Yep, advertising doesn't work if almost everyone ignores it. That's why I get so little spam these days.

The sad thing is, they don't need much of a click-through rate to "justify" this sort of intrusion. There's very little marginal cost to them for operating the system, and even if only 1 in 1,000 people is a sucker, that's still a lot of suckers when you multiply the proportion by the size of the web-browsing population.

Their right?

[CannonballHead]

I suppose an ISP has a right to do this sort of thing (unless, of course, they have contracted with you not to do it)

I'd imagine some ISP's will respond by offering Ad-Free internet service. Wouldn't this kinda fall under competition, then? Stupid for those ISP's, perhaps, but hey, stupidity can be nice for the consumer now and then.

Maybe it's time they...

[frictionless+man]

Time they phormulated a plan to come up with better company names?

But seriously, from a business perspective (putting aside privacy concerns for a moment) it seems surprising that an ISP that deals with so much user data hasn't done this earlier.

Re:Maybe it's time they...

[flyingfsck]

I phink they'll be serving mostly phorn phormulations, phenis enlargement phils and so phorth.

I wish they'd stop calling it "serving ads"

[Butisol]

When I think of getting served, my mind's eye conjures images of roast beef dinners and roving gangs of street dancers. "Serving you ads" makes it sound like they're providing a valuable service when in fact they are wasting our time.

We need a more user-centric term that better describes the process of having ads jammed in our faces at every possible opportunity. "Buggering you ads" or something along those lines.

Furthermore, the users pay for the ISP's infrastructure, right? Should the ISP be allowed to hijack that infrastructure for such self-serving ends? Will ad revenue lower subscription fees or pay for higher speed/quality bandwidth?

Re:I wish they'd stop calling it "serving ads"

[GiMP]

Think of it more like getting served a summons.

Boycotts

[nurb432]

Anytime i am presented with a intrusive ad, i do my best to never do business what that company again. And i often let them know.

Re:Boycotts

Result: the company's hit rate on ad-serving increases fractionally (as someone who had no intention of ever buying excludes himself) and you quickly realise there are very few places you can go online and in short order isolate yourself from the world. WTG, that's really sticking it to them.

Re:Boycotts

[nurb432]

At least they don't get my dollar for any product, their non offensive competitor does..

Sure im only one person, but if enough people do it a difference could be made.

Ok if my Internet service is free

[presidenteloco]

I should be able to choose between internet service I pay for, or
free internet service with ads from the ISP.

As long as it's my choice I'm happy with that.
Of course if they try to have their cake and eat it too,
my cake actually, I'll be the first in line to collaborate
with my electrical engineer friends to engineer that pirate
wi-max network in our city which hooks in in an informal basis
to everyone elses' open wi-fis for its net connectivity.

Oh you haven't heard of that one? It's all good.

I can has SSL?

[fuzzyfuzzyfungus]

Wow. It's almost like they want to see SSL used absolutely everywhere. Have they considered the fact that, once website operators feel the need to switch to HTTPS to keep other people's ads off of their pages, they won't even be able to sell clickstream data anymore? (Not that I mind, of course. I really hate to see ISPs doing things like this; but if it drives greater adoption of crypto, it isn't all bad.)

In broader terms, though, this sort of thing is a (minor) example of what is really a huge problem. The internet is the biggest, newest, most disruptive medium in quite some time. But it flows over pipes largely controlled by people who would be much happier if it had never existed. That is a dangerous state of affairs. We need to exterminate the cable and telco guys, with their dreams of the old days when the endpoints were dumb and the network was all powerful, and get some new people who understand that internet access is a basic, cheap, boring commodity like cement or potatoes. It is occurrences like those above that make me seriously consider the idea of having municipal data pipes, just as we have municipal water pipes.

Re:I can has SSL?

I personally think all websites should use ssl anyway. These days, there are way too many people listening on a line, from the ISP to Carnivore descendants on the main pipes, to bogus wireless providers.

Even a self signed cert that is vulnerable to MITM attacks is better than nothing.

Heck, these days with people spying on traffic to try to kill it, like Comcast, someone needs to make a protocol at the IP level so even port numbers are not viewable by carriers.. IPSec would be nice, but it pretty much is limited to Windows domain networks.

Re:I can has SSL?

[repka]

Encrypted traffic to a pr0n site is still a traffic to a pr0n site. ISP sees that and serves you related ads. Or sells the info to content providers (e.g. google).

Re:I can has SSL?

[CSMatt]

If we have municipal data pipes, then it will be the government who is monitoring us instead of the ISPs.

Not that they don't already, but it would be much easier for them to monitor this way.

Re:I can has SSL?

[flyingfsck]

No, since inserting crap in a SSL session will break the session. So if you wish to keep your web site unaltered, simply redirect all traffic from port 80 to port 443.

Re:I can has SSL?

[repka]

... but when you open any 80-port session next morning, you can be easily fed those (relevant - this what TFA is all about) ads.
Also, no need to alter traffic: think about how some public wifi providers do that. Just don't let anyone access the web until they go through provider's homepage and register.

And by 'obvious' you mean...

> Well I guess it's pretty obvious what type of ads they expect to be serving up.

Phishing ads? Spammed pharmaceuticals? Spear phishing ads? Phreaking ads? Stupid freaking ads (is there another kind?) ...

Oh, right, this is Slashdot.
You must be thinking of porn.

I don't get it

[Dunbal]

So how come it's not okay for the phone company to barge into a voice communication in the middle of a conversation I am having with someone in order to tell me of the sale at my local shopping mall and the low low prices on mattresses, but when it's DATA they feel they have the right to alter the communication between myself and the party I am communicating with?

Plus are the websites going to be compensated for their loss? Because presumably if the visitor is reading a 3rd party ad instead of the ads on the website, the value of the ad space on said website is diminished.

Re:I don't get it

You don't get it.

The visitor *is* reading the ads on the website. The website is the one choosing the ad provider. It could be Google ads, Yahoo ads... or now this new ISP ad option.

Re:I don't get it

If you are confused, maybe you should READ THE FUCKING ARTICLE, I know it is standard practise not to RTFA on slashdot, but really, this advertising will not work the way you assume it would, and posting this comment just makes you look like an ignorant idiot.

Re:I don't get it

[Dunbal]

You're right, I didn't read the article. Still I think it's an ISP's job to connect me to whoever I want to be connected to. If they're not making enough (yeah right), then they should raise their fees. However modifying, adding to or taking from my data connection with the third party is none of their business.

It's not ISP who is serving ads

If this Phorm is anything like these guys, it is them who will filter your traffic in real time and insert "targeted" ads. ISPs just host their hardware and get paid by clicks.

I wonder

[no-body]

How much would this ISP pay me if I would use their service.

I already stopped using TV since they did not offer me enough to watch their ads.

Hope this attitude will change soon.

Disgusting

[scoot80]

These people should be castrated. ISPs should not be inserting ads in your webpages - we pay them for a service, one that has not been altered in any way. If we choose to go to a site with ads, or one without, it is up to us, but your own ISP inserting ads is taking it way too far.

Re:Disgusting

[troicstar]

I agree it is repulsive, with terms like 'behavioral targeting optimizers' it really makes you wish Bill Hicks was still alive to mock Phorm's morals or and lack of scruples. Anonymous or not, their technology is pernicious and targets individuals the maximum extent possible. If ads are actually inserted they can go fuck themselves, but I think they will track you with an isp held uber-cookie, eventually to replace ads in ad based sites. I think this is not acceptable civil or commercial behavior and clearly shows that Phorm does not have a shred of corporate responsibility or ethics.

Phorm's proprietary ad serving technology uses anonymised ISP data to deliver the right ad to the right person at the right time - the right number of times. Our platform gives consumers advertising that's tailored to their interests - in real time - with irrelevant ads replaced in the process.

What makes the technology behind OIX and Webwise truly groundbreaking is that it takes consumer privacy protection to a new level. Our technology doesn't store any personally identifiable information or IP addresses and we don't retain information on user browsing behaviour. So we never know -- and can't record - who's browsing, or where they've browsed. eew, language like that makes you want to puke. It hides more than it explains, kudos to the pp for calling it disgusting.

Re:Disgusting

No, what's disgusting is that you are calling for them to be castrated for offering a service under terms you don't like and aren't forced to accept. Get some perspective.

we pay them for a service, one that has not been altered in any way.

So if they aren't willing to offer you that kind of service, don't give them any money. If you honestly think that warrants mutilating them, then you are a fucking psychopath.

Re:Disgusting

[RalphSleigh]

Please RTFS, the ISP is not messing with data between you and the web, but instead giving your browsing history to an ad vendor who then uses it to target add at you and gives the ISP a cut. This way the adverts can target your entire history, not just the pages that have ads on them.

Re:Disgusting

[mdwh2]

but instead giving your browsing history to an ad vendor

Oh, that's okay then!

Could provide some interesting statistics...

[r_jensen11]

Like what percentage of their users get n or more ads for "Find Hot Singles in your area!" or "Find a Fuck Buddy in your area!"

I hope you lot read the terms of agreement when you signed up for your internet service.

Daddy's Sites and Goth Bands

[writerjosh]

This will end up being a real problem. For one thing, what about multiple users of the same computer? Families, for instance might see ads for dad's naughty websites and junior's latest goth-band ads at the wrong time.

And how exactly do they plan to serve these ads? Are they going to use pop-ups, page frames, or something like that? Won't that interfere if these ISP ads are competing with Google? Google will put up a big fight for sure...and they'll win.

People will complain about this ad onslaught, and new ISPs will start popping up "get our ISP - now with NO ADS for only $9.95!" - thus defeating the point in the first place.

What's the new startup?

[PingXao]

phr0m ?

Theft of Service and/or Misrepresentation

[DigitalEntropy]

ISPs sure like opening cans of DPI (Deep Packet Inspection) whoop-ass on their networks, these days, with nary a consideration for their liability for it. First of all, if I make money selling advertising space on my website, how is it legal for somebody else to sell either that exact same space, or to ALTER my website to pack it with their own? They are then stealing my website, or hijacking it, and misrepresenting my business interests to my prospective clients. What if I don't like to carry competitors ads on my site? Well, I guess I just have no choice but to BLOCK THE ENTIRE ISP to prevent my company, and my web-presence from being underhandedly REDEFINED by a couple of greedy, autocratic assholes with routers.

Re:Theft of Service and/or Misrepresentation

[kraut]

no point blocking them, that just disconnects you from your users. Just sue them.

Uhhh. Have I got this right?

[EddyPearson]

"...trying to work with ISPs to make use of that data themselves to insert their own ads based on your surfing history."

Am I to take it that this means Virgin Media will be injecting Ads into Slashdot (for instance)? Apart from the obvious privacy issues, unless their algorithm is extremely clever, surly this is going to break a lot of pages?

I WILL switch ISPs if this happens, I don't like the privacy implications, and I don't like interference.

I don't like the fact that ISP keep pushing the line further and further. First, its bandwidth monitoring, then its bandwidth throttling, then injected ads, then its censorship, and eventually we have a government approved white list. Then we'll wonder how it happened.

Re:Uhhh. Have I got this right?

Am I to take it that this means Virgin Media will be injecting Ads into Slashdot (for instance)?

I don't know about that, but your visit to Slashdot will be recorded and added to your 'profile' by the Phorm shit that VirginMedia are currently adding to their network.

Re:Uhhh. Have I got this right?

[OldBus]

Am I to take it that this means Virgin Media will be injecting Ads into Slashdot (for instance)? Apart from the obvious privacy issues, unless their algorithm is extremely clever, surly this is going to break a lot of pages?

No. What will happen is that Virgin Media will monitor your visit to Slashdot and include that in your profile. Any sites which sign up to serve Phorm adverts will be including adverts to you based on your profile.

Don't turn into RMS!

[Smordnys+s'regrepsA]

If this really does ever happen I will have to surf the web proxied only.
...or just find a program that sends random website/search requests for set profiles (white male ~18 years old, black female ~30 years old), so that your ISP can never be sure what YOU are doing. Sort of like the program in Cory Doctorow's "Scroogled: What if Google were evil?" or Rudy Rucker's "Mathematicians in Love" (in which the main character gains privacy through obscurity in a simple world where the outcome of every action can be computed before it is started)

UK ISPs rip everyone off!

[Doug52392]

A few days ago I was chatting in a Freenode IRC channel, and a person was asking if he downloaded the right Linux install ISO. He downloaded the 64 bit version, so when someone told him that, he said:

"Damn, I wasted 700mb out of my 6gb allotted bandwidth on that!"

I asked him why he would give $ to an ISP who does that, and he said he lived in the UK and every ISP does it.

What a ripoff!

Re:UK ISPs rip everyone off!

To be fair not all UK ISP's do that just most of them. Im with UKFSN (setup to provide funds to students writing free software) who are a reseller for Entanet. I have unlimited download limits but am limited to 2meg download speed. That cost me £35 a month (about $70 US)

Re:UK ISPs rip everyone off!

6GIG?
What ISP was he with??

My ISP has a 40GB limit, and if i don't get to that by them slowing my connection down in any way, i will sue their ass to hell and back for breaking their contract.

Re:UK ISPs rip everyone off!

[Sledgy]

Many Australian and New Zealand ISP's do that also. Although mine also provides a "Freezone" service where traffic to and from certain sites isn't counted towards your bandwidth limit, usefully they include an up to date debian mirror on their FTP servers.

Re:UK ISPs rip everyone off!

"Damn, I wasted 700mb out of my 6gb allotted bandwidth on that!"

I asked him why he would give $ to an ISP who does that, and he said he lived in the UK and every ISP does it.


Well, he's a ignorant twat. My Virgin Media lowest tier (2Mb max) connection has no download limits (they do a little light throttling down to 1Mb at peak times only, if you're using a lot of bandwidth for a long time).
The true situation is that there are all sorts of packages with different conditions, and the very cheapest packages tend to be much more restrictive.

Re:UK ISPs rip everyone off!

[CmdrGravy]

I think VM throttle you between 6-10 in the evenings once you have downloaded over 3Gb during that period - not exactly sure but I seem to remember reading that somewhere.

Anyway as you say the parent is a twat because there are tons of ISPs in the UK that can you offer almost any sort of service you like.

You all have something to hide!

Everyone who is complaining about this announcement must have something to hide. Who else would care about an ISP providing an ex-spyware company with their clickstream data, inserting ads into replies and then charging them for the extra bandwidth?

Re:You all have something to hide!

[CSMatt]

We all have something to hide. It's called privacy

Re:You all have something to hide!

I agree. I was being sarcastic

Re:You all have something to hide!

Same reason I have a door with a lock on it. To keep the thieves and people who have no right or need for access out.

ISPs have no right to use my IP logs for anything other than looking for security issues. This is why I always use a commercial anonymous service provider like relakks, cotse.net, or findnot.com for relaying all my IP traffic. Yes, they have access to logs, but if they sell it, I can sue bacause its explicitly in the SLA that such horsepoo such as selling logs to marketing/spammers will not occur.

Wait a minute...

[ricebowl]

UK ISPs To Start Tracking Your Surfing To Serve You Ads...

I could've sworn we had a story recently in which ISPs were resistant to monitoring users; what happened..?

Oh! That's right; they were resisting legislative impetus to monitor traffic, but now they have a financial impetus. Tch; if only the government had thought through the remuneration aspect...

ISP's who do this

[MeNeXT]

May open the door to being sued. When they choose what can come through then they will be under obligation to stop thing like child pron, XXX to minors, BiTorrent downloads...

What gives them the right to choose?

Re:ISP's who do this

[CmdrGravy]

This isn't at all insightful, it's completely wrong. The ISPs aren't doing anything to "stop things coming through" and they're not choosing what you can or cannot see on the internet.

What is being suggested is that the ISPs have an anonymous record of the pages you visit which they can make available to a 3rd party that will enable them to profile the anonymous data they have and target you with suitable adverts. Exactly how that will work I'm not sure but most likely this phorm thing will get your IP address ( available to any website ) and put in a request to the ISP to get the anonymous profile related to that IP.

I don't see how this is a particulary bad thing provided the ISPs go about it fairly, e.g. your data really is anonymous and no records of surfing history are kept, they give you either a reduced rate if use the service and an opt out if you don't want to. In general the more targeted adverts are to my likes the less annoying they will become which I can't really see as being a bad thing.

As ever, London Rocks.

[Nursie]

But even outside of London, you can get Be Broadband.

Owned by 02, so not some fly by night, unlimited 24Mbps (max).

I get 12-17, depending on whether BT are screwing with my line. Give them a try.

Re:As ever, London Rocks.

[Lyrael]

I'm in Derby and using Be over here too, they ARE using BT's hardware unfortunately but as far as I can tell they're not playing by BT's rules. (I'm actually getting the unlimited 24mbps that I paid for for once, unlike every other ISP that's choked me at peak times.)

Re:As ever, London Rocks.

[Doug+Neal]

Yep, Be are great. I was a bit worried when I heard they'd been bought out by O2 but it doesn't look like they've managed to fuck it up just yet.

I've got it at home, have recommended it to a friend, and also got both our office connections on Be - respective speeds are something like 10, 8, 7, and 20 Mbps. Not bad.

Another thing I like about them is that if you get a block of static IP addresses, you are assigned 8 or 16 out of a /20 or /21 block, rather than your own /29 or /28 as most ISPs do, meaning you actually get 8 or 16 IPs and don't lose three addresses to network base address, broadcast address, and gateway.

Demon might be a better option

[zrq]

Demon Home 8000
8Mbit download, £17.99 a month inc VAT, no limits

Demon HomeOffice 8000
8Mbit download, fixed IP address, £22.99 a month inc VAT, no limits

Re:Demon might be a better option

I used to be a loyal demon customer back in the days of dialup, and for several years. Then I moved home and requested they disconnect the line. I find out a year later that they were still charging me - they sent me a nice letter to say my bill had gone unpaid for 12 months and they had ordered a collection company to obtain the money from me. Note, they didn't tell me after 1 month, or 2 or 3, they waited a whole year. At the time I was about to start a new job working for a financial institution, so I just paid up rather than risking some crap appearing on my credit history and ruining my credit check. I sent them a letter with full payment explaining that I had requested they disconnect me 12 months ago, that I was very unhappy with the situation and could they ensure that the account was definitely terminated this time.

12 months later, guess what the postman delivered to my door? The second time around I contested it and they accepted and cancelled the charges, but just to point out that pretty much all these ISPs will screw you over one way or another. They're happy when everything's going their way, but they'll happily crush you like a bug and not even give it a second thought.

Well go on then.

Please oh please, can we start working on an open source(wimax) router with two bands(backbone and local) so we can build our own huge mesh network and say buh-bye to ISPs forever? No-one is actually stopping you - but perhaps it's easier to post here and feel smug rather than actually doing something about it?

...until now

[phorm]

Methinks that if this becomes commonplace, then perhaps that little header bit might become a whole lot more popular.

p.s. looks like those UK bastards stole my nick too...

Re:...until now

[Hackeron]

Haha, and how many layer7 appliances or for that fact browsers, webservers or proxies do you know that are compliant with the RFC? ;)

There is no privacy in the UK....

..just look up whilst driving on the motorways (and smile for the pretty cameras)....

if you're really bothered, outfox them with Tor http://www.torproject.org/

Phorm's (possibly) dubious past?

ContextPlus, known for the Apropos rootkit which plagued thousands of internet users, has shut down operations according to a notice on their homepage. ....

The folks behind ContextPlus, Apropos and PeopleOnPage evidently did not want to be known and there's little information about them to be found on the internet. The ContextPlus.com domain registration info shows a name and address in Poland. Interestingly enough, the domain history on 2-28-2005 shows the name Apropos with an address and phone number in Kirkland, Washington. PeopleOnPage.com shows an address in Poland with the name Kent Ertugrul . A Google search for Kent Ertugrul brings up a hit showing him as director and CEO of 121 Media, which is a contextual advertising company according to the website. I don't know if there's any connection between ContextPlus/PeopleOnPage and 121 Media, but it might be worth further investigation.

http://blogs.zdnet.com/Spyware/?p=820

121media is now know as Phorm. http://finance.google.com/finance?q=SEA:PHRM&morenews=10&rating=1

High time to pass a privacy law

That would make this illegal. We need it in the US, and it looks like they're gonna need it across the pond as well.

Enough is enough already.

Re:High time to pass a privacy law

[penix1]

No. It *IS* legal here. Agency in the act refers to an agency of the government. This act isn't binding on corporations.except those dealing in medical & financial. The fear is that government agancies tend to leak information and people have a right to certain info remaining private. It mostly deals with Social Security numbers.

This should be illegal!

[TavisJohn]

This is just as bad as ComCast sending bad BitTorrent data packets! ISP's should not be allowed to modify ANY content for ANYTHING that they do not own the rights to! What next? They will start censoring my e-mails if I complain about their service?

It also takes ad revenue away from websites! If a visitor goes to my site, but my ads are not displayed... Than the ISP is getting paid for MY content!

From a user perspective... If my ISP wants to show me their adverts, that is fine, but I want my Internet service for FREE! (Or at a at major discount)

That all being said... I bet the ISP adverts can't get around AddBlock!

This sounds like a challenge to me

[SleepyHappyDoc]

Ok, so how can we make this of no value to anyone? My first thought would be some kind of client that sends fake 'clicks', ignoring the results, just to clog up the clickstream with a massive amount of extraneous data. There's a Firefox extension that does this for Google...I used it for a week about a year ago and my Web History trends are still bizarre.

Better still, if we can find some way to create associations, so the ad-serving software thinks that porn and booze ads are good choices to serve up to visitors of disney.com

Adblock now easy

[flyingfsck]

Cool, this can only make Adblocking easier since all ads will appear to come from the same place.

Re:Adblock now easy

[crimperman]

That's assuming the ads use an IFrame or similar on the site you are visiting. If they use scripting isn't just as likely the ads will appear to come from the host site rather than Phorm?

Not that it will make much difference, AdBlock+ does a great job for me.

European privacy protection at its best

[nguy]

Not only does your ISP record your surfing data and keeps it around to give to the police, he sells it to other companies, too.

Re:European privacy protection at its best

[severn2j]

That depends on the ISP. The one I used to work for kept log information for exactly 4 hours. Privacy issues aside, why waste hard disk space on logs that have no benefit to them (apart from fault diagnosis, for which they have the previous four hours) when it could be put to better use?

What about NAT gateways?

[Sledgy]

In the case of a business with many users or even just a flat with several people sharing a common connection are you going to start getting ads based on what other people on the connection have been doing, what if one of those people likes their dodgy porn sites?

Ho ho ho

[BlueParrot]

They are opening themselves up to lawsuits involving Data protection, Copyright infringement, Libel ... Then imagine when they break the functionality of a site ( yes "when" not "if" ) that will be a hefty lawsuit right there. Then there is the issue of them incriminating themselves by demonstrating that they can alter the data they serve users, legal responsibility with regards to the ads accuracy etc... Somebody somewhere got greedy and decided to look for money inside the can of worms. This ought to be "fun".

Not quite!

[johannesg]

Even if something is possible according to a protocol description, that still doesn't make it legal.

A copyrighted work remains a copyrighted work, even if it is technically possible to violate that copyright (same as how a torrent of a new movie is not actually legal just because it is technically possible and in compliance with its own specification). Thus, an ISP still has no right to mangle those works for their own profit.

Of course the answer is easy: use encrypted protocols, and nothing but encrypted protocols. It is utterly unclear to me why anyway would even need unencrypted protocols for *anything* you do online.

Re:Not quite!

[petermgreen]

It is utterly unclear to me why anyway would even need unencrypted protocols for *anything* you do online.
afaict most websites (with the exception of ecommerce sites) don't support encryption because of the large extra costs involved both in terms of the extra hardware needed and in terms of the costs (both purchase and management) of all the IPs and certificates needed.

and if the websites you wan't to use don't support encryption then you have to use an unencrypted connection to them.

Re:Not quite!

[gnuman99]

Transform header is for cache control, like changing bmp files to jpeg or png when stored in cache. It is not to insert shit into pages.

http://utility.di.unito.it/CIE/RFC/2068/169.htm

You are correct, copyright law prevents modifying of content. The only way to do this is to have another Window or "frame" display the adds. Adding adds into the website is copyright infringement.

A better package might be

[RotateLeftByte]

https://www.ukfsn.org/business/internet/adsl/maxallowance.html

45Gb peak D/L, 300Gb Off Peak D/L up to 8mb, £25.00 + VAT = £29.35 ( $57.25 approx )

I'm paying already

[js_sebastian]

So it's bad when ISPs do this, but OK when Google does it? yes, google gives me a service for free in exchange to serving me ads. If i don't like it i can use another search engine. My ISP gets money each month from me and they better not screw me up.

Uhm, let me get this straight...

[sigdrifa]

... they refuse to monitor your traffic to keep you from downloading illegal copyrighted stuff, but sniffing you out to serve ads is ok?

Hmmm...

[VoltageX]

Say I pay for a membership to a website specifically to remove ads, and then this ISP goes and inserts more ads, rendering my membership useless, what then?

Changing content

[Wowsers]

I run a website that's advert free. The content I've been _given_ to put on there by agreement is only there because I am not serving adverts or charging access to the site. What gives an ISP the right to make it look as if I have changed my mind and started serving adverts from my non-advert infested website? They are changing my content, and breaking my copyright.

Re:Changing content

[jeremyp]

Read the article properly. They're not going to inert adverts into HTTP responses from arbitrary sites. It'll operate just like Google ads do, except that the ads chosen will be selected based on the browsing history of the client IP address.

The three biggest carriers then...

[simong]

...and the ones which anyone who wants a decent connection would never consider. It's easy to find stories about Virgin and Carphone Warehouse's peak period bandwidth throttling policies and BT's capacity issues and general commoditisation of broadband. In-session advertising is an inevitable result of the business models that these companies have adopted (in Carphone Warehouse/Talk Talk's case, they offer a free service quite aggressively, and according to reports, you get what you pay for). BT is the most worrying as they have been acquiring smaller ISPs in the last couple of years, including a couple of the larger independents, Madasafish/Brightview and Plusnet, so may roll the policy out across their brands, or indeed may create a premium market with their other brands while BT Broadband becomes the ITV of the UK Internet.

Re:The three biggest carriers then...

[L4t3r4lu5]

Being the ITV of the ISP's wouldn't be so bad, as ITV make their money solely from advertising revenue. Free connection for all!

One way this could work is if they offered 512kbps Ad-Free "BBC-Style" content, and 8Mbps Ad-Supported "ITV/Five" content. As long as the adverts weren't intrusive (Show in file download windows, or a seperate banner in the toolbar like Opera used to have) it wouldn't hinder anybody's browsing or break any pages.

Still, then you're trusting these people to code apps that aren't bloatware, or so badly designed they harvest ALL your data. (how would they distinguish between a google search box and the username field for your online bank, for example?)

Re:The three biggest carriers then...

[Cederic]

erm. I have been an NTL (now Virgin) customer for 7-8 years and haven't been actually throttled in all of that time.

I've had a couple of problems, but the only sustained issue was a broken cable modem, which they replaced with a newer model.

Then again I don't do much p2p file sharing. Too selfish of my upstream bandwidth..

However, even hating their customer service as much as I do, I have to admit, Virgin's cable modem service is an excellent connection - far better than merely 'decent'.

Trust me, I'm using a Sky DSL link right now and it almost makes me cry in comparison. :(

Not really that useful anyway

At least here in the Czech Republic, AFAIK most users are connected through NATs, like a whole block of flats surfing with same IP. So you might as well get to see this KY ad based on what your "neighbor" was surfing :-)

And the RFC matters how?

Copiepresse took Google to court and won because they didn't want to put "no cache" on their website. That the RFC means by default a copy is allowed did not change the courts opinion.

Of course what we might want to do is argue that this action is OK, get the court to agree that if the RFC says you can do something that the "something" then CAN be done and THEN go back to copiepresse and tell them that the courts are disagreeing with them.

If we need to do this in belgium, all we need is a website that is in belgium and being accessed in the UK and having ads added to it.

This appears only to be for sites that opted in?

[psysjal]

The article seems to state that the adverts would appear only on sites that opted in. They would then share the revenue with the ISP.

The most scary thing seems to be the privacy concerns.

When the government can not?

[iBod]

In the UK, the government certainly CAN snoop on your data if they want to.

q.v. The Regulation of Invistigatory Powers Bill of 2000

(http://www.parliament.the-stationery-office.co.uk/pa/ld199900/ldbills/061/2000061.htm)

Where do we complain?

[ConfusedVorlon]

I hunted virgin's site for an appropriate complaint address. They don't seem to have any group level complaints address, and the only contact points I found for virgin media were sales/account related.

key point is communication, and *SOME* UK ISPs

[CarpetShark]

I think the key point is that ISPs are paid to facilitate a communication layer, which transports requests and answers between your systems and third party systems. If they intercept that communication and mess with it, they're not providing the service you asked for. It goes way beyond things like traffic shaping, which are already perceived as pretty bad for ISPs to do (although in that case, I think it's more a question of HOW they do it).

The other point I'd like to make is that this article's headline is complete BS. I know of at least one ISP that has no such plans. So, it's not "UK ISPs" it's "Some UK ISPs" -- most likely one, or two.

Phorm

[Fluoxetine+Freak]

From Phorm's website:

"With OIX and Webwise, consumers are in control: they can switch relevance 'off' or 'on' at any time at Webwise.com. There's no small print and no catches: it's completely up to the consumer."

In the comments on the Techdirt article somebody is saying that Phorm are the latest incarnation of 121media which made the contextplus rootkit. A quick search later and indeed they are the same company.

Anybody got any more dirt on them?

Re:Phorm

apropos media, peopleonpage are also the doings of this company - there were at least 5-6 companies with the same directorship and pretty much same employees that worked before spyware was made at least immoral and less profitable - now it's this pagesense technology behind this partnership that uses cookies to keep behavioral information anonymously.

Say what you will about them, but unlike other ad technologies, they do not keep your IP and there is no known way (so far) to get enough information from the cookie to make the user identifiable - in that respect their technology is quite good (except I never actually seen it work in practice).

Re:Phorm

[paulatthehug]

Anybody got any more dirt on them?

Kent Ertugrul, Phorm's Chairman and Chief Executive Officer, started PeopleOnPage (papers on admission to AIM, page 3) who produced the Apropos family of spyware according to reliable sources. Not the sort of people I want having access to my browsing data, be in anonymised or not.

Moblock/Peerguardian anyone?

[Fuzzypig]

One reason why MoBlock and its Win equivalent, Peerguardian are compulsory in my house. I pay my subscription, I never lookup Pr0N, download movies, MP3s or software, except from the Ubuntu repo, so quite frankly, what I lookup online is no ****ing business of my ISP, DoubleShit, Ad-Shite or anyone else for that matter!

Virgin Media = The Pits

[MrSteveSD]

I just knew Virgin Media would be in on this. Their service is completely awful. Not only is it hopelessly unreliable, but they are throttling users very aggressively. You don't have to download much before they switch your speed right down. Avoid them at all costs.

Obligatory Plug

[EdIII]

TOR

Freenet

Now that the obligatory plugs are done, in all seriousness anybody really concerned about this needs to support development in technologies that will allow a publicly constructed network just like TOR and Freenet. They are not companies promising privacy and anonymity. These are open source projects that are used to create a network of clients, relays, and exit nodes.

The technologies that can be used as a countermeasure to this are already in development. They just need more development and exposure.

I have long ago concluded that privacy and anonymity needs to be forcefully acquired and protected. We cannot wait for the politicians to hear us, agree, and create intelligent laws that will give it to us. Every time I see an article like this I hope just a few more relays and exit nodes come online.