|
Set forth below is a complete copy of the webchat that aired on
Webwise.com at 1:30PM/13:30 GMT (London) on March 20, 2008.
"KentErtugrul" is Phorm
CEO Kent Ertugrul; "MBurgess"
is Phorm SVP of Technology Marc Burgess. Phorm is the company that
provides the technology that underpins the Webwise feature.
This transcript is for informational purposes only and Phorm is
not responsible to update or keep its information current.
Transcipt text
KentErtugrul
Hello and thank you once again for attending this webchat. What we would like to focus on are new areas of questioning which have not yet been addressed so please forgive us if we concentrate more on those. That being said, responses to the old questions in the transcripts of the last two webchats. These are posted on www.webwise.com/chat
adminis
You previously stated that the categories (Channels") are policed
to ensure they do not contain personal information, if no personal
information can be captured, why do you need to do this policing?"
KentErtugrul
The vetting is not just about personal information, it is also to
avoid allowing channels which relate to sensitive areas. For example,
we do not carry adult advertising. As a result there are no "adult"
channels. Therefore it is not possiblt to capture even fully anonymouse
adult browing behavour and associate this agains the random number
of the browser. The vetting process give us ultimate control over
which product categories are noted since we cannot note anything
other than predefined categories
phail
please can you explain why you feel the need to spy on everyone?
KentErtugrul
I understand the emotional reaction whcih you have but I would lke
to point out the difference between what we are doing and what you
describe. 1) The is a clear and absolute choice on the part of everyone
participating. NOBODY is forced in 2) This represents a dramatic
step forward in online privacy. Look in your browser right now.
You have probably been cookied by over one hundred different sites,
which have noted your presence, stored your IP address and possibly
tied it into other information which you may have given up elsewhere.
You never gave permission for this to happen. People are losing
privacy today because there is no place which serves advertisers'
purpose of maximising relevance whilst at the same time handing
consumers a clear on off switch. And which does this without storing
any browsing history. This is what this does and this is why Webwise
in fact represents the best defense which consumers have AGAINST
spying
Dean_Lee
I hear that if I take my laptop abroad, and use a Phorm ISP there,
my channel info will be fetched across from the UK, so my ads stay
targeted . That's pretty cool. But which ISP gets to share the revenue,
my UK one or my foreign one?
KentErtugrul
Revenue is attributed to whichever ISP is providing you with the
connectin at the time. In due course, this provides users with the
real possibility of cheap / free wireless internet connections wherever
they may roam
narcosis
If you read RFC2965 you'll see there is no such thing as a TLD multi
site cookie or a global style cookie. How does your cookie get read
by different sites to display ad's or ignore the user (due to being
opted out) ?
MBurgess
Yes, you are right. But this is a standard cookie that is only read
by Phorm system, i.e. the webwise.net domain. Ads are displayed
by the Phorm system only - Advertisers and the sites on which their
ads are shown never see the cookie, and no user data is ever passed
to them.
tinfoilhat
When connecting to a website that carries OIX ad space, does that
site have any access to the UID cookie? Is the random user number
visible to that site?
phail
Why should anyone trust you, you are well known for creating spyware
/ adware, I think the phrase "a leopard never changes their
spots" is appropriate, what's to stop you changing the collection
of our personal data to suit your own ends?
KentErtugrul
If you in fact look at the facts of the case rather than some of
the things which have been written, you will see that we have one
of the most "blue chip executive teams, boards, business partners
and investors of any publicly traded internet company in the UK,
that our history in the adware business is a matter of public record
as the only adware company ever to be traded on the stock exchange.
As far as changing the system is concerned, we have invited Ernst
and Young to regularly inspect all of our claims. We are issuing
an open invitation to the privacy community to do the same. We have
nothing to hide now, and we never will.
MBurgess
No, per the answer to the last question the website cannot see the
random number.
MarkH
we've seen constant claims that 80/20 were supporting the phorm
systems, yet after reading the report, most people seem to interpret
it as they have raised more questions than they have given support,
so did you knowingly mislead people?
KentErtugrul
The content of the report is self evident. We fully support sharing
its contents and conclusions and we believe that anybody reading
it with an open mind will agree that it supports our claims
phail
Wrong. Virgin and BT are both currently operating an OPT-OUT solution,
which would mean all users are opted in by default, and even if
they are opted out OUR data is mirrored on phorm servers, regardless
of whether the data is used, you ARE collecting it. I am quite capable
of securing my own internet, without the need of some poor excuse
of an anti phising filter, packaged with adware & data collection,
which I haven't given my permission for you to collect!
KentErtugrul
When a user opts out, the system is OFF. There is no data collection
at all
narcosis
As you have a (temporary) copy of each webpage everyone visits (for
offline profiling purposes) and you SAY you discard irrelenvant
information, should you be asked to by an authorative figure/body
could you easily change the code in the profiler to store/forward
the webpages visited to said figure/body ?
MBurgess
No, in these situations, the bodies you describe can request information
that is stored in the normal course of operations, but they cannot
request a change in the system itself. In our case, the information
we store is only advertiser category, random number, and timestamp,
which contains nothing of interest to the authorities and far less
than can be obtained from the ISP under a court order.
harry_tuttle
How do Phorm/OIX envisage the nature of profiling web users advancing
into the future? It surely won't remain a limited list of simple
keywords and categories forever?
KentErtugrul
We believe that we have come up with a way of providing a very powerful
tool for advertisers which does not need to change in order to provide
ever greater value to both advertisers and consumers. It can never
evlove past the point where it compromises privacy, since privacy
is the essential condition which makes this technology possible.
We also believe that in due course anybody who objects to the system
will feel that it is safe once they have understand how it works,
and that until then they will freely exercise their ability to opt
out and not take part
canonicaluser
What is your relation to the NebuAd company in the US, who seem
to have the same technology; whose technology is it?
MBurgess
We have no relationship to NebuAd, and our technology is our own...
tinfoilhat
Will I be able to see the channels against which I am matched? If
so, would I be able to disable a particular channel if I am no longer
interested in its contents (eg, I've recently been searching for
cars, then got a new one and don't want anymore car ads)?
KentErtugrul
In fact, not even we can see the channels which any particular random
number can match. There is no interface for that as a privacy safeguard.
Anybody opting out or deleting their cookie will be permantly disassociated
from previous channel matches by either being assigned another number
(cookie delete) or opted out. Think of how much more powerful that
is than other systems which store your IP address and everything
you search for. In those cases, information stored is PERMANENTLY
associated with you. We believe that we provide a much better way
forward and leading privacy advocates who have taken the time to
see how our system works agree
narcosis
FIPR have stated "Users should have to opt in to such a system"
& "We believe this is also required under European data
protection law; failure to establish a clear and transparent "opt-in"
system is likely to render the entire process illegal and open to
challenge in UK and European courts.". Do you have any response
for this ?
KentErtugrul
We believe that once we have met with FIPR hey will have a better
understanding of how the system works and will be supportive of
us as an example to others of state of the art privacy protection.
We will be doing so shortly
paul
why should I user your anti phishing service instead of say firefox?
Where is the value there? Firefox is free.
KentErtugrul
It turns out that the people who are most likely to download browser
plug-ins and update security systems are the ones who are the least
likely to be the victims of a phishing attack. The general public,
time after time in polling, see it as perfectly natural that they
should be automatically protected by their ISP by default if they
can do so
JoeUser
Are ads fetched from ISP local servers that are behind the anonymizer
or do the ad servers see your IP Address? Is the UID cookie sent
to the ad servers?
MBurgess
The ad-servers are colocated within the ISP, and they do see the
UID cookie, but they do NOT see the IP address.
paul
Are you not trying to solve a problem that just does not exist for
the user? I think my ad targeting is fine thank you, I do not want
it to be more targeted.
KentErtugrul
In that case it is the simplest thing in the world for you not to
take part. However when you ask general internet users what their
biggest concerns / irritations are over the internet, they consistenly
say two things: online fraud and the amount of untargeted advertising
with which they are bombarded on the internet. That is what webwise
addresses. Furthermore, why is it a bad thing to create an environment
where all websites, not just a handful, can make money by providing
interesting content on the internet? We believe, and many consumers
believe, that that would make the web a far more interesting place.
That being said, as I said at the start, IT IS A CHOICE. YOU DO
NOT HAVE TO TAKE PART IN IT
harry_tuttle
Now that Phorm have said that the 14-day logs will only include
system 'health' information and no 'anonymised' user data, how will
they debug and refine the system? How is it possible to do anything
if you only ever see what comes out and never what goes in? How
can a system like that be audited?
MBurgess
Debugging will proceed on the basis of the exceptions raised, and
the usual process of attempting to replicate and diagnose the error
in a test system. The error will be localized in a particular module
and traced down from there. The question on auditing is slightly
different - you can audit a system precisely by looking at what
goes in and what comes out (which the ISP and external auditors
can do). We are also investigating the possibility of having an
independent technical expert audit the source code of the data capture
elements of the system (subject to protecting our intellectual property,
of course).
phail
Why do you feel that it is acceptable to track my browsing history,
then force feed me targeted advertising based on that history? What
gives you the right to look at MY personal history? It doesn't belong
to the ISP, it belongs to ME. Will you be paying me for the dubious
privilege of "targetted advertising"?
KentErtugrul
It is a choice. You do not have to take part in it if you do not
wish
paul
The general public, time after time in polling, see it as perfectly
natural that they should be automatically protected by their ISP
by default if they can do so. Are you saying that you are the only
way an ISP can protect its users?
KentErtugrul
No but this is a great opportunity to extend such a real time protection
nationwide and snuff out phishing sites as they occur. We will soon
be extending that to spyware download sites
Bob
I see the point in your system to block unwanted content. However
where/why does advertising come into it? Apart from giving you and
the isp new revenue streams. You could make money out of enhancing
the users control of their internet access (phishing, adult filtering)
and not focusing on delivering relivant adds. as this is sort of
pulls against what the main point of the system is. ie. to protect
users from phishing sites.
KentErtugrul
Some people see most value in blocking content, others see it in
reducing irrelevant advertising. If you ar convinced of neither,
you are absolutely free to not take part. Large scale polling sugested
that there was strong interest in both
Dean_Lee
I can see the effort to preserve anonymity, but I don't quite grasp
the details of the process of ad serving, and what the dialogue
sequence is. Can you please walk us through the User/Phorm/OIX/Website
dialogue steps when I visit website XYZ which is in OIX , and is
going to serve me an ad based on my UID cookie?
MBurgess
OK - deep breath: 1. The web site creates the web page with a hole
in it for an ad (which could come from Phorm or e.g. DoubleClick)
into which they insert a Phorm tag. 2. Your browser downloads the
page and processes the tag, which directs it to request an ad from
the Phorm ad server, which is in the domain webwise.net. 3. Your
browser sends the UID cookie value as part of the request, and the
ad-server, which has access to the channel-match information including
that UID, can therefore select and return an appropriate ad. 4.
Your browser displays the ad inside the web page.
paul
how do you know a user has opted out, surely that in itself is a
breach of my privacy?
KentErtugrul
There are different wasy of opting out, 1) cookie based by placing
and OPTED OUT cookie 2) by excluding cookies from our domain in
your browser which is permanent and browser side and 3) a permanent
network based opt out which will opt you out while you are on the
current network. I personally believe that 2) is the most effective
long term permanent opt out, but all will be available. Any of these,
however, is far cry from the present system where you are effectively
leaking data as you browse through the dropping of traking cookies
wherever you go. We believe that this represents a major and necessary
upgrade to the present, broken system of privacy protection
paul
Think of how much more powerful that is than other systems which
store your IP address and everything you search for. In those cases,
information stored is PERMANENTLY associated with you. Those systems
are distributed across hundreds of organisations, which is not a
threat to my privacy they may hold 1% of my online activity. Your
are one organisation, holding data up to 100% of my activity and
you are operating on a service basis (i.e. at the ISP) is that not
a bigger threat to my privacy?
KentErtugrul
In fact although the organisations holding data may appear to be
discparate, the data is more often than not tied into larger databases.
You have no control over that. We give you back control
j8jweb
What do you perceive as the biggest threats to your business model?
KentErtugrul
The inability to address the concerns of every member of the public
who does not fully understand that this represents a giant leap
forward for privacy rather than the opposite
MarkH
so why have BT staff stated they are having to design an opt-out
mechanism that will ensure the customers data will never enter your
systems despite your claim that no data passes to it when the customer
opts out?
KentErtugrul
because it more effectively addresses the perception issue. The
reality is that the current opt out system fully and effectively
prevents the collection of dta
Annon101
How can you claim this is an increase in privacy when you get to
view all of our web surfing habits compared to Google and Amazons
small slice?
KentErtugrul
because once you have given up your search information, control
over that aspect of our privacy is lost to you forever. Since we
do not store any information and only ever know you by a random
number stored on a cookie, deleting the cookie or opting out permanently
breaks the association with anything which that cookie may have
done in the past
harry_tuttle
Marc, you must mean the co-located ad-servers see your IP address
but don't record it. At least one server needs to know the UID and
IP address at the same time to forward the right add to the right
user?
MBurgess
No Harry, the request passes through the anonymizer, which masks
the iP address so the ad-server does not see it at all.
KentErtugrul
Once again, thank you all for taking part in this. Feel free to
email techteam@phorm.com and we now have an interactive blog on
webwise.com and phorm.com. Thanks again Kent
MBurgess
Sorry, time's up again. Thanks again and bye for now ...
-- ## --
|
