IP Democracy: Can Phorm Be Trusted to Track User Clicks?
For those of you who haven't been following a primarily UK-based controversy, digital technology company Phorm sells a system to ISPs that tracks user Internet activity in order to provider better "behavioral targeting" data for advertising purposes. Although Phorm's purported history as a spyware provider and its recent sketchy Wikipedia editing behavior have drummed up controversy for the company, it earned a bad rap when it was disclosed last year that big ISPs BT, Virgin Media and TalkTalk were testing Phorm's system without clearly notifying customers of this fact, an obvious privacy concern that Phorm tells the NYT's Saul Hansell will be remedied by an "unavoidable notice" pop-up screen that users can't ignore.
Phorm, formally 121Media, comes with a little bit of baggage. First, the company is rumored to have once been a spyware purveyor, although Phorm argues that its spyware was really adware (note: a lot of web encyclopedias define adware as spyware.)
Then earlier this month Phorm got caught in an embarassing attempt to edit its Wikipedia profile by deleting key factual and unpleasant facts about the company. Phorm executives admitted to being "overzealous" in the Wikipedia edits and promised to never do it again.
Still, Phorm looks better than NebuAd, its main rival. NebuAd, which has contracts with U.S. ISPs Embarq and WideOpenWest, doesn't go as far as the opt-out pop-up notification. ISPs that use NebuAd can send emails, bill inserts or include boilerplate language in their user or privacy policy statements -- any one or all of these methods are almost virtually guaranteed to be ineffective.
Opting-out is far from an ideal solution, even ignoring the notion that opt-in methods are preferred by privacy advocates. According to a technical white paper by Cambridge University researcher Richard Clayton, opting out of Phorm's system might increase latency or reduce robustness of the user's Internet activity. (The "GET" requests are redirected three times for opt-out users, or something to that effect.)
Although I've always been less worried than most about private sector privacy violations (as opposed to law enforcement privacy violations), operating under the belief that few companies are smart enought to do bad things with the overwhelming snarl of data they receive, lately I've received some eerily targeted ads and feeds that are clearly based on things about myself that I consider private (mostly investment-related stuff...sorry, nothing really good.) Although Phorm might very well be an upstanding outfit, I'd feel a lot better if the company that is tracking all my Internet activity were far beyond anyone's moral reproach.
Posted by Cynthia Brumfield on April 9, 2008 7:45 PM to IP Democracy