Phorm fakes function

UK-based start-up Phorm probably considered its software the hottest stuff in online advertisements since Google adwords. Now, Phorm finds itself at the center of a blamestorm where it gets bashed by EU regulators and web platforms such as Amazon or Wikipedia for violating privacy rights.


So what’s it all about? Phorm intends to cooperate with ISPs to monitor customer web usage. A test trial with BT has already been implemented. Based on the user profiles created, Phorm will display matching advertisements.


A short side note on the technology used: Phorm effectively creates the “mother of all cookies” by placing their cookie containing a unique user identification (UID) on every website you visit. Normally, a website can set cookies only for itself, not for other websites. Here’s the trick: The ISPs reroutes all incoming requests to a Phorm server that pretends to be the desired domain (i.e. Using this fake, Phorm is able to set its cookie and reroute again to the real desired web server.


So Phorm manipulates existing web protocols for cookie handling in a fashion that is more than dubious. “Big brother is watching You surfing” comes to mind immediately. Let’s keep bashing them, everyone.


On the other hand we should be aware that tacking users and adapting content to their profiles is nothing new. In fact, it’s a major trend in web 2.0 to create adaptive web sites for unique user experiences. We at syngenio have created EBIT 2.0, which adds user adaptive advertisement to online banking applications (without using cookies and without web tracking users).


Amazon itself constantly profiles its customers. Just the same thing as Phorm does, only limited to the domain. The data is used to create the famous recommendations. But Amazon has also used it to exclude existing customers from price reductions targeted at attracting new customers. Not so nice.


So Amazon protesting against Phorm has little to do with user privacy. It’s about who owns a customer and the value hidden in customer data. Right now, it’s up to the individual web sites to make the most of it. (And many still have a long way to go … I can tell from my own discussions with the financial industry about their own web sites…) Phorm tries to bring in the ISPs. It’s as simple as that.


Which brings back an old question: Should cookies be considered harmful? It’s been so long since I last discussed that, I can’t even remember what happened to all the cookie paranoia from the early days of the web. I guess we just traded it in for nice features based on cookies. Well, what do you think? Responses welcome …

1 Comment

  1. Phorm likes to compare its self with Google. The main difference between the two is that Phorm intercepts *all* traffic. There is a lot of stuff that Google simply can’t see. For example, all your private Facebook account information that is protected by a login. Any ISP that uses Phorm is in effect reselling your browsing data to a third party company that resells it again to advertisers. Totally unacceptable. If you’re a website owner, see here for information on how to opt out your domain names:

Leave a Reply