The lowly seer

Your ISP could soon be spying on you

BT, Virgin Media and Carphone Warehouse have announced plans to feed information about which websites you visit to a company called Phorm who in turn will supply targetted advertising to any sites you visit that take their advertising from them. BT have already surreptitiously trialled profiling as revealed in this Register article.

In June 2007, Reg reader Stephen noticed his Firefox 2.0.0.4 installations making suspicious unauthorised connections to the domain dns.sysip.net every time he visted any website. Naturally worried his machines had contracted some kind of digital infection, Stephen performed a series of exhaustive malware scans, which all came back clean.

He wasn't the only BT subscriber to notice that his browser was making the mysterious contacts around July last year, as this thread archived at Thinkbroadband.com shows.

"I spent all weekend wiping my disks clean and reinstalling from backups (four PCs seemed to be affected). I spent a further two days researching and installing all kinds of anti-virus, anti-spyware and anti-rootkit utilities. But even after all that I still have this problem!" Stephen told us at the time.

Having failed to trace the source of the dodgy redirect in his own network, he contacted BT to suggest one of their DNS servers may have been hijacked. BT dismissed the idea, yet the browser requests were still making an unauthorised stop off at dns.sysip.net.

Worried that his business' financial data might be being monitored, Stephen continued to investigate. A Whois search for dns.sysip.net revealed the domain was registered by Ahmet Can, an employee of a new online advertising company called 121Media. The address is now registered through a third party private domaining agency. 121Media rebranded itself as - you guessed it - Phorm in May 2007.

Phorm's provenence is even more questionable (Register article):

Phorm is run by Kent Ertegrul, a serial entrepreneur whose past ventures include selling joyrides on Russian fighter jets. Previously, his most notable foray online was as the founder of PeopleOnPage, an ad network that operated earlier in the decade and which was blacklisted as spyware by the likes of Symantec and F-Secure.

I fear few people using the ISPs in question will ever realise what's going on, let alone complain, and the revenue stream will make it virtually impossible for other ISPs to avoid signing up too. In short, soon you will have little choice.
What you can do is to set your browser to refuse cookies from www.webwise.net, a form of opting-out rather than opting-in. Also, use Firefox as your browser and install the Adblock Plus add-in to get rid of not just this, but loads of other unwanted junk (when I check the server stats on any of my sites, I'm always amazed at the number of people still using Internet Explorer).

The BBC for once has a rather good article (their technology stuff is usually rather naive IMHO) addressing these concerns. As with the interviewer, I was also susprised by their claims that a "respected" organisation, Privacy Intenational, had praised their system. Personally, I'd never heard of them before, and it raises the eyebrow still further when it's mentioned that the consulting was done through a commercial enterprise that they'd only just recently set up.

As a broader concern, it annoys me more what big business is allowed to get away with, disengenuously using the lack of knowledge of the general public. For another example, the built-in DRM layer in Windows Vista. It's something the big studios asked for and does the consumer no earthly good while wasting a whole load of their computer's power.

These are legitimate businesses, yet their actions seem only one step removed from the criminals making viruses and trojans.

posted by Les the Spaceman @ 9:24 am