Wikipedia Opts Out Of Phorm

ais523 writes "Wikipedia (and other websites run by Wikimedia) have requested to opt-out from Phorm; according to the email they sent, they 'consider the scanning and profiling of our visitors' behavior by a third party to be an infringement on their privacy.'" Another reader points to this post on techblog.wikimedia.org which includes a confirmation from Phorm that those sites will be excluded.

Re:Frist Ph0rm

[David+Gerard]

It's the opposite of Artificial Intelligence: if you network enough marketers you get Sincere Stupidity.

The official post

[David+Gerard]

Wikimedia Tech Blog post.

(This would have happened sooner, but Brion was snowed under.)

Re:The official post

[brion]

Those are also not actual Wikipedia content sites, but either redirects or sites of local Wikimedia chapters. All our actual content is on our own domains -- for instance German-language Wikipedia is at http://de.wikipedia.org/ not http://wikipedia.de/ which is a portal page maintained by Wikimedia Deutschland. (In part because German courts routinely shut wikipedia.de down in preliminary injunctions... ;)

Re:The official post

[OldakQuill]

The BBC can't opt-out at the moment. It seems that major sites which do opt-out at the moment make news (including headlines at http://news.bbc.co.uk/). It'd be quite reflexive for the BBC to opt-out from a scheme run by a major UK telecommunications company and to report it on their news website, since that is a major source of their web traffic. The BBC News website itself would be making the news by undermining BT's scheme on the grounds of privacy invasion. When enough sites have opted-out for it to be non-news, they could do it.

Also, the BBC and BT have to work with each other on things like iPlayer, the online television/radio delivery platform. Perhaps the BBC are avoiding opting-out on these grounds too.

Then again, since the BBC has a special place in the UK regarding license fee and lack of advertising, perhaps they were opted-out of the scheme from the beginning.

Re:The official post

[EdZ]

You don't know the BBC. They've reported on their OWN internal scandals in the past, and tried pretty well to remain unbiased over them.

Re:The official post

[AlexanderHanff]

Brion,

I would like to extend my gratitude to you for supporting the campaign and opting the Wikimedia Foundation out, myself and other campaigners are very appreciative of the support.

Sincerely,

Alexander Hanff
Founder of NoDPI.Org

It is possible to block IP

[Daimanta]

But first there is a need for people:

Read this thread down and comment on this one

http://slashdot.org/comments.pl?sid=1199671&cid=27586613

If you are connected with BT please try some of these suggestions and see if it is possible to locate the IP addresses of Phorm. It is important that we stop this menace(or at least do what we can) before it spreads to other ISPs.

Why not go one step better?

[TheRaven64]

Detect IPs from ISPs who are part of Phorm and redirect them to a page about Phorm the first time they visit Wikipedia each day. Amazon probably couldn't afford to do this, but it's not like Wikipedia loses any revenue if they irritate their visitors a bit, and if they can direct that anger to the ISP then it could do a lot of good.

WTF is Phorm?

[EvanED]

For those of you, like me, that read TFA and the article linked from TFA and still don't know what Phorm is other than it's something that some UK ISPs are implementing and there appear to be privacy concerns, Wikipedia.

In short, it's system for doing targeted advertising by deep-packet inspection.

Re:WTF is Phorm?

[AlexanderHanff]

If you would like more information on Phorm/WebWise, NoDPI.Org has been leading the campaign against them for the past 14 months (and were co-signatories to the Open Letter). We have worked on a number of iniatives including organising the House of Lords Round Table Event which Sir Tim Berners-Lee attended on the 11th March this year. We plan to take the lobby all the way to Brussels and the campaign has already led the European Commission to initiate legal proceedings against the UK Government after they failed to enforce EU Privacy Directives with regards to Phorm's covert trials with BT Group in 2006/2007. I also filed a criminal case with the police in July last year, which they closed stating that there was no criminal intent and it was not in the public interest. As a result of this I was forced to contact the Director of Public Prosecutions and bypass the police entirely - the Crown Prosecution Service are now investigating the matter and will make a decision on whether or not to prosecute. The covert trials in 2006 alone intercepted over 130 million communications over less than 2 weeks and modified those communications to insert Javascript into web pages which passed through their systems (then known as PageSense). I leaked an internal BT report which goes into a great deal of detail about the 2006 trials to WikiLeaks last summer and I also wrote my undergraduate dissertation on the legal implications of the same covert trials.

You can find the dissertation here: https://nodpi.org/documents/phorm_paper.pdf
You can find the leaked report here: https://secure.wikileaks.org/wiki/Image:BT_Report.pdf
And you can catch up on the entire scandal on our blog here: https://nodpi.org/

Hope that clarifies things for those who are not aware of who/what Phorm/WebWise are/is.

Alexander Hanff

More information please?

Would it be too much to ask for the summary to give some clue about what "Phorm" is, or why Wikipedia would need to or want to "opt out" of it?

stealing advertising revenue

[wjh31]

aside from the whole invasion of privacy thing, people seem slightly less to pay attetion to the suggestion that intercepting and replacing the adverts on a page is tantamount to theft of advertising revenue, to the page owner for their share, to e.g google for their commision or however they work, and to the advertiser whom may otherwise have recieved an extra click through to their site

Re:stealing advertising revenue

[tomtomtom]

... intercepting and replacing the adverts on a page is tantamount to theft of advertising revenue ...

Not that I want to be seen to defend Phorm, but that's just not what their system does.

To be fair to you, some of the original secret trials did include nasty rewriting of web pages to include their ads but they pretty quickly dropped this (I suspect more because it didn't work well enough than for any moral or legal reason given their dubious track record and the previous lives of the individuals behind Phorm).

Phorm monitors your general web usage using Deep Packet Inspection at the ISP level, even and especially on sites which have never signed up with (or even heard of) Phorm, in order to build up a behavioural profile of you. They then use this to serve you targeted ads when you browse to a site which is signed up to their ad hosting service.

What's more, they decided to not only track what sites you visit, but do keyword analysis of the content of the pages served to you by third parties. They claim this data is anonymized but we all know that in reality you could probably identify any given user from the data they collect with >50% probability as recent studies on anonymized data sets have shown.

Re:Mental disconnect

[growse]

You're confusing the content and the information about the people accessing the content. If I publish a web-page, that is public (copyright me). Anyone can read it. However, what isn't public is the list of IP addresses that accessed that content. When reading a webpage, you don't get to know who else has read that webpage.

Phorm gets to know who else read that webpage. And any other HTTP-only webpage.

Re:where is the list ?

[David+Gerard]

The Open Rights Group is keeping a list of people it's asked to loudly and publicly tell Phorm to phuck off. Amazon opting out made lots of mainstream media a couple of days ago; looks like Wikimedia doing the same will get a bit of notice too.

The point is to publicise that Phorm (a) exists and (b) is a bad thing. Schemes like Phorm only get away with existing insofar as people aren't aware of them.

Re:Mental disconnect

[David+Gerard]

The way they're doing it is likely illegal in the EU. The EU is actually taking Britain to court for not having prosecuted Phorm and BT already.

Re:Mental disconnect

[hguorbray]

El Reg has been covering Phorm and its existing and planned abuses for some time:

http://search.theregister.co.uk/?q=phorm

unfortunately one of the Phorm directors is also in tight with the UK gov in an internet policy group
http://www.theregister.co.uk/2009/04/15/kip_meek_berr/
and they have been hard to dislodge over there, although Brussels (EU) has also taken notice
(see parent)

so far, they seem to have been treated with suspicion and hostility over here in the USA by everyone AFAICT, which is probably a good thing

I'm just sayin'

May be copyvio too

[Xtifr]

Any content that is distributed under any of the Creative Commons NC licenses (e.g. cc-sa-nc cannot legally used for advertising purposes. The very similar license under which the Grateful Dead allow redistribution of their old concert recordings explicitly lists advertising and "exploiting databases compiled from their traffic" as forbidden.

Re:where is the list ?

[TubeSteak]

Schemes like Phorm only get away with existing insofar as people aren't aware of them.

Wrong.
Schemes like Phorm exist because they are opt-out.

Numerous studies have shown that people are lazy and won't even do things that are in their best interest if they have to exert even minimal effort. That's why opt-out is so successful.

Re:That email may not work...

[tomtomtom]

Actually, "-ize" is absolutely not an Americanism - it is in fact correct spelling in either British or American English, whereas "-ise" is correct only in less formal British English.

It is sad that very few of us British seem to understand our language properly; almost no one here realizes that it is actually more conservative in British English to use -ize and not -ise. For example, go and look at an older copy of the Oxford English dictionary or the Times and you will see all those words spelled "-ize". I believe that even the newer editions of the OED, despite now listing the "-ise" forms, state that "-ize" is the preferred form.

To further complicate matters, the only words to which this rule can can apply are those which derive from Greek (and thus contain the Greek suffix "-ize" - this is the rationale for it being the more correct variant). So for example "enterprize" and "capsise" are always just wrong in either British or American English.

Re:where is the list ?

[oldhack]

"Numerous studies have shown that people are lazy and won't even do things that are in their best interest if they have to exert even minimal effort. That's why opt-out is so successful."

Or because opt-out is a fraudulent scam. We've got ten thousand and one things to keep track of for real life, and I don't see why we should have to keep track of opt-out status for every pissant website.

Re:Screw opt-out, the RIGHT solution is HTTPS!

[shentino]

And if DNSSEC was properly implemented across the board then we wouldn't even NEED to be wary of self-signed certificates to begin with.

If you can trust that the DNS pointed you to the right site, then you are as safe as you are using SSL.

Re:where is the list ?

[bit01]

Numerous studies have shown that people are lazy

Numerous studies have shown that people attempt to rationally allocate their time and attention.

There are millions of businesses in this world. It is not humanly possible to opt-out of all their marketing drivel even when there a cost-benefit in doing so.

Marketers steal the time and attention of many people to make a sale to one person and then act all surprised when those people get pissed. Spam is just the extreme example of that, unfortunately becoming less extreme all the time.

---

The USA is