Slashdot Mirror
Wikipedia Opts Out Of Phorm
ais523 writes "Wikipedia (and other websites run by Wikimedia) have requested to opt-out from Phorm; according to the email they sent, they 'consider the scanning and profiling of our visitors' behavior by a third party to be an infringement on their privacy.'"
Another reader points to this post on techblog.wikimedia.org which includes a confirmation from Phorm that those sites will be excluded.
It's the opposite of Artificial Intelligence: if you network enough marketers you get Sincere Stupidity.
http://rocknerd.co.uk
Wikimedia Tech Blog post.
(This would have happened sooner, but Brion was snowed under.)
http://rocknerd.co.uk
sorry I dont understand
where is the list of websites who have opt'd out of webwise ?
and since webwise is not active at the moment what good will this do ?
regards
John Jones
But first there is a need for people:
Read this thread down and comment on this one
http://slashdot.org/comments.pl?sid=1199671&cid=27586613
If you are connected with BT please try some of these suggestions and see if it is possible to locate the IP addresses of Phorm. It is important that we stop this menace(or at least do what we can) before it spreads to other ISPs.
Knowledge is power. Knowledge shared is power lost.
I would think the opposite of artificial intelligence would be natural stupidity. :p
You can't take the sky from me.
It might be ignored as we (in the UK) don't spell "legitimize" with a "z" - it's legitimise here :)
Detect IPs from ISPs who are part of Phorm and redirect them to a page about Phorm the first time they visit Wikipedia each day. Amazon probably couldn't afford to do this, but it's not like Wikipedia loses any revenue if they irritate their visitors a bit, and if they can direct that anger to the ISP then it could do a lot of good.
I am TheRaven on Soylent News
For those of you, like me, that read TFA and the article linked from TFA and still don't know what Phorm is other than it's something that some UK ISPs are implementing and there appear to be privacy concerns, Wikipedia.
In short, it's system for doing targeted advertising by deep-packet inspection.
Would it be too much to ask for the summary to give some clue about what "Phorm" is, or why Wikipedia would need to or want to "opt out" of it?
aside from the whole invasion of privacy thing, people seem slightly less to pay attetion to the suggestion that intercepting and replacing the adverts on a page is tantamount to theft of advertising revenue, to the page owner for their share, to e.g google for their commision or however they work, and to the advertiser whom may otherwise have recieved an extra click through to their site
A while ago there was this story:
AP Says "Share Your Revenue, Or Face Lawsuits"
The very first comment was:
If you don't want people looking at it, don't put it on the friggin internet! (Score:5, Insightful)
There were several other comments to the same effect. I am interested in hearing from anyone apply the same sort of logic in this case. I hope that there will not be bias simply because the story is regarding our beloved Wikipedia.
a. Phorm committing an "infringement of privacy" against Wikipedia's users.
or
b. It's on the internet, it's fair game.
I do not believe that one can have it both ways.
Phuck Phorm is all I can say
"marketers" and "Sincere" in the same sentence? ... Couldn't get more diametrically opposed concepts. The majority of marketers are pathological liars.
If you look at http://en.wikipedia.org/wiki/File:Phorm_cookie_diagram.png , they are lying to the customer by claiming that a website has moved when it hasn't. As a website owner, I should be able to sue them if I have proof of such a fraudulent redirection. Why would opt-out be necessary or advisable under these circumstances?
Any content that is distributed under any of the Creative Commons NC licenses (e.g. cc-sa-nc cannot legally used for advertising purposes. The very similar license under which the Grateful Dead allow redistribution of their old concert recordings explicitly lists advertising and "exploiting databases compiled from their traffic" as forbidden.
A script that continuously randomly serfs the web . . . at random intervales and with high traffic. The pages are just thrown away. Then when I serf the aHoles at Faschist central won't know if it is me or my doppelganger script or what I am looking at.
Opting out as a web site or user is just a lame attempt to avoid implementing the even simpler, and vastly more effective solution: MAKE YOUR WEB SITES ACCESS VIA HTTPS WITH SSL SECURITY FOR ALL PAGES, ALWAYS!
That way nobody can easily "man in the middle" attack your page content for any purposes of deep inspection, advertising, user profiling, invasions of privacy like 3rd party traffic logging, et. al.
Notice that I said "nobody can" versus "PHORM cannot" -- this would protect against ANY 3rd party snooping or data tampering, which surely is a far more effective "one solution fits all" approach than JUST relying on PHORM's good hearted integrity to honor your request not to profile your traffic. HTTPS solves the problem once and for all for ANY such threat. It is something that your web servers already support. It would be trivial to enable this wholesale across thousands of web sites.
The benefits to users could extend far past advertising related snooping; it would help secure your users against even worse kinds of malicious or oppressive censoring / analysis of their web interactions.
The ONLY things that would be available for inspection / logging by a 3rd party would be:
a: some client's PC did a recusive DNS lookup of your domain such as en.wikipedia.org
b: some client's PC made a TCP connection to an IP address which happens to serve some particular set of sites, e.g. 22.33.44.55 = en.wikipedia.org, uk.wikipedia.org, some_other_virtual_server.com, et. al.
c: a certain amount of SSL encrypted traffic flowed back and forth from the client's PC and the site over SSL. Packet timing, packet group sizes could probably indirectly reveal some information via traffic analysis about what content may have been accessed, but this would be certainly far more difficult and less useful for a 3rd party like phorm to have to analyze / process.
Other than the small issue of paying for a SSL certificate for commercial domains, what exactly is the problem here? If your site is commercial / large traffic then presumably a modest annual cost is negligible compared to your existing server / IT / staff / security / bandwidth / electricity costs -- and you probably ALREADY have SSL certs anyway just for your login / e-commerce types of processes. If you have a low traffic / personal / non-profit type site, then just use self signed certs for free, and it'd be doing your users a big favor protecting them from 3rd party attacks / snoops on their traffic for basically zero cost to you.
Large / commercial sites presumably have hardware capability to handle SSL processing at the necessary speeds. Small sites presumably have small enough traffic that even a very modest personal desktop CPU that is already in use for the server could handle it at that throughput level with no problem.
If we're going to be petitioning sites to do SOMETHING to stop the harmful practices of 3rd party traffic logging / deep packet inspection, shouldn't we be asking them to do it the BEST and really the ONLY EFFECTIVE way? Anything less is a joke. *NICELY ASKING* a "malicious" would-be eavesdropper to not snoop on your totally unencrypted totally unsecured data stream is like wearing a t-shirt that says "please don't rob me" while you walk around with tons of expensive jewelry and electronics through dark alleys in bad neighborhoods. News-flash -- the people that would snoop on your / your users' data are doing it for PROFIT or CONTROL self-interest; if they CARED about being "nice" and respecting your / your users' privacy, THEY WOULDN'T BE DOING IT IN THE FIRST PLACE! Don't "ask nicely" for them to stop -- they'll do it anyway, and so will 10,000 others who YOU DON'T EVEN KNOW ABOUT -- PROACTIVELY PREVENT them from doing it, YOU HAVE THE TECHNOLOGY!
"Sincerity is everything. If you can fake that you've got it made."
Old but good.
---
For web applications a web browser is little more than a multi-language, non-portable graphics+networking library mess, far less consistent than other graphics+networking libraries.
Wanna bet that Phorm made this possible using addblock lists?
...you're someday looking at some pr0n while you're wife's out, and when she come back you browse to some normal page and pr0n ads pop up...
This is what many Americans don't get about the BBC. All they think is "it is run by the government, they must have their hands in it".
The reason the BBC can remain so unbiased is because they have no need to profit or grow the company. They know they will be funded next year, they have a government mandate and direct taxation supporting them. Also, it is an arms length from the government. They have a charter to collect the TV tarrif directly - the government does not directly fund them to my knowledge.
Therefore, they don't have to worry about an MP cutting their funding if they run an expose on him.
They don't have to worry about "if we do an expose on ourselves and we look bad we will lose advertising dollars", because they don't run advertising.
They don't have to say "oh we can't do that report on how GE microwaves are faulty, because GE is a huge advertising client".
Since they don't have to worry about markteting and soliciting advertising, they can devote 100% of their time and energy on reporting on the news to the best of their ability.
As a Canadian, where we have the CBC which is funded both through taxpayer dollars AND through advertising, I can see both sides. The CBC is pretty impartial, more so than any American network anyway, but if I had to also have to pay a TV tarrif like people in the UK do, I am unsure if I would be OK with that. Then again, at least that would maybe fund some more decent non-news programming on the CBC.
Just a quick update for everyone. Today we have sent a letter of complaint to the Financial Services Authority (FSA) that Phorm's statement to markets this week that government regulators and departments support their technology as fully compliant with UK law - is misleading and possibly fraudulant.
I have added a link and summary to my firehose here:
http://slashdot.org/firehose.pl?op=view&id=4200429
you can find the original article here:
https://nodpi.org/2009/04/17/phorm-protests-berr-says-we-are-fully-compliant/
Alexander Hanff
So how do I blacklist Phorm's IP range - With this kind of scam I don't want to serve my pages into such dishonest people.
My interest is to ensure ethical networks by blacklisting the unethical - when these people come knocking I want to either tarpit the IP or serve up a condemnation of the Phorm inline worm and those that support it by using it.
even if they have no choice, because they need to become activists and they should be told that.