Major UK ISPs buy into web user activity tracking
The recent sign up of the three major UK ISPs to Phorm's user habits tracking system has aroused considerable concern about online privacy, not least due to the past record of the company's chief. BT, Virgin Media and Talk Talk have all signed deals with Phorm, connecting a large portion of the country's internet users to a system which monitors which web sites they visit. Phorm was floated on AIM in April 2007, incorporating 121Media, a recognised ad distribution spyware vendor.
However, Phorm asserts that no personal data are stored by the new system: "Neither URLs nor search terms are stored - they are discarded immediately. The matching information that's left is assigned to an anonymous, randomly-generated ID number. The random ID marks an anonymous list of the categories of products or services in which a user appears to be interested."
A similar system called NebuAd is already operational in the USA. It uses deep packet inspection but supposedly also discards the original information after categorising it, and then associates the categories with a unique hash rather than with any directly identifiable user data. Both systems are said to use a cookie on the browser, to correlate successive accesses and to enable an opt-out. However, it seems that both systems track activity by default.
Phorm did not answer heise online's technical enquiries about the technology and its detailed operation, and no UK-specific privacy audit has been performed, so some doubt remains on the degree to which user privacy is exposed.