Tuesday, 15 April 2008

Phorm Rant

Why I'm happy to use Google, but wouldn't countenance phorm.

In response to a post by Alex in www.badphorm.co.uk.

Well I know you didn't ask me, but if I might answer anyway.

Search engine provide me with a valuable service. Phorm's webwise is a disservice I can do without.

I can control what information search engines get to see about me, I don't have to use them at all if I don't want to, and so I don't have to be confident that I can trust them, or worry too much if they are secure.

I can't avoid all my traffic passing though my ISP's network except by moving ISP, but I trust my ISP primarily because I know it would be ILLEGAL for them to intercept my communications, and also to a lesser extent because I know that the shear bulk of other customer's communications make it highly unlikely that they would intercept mine unless they had a very good reason to want to target me.

Now phorm on the other hand, has the potential to intercept all my non-encrypted communications, and I'm expected to trust them and I'm expected to trust a Phorming ISP that has installed equipment designed to be able to analyse all of its customers browsing traffic en-mass, and apparently claims it is no longer bound by the legal requirement not to intercept my communications, because it has supposedly got my permission by using Man-In-The-Middle techniques to check for an opt-out cookie!

I'm also expected to trust that the level of detail of the information you collect and the extent to which you share it will never expand, even when advertisers start increasingly demanding more useful data and your competitors offer phorming ISPs superior systems that collect more detailed data that advertisers will pay more to exploit.

I'm also expected to trust that your system is secure, and that a hacker could never break in to it and find a way to subvert it into collecting the sort of data hackers are interested in. However small you might claim it is, why the hell would I take the risk!

In short, no I would not be comfortable using any ISP that had such a system connected to its network and I'd question the wisdom of anyone that is.

No comments: