BT pimped customer web data to advertisers last summer

Denied secret relationship with Phorm, blamed malware


Exclusive BT’s servers were secretly passing data on subscribers to its "new" advertising partner as long ago as last summer, though the companies refused to acknowledge any relationship at the time.

BT - the UK's number one internet provider - finally revealed the plan earlier this month along with Virgin Media and Talk Talk, which occupy the number two and three spots behind it. This means Phorm, the company that will run the targeting system, will have access in all to more than 10 million streams of web browsing data.

Phorm's Open Internet Exchange is an online broker that matches advertisers with publishers, much like Google or Yahoo!. The difference is that rather than target your interests using data you volunteer via web searches and by using free email services, Phorm is paying your ISP to hand over data on your browsing habits direct. The technology has roots in spyware, but the company insists it is setting a new "gold standard" in privacy online and emphasises that ISP customers will be able to opt-out.

Phorm and its trio of ISP partners are hoping to sell consumers on the idea by bundling some shiny anti-phishing bells and whistles with the package. However, BT's reluctance to acknowledge what appears to have been a pilot of the Phorm system indicates how nervous executives are - or were - about their new revenue scheme.

'You have malware'

In June 2007, Reg reader Stephen noticed his Firefox 2.0.0.4 installations making suspicious unauthorised connections to the domain dns.sysip.net every time he visted any website. Naturally worried his machines had contracted some kind of digital infection, Stephen performed a series of exhaustive malware scans, which all came back clean.

He wasn't the only BT subscriber to notice that his browser was making the mysterious contacts around July last year, as this thread archived at Thinkbroadband.com shows.

"I spent all weekend wiping my disks clean and reinstalling from backups (four PCs seemed to be affected). I spent a further two days researching and installing all kinds of anti-virus, anti-spyware and anti-rootkit utilities. But even after all that I still have this problem!" Stephen told us at the time.

Having failed to trace the source of the dodgy redirect in his own network, he contacted BT to suggest one of their DNS servers may have been hijacked. BT dismissed the idea, yet the browser requests were still making an unauthorised stop off at dns.sysip.net.

Worried that his business' financial data might be being monitored, Stephen continued to investigate. A Whois search for dns.sysip.net revealed the domain was registered by Ahmet Can, an employee of a new online advertising company called 121Media. The address is now registered through a third party private domaining agency. 121Media rebranded itself as - you guessed it - Phorm in May 2007.

This is, you'll be unsurprised to learn, is indeed the same Phorm that BT, Virgin Media and Carphone Warehouse recently revealed they had agreed to sell their customer's browsing habits to, despite the questions over its links to spyware. For helping Phorm target advertising, the ISPs are set to bag a cut of click revenues.

The company's proposed business model was in the public domain last summer, and being able to put two and two together, Stephen asked Phorm and BT what they were doing with dns.sysip.net and his browsing data. This is where the story got weird.

Next page: Deus ex machina

Similar topics

Broader topics


Other stories you might like

  • Dog forgets all about risk of drowning in a marsh as soon as drone dangles a sausage

    It's not the wurst idea in the world

    Man's best friend, though far from the dumbest animal, isn't that smart either. And if there's one sure-fire way to get a dog moving, it's the promise of a snack.

    In another fine example of drones being used as a force for good, this week a dog was rescued from mudflats in Hampshire on the south coast of England because it realised that chasing a sausage dangling from a UAV would be a preferable outcome to drowning as the tide rose.

    Or rather the tantalising treat overrode any instinct the pet had to avoid the incoming water.

    Continue reading
  • Almost there: James Webb Space Telescope frees its mirrors and prepares for insertion

    Freed of launch restraints, mirror segments can waggle at will

    NASA scientists have deployed mirrors on the James Webb Space Telescope ahead of a critical thruster firing on Monday.

    With less than 50,000km to go until the spacecraft reaches its L2 orbit, the segments that make up the primary mirror of the James Webb Space Telescope (JWST) are ready for alignment. The team carefully moved all 132 actuators lurking on the back of the primary mirror segments and secondary mirror, driving the former 12.5mm away from the telescope structure.

    Continue reading
  • Arm rages against the insecure chip machine with new Morello architecture

    Prototypes now available for testing

    Arm has made available for testing prototypes of its Morello architecture, aimed at bringing features into the design of CPUs that provide greater robustness and make them resistant to certain attack vectors. If it performs as expected, it will likely become a fundamental part of future processor designs.

    The Morello programme involves Arm collaborating with the University of Cambridge and others in tech to develop a processor architecture that is intended to be fundamentally more secure. Morello prototype boards are now being released for testing by developers and security specialists, based on a prototype system-on-chip (SoC) that Arm has built.

    Arm said that the limited-edition evaluation boards are based on the Morello prototype architecture embedded into an Armv8.2-A processor. This is an adaptation of the architecture in the Arm Neoverse N1 design aimed at data centre workloads.

    Continue reading

Biting the hand that feeds IT © 1998–2022