Kim Cameron has this great post about Phorm. Kim seems particularly bothered by the kind of protocol chicanery BT is planning:
The British Information Commissioners Office confirmed to the BBC that BT is planning a large-scale trial of the technology “involving around 10,000 broadband users later this month”. The ICO said: “We have spoken to BT about this trial and they have made clear that unless customers positively opt in to the trial their web browsing will not be monitored in order to deliver adverts.”
Having quickly read Richard’s description of the actual protocol, it isn’t yet clear to me that if you opt out, your web traffic isn’t still being examined and redirected. But there is worse. I have to admit to a sense of horror when I realized the system rewards ISPs for abusing their trusted role in the Internet by improperly posing as other peoples’ domains in order to create fraudulent cookies and place them on users machines. Is there a worse precedent? How come ISPs can do this kind of thing and other can’t? Or perhaps now they can…
What bothers me is how many people have accepted that this is not an invasion of privacy simply because the ISP anonymizes the data. But the proof is in the pudding. The end result is to serve a real person an ad based on an aggregate of their web browsing habits.
To all you BT customers that opt-in to this nonsense:
The first time you get an ad for Naughty Llamas magazine based on your preference for viewing images of a certain type of South American Camelid in suggestive positions, you will know that your privacy has been more violated that that of a South American Camelid.
Before you get your first ad your privacy has been violated. After it’s going to feel violated as well.
The lesson here: encryption is a necessary (but not sufficient) precondition to internet privacy.