|
Set forth below is a complete copy of the webchat that aired on
Webwise.com at 8:30pm GMT on March 11, 2008.
"KentErtugrul" is Phorm
CEO Kent Ertugrul; "MBurgess"
is Phorm SVP of Technology Marc Burgess. Phorm is the company that
provides the technology that underpins the Webwise feature.
This transcript is for informational purposes only and Phorm is
not responsible to update or keep its information current.
Transcipt text
KentErtugrul
Hello thank you for joining us again - look forward to answering
any questions you might have
davews
Who supplies the database used for the Antiphishing function - the
ISP, Phorm or an external recognised organisation?
KentErtugrul
We use a number of external sources and are constantly evaluating
the best source
007
Will you still continue even though ISP's are pulling out
KentErtugrul
No indication at all that any ISPs are pulling out. They have polled
their customers and their customers want this. I would like to make
it very clear that nobody is being forced into this and this is
a clear and absolute optional offer to everbody. Nobody has to do
it
www.StopPhorm.bebo.com
Explain the drop in your Share Price, please.
KentErtugrul
Our share price has performed very well historically - we clearly
have a duty to explain to both consumers and shareholders the facts
around the offering: 1) It is clear choice 2) It brings clear benefits
to consumers 3) It represents a breakthrough in online privacy by
offering, for the very first time, way of making advertising relevant
BY STORING NO DATA AT ALL as to users browsing habits and by making
the system COMPLETELY ANONYMOUS 4) It represents a big step forward
against online fraud, particularly in protecting less computer literate
consumers than the ones who have been so vocally opposed to it
Huw_Jerse
One of the perceived benefits that the Phorm system is to bring
is an enhanced anti-phishing capability. Can you explain (and be
as technical as you like) the technical barriers that would stop
an ISP from placing this kind of anti-phishing protection on their
network without the invasion of privacy represented by the tracking
of browsing - after all the ISPs laudably manage (for free) to block
access to child pornography websites via WebWatch apparently without
requiring this recording and analysis of normal browsing habits.
MBurgess
Hi "Huw". In your example, the WebWatch system sends all
data for blacklisted sites to a routing 'black-hole". If you
do that, it's not possible to give users the choice of continuing
on to the site or turning back, as we do with Webwise. The Webwise
solution is only one of many implementation possibilities, but its
messaging ability does make the provision of the anti-phishing service
easier.
suz
Only heard about this on BBC working Lunch today. Im with BTinternet,
is this thing up and running now or is it due to be launched later?
KentErtugrul
It will be launched shortly and there is no chance of your being
unaware of when it is launched. There will be a full page browser
window offering the service, and you will have a clear and transparrent
choice as to whether or not to take part
Jim_Murray
You will find a list of questions submitted by concerned users at
http://www.badphorm.co.uk/page.php?11 I appreciate it may not be
possible to answer all of them tonight but would you be prepared
to undertake to provide answers to them by e-mail within the next
week or so?
KentErtugrul
Hello Jim, I very much appreciate that you are concerned about privacy
online. So are we. Not only do we undertake to answer all of your
questions, but I would be happy to speak with you directly should
you so wish
phil
why have the isp's not given us user more information about the
service?
KentErtugrul
Quite frankly because it has not launched yet. I believe that much
of the concern stems from the fact that we are halfway between announcing
that we will launch and actually launching. I know for a act that
the number one goal of ISPs is transparency. Each and every consumer
being offered the service will be aware of the fact that it is on
and that it is a choice, when the time comes to launch
phil
Could you explain how your system works if no data is stored - how
do you categorise information relating to my web browsing
MBurgess
The system works by matching a data digest of information from each
web page browsed (URL, page keywords and search terms) to advertiser-defined
product categories we call 'Channels'. The data digest is first
cleaned to remove as far as possible information like email addresses,
numbers, and names (and we ignore form fields) and once the match
is made, the data is immediately thrown away. All that is left is
a note of which advertising category was matched, the random number
we have allocated to your browser, and a timestamp. This is enough
information to accurately target an ad in future, but cannot be
used to find out a) who you are, or b) where you have browsed.
Privacy.Watch
Hi. We're a loose coalition of IT developers worried about the impact
of such edge-of-protocols technology as Phorm is about to deploy.
The consensus reached after examining all information released by
Phorm is that, because the unique [random] user ID is stored in
a cookie on the client machine, and only stored in a cookie, that
Phorm must use some level of HTTP redirection in order to read the
UUID for each HTTP request transmitted. This is deeply worrying
to a protocols expert as there could be unintended side effects,
the most obvious of which is the redirect counter in the browser
being decrimented at least once or twice before the initial target
site is reached. BT report trials are about to start, so the software
must be ready for open public trial. 10,000 people in a trial is
a lot of homes and businesses to put at risk. My question is what
level of testing and review has been undertaken to ensure that the
new technology does not break existing features of the internet
that have come to be relied on?
MBurgess
The system has been very thoroughly tested, and operates on a whitelist
basis - it checks the HTTP user-agent and confirms that the specific
browser is one of those for which detailed testing has been carried
out.
Jim_Murray
Perhaps the most often asked question is 'Why is this opt-out and
not opt-in?' Could you explain why, when so many people have expressed
this as a concern you do not insist to all partner ISP's that participation
can be on an opt-in basis only?
KentErtugrul
I think that the real issue is transparency. When users were polled
as to their reaction to a product which reduces the amount of rubbish
advertising and protects people from online fraud, the most common
response was not "how horrible please don't do it". It
was "why is it that ISPs, if they can do this, are not doing
it automatically already? I have a question for you: Imagine that
your mother has a credit card number stolen through a phishing attack
and all of her money is stolen. This happens thousands of times
a year. How would you explain to her that she had the opportunity
to protect herself but did not because the capability was not switched
on automatically? The main goal as we move forward is to strike
the right balance by achieving full transparency and knowledge of
what is being offered.
Jim_Murray
You claim you store, and I quote, 'NO DATA AT ALL' - how then are
you able to match a user's likely interests with an advertiser?
To do this, at least some information must surely be stored?
KentErtugrul
Thank you for the opportunity to answer factual question. Here is
how it works: as the random number representing the user browses,
we match the behavour to product categories in real time based on
hat they are doing. But then, in REAL TIME, we delete the reasons
for matching the number to a product category: Where they were,
what they searched for, and so on: We only retain three things:
a random number, product categories against those number, and time
stamps representing when they were matched to he product category.
NOTHING ELSE. This is why this is truly a revolution in online privacy:
Compare and contrast this with some of the largest websites: they
store everything you search, everywhere you go, together with IP
addresses and a great deal of information. This represents a giant
step forward for online privacy, because not only does it work better
for advertisers, it does not store browsing history, is completely
anoymous and gives users a clear ON/OFF switch
phil
Could you explain the difference between the phorm system and google
- until i read about phorm i was not aware that google even stored
information about my web browsing?
MBurgess
Many web-sites and search engines record information about the connections
that you as a user make to their site. Typically this will include
your IP address, and information such as URLs and the search terms
you enter ("Clickstream data"). They will also often drop
a cookie into your browser so that this clickstream data can be
referenced later on, or even associated with data from other sites.
The clickstream data is often used for data analysis or even sold
on to third parties, and is typically retained for long periods
- months or years. We use a cleaned subset of clickstream information
to mach with advertising channels, store the match, and throw the
data away. We use a cookie only to distinguish your browser from
others on the internet, and we never share data with anyone.
Jim_Murray
Thank you for your undertaking, I can be reached via e-mail at admin@badphorm.co.uk
and look forward to hearing from you shortly.
KentErtugrul
I will contact you shortly. Thank you for the opportunity to respond
compo
you say It represents a big step forward against online fraud, how
can we be sure that your system will not cause fraud?
KentErtugrul
I am not sure how that would be remotely possible. It never knows
who you are, never knows where you have been and is simply an engine
to show advertising and phishing warnings. How could it be used
to cause fraud?
suz
You say customers have been polled. Im a BT customer and I have
not been polled. Why not?
KentErtugrul
Not all customers were polled, just a sample. That being said, you
could consider the notice which you will receive when webwise is
switched on as a sort of poll. If you do not find it useful, it
is extremely simple to have no part of it
www.StopPhorm.bebo.com
Further to the Opt-in question by Jim_Murray, were the Customers
advised what the Software would entail? Therefore were they aware
what they were polling for?
KentErtugrul
yes - the goal was to receive a true estimation of what the broad
customer reaction to be, not to generate the "right answer".
The ISPs value nothing more than the bond of trust with their customer
not-telling
Will browser add-ons like TrackMeNot cause you any problem in profiling
browsing habits?
MBurgess
I think there are two questions here - 1. will browser add-ons cause
a problem when browsing under the Webwise service? - to which the
answer is no. 2. Are add-ons a way to avoid profiling? - to which
I would say it's easier to opt out of the service using one of the
browser-based methods we provide.
compo
If you want full transparency why are you not being honist about
your past with rootkits and spywear
KentErtugrul
I think that you will find it hard to find an interview where I
do not acknowledge our history in the adware business. I talk about
the fact that it is systematically confused with spyware, that nevertheless
we decided that it was inconsistent with our goals and we discontinued
that business despite the fact that we were a profitable, publicly
traded company
Huw_Jerse
Follow-up question: You're improving security by allowing the (non-literate)
user the choice to carry on to a site that's phishing?
MBurgess
Yes, in the end you have to give people the choice, having first
warned them that the site is potentially fraudulent. We make the
warning clear and the process easy, but the final say has to be
with the user.
www.StopPhorm.bebo.com
Will you provide a Child Safe Option so that after I play Poker,
my kids will not be bombarded with PokerSite Ads?
KentErtugrul
We are taking a broader approach than that. We are not accepting
any advertising at all which, i shown to the wrong person, could
cause discomfort. So, for example, no adult, no medical
system
How does the system deal with POST requests? IE, when a form is
submitted via the POST method.
MBurgess
Hi, POSTs are not analyzed.
narcosis
Many new phishing sites appear all the time. What assurances do
you give that this list is THE most current up-to-date list available
? Is this list maintained by another 3rd party or by users reporting
sites to yourselves ?
KentErtugrul
We cannot guarantee that this will always contain a full list of
all of the current phishing sites. What we can say is that this
will be as real time a system as there is, that you will not need
to download, maintain or switch anything on, and that we will constantly
work to imporve the quality of the service. We also intend, as soon
as possible, to extend the service to know spyware / malware download
sites based on consumer feedback
compo
Is the opt out a full opt out or an opt out of your advertising
MBurgess
When you opt out, you will no longer see our targeted advertising,
and no browsing data will be analysed. Of course, you'll still see
ads in the pages you visit, they are just likely to be irrelevant
ones.
PaulB
Kent, I raise the issue in the last chat about the lies going around
about Phorm and the webwise system. We are still to get any more
information realsed on the system is their any reason for this?
I am still swaying on whether to say yay or neh to the system. Before
it was a big no no but it doesn't seem all that bad now
KentErtugrul
Over time, we are very confident that the system will bring grat
benefits. It will make it possible for ads to be relevant / helpful
wherever you browse. Think of it as "google while browsing".
It will make the creating websites a much more worthwhile exercise
for all sites, not just a few. It will stimulate the creation of
masses of additional, free content for consumers to enjoy. But most
of all, it will always remain a choice. If you have any doubts at
all about the system, I suggest that you not take part until such
time, if ever, that you become comfortable
not-telling
I'm getting conflicting information in the articles I read. If I
block cookies from webwise.net will my data be processed by the
profiler server?
MBurgess
ISPs' networks all vary and their implementation of the Phorm system
will vary accordingly, but ignoring for a moment the specifics of
the network and the names of servers, the bottom line is: If you
block cookies from webwise.net, you will be treated as opted-out
and the ISP will not pass any of your browsing data to Phorm.
compo
please explain the following in your patent "The context reader
may also include behavioral data (e.g, browsing behavior), other
historical data collected over time, demographic data associated
with the user, IP address, URL data, etc.". Do you collect
IP addresses or not. If it is not you have misrepresented yourself
at the patent office
KentErtugrul
We absolutely do not collect or use IP addresses in any shape or
form. Remember that a patent is not a description of how a system
works. The patent lawyer's job is to decribe all of the possible
ways in which a system might have worked in order to protect the
company's intellectual property. We believe that IP addresses are
personally identifiable information and should never be used
no_ads
how much did you pay the bbc to show you in a good light?
KentErtugrul
lol - nothing I promise. All we ask for is the chance to describe
the system as it is and not as it is being described for us
Southern_Spur
How did you get Privacy International to endorse your system?
KentErtugrul
This was my confusion I apologise. The endorsement was in fact from
Simon Davies, the MD of 80 / 20 who is also a director of privacy
international. My apologies for the confusion. I will however say
that we welcome the scrutiny of any privacy organisation. We are
proud of the breakthrough which we have achieved on privacy and
believe that it sets an example for all to follow
narcosis
Why are you using a cookie when it is obviously possible to route
users data around the Phorm equipment/profiler as shown by recent
statements by Carphone Warehouse ?
MBurgess
We favour a browser-based approach for several reasons: 1. It allows
different people who share the same broadband connection to make
their own choice about using the system. 2. It allows that choice
to move with them if they, e.g. if they use the same laptop at home
and at work, or travelling. 3. It is transparent - the user knows
their status and it is consistent.
compo
why have you not had an audit done in the UK under Uk law
KentErtugrul
we would be happy to do that. In fact we believe that meet the highest
privacy standards anywhere. We believe that we go even further and
achieve a standard not even contemplated by legislation. No knowledge
of who you are, no storage of browsing histroy, full and transparent
choice
PaulB
Kent, another question. You say this is a privacy revolution and
no data is stored yet I have seen you quoted on some websites as
saying its kept for 6 months
KentErtugrul
No we do no store data for six months. What we store for six months
are only the product categories against random numbers
serial
Why have you decided to "pilot" your system in the UK
and not the US?
KentErtugrul
I grew up here. Despite the accent, this is home.
serial(C)
Is the profiler machine given to the ISP by phorm or just the software?
narcosis
Follow up to compo's question: You said "and no browsing data
will be analysed." , but it still goes TO the profiler ?
MBurgess
Answering the points from "compo" and "serial"
together - The particular server or software is less important than
who controls them. The ISP will own the equipment but it may be
running software from Phorm. However, the ISP has full visibility
of the data that is flowing, and full control over it. As I said,
the bottom line is that the ISP ensures that if you opt out, your
data is never passed to Phorm.
KentErtugrul
It has been a long day and I have to get to bed. I promise that
we will do this as often as necessary. There were a number of questions
which we could not get to. We will try to thoroughly address all
areas of concern. Virtually all of the answers can be found in our
general FAQs on our website. Nevertheless I look forward to doing
this again. Good night. Best, Kent
MBurgess
Sorry, this webchat has gone by in a bit of a blur - I'm out of
the UK at the moment and the time difference means I'm a bit vague.
I hope I made some kind of sense... Thanks for your interest - and
goodnight!
-- ## --
|
