phorming
TRANSCRIPT
Phorming The mother of all privacy issues
Darshan Karia
Sandeep Sreenivasan
Techies
Outline
• What is phorming?
• How phorming works? » Techie aspects
» Legal Aspects
• Pros of phorming
• Cons of phorming
• Conclusion
What is Phorming?
• “A parasitic marketing technique, which involves intercepting website traffic to profile ISP user’s interests and affiliations (without explicit consent from either the website or their users)” [1]
• Phorm – 121 Media
How phorming works?
• Techie Aspects:
- Assignment of 24 digit random number (Phom UID)
- User searches for query
- Search Query and UID sniffed by Phorm server
- Retrieval of user search query from web
- Compare web information with relevant channels
- Sending search response and targeted Ads
ISP Server
Client Machine
Web Server
Phorm Server
ISP Server
Web Server
Phorm Server
ISP Server Phorm Server
Client machine
How phorming works?
• Legal Aspects:
- Interception of communication: An offence contrary to Section 1 of RIPA 2000
- Fraud: An offence contrary to Section 1 of Fraud Act 2006
- Unlawful processing of sensitive personal data: Contrary to DPA 1998
- Risk of committing civil wrongs: actionable at the suit of website owners
Pros of phorming
• Receive targeted Ads instead of random ones
• Expertise and time required for searching information is reduced
• Browser independent
• Minimal bandwidth usage
• Add on facilities » Monitoring surfing habits and suggest related web pages
» Protection against phishing
Cons of phorming
• Third party private company( No contractual arrangement with) gets to see all your HTTP traffic
• If you opt out third party can still see your traffic
• If you opt out, but clear you cookies you are back into the system
• Anti phishing services are already standard with most modern web browsers
• Phorm under previous incarnation produced spyware
Conclusion
• Key benefits: ISP and phorming company
• Vicious circle for the user
References
[1] The urban dictionary – http://www.urbandictionary.com/define.php?term=phorming
[2] Phorm: http://www.phorm.com/faq.html
[3] Phorm “Webwise” system – Richard Clayton, May 2008, www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf
[4] Wikipedia: www.wikipedia.com
[5] Images courtesy: www.images.google.com