Republished: Phorm, PR Master or PR Disaster

Originally published on Benscomputer.no-ip.org 14 June 2009

About a week ago, I wrote about Webwise Discover, Phorm's new 'service'. At the time I questioned just how Phorm's survey managed to find such a large proportion of responders interested in their service, to me it seemed that these users had not been fully informed before being asked.

It now appears that I was correct. Over at the PC-Pro Forums (thanks for the tip Peter) there's a post by a user called Jonaba, who claims he was one of the respondents. He claims that at no point was Deep Packet Inspection mentioned, and in fact the actual reason for the technology was that well hidden that it took him a couple of minutes to even clock onto what the survey was about.

Now so far this is one user making claims that are difficult to substantiate, and Phorm would surely spin it that way, but his statement do correlate with what we would expect from Phorm. This is a company whose PR plan includes editing their own WikiPedia article to remove inconvenient information, as well as claiming to have the support of the Home Office for secret tests. Just as the edits came to light, and the Home Office clarified what had gone one, this latest fabrication is starting to come apart. This is the first thread, and people like me are going to tug at it. As more threads come away their lie will be revealed.

Now, they will claim that they haven't lied, which may be true. They may indeed have had a large number of respondents say they would be interested in WebWise Discover, but if the underlying technology wasn't explained then the results are pretty much invalid. What Phorm have done is run a consumer opinion survey on what looks like a piece of software, with no mention of how it works, and then posted the results of the survey in support of the technology itself. This to me is a lie, 72% of respondents didn't support Webwise, they just thought the flashy Discover front end looked cool. You didn't even mention the important bit, that every time they send a GET request, you'll have a quick skim first.

Kent, if you're reading this, I'll put it into your terms. On the level you claim you will be looking, and then the level that I think you will 'achieve'.

1. You must have a PA or similar. Now if you sent them out to buy you a paper, would you not be more than a little pissed if they had a quick skim of it before they gave it to you. Worse, they had maintained a list of categories that may interest you based on the paper. Annoying yes? That's the level you claim you will be at

2. The level I expect you will be at is slightly different, you ask the PA to nip down the post office and collect you parcel. They stop off and have a peek inside, and then give it back to you. Does it really matter whether it was a box of paperwork or mail order dirty knickers inside? Of course not, your privacy has been breached. They looked at something that you expect to be private, and worse than that wrapped it back up to hide it from you. Would it make you feel any more comfortable knowing that they know people who run a business selling dirty panties? No, didn't think so.

This is more or less what the system entails, and yet Phorms survey asks about the Front End, and whether they would like something that shows them 'relevant' websites. Its the equivalent of asking Kent whether he wants errands written into his PA's contract. Ignores the underlying issue, and tries to give it a new face. This is why it's lieing and thats why it's wrong.

Because of this, the survey results mean nothing. I'm sure most people would vote 'Yes' to a survey asking if I should send them free cakes every day. But I can't expect to use that as any sort of defence when people find I've been stealing them from children. Make no mistake about it either, Phorm are stealing. The data is mine, and I do not want anyone else looking at it, it is private.

Now, I may not have convinced the average reader that Phorm did anything wrong with their survey. All I ask is that you maintain an open mind, this is just the first piece of information in a new area. More is likely to follow, but keep in mind Phorms past when you consider if you trust them. If you have already decided that you dont then contact your ISP.

As a side note, I had an interesting thought about their Opt-Out procedures. As you are all aware, Phorms system will be default Opt In, and the Opt Out mechanism will be a cookie. Now take into account the following scenario;

Me: Hi Mr BT Customer Service Agent, I absolutely do not consent to you pimping my data through Phorm or any other Method

BT: Are you sure sir? You'll lose WebWise Discover and Phishing protection

Me: Yes, get it off my line.

BT: You can opt out by visiting Webwise's website and click the 'Turn Off' button

Me: Doesn't that use a cookie?

BT: Yes it does sir

Me: Well the EU states that you need my permission to place a cookie on my machine, and I don't give it

BT: You could also set your browser to reject cookies from OIX.net

Me: I'm not willing to make any changes to my system. Neither am I willing to participate in this 'service'. Disable it at network level.

BT: ?????

OK, so I would come across as a difficult customer, but as far as I can tell, legally I'd be well within my rights. They would probably decide that they need to terminate our service agreement, but if I am still within contract, it could potentially leave them liable (depends on the contract I guess). Still, it's an interesting thought, how do you Opt-out if you aren't willing to make any changes to your system.

Perhaps I'll phone them and ask at some point!


Needless to say, if you completed the survey, I'd like to hear from you!

UPDATE: I've just sent BT an e-mail asking what would happen in the scenario given above. I'll post details of the reply, as and when.