Michael Kassner has been keeping up with news about Phorm and Webwise. Webwise is a behavioral targeting application offered by Phorm, and now major ISPs are seriously considering using Webwise. Knowing what that means is important to all of us who care about privacy issues.
It appears that the company Phorm and its application Webwise are alive and well. Phorm and several major British ISPs are putting a new spin on Webwise and how it will make everyone's Internet experience better. For instance this is British Telecommunications Group's (BT) take on Webwise:
"BT Webwise increases your protection against online fraud and makes ads that appear on participating websites more relevant to your interests. It's completely free for BT Total Broadband customers and you don't have to download or install any software for it to work.It's free?
BT Webwise automatically adds an additional layer of protection against online fraud by checking the sites you visit against a list of suspected fraudulent and untrustworthy websites. When you attempt to visit any website on the list, you'll see a warning, so you can choose whether or not to visit it. It's another way BT is helping to protect you online."
Webwise requires massive amounts of hardware and software to check every single bit of network traffic that passes through the ISP. So, if you're wondering why an ISP would offer this service for free, wonder no longer. BT explains that your advertising (hint hint) experience will be more personal:
"BT Webwise also personalizes the online advertising you see when browsing on participating websites by linking ads to your interests. For example, if you search for a weekend trip to Paris or visit pages related to Paris, BT Webwise would replace the standard ads that would normally appear with advertising relating to travel or hotels information. You won't see any more adverts than you normally do — they'll simply be more relevant."
The reason it's free to the ISP members is that Webwise will become a major revenue stream for the ISP. As I understand the process, advertisers will pay Phorm and Phorm will then pay the ISPs. So, the ISPs are hoping that members will go along with it.Some history
Back in July of this year I wrote two articles about new technology that has the potential to track and shape everyone's Internet traffic. "Deep Packet Inspection: What You Need to Know" discusses technology that enables real-time deep packet inspection (DPI) of traffic. DPI has allowed companies to develop behavioral targeting applications that can shape traffic and inject third-party vendor (TPV) advertisements. The article "Behavioral Targeting: What You Need to Know" discusses one such company, Phorm, and its traffic-shaping application Webwise.
Just to keep all of us on the same page, a high-level view of behavioral targeting might be helpful. Briefly, behavioral targeting first determines what you like, based on where you go on the Internet. Then, behavioral targeting selects advertisements that are most likely to influence you, displaying them on the new Web pages you ask for.Back to the infamous cookie yet again
If your ISP uses Webwise, your browser is given a cookie from the Webwise Web site, even though the Webwise site was never visited. This cookie contains a unique identifying number (UID), which identifies you to the advertising network. Then every time you surf to a new Web site, the UID along with information about that Web site is captured by Webwise. The UID is then compared to a database of previously visited Web sites and information about your browsing habits. After which Webwise will return what it considers relevant advertising information to your Web browser.
Phorm is supposedly making Webwise an opt-in option now, which appears to be satisfying some of the privacy advocates. The reason I say some is that Webwise still installs a UID cookie for every Web page that you visit, even if you have opted out. Webwise still has to monitor all your surfing as it's the only way the application can read the opted-out status of the cookie.
Therein lays the crux of the matter — mission creep. The ISP and Phorm can potentially track your whole Internet experience. Since DPI is being used, the tracking and scanning of information isn't limited to Web browsing. E-mail and virtually any traffic of interest could be captured and analyzed.Which ISPs are involved?
There are options that you can use to avoid behavioral targeting cookies and DPI scrutiny. Encrypted tunnels through your ISP disallow the installation of behavioral targeting cookies. Also using VPNs, whether they are IPsec, L2TP, or SSL, will negate any effort by DPI to decipher the encrypted traffic. E-mail is another subject, and once again the only sure way to ensure its privacy is to encrypt the message. There are not a whole lot of options, but that’s because behavioral targeting applications are being placed only one hop away from your network perimeter.Final thoughts
Whether this technology gains traction or not is going to depend on the legality of it and whether people are comfortable with having their Internet experience monitored. It appears that the British government doesn't consider it a privacy or copyright issue. It will be interesting to see if the new spin Phorm is placing on Webwise will be sufficient to overcome member concern about privacy issues.
Regarding the members of the the three ISPs, I recently read the Register's article "BT Silences Customers over Phorm." One has to wonder about the logic behind that. I suspect it will be interpreted as BT having something to hide.
Need help keeping systems connected and running at high efficiency? Delivered Monday and Wednesday, TechRepublic's Network Administrator newsletter has the tips and tricks you need to better configure, support, and optimize your network. Automatically sign up today!