AntiPhorm Software

Martin Brinkmann
May 20, 2008
Updated • Mar 18, 2012
Internet, Security, Software

One form of data mining is behavioral targeting which means that ads are served that fit into the surfing pattern of a user. Spending your time on teen forums will deliver advertisement for teens to the user and someone who is checking the latest stock market news will be delivered financial news. This is a goldmine for advertisers and obviously for the ones selling the user information. And that could be your ISP.

Phorm ist just one company that brought together leading UK ISPs like BT, Virgin Media and TalkTalk and advertisers to deliver on the spot targeted advertisement to the users. The data is said to be anonymous which probably means that every user can be identified by a number instead of his real name or address.

Are the IPSs informing their users about their cooperation with Phorm ? No they are not. It is believed that the BT alone rakes in $170 Million per year from selling information to Phorm.

There will be users who say that they do not mind, that they do not have anything to hide, that the data is anonymous and that they do get targeted ads instead of ads that are not interesting to them but the majority will probably do not like the fact that their ISP is selling their data to other companies without their consent.

We have learned from the AOL search information debacle that it is indeed possible to find the real person behind a number of search requests. And that's probably only the first step anyway.

Antiphorm tries to make Phorm useless by simulation activity in the background by visiting thousands of websites every hour. To ensure the safety of the system the websites are not opened directly in a browser but parsed instead which reduces the probability of a vulnerability immensely.

I'm not a huge fan of those applications and I have to admit that it would probably make more sense to protest against this business practice, write letters to MOPs, the ISPs and civil rights groups to inform them about the problem.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. popper said on May 22, 2008 at 12:19 am
    “Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]


    X-posted from Badphorm

    Hello all,

    pleased to announce a new prerelease version of Dephormation is available to download.

    It includes a significant new feature, developed by Narcosis, that records evidence of redirects by Phorm (or Nebuad) to a log file. This data could be used to support Fraud/Computer Misuse/RIPA complaints, or simply for technical analysis of DPI systems like Phorm and Nebuad. (I’ve checked every contributed line of code, and found only pure genius).

    I’ve tested this on Windows XP/FF2, and Linux/FF1.5. Narcosis has tried it on a Mac.…phormation.xpi

    Please feel free to give it a try (and revert back to the current public v1.6 if you encounter problems).

    Please note, with logging enabled, there is a trivial but discernable performance hit. The code probably needs some file handling optimisation. I’d suggest keeping the feature off, unless you suspect you are being redirected and want to capture a log.

    On Windows, the log file is best viewed in Wordpad, not Notepad (due to carriage return/line feed layout issues).

    PS… forgot to mention, the options can be accessed from the new Tools/Dephormation… menu item.

    BT/Virgin/TalkTalk customers – you don’t need Webwise and Phorm, pure and simple.
    Find a Phorm Free ISP. Phorm must be stopped.
    Download Dephormation for Firefox

  2. Janos said on May 21, 2008 at 6:14 pm

    I’m developing a similar tool called SquiggleSR.
    It’s a Firefox add-on so it’s platform independent .It does not randomly browses the web but instead make a query on Google (or Yahoo!) and then randomly browse the (non-sponsored) results.

    Query keywords are extracted from RSS flow titles (SquiggleSR support OPML files import).

    Further information:

  3. popper said on May 21, 2008 at 12:26 am

    you might find this Deep Packet Inspection Procera Networks’ advert enlightening as to what your DPI installed ISP/Phorm/NebuAd kit can see as just one single example.

    not exactly private or hidden as they keep telling you, if you have access to that DPI kit locally or remotely as is the case with Phorm/NebuAd etc.

    thanks to Phormic Acid on the thread

  4. Transcontinental said on May 20, 2008 at 9:32 pm

    Whatever, AntiPhorm 1.32 Software works nicely, dealing with random urls, random decisions and random time, wouldn’t do better myself !

    The arguments I’ve read here referring to legal matters, court behaviors and pseudo facts leave me skeptical, considering that the very nature of private data processing is to be hidden…

  5. popper said on May 20, 2008 at 7:50 pm

    LOL, sure z0iid, the spelling police have arrived…..

    but you could of at least taken the time and shown some real initiative to include your Opinion in all this Deep Packet Interception for commercial profit, or indeed ANYTHING relating to it at the same time.

    even lawful Pro-Phorm/Phormette NebuAd use if you like…

  6. z0iid said on May 20, 2008 at 7:01 pm

    popper – you’re vs your. learn it.

  7. popper said on May 20, 2008 at 6:16 pm

    Yeah, Dephormation Pete the writer, is a Cable forum member, and as he says, “it’s a fig leaf”, so dont rely on it.

    YOU need to understand the operation and the real implications involved in opting-in or not opting-out as it were, so read the information iv linked for your better understanding (or not, and stay ignorant of the facts as many sheeple do these days etc).
    DePhormation said:
    “Hello all,

    I’d appreciate your feedback on a new version of Dephormation (v1.8)

    This prerelease version adds experimental Nebuad suppression (based on Mel’s analysis of the faireagle a/b cookies on ISP review).

    I’ve also added in this version a detailed browser state logging feature that reveals redirects used by these systems to create cross domain cookies, without needing a proxy server. (Click on tools/error console, and click the ‘i messages’ button to see a full log of browser state changes).

    regarding Phorm and the phormettes NebuAd etc, they are cleary saying there IS A VALUE TO YOUR auto copyrighted DATSTREAM and the website owners copyrighted web pages, but they are not signing a contract or agreeing terms to pay you for this valuble data or its derivative work’s.

    are YOU saying your happy to loss that new cash income and are willing to give it to any 3rd party that wants to take it?

    do nothing and your activly helping these unlawful interceptors to profit from YOUR personal data…


    lets turn that around and look at how silly that argument is….

    “@you- when commercial users/ISP’s pirate stuff it’s ok but hey when they take our data it’s not ok.

    I think pirates and everyone else on the internet are operating a double standard here”

  8. darkkosmos said on May 20, 2008 at 5:44 pm

    I don’t know if it’s even implemented yet but here is a plugin for firefox that does the same job without a process (opt out cookie)

    @popper – when limewire users pirate stuff it’s ok but hey when they take our data it’s not ok. I think pirates and everyone else on the internet are operating a double standard here

  9. popper said on May 20, 2008 at 5:36 pm

    again to help clarify and focus your plans of attack that we have learned in the UK CableForum Phorm thread and my post from /.

    “Would, say, injecting a layer over the site (and placed above the site, much like Google does when you are searching for Images) really be copyright infringement though? Stealing advertising, maybe.”

    the point your all missing or Obfuscate on purpose! (including Irish_Samurai)so far, is that the advert placements or even viewing/blocking them,
    is secondary to all this real ‘copyright infringement’ and ‘unauthorised derivative work’ for commercual profit.

    a commercial ‘unauthorised derivative work’ for profit IS a criminal offence in the UK/EU and i assume the US! and canada?

    it is blatant “COMMERCIAL PIRACY FOR PROFIT”, end of story.

    even without considering any copyright notice on a website, or all the ‘not for commercial use’ type notices, as is found on a LOT of sites today, not to mention the newest trend of forbiding Phorm or the Phormettes/other DPI dirivatives we (cableforum)in the UK have been advocating for all non signed up sites to include.

    they the (ISP’s)2nd party ARE making this ‘unauthorised derivative work’ from BOTH the auto copyrighted consumers (1st partys)datastream AND the Auto copyrighted website content owners original work.

    from this ‘unauthorised derivative work’ they (the 2nd party ISP’s or the 3rd partys Phorm/NebuAd etc) are selling this unauthorised data for profit to the 4th party ad network or ad customer in this case, well outside any ‘mere conduit’ in UK/EU legal terms, or ‘common carrier’ i think you call it in the US legal terms, and so not covered by any legal protections in that regard.

    if as Irish_Samurai states, he’s putting the case of the ISPs that they will try to use ‘an agent for the users’, then they better find a far better defence as it cant possibly be defended against with this in effect ‘comercial piracy for profit’ ‘unauthorised derivative work’ .

    as far as im concerned, even the crazy US courts dont allow any ‘unlawful clause’ inside a consumer T&C Contract to become ‘enforcable’ when its clearly not legal as in forcing one of the partys to break other clear cut laws.

    any unlawful clause IS UNENFORCABLE, even if the rest of a contract is still deemed valid by a court, and while it might be the case in the US that you dont have stronger laws that the courts always favour the consumer position when ruling in explicit T&C consumer contracts, even the US courts must uphold unreasonable T&C consumer contract clauses as invalid and unenforceable in so called “good faith” legal terms…. do they?

  10. popper said on May 20, 2008 at 5:28 pm

    you and your readers might also be (web)wise ;) to read Richard Clayton’s Phorm report to get a good understanding of how it works.

    ill also point out that it appears NebuAd is using virtually the exact same kit and operation (with a few tweaks here and there,tracking IP address alongside cookies etc) so read Richard Clayton posts and get informed.

  11. popper said on May 20, 2008 at 5:20 pm

    your mis-informing the readership with your
    “Phorm ist just one company that brought together leading UK ISPs like BT, Virgin Media and TalkTalk and advertisers to deliver on the spot targeted advertisement to the users.”
    “It is believed that the BT alone rakes in $170 Million per year from selling information to Phorm. ”

    the Uk ISPs have NOT as yet deployed their Phorm gifted Deep Packet Information Kit

    they may like to make bucket loads of cash by unlawful interception and commercial Piracy for profit to make this ‘unauthorised derivative work’ their using selling to the Ad networks, but currently their not.

    theres is an unconfirmed report toady that TalkTalk have implemented and activated Webwise, but that seems to be some misinformed TT customer care operative at this time.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.