Selling out Online Advertising

by on May 13, 2008 · 35 comments

Reports have surfaced that Charter Communications, a mid-sized U.S. cable ISP, is monitoring its customers in partnership with NebuAd to deliver targeted advertisements. Luckily, Wayne Crews and I have a brand new C:Spin digesting the privacy implications of advertisers tracking our Web browsing:

Online ads can be annoying. From pop-ups to flash screens, it’s hard to surf the Web for long without encountering a sales pitch for an unwanted product. A world without these ads might be pleasant, of course, but then who would pay for all the original content websites make available?  Advertising explains why we can browse the Internet without pulling out our credit cards at every turn. But New York lawmakers are now considering a bill that would make this scenario a reality, spelling doom for the advertising models that could fuel the Internet’s future. 

Irked by pervasive advertising, some consumers see the Wild Wild Web as a realm warranting legislative assurances that all information stays private, hidden beyond the reach of marketers without explicit consent. They prefer that we opt-in, rather than opt-out.  

But an alternative interpretation of the nature of the cyberspace is that any advertiser may legitimately assemble information that has been transmitted on what is clearly a very public network.  

Even Wikipedia, long funded entirely by private donations, may soon have to place ads on its popular encyclopedic entries. All the server farms and fiber optic cables that power today’s Internet are not cheap, and somebody has to pay. Ad revenues indirectly fund many of the network upgrades needed to prepare for the ever-increasing stream of global Web traffic. And since advertisers are expected to tighten their belts as the global economy slows down, effective advertising models are more important than ever. If the Internet is to realize its full potential, firms must be free to develop experimental new methods of delivering ads. 

Increasingly, today’s “dumb” online advertisements are yielding to “smart,” behavioral ads.  By cataloguing individualized information about a user’s browsing tendencies, behavioral advertisers like Phorm and NebuAd can guess what sort of ads might interest that person, and select which product to promote accordingly.  In this model, advertisers don’t even have to record specific web addresses; rather, browsing habits are stored only under broad subject categories, like automobiles or golf. Sensitive websites like WebMD aren’t logged whatsoever. All this data is tied not to our names but to anonymous identifiers like cookies or IP address, which typically cannot be traced back to a particular individual except by court order.

We also discuss the inherently voluntary, user-driven nature of online advertising:

To some extent, advertising is already opt-in. Consumers are able to ignore ads, or download simple software to avoid them altogether. Ad-Block, a popular Firefox plug-in, now has over 2.5 million users, and myriad anonymity services make it easier than ever for concerned users to conceal their IP address. Arguably, the consumer-control ethos—the notion that we don’t have to be tracked—puts consumers, not advertisers, in the drivers’ seat on the Internet’s road ahead. Ultimately, ownership of the collective desktop rests with the user, not the company.

 Read the rest of the C:Spin over at CEI’s website.

  • david m

    what part of “deep packet inspection” of all your automatic copyrighted datastream without Explicit Consent.

    or, unlawful interception without court Order, or Explicit Consent of BOTH partys.

    or, commercial piracy of Copyrighted web content.

    or,the unacceptable security and privacy risk to your employees work from home with web-based applications.

    or many other potentially breaking of many more laws inside the Uk and the EU , but your readers are in the US and so dont have these laws to protect them and their right to privacy do they, so that doesnt matter does it?

    finally, all that inter-ISP unique cookie data and custom DPI ISP network installed kit, you are far more likely to become a prime target, and hence a victim of online fraud if your ISP is one of those signed up with Phorm or NebuAd.

    as i said, what part of that dont you get as a reader or news writer…

    of course its easy to understand why the people hopeing to profit from all this deep pack interception are spendinf so much effort trying to sweep this most disingenuous practice under the carpet.

    http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    Ryan, you wrote “All the server farms and fiber optic cables that power today’s Internet are not cheap, and somebody has to pay. True. But what is being overlooked is the perspective that the advertisers need to control themselves and to act in an ethical manner. A sound social structure is based on treating both sides equitably. If advertisers did not abuse their “privilege” of advertising then there would be no need for legislation to “control” onerous behavior.

    Ryan, you wrote “But an alternative interpretation of the nature of the cyberspace is that any advertiser may legitimately assemble information that has been transmitted on what is clearly a very public network.” I don’t have a problem with this.

    What bothers me is the double standard. Its OK for a corporation to “privatize” you as a revenue unit, but it is not OK for you as a consumer to use a product that you paid for anyway you wish because of a supposed EULA. Again, “power” is not an entitlement for content producers. To borrow from 1984 “We are all equal but some of us are more equal than others” We should have a “level playing field” for both the consumer and the producer.

  • Ryan Radia

    Steve R, I think we have different definitions of what constitutes “ethical” advertising. Tracking the types of websites a user visits in order to generate better ads isn’t unethical in my opinion. Where’s the “onerous” behavior that justifies legislation? I don’t see advertisers peddling sensitive data nor is there even any reason to believe private information is insecure.

    You make an excellent point about the double standard. I have real problems with “shrink-wrap” contracts i.e. EULAs, and I am also against the DMCA’s anti-circumvention clause. This piece was arguing for the producer’s freedom, but in other writings I have defended the individual’s right to control over content.

    David, I do think ISPs ought to be more up front with users about how their information is recorded, but typically terms of service agreements do have a data collection clause, albeit in legalese. I don’t share your concern about fraud because if fraud is unusually prevalent among customers of ISPs partnering with NebuAD, that will kill NebuAd’s reputation with providers. Targeted advertising firms have a massive incentive to ensure their services are as transparent as possible to the end user. Otherwise, ISP-level user tracking will be dismissed as yet another failed experiment.

    Plus, there are lots of ways to get around DPI. When packets are encrypted, no matter how deeply you inspect them, no URL will be recovered. Tor, SSH tunneling, anonymous Proxy servers, off-site VPN, Anonymizer, and Relakks are a few methods of preventing your transmissions from being tracked or logged. If Phorm and NebuAd keep gaining steam, I expect more anonymizing services to enter the marketplace as well.

  • david m

    what part of “deep packet inspection” of all your automatic copyrighted datastream without Explicit Consent.

    or, unlawful interception without court Order, or Explicit Consent of BOTH partys.

    or, commercial piracy of Copyrighted web content.

    or,the unacceptable security and privacy risk to your employees work from home with web-based applications.

    or many other potentially breaking of many more laws inside the Uk and the EU , but your readers are in the US and so dont have these laws to protect them and their right to privacy do they, so that doesnt matter does it?

    finally, all that inter-ISP unique cookie data and custom DPI ISP network installed kit, you are far more likely to become a prime target, and hence a victim of online fraud if your ISP is one of those signed up with Phorm or NebuAd.

    as i said, what part of that dont you get as a reader or news writer…

    of course its easy to understand why the people hopeing to profit from all this deep pack interception are spendinf so much effort trying to sweep this most disingenuous practice under the carpet.

    http://www.cableforum.co.uk/board/12/33628733-v

  • http://www.codemonkeyramblings.com MikeT

    Ryan,

    Let’s cut to the chase. Many sites, including blogs, have their own ads on them. We should not be competing for ad eyes with our readers’ ISPs. Furthermore, those who decide that they don’t want to ads shouldn’t have them added to their page.

    Bottom line is: you add advertisements to my pages without permission, you are creating a derivative work of my HTML without my permission for your profit. If that isn’t copyright infringement, I don’t know what is.

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    Ryan, you wrote “All the server farms and fiber optic cables that power today’s Internet are not cheap, and somebody has to pay. True. But what is being overlooked is the perspective that the advertisers need to control themselves and to act in an ethical manner. A sound social structure is based on treating both sides equitably. If advertisers did not abuse their “privilege” of advertising then there would be no need for legislation to “control” onerous behavior.

    Ryan, you wrote “But an alternative interpretation of the nature of the cyberspace is that any advertiser may legitimately assemble information that has been transmitted on what is clearly a very public network.” I don’t have a problem with this.

    What bothers me is the double standard. Its OK for a corporation to “privatize” you as a revenue unit, but it is not OK for you as a consumer to use a product that you paid for anyway you wish because of a supposed EULA. Again, “power” is not an entitlement for content producers. To borrow from 1984 “We are all equal but some of us are more equal than others” We should have a “level playing field” for both the consumer and the producer.

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    Ryan: You are correct, I don’t have a problem with embedded cookies or tracking the websites visited. My concern is when the advertising is “in-your-face” and you have to take some sort of action to clear it so that you can see the underlying content.

  • http://www.digital-copyright.ca/petition Chris Brand

    The phone network is also a very public network, but we don’t expect the phone company to listen in on our conversations.
    When I view a web-page, that’s a one-to-one conversation between my computer and the one hosting the web-page. The fact that the network is packet-switched rather than circuit-switched doesn’t really make any difference to my expectation of privacy.
    As for who pays, as Mike points out, web-pages frequently carry their own ads, and I pay my ISP to provide me with the routers, etc to connect my computer to the rest of the Internet. I can see that there might be room for a new ISP to offer a cut-price service where they inject ads (hasn’t that been tried already, and failed ?), but it would be the customer’s choice to opt in to that service rather than the more conventional one where the ISP charges directly for connectivity.

  • Ryan Radia

    Steve R, I think we have different definitions of what constitutes “ethical” advertising. Tracking the types of websites a user visits in order to generate better ads isn’t unethical in my opinion. Where’s the “onerous” behavior that justifies legislation? I don’t see advertisers peddling sensitive data nor is there even any reason to believe private information is insecure.

    You make an excellent point about the double standard. I have real problems with “shrink-wrap” contracts i.e. EULAs, and I am also against the DMCA’s anti-circumvention clause. This piece was arguing for the producer’s freedom, but in other writings I have defended the individual’s right to control over content.

    David, I do think ISPs ought to be more up front with users about how their information is recorded, but typically terms of service agreements do have a data collection clause, albeit in legalese. I don’t share your concern about fraud because if fraud is unusually prevalent among customers of ISPs partnering with NebuAD, that will kill NebuAd’s reputation with providers. Targeted advertising firms have a massive incentive to ensure their services are as transparent as possible to the end user. Otherwise, ISP-level user tracking will be dismissed as yet another failed experiment.

    Plus, there are lots of ways to get around DPI. When packets are encrypted, no matter how deeply you inspect them, no URL will be recovered. Tor, SSH tunneling, anonymous Proxy servers, off-site VPN, Anonymizer, and Relakks are a few methods of preventing your transmissions from being tracked or logged. If Phorm and NebuAd keep gaining steam, I expect more anonymizing services to enter the marketplace as well.

  • Ryan Radia

    If an advertiser is injecting ads onto my website without my permission, depriving me of revenue, that does raise serious issues. But who’s doing that? Surely not Phorm.

    Q: Does the service modify web-pages you receive via http if they do not contain adverts by participating companies? Does the service ever modify web-pages you receive if you have opted out, even in ways that (shouldn’t) be noticeable?

    A: No, we do not modify web pages or inject ads. We only serve ads to the websites we partner with. In order to participate, websites have to insert a tag into their own page. If you have opted out, will still see ads as you browse – just as you do today – but they won’t be from the OIX and they won’t be relevant to your browsing.

    Websites have an incentive to work with these services. If Phorm offers to help me deliver more effective ads to my visitors, that means higher click-rates. If we both get a cut, why would I say no?

  • http://www.codemonkeyramblings.com MikeT

    Ryan,

    Let’s cut to the chase. Many sites, including blogs, have their own ads on them. We should not be competing for ad eyes with our readers’ ISPs. Furthermore, those who decide that they don’t want to ads shouldn’t have them added to their page.

    Bottom line is: you add advertisements to my pages without permission, you are creating a derivative work of my HTML without my permission for your profit. If that isn’t copyright infringement, I don’t know what is.

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    Ryan: You are correct, I don’t have a problem with embedded cookies or tracking the websites visited. My concern is when the advertising is “in-your-face” and you have to take some sort of action to clear it so that you can see the underlying content.

  • http://www.digital-copyright.ca/petition Chris Brand

    The phone network is also a very public network, but we don’t expect the phone company to listen in on our conversations.
    When I view a web-page, that’s a one-to-one conversation between my computer and the one hosting the web-page. The fact that the network is packet-switched rather than circuit-switched doesn’t really make any difference to my expectation of privacy.
    As for who pays, as Mike points out, web-pages frequently carry their own ads, and I pay my ISP to provide me with the routers, etc to connect my computer to the rest of the Internet. I can see that there might be room for a new ISP to offer a cut-price service where they inject ads (hasn’t that been tried already, and failed ?), but it would be the customer’s choice to opt in to that service rather than the more conventional one where the ISP charges directly for connectivity.

  • Ryan Radia

    If an advertiser is injecting ads onto my website without my permission, depriving me of revenue, that does raise serious issues. But who’s doing that? Surely not Phorm.

    Q: Does the service modify web-pages you receive via http if they do not contain adverts by participating companies? Does the service ever modify web-pages you receive if you have opted out, even in ways that (shouldn’t) be noticeable?

    A: No, we do not modify web pages or inject ads. We only serve ads to the websites we partner with. In order to participate, websites have to insert a tag into their own page. If you have opted out, will still see ads as you browse – just as you do today – but they won’t be from the OIX and they won’t be relevant to your browsing.

    Websites have an incentive to work with these services. If Phorm offers to help me deliver more effective ads to my visitors, that means higher click-rates. If we both get a cut, why would I say no?

  • OliverF

    Ryan, with the greatest respect, I wouldn’t go pointing to BBC Q&A sessions with Phorm for reliable information as to how their system works or could be made to work in the future. All throughout this saga Phorm and the numerous PR teams they employed have dissembled and obfuscated discussion to such an extent that all they did was annoy users even more. The end result is that the Phorm PR have had their leesh shortened tightly.

    On another point of interest, are you aware of Phorms past spyware activity when they were trading as 121 media? That they bundled their People On Page software with the Apropos Rootkit? A rootkit that computer security company F-Secure labeled one of the most malicious pieces of spyware of 2005 and 2006. More on that issue here: http://www.f-secure.com/weblog/archives/00001420.html

    Enough to encourage you to say no or is that colour green just too enticing to give a monkeys about “ethics”?

  • concerned advertiser

    Phorm have in the past injected ads into web pages and have the ability to do so again. They have the ability to replace any paid for ad on a page with any of their choosing. They aren’t at launch going to do this but currently there is no governing body or overseer to make sure that this doesn’t happen, same for NebuAd. Phorm aren’t a company who have really enthused me with trust. Even in the BT trials in 2006 they attempted javascript injection. If Phorm are able to popularise their advertising engine, then this could have a huge impact on current advertising models.

    Currently my company are making money from advertising with Google and we’re quite happy with that. Phorm are saying that I will have to pay more for advertising with them and if I don’t I could be locked out.

  • david m

    to be fair OliverF,

    NebuAd were also known as the famous ‘Gator’ or Gator Corporation, and also known as ‘Claria Corporation’
    http://en.wikipedia.org/wiki/Claria_Corporation
    http://cryptome.org/spy-ads.htm to link but oneexample.

    funny how all the old Spyware companys have re-branded yet again…., and moved from the end users end of the connection and software,directly to the other side of the wire on your ISP internal network were you cant then remove the application and its now hardware based, so far more powerful than the old days…..

  • OliverF

    Ryan, with the greatest respect, I wouldn’t go pointing to BBC Q&A sessions with Phorm for reliable information as to how their system works or could be made to work in the future. All throughout this saga Phorm and the numerous PR teams they employed have dissembled and obfuscated discussion to such an extent that all they did was annoy users even more. The end result is that the Phorm PR have had their leesh shortened tightly.

    On another point of interest, are you aware of Phorms past spyware activity when they were trading as 121 media? That they bundled their People On Page software with the Apropos Rootkit? A rootkit that computer security company F-Secure labeled one of the most malicious pieces of spyware of 2005 and 2006. More on that issue here: http://www.f-secure.com/weblog/archives/0000142

    Enough to encourage you to say no or is that colour green just too enticing to give a monkeys about “ethics”?

  • concerned advertiser

    Phorm have in the past injected ads into web pages and have the ability to do so again. They have the ability to replace any paid for ad on a page with any of their choosing. They aren’t at launch going to do this but currently there is no governing body or overseer to make sure that this doesn’t happen, same for NebuAd. Phorm aren’t a company who have really enthused me with trust. Even in the BT trials in 2006 they attempted javascript injection. If Phorm are able to popularise their advertising engine, then this could have a huge impact on current advertising models.

    Currently my company are making money from advertising with Google and we’re quite happy with that. Phorm are saying that I will have to pay more for advertising with them and if I don’t I could be locked out.

  • david m

    to be fair OliverF,

    NebuAd were also known as the famous ‘Gator’ or Gator Corporation, and also known as ‘Claria Corporation’
    http://en.wikipedia.org/wiki/Claria_Corporation
    http://cryptome.org/spy-ads.htm to link but oneexample.

    funny how all the old Spyware companys have re-branded yet again…., and moved from the end users end of the connection and software,directly to the other side of the wire on your ISP internal network were you cant then remove the application and its now hardware based, so far more powerful than the old days…..

  • david m
  • david m
  • Ryan Radia

    I hadn’t heard that Phorm injects ads into web pages without the publisher’s consent. What sort of legal/copyright issues does this practice raise? If Phorm is manipulating the content on my website by changing the ads and then passing it on to the end user as if it were my original website, do I have civil recourse against Phorm for copyright infringement or something similar?

    Even if nothing is currently stopping Phorm from injecting ads into websites without the site owner’s consent, it’s still unclear if a new law is needed to ban the practice. Users might not take kindly to their ISP tinkering with web content. Sites might simply block the entire domain of ISPs known to inject ads.

    The best idea to me is for websites to work together with Phorm. Each party has an asset that, when combined with the other’s, becomes more valuable. The website has eyeballs, and Phorm knows what those eyeballs might like. As a website owner, I’d be willing to pay Phorm (and, hence, the ISP) to help me deliver more effective ads on my websites, because that means greater revenues.

  • david m

    it seems that it takes an age to moderate and so let others read the points made but no matter as long as you do get around to clicking the allow button ;)

    anyway, it seems that the US and canada could do with something like this one day:

    “Article 8 of the European Convention on Human Rights, 1950 states:

    (1) Everyone has the right to respect for his private and family life, his home and his correspondence.

    (2) There shall be no interference by a public authority with the exercise of this right except as in accordance
    with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health of morals, or for the protection of the rights and freedoms of others. ”

    The Human Rights Act 1998 means that as far as possible the courts in this (UK and all the EU) country should interpret the law in a way that is compatible with Convention rights.

    Ryan said “David, I do think ISPs ought to be more up front with users about how their information is recorded, but typically terms of service agreements do have a data collection clause, albeit in legalese.”

    its interesting that you agree that the legal points are properly covered for the end users in these contracts,and appear to advocate clear and concise plain English so as to help everyone, and thast a good thing.

    you also appear in your linked MP3 report to stand by the need to protect against unlawful piracy _without_ _payment_ and a valid and reasonable contract in return for use of the purchased content.

    and that is the overall majority view in the world today,yes.

    “To be sure, intellectual property deserves strong legal protections, and content owners must be empowered with legal tools to combat piracy. But this does not mean laws should erect ironclad walls around digital media, dictating what consumers may do with files they have already purchased.”

    so we stand here today, with the view that if you want to use someones content, you pay the price they ask, and can use it within reasonable terms set on in the Consumer contract “in good faith” legal terms,
    (a covenant or “bona fide” legal agreement if you will).
    http://dictionary.law.com/default2.asp?selected=906&bold=
    http://latin-phrases.co.uk/terms/legal/

    in simple terms,
    you want something, you sign an agreement to the benefit of BOTH partys, and not to the detriment of eather party within the agreement.

    as i pointed out in 1: weres the agreement from the two partys to say this 3rd party (NebuAd,Phorm,etc) can use these partys copyrighted datastreams.

    it doesnt exist…, as NebuAd or Phorm havent asked for permission to use for commercial gain, the users auto copyrighted datastream, or the website owners auto copyrighted web content.

    to be clear on this, both NebuAd and Phorm _collect_ _full_ _copys_ of ANY user visited webpage.

    _process_ this full data stream to produce the _derivative_ _work_ (Definition:Stemming from an original source) for their own commercail purpose.

    then of their own inclination or that of the ISP involved, (well outside the ‘mere conduit’ definition for legal protection) finally anonymise this data
    to make it legal.

    it seems “that major Internet service providers have signed deals to allow Phorm, as a third party, unfettered access to the entirety of web-users’ browsing history, including content and URLs.” without getting this vital _Explicit_ Consent or signed a commercial contract for the use of these partys copyrighted data.

    they have in fact placed themselves in the position of commercial piracy for profit, with all the criminal and common law implications that entails were ever you happen to be in the world, OC some country, dont consider commercial piracy serious, wereas others do, VERY SERIOUSLY INDEED infact ;) .

    one last thing for the moment,while the US (what about canada?) dont seem to have the equivalent of the UK and EU laws regarding Data Protection Act RIPA etc , will that always be the case?

    as DePhormation Pete says (hes refering to the billing system being written right now to charge for unlawful copyrighted use of webmaters data by the ISPs etc)

    http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-428.html#post34550637

    “… Phorm still hasn’t launched. Still, 3 months after it was first announced.

    BT still aren’t off the hook with respect to RIPA, PECR, DPA, and the consequences of their secret trials by a long chalk.

    And even if… even IF behavioural targetting eventually escapes from the cess pit, copyright ownership will lay waste to Phorm and BT like a 1000 Megaton GPS guided thermonuclear strike on their HQ…..”

  • Ryan Radia

    I hadn’t heard that Phorm injects ads into web pages without the publisher’s consent. What sort of legal/copyright issues does this practice raise? If Phorm is manipulating the content on my website by changing the ads and then passing it on to the end user as if it were my original website, do I have civil recourse against Phorm for copyright infringement or something similar?

    Even if nothing is currently stopping Phorm from injecting ads into websites without the site owner’s consent, it’s still unclear if a new law is needed to ban the practice. Users might not take kindly to their ISP tinkering with web content. Sites might simply block the entire domain of ISPs known to inject ads.

    The best idea to me is for websites to work together with Phorm. Each party has an asset that, when combined with the other’s, becomes more valuable. The website has eyeballs, and Phorm knows what those eyeballs might like. As a website owner, I’d be willing to pay Phorm (and, hence, the ISP) to help me deliver more effective ads on my websites, because that means greater revenues.

  • david m

    it seems that it takes an age to moderate and so let others read the points made but no matter as long as you do get around to clicking the allow button ;)

    anyway, it seems that the US and canada could do with something like this one day:

    “Article 8 of the European Convention on Human Rights, 1950 states:

    (1) Everyone has the right to respect for his private and family life, his home and his correspondence.

    (2) There shall be no interference by a public authority with the exercise of this right except as in accordance
    with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health of morals, or for the protection of the rights and freedoms of others. “

    The Human Rights Act 1998 means that as far as possible the courts in this (UK and all the EU) country should interpret the law in a way that is compatible with Convention rights.

    Ryan said “David, I do think ISPs ought to be more up front with users about how their information is recorded, but typically terms of service agreements do have a data collection clause, albeit in legalese.”

    its interesting that you agree that the legal points are properly covered for the end users in these contracts,and appear to advocate clear and concise plain English so as to help everyone, and thast a good thing.

    you also appear in your linked MP3 report to stand by the need to protect against unlawful piracy _without_ _payment_ and a valid and reasonable contract in return for use of the purchased content.

    and that is the overall majority view in the world today,yes.

    “To be sure, intellectual property deserves strong legal protections, and content owners must be empowered with legal tools to combat piracy. But this does not mean laws should erect ironclad walls around digital media, dictating what consumers may do with files they have already purchased.”

    so we stand here today, with the view that if you want to use someones content, you pay the price they ask, and can use it within reasonable terms set on in the Consumer contract “in good faith” legal terms,
    (a covenant or “bona fide” legal agreement if you will).
    http://dictionary.law.com/default2.asp?selected
    http://latin-phrases.co.uk/terms/legal/

    in simple terms,
    you want something, you sign an agreement to the benefit of BOTH partys, and not to the detriment of eather party within the agreement.

    as i pointed out in 1: weres the agreement from the two partys to say this 3rd party (NebuAd,Phorm,etc) can use these partys copyrighted datastreams.

    it doesnt exist…, as NebuAd or Phorm havent asked for permission to use for commercial gain, the users auto copyrighted datastream, or the website owners auto copyrighted web content.

    to be clear on this, both NebuAd and Phorm _collect_ _full_ _copys_ of ANY user visited webpage.

    _process_ this full data stream to produce the _derivative_ _work_ (Definition:Stemming from an original source) for their own commercail purpose.

    then of their own inclination or that of the ISP involved, (well outside the ‘mere conduit’ definition for legal protection) finally anonymise this data
    to make it legal.

    it seems “that major Internet service providers have signed deals to allow Phorm, as a third party, unfettered access to the entirety of web-users’ browsing history, including content and URLs.” without getting this vital _Explicit_ Consent or signed a commercial contract for the use of these partys copyrighted data.

    they have in fact placed themselves in the position of commercial piracy for profit, with all the criminal and common law implications that entails were ever you happen to be in the world, OC some country, dont consider commercial piracy serious, wereas others do, VERY SERIOUSLY INDEED infact ;) .

    one last thing for the moment,while the US (what about canada?) dont seem to have the equivalent of the UK and EU laws regarding Data Protection Act RIPA etc , will that always be the case?

    as DePhormation Pete says (hes refering to the billing system being written right now to charge for unlawful copyrighted use of webmaters data by the ISPs etc)

    http://www.cableforum.co.uk/board/12/33628733-v

    “… Phorm still hasn’t launched. Still, 3 months after it was first announced.

    BT still aren’t off the hook with respect to RIPA, PECR, DPA, and the consequences of their secret trials by a long chalk.

    And even if… even IF behavioural targetting eventually escapes from the cess pit, copyright ownership will lay waste to Phorm and BT like a 1000 Megaton GPS guided thermonuclear strike on their HQ…..”

  • http://enigmafoundry.wordpress.com/2008/03/05/rumours-of-the-death-of-the-newspaper-have-been-greatly-exaggerated/ enigma_foundry

    @ david m

    Those provisions were cited when the EU asked some questions about those (formerly) secret yellow dots that printers would place on documents:

    Europe asks a lot of question about Why corporations colluded with the US government to deny fundamental human rights

    An interesting question asked by a member of Parliament to the EU Commission about those nearly invisible yellow dots that the US government had all of the major printer manufacturers make their printers secretly print out, without the user’s knowledge. Question by Satu Hassi, Green Party Representative from Finland:

    http://enigmafoundry.wordpress.com/2008/02/18/europe-asks-a-lot-of-question-about-why-corporations-colluded-with-the-us-government-to-deny-fundamental-human-rights/

  • http://enigmafoundry.wordpress.com eee_eff

    @ david m

    Those provisions were cited when the EU asked some questions about those (formerly) secret yellow dots that printers would place on documents:

    Europe asks a lot of question about Why corporations colluded with the US government to deny fundamental human rights

    An interesting question asked by a member of Parliament to the EU Commission about those nearly invisible yellow dots that the US government had all of the major printer manufacturers make their printers secretly print out, without the user’s knowledge. Question by Satu Hassi, Green Party Representative from Finland:

    http://enigmafoundry.wordpress.com/2008/02/18/e

  • OliverF

    @Ryan Radia

    Quote: “I hadn’t heard that Phorm injects ads into web pages without the publisher’s consent. What sort of legal/copyright issues does this practice raise?”

    To be fair at present Phorm will not be doing that but their technology could easily be altered to do so in the future. The issue of function/mission creep is a crucial one and Phorm hardly have a trustworthy history.

    I noticed that you didn’t directly address that issue in your response to me. Do you have any comments about the past involvement of Phorm/121media in spyware and rootkits and the implications that has for their partnership with Internet Service Providers?

    You did raise some interesting points particularly relating to how users would feel about ISPs tinkering with web content. It is already being openly discussed about website owners blocking BT, VM and TalkTalk/CPW customers from accessing their sites because of the Phorm issue.

  • OliverF

    @Ryan Radia

    Quote: “I hadn’t heard that Phorm injects ads into web pages without the publisher’s consent. What sort of legal/copyright issues does this practice raise?”

    To be fair at present Phorm will not be doing that but their technology could easily be altered to do so in the future. The issue of function/mission creep is a crucial one and Phorm hardly have a trustworthy history.

    I noticed that you didn’t directly address that issue in your response to me. Do you have any comments about the past involvement of Phorm/121media in spyware and rootkits and the implications that has for their partnership with Internet Service Providers?

    You did raise some interesting points particularly relating to how users would feel about ISPs tinkering with web content. It is already being openly discussed about website owners blocking BT, VM and TalkTalk/CPW customers from accessing their sites because of the Phorm issue.

  • Ryan Radia

    OliverF, I understand why you’d be skeptical of Phorm given its clouded past. But I assume that the ISPs have “vetted” Phorm pretty thoroughly to make sure it has truly abandoned its spyware roots. And if credible evidence surfaces that Phorm’s technologies are doing something “evil” then ISPs will quickly turn their back on Phorm, so Phorm has a strong incentive to live up to its commitments.

    Now, if my ISP started inspecting my traffic in partnership with Phorm, chances are I’d at least consider switching providers, or explore third-party solutions to protect my privacy. But I’m a lot more paranoid than the average person.

    I’m fairly confident the market can resolve the coming ad-injection controversy without new laws. If DPI-based ad injection takes off, expect more robust VPN tunneling services to emerge like Relaaks and SecureIX. These services render DPI irrelevant because no ISP can extract URLs or keywords from IPSec-encapsulated traffic.

  • david m

    have you read the Phorm Patent , i cant sem to find any NebuAd patents listed ?….

    care of Bubblehelp
    http://p10.hostingprod.com/@spyblog.org.uk/blog/2008/03/surely_the_phorm_web_page_interception_scam_is_illegal.html
    “I am sick of Phorm and the misleading spin they are placing on this. The patent application clearly shows that the Phorm system. Too many lies have been told by phorm and the PR team. All of which can be proved to be deception to the community.

    http://www.freshpatents.com/Targeted-advertising-system-and-method-dt20060921ptan20060212353.php?type=claims

    for example

    “where the script is configured to set a cookie in the browser, and where the cookie contains at least a portion of the browsing information. ”

    A COOKIE CAN BE TRACKED. IT IS STORING PERSONAL BROWSING INFORMATION. You lie Phorm

    “Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed ”

    Again Phorm have been lying. The truthe of the matter is in the patent.

    “Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client”

    So you are changing the data stream Changing the requested data. Lie number 3 Phorm.

    SPIN AND MORE SPIN WILL NOT CHANGE THE FACT OF THE PATENT APPLICATION.

    And you say you dont collect personal data do you. Er this is what your patent says

    “As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc.”

    Note the section

    “The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc.”

    Er whats that you say -”you dont collect IP addresses. Your patent says… YOU DO.

    You Lie Again Phorm

    Posted by: Bubblehelp | March 11, 2008 9:29 AM

  • Ryan Radia

    OliverF, I understand why you’d be skeptical of Phorm given its clouded past. But I assume that the ISPs have “vetted” Phorm pretty thoroughly to make sure it has truly abandoned its spyware roots. And if credible evidence surfaces that Phorm’s technologies are doing something “evil” then ISPs will quickly turn their back on Phorm, so Phorm has a strong incentive to live up to its commitments.

    Now, if my ISP started inspecting my traffic in partnership with Phorm, chances are I’d at least consider switching providers, or explore third-party solutions to protect my privacy. But I’m a lot more paranoid than the average person.

    I’m fairly confident the market can resolve the coming ad-injection controversy without new laws. If DPI-based ad injection takes off, expect more robust VPN tunneling services to emerge like Relaaks and SecureIX. These services render DPI irrelevant because no ISP can extract URLs or keywords from IPSec-encapsulated traffic.

  • david m

    have you read the Phorm Patent , i cant sem to find any NebuAd patents listed ?….

    care of Bubblehelp
    http://p10.hostingprod.com/@spyblog.org.uk/blog
    “I am sick of Phorm and the misleading spin they are placing on this. The patent application clearly shows that the Phorm system. Too many lies have been told by phorm and the PR team. All of which can be proved to be deception to the community.

    http://www.freshpatents.com/Targeted-advertisin

    for example

    “where the script is configured to set a cookie in the browser, and where the cookie contains at least a portion of the browsing information. “

    A COOKIE CAN BE TRACKED. IT IS STORING PERSONAL BROWSING INFORMATION. You lie Phorm

    “Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed “

    Again Phorm have been lying. The truthe of the matter is in the patent.

    “Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client”

    So you are changing the data stream Changing the requested data. Lie number 3 Phorm.

    SPIN AND MORE SPIN WILL NOT CHANGE THE FACT OF THE PATENT APPLICATION.

    And you say you dont collect personal data do you. Er this is what your patent says

    “As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc.”

    Note the section

    “The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc.”

    Er whats that you say -”you dont collect IP addresses. Your patent says… YOU DO.

    You Lie Again Phorm

    Posted by: Bubblehelp | March 11, 2008 9:29 AM

  • Pingback: Privacy Solutions (Part 1): Introduction | The Technology Liberation Front

Previous post:

Next post: