Yankee Group Blog

Blog Home

Analyst Pages

Categories

Search:

Blog Alert:

Enter your e-mail address to receive notifications when there are new posts.

Archives

Yankee Group RSS Feed

Smelling the Almonds (or: will ISPs take the Phorm cyanide pill?)

by Andrew Jaquith
June 23, 2008

My colleagues Dan Taylor, Jen Simpson and I just took a briefing with Kent Ertugrul, the CEO of Phorm. As many of our blog readers may know from reading The Economist (my favorite magazine), Phorm provides an interesting twist on online advertising. Phorm does two things that promise to overturn the advertising apple cart:

  • Omniscience. Phorm’s traffic analysis servers, sitting on ISP premises, filter (nearly) all end-user web traffic and observe the keywords they are interested in. By “keywords” I mean the most frequently occurring words contained in pages served up by webservers users visit. For example, if you visit the front page of Talking Points Memo, Phorm will associate page keywords “Obama”, “McCain”, “527″ (and the other most frequently used words with that page) with a random unique identifier that represents you. It knows these things because it has read and indexed the page when you read it.
  • Disintermediates search engines. As you would expect, because Phorm reads the content of nearly every web page (on port 80 aka normal unencrypted HTTP) the user visits, it has unparalleled visibility to the user’s activity. The system is also “opt-out,” meaning that if the ISP installs it, the user has to take an active step to not be included in the system. These two properties — drastically expanded visibility, and the fact that the user cannot escape unless they opt out — enables ISPs to go “over the top” of the heads of Google and other search engines. It has the effect of disintermediating them entirely by allowing Phorm to claim, “yeah, these other guys know what user 123 has been searching for, but we know about all of their interests, across all of the websites they visit.”

Richard Clayton of Cambridge University has published a highly technical analysis of Phorm’s system on the his website. It makes for excellent reading, and I recommend it highly. The comments are particularly entertaining; one reader notes wryly that “It seems the only way to full opt out of this is to change ISP.” Wikipedia also has an informative article that is, on the whole, fairly hostile to Phorm. To date, the biggest objection to Phorm has come from researchers and observers who feel that the fact that it reads and indexes (nearly) all pages you visit is an unwarranted invasion of privacy.

In the briefing, I learned quite a bit about Phorm’s goals from a corporate perspective. My queasiness about inspection of customer web sessions aside, it seems that continued badgering from the press and from UK observers has forced Phorm to add more privacy-preserving features. Certainly, the point of going “over the top” of Google and the other search engines means that Phorm tracking cookies are accessible by any website who wants to use it. It’s clearly very appealing to ISPs, who desperately want a slice of the Internet advertising pie.

The question is, how bad do they want it? It’s clear that researchers like Clayton are not happy with the way Phorm’s system works. The way the system is set up (forcible inspection of HTTP traffic, cookie forging) seems a lot like a wiretap to me (albeit one to which, according to Phorm, the user consents). Today, the system is trialing in the UK with three carriers, including BT and Virgin Media. What happens when Phorm expands to the US is the real question. I suspect the Electronic Frontier Foundation and the ACLU will be all over this like a fat kid on a Twinkie.

For all of its novelty and potential for disruption, adopting the Phorm platform value proposition is a risky one for ISPs. The issue is not about whether Phorm gathers the right kinds of consent from end-users, anonymizes data it collects, or offers appropriate data protection tools for end-users. Phorm may (or may not) be doing all of the right things; that isn’t the point. The issue is, regardless of what Phorm does, whether opponents can muster enough opposition to poison the reputations of ISP customers who adopt it. Examples from other emotionally-charged consumer fights around genetically modified organisms (GMOs) and environmental issues suggests that aggrieved consumers, when riled up, have rather sharp elbows. “Spying on their customers!” would be one charge. “Big brother” would be another.

Phorm’s response, in our briefing, was essentially, “once consumers understand our system and its benefits, they will like it.” Let’s assume for the sake of argument they are right. It would still be an uphill battle, though, because business models predicated in part on user education usually fail. My vendor customers in the consumer security business know this all too well!

All of this leads me to conclude that ISPs who adopt Phorm would be putting a cyanide capsule in their mouths. The worst-case scenario is suicide-by-public-relations. Enough jostling from consumers and — crack — there’d be the sudden, familiar whiff of almonds in the air.

Filed under: Anywhere Consumer, Digital Advertising and Marketing, Emerging Tech/Emerging Markets |

5 Responses to “Smelling the Almonds (or: will ISPs take the Phorm cyanide pill?)”

UK Mark
June 23rd, 2008 - 7:46 pm

I think these Phorm (and NebuAd) people have tried too soon.

UK and European law is too strong for them to get going and I suspect the US might even strengthen their constitution to stop it.

Both these companies have their roots in spyware, allegedly.

I can’t believe any western country would allow it.

UK Mark
June 23rd, 2008 - 7:53 pm

An Addition …

Forget about UK, EU law and US Constitution.

They would struggle to get through Magna Carta, 800 years ago!

Looks closely.

Tom
June 24th, 2008 - 5:11 am

An interesting article, but you failed to mention that PHORM are the former spyware/rootkit outfit formerly known as 121media. They have a truly murky past.

Also, no trials are currently taking place. BT are set to begin trials “any month now” but the other two ISPs mentined appear to be distancing themselves from PHORM.

Robert Taylor
June 24th, 2008 - 6:05 am

Andrew, you project an air of detached amusement so very well.

“Once consumers understand our system and its benefits, they will like it,” muses Kent.

I know a lot about Phorm, I understand who it benefits and how. As a BT customer I’m going to have to swallow it for the time being so this almost certainly makes me a ‘consumer’ of his product. And I really, really don’t like it. Let me count the ways…

For anyone who can’t get out of their contract immediately, I’d advise sending some beautifully crafted junk mail to BT in the form of surfing ‘chaff’ from AntiPhorm. It’s a very fitting response.

: )

http://www.antiphorm.com

Chris
June 25th, 2008 - 6:12 pm

“The issue is, regardless of what Phorm does, whether opponents can muster enough opposition to poison the reputations of ISP customers who adopt it.”

To some extent the ISPs’ reputations are not particularly stellar to begin with. Comcast and BitTorrent blocking comes to mind.

In other words, there does not have to be an awful lot of collusion to circumvent the effects of negative public opinion. It’s only a cyanide pill if you lose customers as a result.

Case in point, my ISP options are Verizon FIOS (which I have), Verizon DSL, or a Comcast cable modem. If Verizon and Comcast both decide to adopt Phorm, what option do I have? I’d have to tunnel all my web browsing through an encrypted SSH connection at an .edu — but that’s not an option for most consumers. I no longer have a motivation to leave my ISP because the alternatives aren’t any better.

Leave a Reply