14 March 2009

ISPs snoop every page we visit: how worried should we be?

British ISPs BT, Virgin Media and TalkTalk intend to launch a service called Webwise that spies on the address and content of every web page that you visit using third-party software from a US company called Phorm, and then make information on your browsing habits available to other web sites (presumably for a kick-back). This sounds pretty worrying, and it has sparked a lot of attention over the last few weeks, incluing Tim Berners-Lee going to Parliament to ask for it to be banned, and ending up in a clash with the Phorm CEO (who it seemed hadn't been invited to the party but turned up anyway).

If Sir Tim's worried then I'm worried, so I decided to find out some more about what it actually is.

In brief, Phorm provide a system that the ISPs will run that performs deep packet inspection. This means that they will be analysing not only the pages you visit, but what's contained on the pages as well. This is then matched against certain patterns to identify browsing habits (e.g. you visited a page containing the words "holiday" and "Bulgaria", so you're now tagged for Bulgarian holidays), and if you match a pattern then this match is stored in a site called the Open Internet Exchange (OIX). Now if you visit another page from a site, that site can query OIX to find what you're interested in and deliver you appropriate advertising. Your privacy is protected because it doesn't store your name, just a random number that stays with you as a cookie so can be used to target content.

BT et al are claiming that this is a great thing for consumers because:
  1. you get adverts targeted at what you're interested in, and
  2. they can also throw in an anti-phishing thing that warns you if you're about to go to a dodgy page.
Note that there's been no mention of you getting a share of the revenue that no doubt BT will get for putting this service in, but that's by the by.

Pulling the analogy from the ZDNet page about Deep Packet Inspection, this is like the Royal Mail rather than just looking at the address on a letter and sending it to you, instead opening the letter up, reading the contents, then telling someone else to send you spam based on what youe letter said. This would never be allowed, so why is it OK for electronic communication? It is also worth remembering that most people's webmail accounts are http rather than https so all their e-mails are fully accessible for scanning.

Two other things deeply worry me about this whole shebang.

Firstly, the anonymity mechanism is totally flawed. Although Phorm don't know who you are (because they claim they won't look at user names, credit card numbers, etc.), any site you're logged into can match up your unique number with your user. They've now got access to your full browsing habits as well, and this is a massive invasion of privacy.

Secondly, the ISPs are running a system from a third-party company with a CEO that has allegedly been responsible for spyware on PCs previously, with no clear regulation, whose legality has also been questioned in the US, and where the BT has already performed secret trials of Webwise without end-users knowing which resulted in the European Commission getting involved. None of this makes me feel warm inside about these people having and distributing my browsing habits.

So - what to do?

I'm not with one of the three ISPs currently planning to launch the service, so I can sleep slightly easier. For those that are:
  • Check out BadPhorm which has some more info on all of this.
  • If you're a Firefox user then get the extension from Dephormation which blocks Webwise from working.
  • Seriously think about switching ISP to one that is not going to sell your secrets to the world.

9 March 2009

Sony loses the plot on custom build Vaios

It became time for me to purchase a new laptop, and so after a bit of research I settled on a Vaio. Before you say it, I know it's not as cool as a MacBook Pro, but in the current climate I couldn't really justify paying twice as much so I settled for a custom build FW series to give me good resolution and a reasonable balance of other features without breaking the bank. So far so good and I placed my customised order.

Unfortunately, Sony decided that I was untrustworthy so even though my credit card went through fine they still rejected my order based on some trumped-up excuse about failing some other security checks (the Sony guy I spoke to claimed they're the third most defrauded company in the UK). Of course they couldn't tell me which security checks because that might enable me to defraud them in some other way, but it turned out that was not the biggest problem.

The biggest problem was with their order management software. Because my original order was rejected they had to place a new one, but there was some problem with their software so I was asked to call back in a couple of days. This I did, to be told that there was still a problem with their software. A couple more attempts, and I found out that what was actually happening was that they had a problem where the software would reset any custom builds back to the default configuration as soon as you saved the order. This is obviously not good, and even more not good was that Sony only discovered this after they'd shipped some units to customers (presumably who weren't too happy with what they received).

This has got to be pretty damn embarrassing for Sony, and I really hope that they're throwing some toys out of cots at their software supplier as I suspect that they would be one of the really big, really should know better suppliers, who probably charge lots of money because they have really good QA departments. Or not.

And in the mean-time, it's been ten days since I decided to buy a Vaio rather than a MacBook, I'm still waiting for a call to say I can resubmit my order, and now I'm starting to reconsider my decision...