March 20, 2008
Phorming opinions about targeted ads
Any company hoping to launch targeted advertising services should be watching the fate of UK start-up Phorm with great interest. In particular, they should take note of what this says about the public’s double standards on privacy.
Phorm is trying to build a new ad platform, serving ads targeted around users’ internet habits and interests. It is hoping to make this acceptable to the general public with reassurances that no personally identifiable information is kept or stored as part of the process.
According to Phorm, the system will know it is serving an ad to a 30-35 year old male looking for a new car insurance deal. It will not know who you are, however. You are just a random number. It will not even keep your IP address.
Phorm has consulted with every possible stakeholder to assure people the system is privacy-friendly - like the UK Home Office and the UK Information Commissioner - and it has had its privacy system audited by Ernst & Young and 80/20 Thinking, a privacy consultancy. It is inviting anyone with an interest to do their own inspection.
But none of this has really helped with public perception. There has been a blogosphere furore, and Phorm has been branded a spyware company in the press. A UK think tank this week sent an open letter to the Information Commissioner’s office, asserting that Phorm was possibly illegal.
As was seen in Facebook’s Beacon experiment, people are strongly against the idea of targeted advertising. Given any choice in the matter, it seems, they will campaign hard against it.
The attitude is, however, inconsistent with our tolerance for all kinds of other, less overt data collection and targeting. Where people are not explicitly told about targeting they are generally too lazy to protest.
Every Google search is stored for 18 months, complete with IP address and cookie information from a personal computer. There is much more of a profile kept on Google’s servers than on Phorm, yet, even after the issue was raised a year and a half ago by European privacy regulators as a problem, users have not abandoned the search engine in droves. It appears to be too convenient to boycott.
Millions of us carry store loyalty cards that allow supermarkets to closely profile our shopping habits. This is linked to our name and address – but that doesn’t bother any more than a handful of people.
In fact, we hand over our personal information constantly to any number of companies, from signing end-user licensing agreements to use software, to filling in forms to extend warranties on our household goods.
The companies to which we give this data use it for their own targeting – and are notoriously bad at protecting it. Several recent studies have shown that only a minority of companies have adequate data safeguards. Many don’t even know what data they have in their files and couldn’t say if any of it had leaked or been hacked. Big data losses such as the TJX incident are just the tip of the iceberg.
This is not causing major uproar. However, if a company declares its intention to target us, albeit in as secure a way as possible, we feel outrage. Phorm is in danger of becoming a scapegoat for a general frustration about an information society we no longer feel in control of.
It is a shame, because the company was at least trying to move privacy technology forward to some extent. It may not have gone far enough, but it is a start. Stamping the business out before it has even started will not stop attempts to target advertising, but may simply drive it underground. The lesson from all this seems to be: if you want to target, just don’t tell anyone you are doing it. They probably won’t notice.
Tags: , Phorm, privacy, targeted advertising
Excuse me but there is a vast difference between what Phorm want to do and what Google are doing. Google only stores your searches on their site (which is bad enough), but Phorm will look at *every single web page you go to* and - if I understand it correctly - every single IP packet you send and receive.
In the case of Google, you at least have an alternative - use a different search engine for all or some of your searches. With Phorm, you have no alternative: all your IP activity is monitored; and this by a company with its origins in spyware and close contacts with Russia.
Please do try and understand what you are blogging about….
Posted by: cassander | March 21st, 2008 at 1:37 pm | Report this commentDoes everything have to be political (sort of contacts with Russia thing)? Geez.
Posted by: funky | March 21st, 2008 at 3:36 pm | Report this commentOh I am so sorry. I thought this was a TECH blog, but obviously not. The reference to Russia is (as any techie would know) because all the “best” spyware, viruses, botnets and other cr*p that infects our computing life come from there. Nothing to do with politics.
Glad I could clear that up for you. Won’t bother with this blog in a techie context anymore.
Posted by: cassander | March 21st, 2008 at 6:18 pm | Report this commentER - It’s unusual for you to get so much so wrong! Only stupidity says
[Google] == [Phorm +ISP]
It is FAR from the same thing. There’s a world of difference. ISP knows your address and bank details. Google knows your searches - yes, sure they know what you searched for (and if you use gmail, more than that perhaps)
BUT… [ISP + PHORM the ex-spyware company]?
VERY - V E R Y - V E R Y DIFFERENT!!
And out of order. Wrong.
It’s my data, not yours. Keep off.
Private. RIPA NOTICE: This text may not be intercepted or inspected.
STOP. NOW. DO NOT WANT!!
Posted by: Steve D | April 3rd, 2008 at 10:01 pm | Report this commentThe writer of this opinion piece should read up to understand more about the issues and controversy surrounding Phorm spyware technology.
Here is an excellent piece by an IT professional which clearly explains the issues in plain English:
http://www.djkaty.com/drupal/phorm
Posted by: phormwatch | April 7th, 2008 at 5:38 pm | Report this commentAs far as I can see, the main problem with Phorm is the question of how easy it will be to opt out of the service. I believe the company needs to clarify this. If the service is truly optional, then no matter how invasive the technology, I don’t have a problem with it because I don’t have to be subject to it.
What bothers me more are the cases where storing of my details is not optional. Until around 18 months ago, I didn’t know Google was storing my search terms. Now that I know, I can opt not to use Google, but it irritates me slightly they didn’t tell me this upfront.
Similarly all those cases where you buy software, or a piece of electrical equipment and are required to give the company lots of details about yourself as part of the transaction. Its not exactly optional - if you want the product, you must supply the details. Equally, I don’t know what they are going to use these for - or even if they will be stored securely.
If - but only if - Phorm were able to provide a very simple way to just turn the monitoring off, this would be a welcome contrast to the rest of the commercial world, which rarely offers such a choice.
Posted by: Maija Palmer | April 8th, 2008 at 6:14 pm | Report this comment[…] Not very, according to this article. […]
Posted by: My Place in the Crowd » Blog Archive » What kind of relationship do you have with “your” ads? | April 10th, 2008 at 12:19 am | Report this commentAre Google USING the historical profile they keep? Or is their targetting carried out on a search-by-search basis?
That would be an even bigger difference…
Posted by: David | April 16th, 2008 at 3:25 pm | Report this comment