Phorm, Invasion Of Privacy Or Not?

12 Jul



Phorm, formerly known as 121Media[1], is a digital technology company based in London, New York and Moscow. The company drew attention when it announced it was in talks with some United Kingdom ISPs to deliver targeted advertising based on a user’s browsing habits by using Deep Packet Inspection (DPI) or Policy Based Routing (PBR). It is one of several companies developing Behavioral Targeting advertising systems, seeking deals with ISP’s to enable them to analyse an ISP’s customer’s websurfing habits. Others include NebuAd and Front Porch.

~Extracted from the website:

“Phorm, Inc. is striving to create a new, more responsive, intuitive kind of internet experience. That might sound like an ambitious goal for a small startup, but we believe that through technological innovation, creativity, hard work, and community we can help make the internet more adaptive than its current static state. With Phorm technology, the internet can automatically adapt itself to people’s interests.

What does that mean? It could be online advertising, media or content that’s tailored to the things you like, or an additional layer of protection from online fraud – but it’s all about making the internet work for you – rather than you working around the internet.”

My understanding of the Phorm technology is based on report’s by Richard Clayton, Univeristy of Cambridge, and Steve Gibson, founder of Gibson Research Corporation, the reports are listed below.

The basic concept behind the Phorm architecture is that they wish to take a copy of the traffic that passes between an end-user and a website. This enables their systems to inspect what requests were made to the website and to determine what content came back from that website. This results in an understanding of the types of websites visited, and is then used to target advertisments at particular users.

The actual mechanics of taking the copy differs from ISP to ISP, but one can view it as a “layer 7 switch“, defined as “A network device that integrates routing and switching by forwarding traffic at layer 2 speed using layer 7 (application layer) information. For example, an XML switch can analyze the XML tags at the application level and make forwarding decisions“, implemented using Policy Based Routing (PBR) or Deep Packet Inspection (DPI). This switch is capable of providing a view of the web session to out-of-band machines. By “out-of-band” I mean the original session is not affected by the act of making a copy, and neither end is capable of directly determining that a copy has been made.

The “layer 7 switch” only inspects traffic on port 80, the conventional port used for web browsing using the HTTP protocol. Traffic on other ports will be entirely ignored by the Phorm system.

Since the device is a “layer 7 switch”, it understands the HTTP protocol itself, and can pick apart the requests and responses that are being made. If the traffic does not appear to be HTTP (it is another protocol using port 80, or perhaps it is encrypted as in HTTPS) then the traffic will be ignored by the Phorm system.

The “layer 7 switch” is also capable of redirecting traffic so that it does not reach the “true destination” but instead is serviced by a machine within the ISP’s network that, for example, does some sleight-of-hand (i.e. page re-directs)  to check whether the user has opted-out of the system, and if not, to determine the Unique Identifier (UID) by which they are known to the Phorm system.

The various ISPs who will implement the Phorm system may operate their own opt-in or opt-out systems.

Phorm indicates their preference for an opt-out system, indicating that they believed this would lead to higher overall usage. No doubt this is the case, but this is where I am most queasy about the “user-aware ad-ware” technology. This should be an opt-in system, perhaps even offered to an end user by the ISP with an enticement of discounted service.

Our battle then, it seems, will be with our individual ISP’s, over whether this is an opt-in, or opt-out system, and whether this option is “open” and not obfuscated in any way.

There is a deluge of websites cropping up with “anti-phorm” rants and horror stories, but I am unable to determine the veracity of each at this point and will have to do further research to fully determine whether Phorm is a privacy issue or not.

Steve Gibson and Leo Laporte recently discussed the technology behind this system on Security Now #151 the transcript of which can be found here, the audio here.

An interview with Richard Clayton, University of Cambridge, and the Phorm group took place on March 26th 2008, the transcript of which can be found here.

This will have to be watched carefully as it creeps into the U.S.

Stay tuned, updates are sure to follow.


[1] 121Media, the former name of Phorm, has had its products described as spyware. As 121Media it distributed a program called PeopleOnPage, which was classified as spyware by F-Secure. PeopleOnPage was an application built around their advertising engine called ContextPlus. ContextPlus was also distributed as a root kit called Apropos, which used tricks to prevent the user from removing the application and sent information back to central servers regarding a user’s browsing habits.

In November 2005 the Center for Democracy and Technology in the US filed a complaint with the Federal Trade Commission over distribution of what it considered spyware, including ContextPlus. They stated that they had investigated and uncovered deceptive and unfair behaviour. This complaint was filed in concert withthe Canadian Internet Policy and Public Internet Center, a group that was filing a similar complaint against Integrated Search Technologies with Canadian authorities.

In May 2006 ContextPlus shut down its operations and stated “[Contextplus are] no longer able to ensure the highest standards of quality and customer care”. The shutdown came after several major lawsuits against adware vendors had been launched. Phorm has countered this with an admission of a company history in adware and the closing down of a multi-million dollar revenue stream as people confused adware with spyware.

Kent Ertugrul, Chariman and CEO, Phorm – “The problem for newspapers is that a story headlined ‘Two Dead in Baghdad’ isn’t very product-friendly, but if you know who is looking at the page, that’s where the opportunity is.”

1 Comment

Posted by on July 12, 2008 in Computing, Special Interest


Tags: , , , , ,

One response to “Phorm, Invasion Of Privacy Or Not?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: