Why is Phorm so dangerous? The tracking is definitely a privacy issue. The user cannot opt out of the tracking and data like search queries and visited websites are stored and analyzed. Since British companies are world renowned for data safety it is only a matter of time before data leaks user profiles.

Firephorm is a Firefox extension that is forging the cookies placed on the system to make the tracking system useless. It provides the option to forge the master cookie and the tracking cookies to either poison the system by using random cookies, using an opt-out cookie or from an UID list specified by the user.

The Firefox extension modifies http requests and response headers and can also warn the user if a webpage request was redirected via Phorm’s webwise.net.

Only 15-20 users recognized the interference and reacted negatively to it. It goes on by suggesting changes so that the process will be 100% transparent to the user which simply means that they want a system where the user is not knowing that his connection is being hijacked and misused.

I have not had time to read the whole report but it seems like an illegal act to me to inject advertisement on web pages without the users and webmasters consent. In addition to spying on the users about 7000 cookies were dropped as well.

BT admits misleading customers over Phorm experiments
ISP data deal with former ‘spyware’ boss triggers privacy fears

I hope that there will be an unparalleled public outcry and coverage in Britain and world wide. Spread the word.

Phorm ist just one company that brought together leading UK ISPs like BT, Virgin Media and TalkTalk and advertisers to deliver on the spot targeted advertisement to the users. The data is said to be anonymous which probably means that every user can be identified by a number instead of his real name or address.

Are the IPSs informing their users about their cooperation with Phorm ? No they are not. It is believed that the BT alone rakes in $170 Million per year from selling information to Phorm.

There will be users who say that they do not mind, that they do not have anything to hide, that the data is anonymous and that they do get targeted ads instead of ads that are not interesting to them but the majority will probably do not like the fact that their ISP is selling their data to other companies without their consent.

We have learned from the AOL search information debacle that it is indeed possible to find the real person behind a number of search requests. And that’s probably only the first step anyway.

Antiphorm tries to make Phorm useless by simulation activity in the background by visiting thousands of websites every hour. To ensure the safety of the system the websites are not opened directly in a browser but parsed instead which reduces the probability of a vulnerability immensely.

I’m not a huge fan of those applications and I have to admit that it would probably make more sense to protest against this business practice, write letters to MOPs, the ISPs and civil rights groups to inform them about the problem.