Phorm by any other name

It seems that Phorm, who have created a huge rumpus in the UK and Europe with their system for tracking a user’s browsing habits and allowing partner websites to serve up relevant ads, are not the only people in the game.

A recap… Phorm’s WebWise product relies on installing a device in an ISP’s network that ‘sniffs’ individual user’s browsing activity (albeit anonymously), and then when the user visits one of Phorm’s partner publisher sites, uses the accumulated history to select an appropriate ad to show. For example, if the user had been looking at motoring websites recently, they might see an ad for cars when another user who looks at sports sites might see an ad for sports coverage on pay TV.

The benefits claimed for various parties are thus:

• This ad will be more relevant to the user than a default ad would be, thus enhancing the user’s experience and annoying them less – peoples’ tolerance for relevant ads is higher than their tolerance for irrelevant ones
• An anti-phishing filter is built-in (not sure how this integrates with the rest of the service)
• A more relevant ad should provide a better click-through and conversion rate for the advertiser, increasing their ROI
• As a result the publishers of the website on which the ad was shown should get a better return on their ad inventory.
• The ISP, normally not party to the advertising model, can start to share in ad revenue
• Phorm invented it and make money at all stages.

This all seems like a win-win until the P-word is mentioned… Privacy, of course. The whole thing only works when a user’s ISP collects data about them and allowing other parties to access this data. Depending on your sensitivity to online privacy issues, this is somewhere on the scale from innocuous to the work of the devil. Phorm’s initial ISP customers in the UK (BT Retail, CPW and Virgin Media) have indicated that they’ll provide the ability for a user to opt-out of using Phorm, but since many won’t even notice it’s there, privacy campaigners have suggested that the whole thing should be opt-in instead… this would mean a significantly lower penetration for all parties and perhaps make the whole thing unviable. The ISPs will be very sensitive to anything that might cause their users to consider churning to a rival service.

Phorm’s response to the privacy issue is robust; they’re confident they don’t breach any privacy legislation and are pushing ahead.

So, back to the plot… Phorm are not the only players in this area, and not the only ones causing controversy, either. In a Wired article, Ryan Singel writes about a plan by Charter Communications, one of the largest US broadband providers, to roll out technology from NebuAd. This appears to be similar to Phorm’s product. Charter’s plans have already come to the attention of 2 high-profile Congressmen as reported elswhere on Wired, who are not going to  be fobbed off with anything less that cast-iron guarantees of user privacy and compliance with relevant US legislation. The Congressmens’ question centres around the nature of a user’s consent to the service – just like Phorm, the Charter/NebuAd scheme offers an opt-out to each individual user, although there appears to be confusion about the technical nature of this – NebuAd’s opt-out page tells the user that they have to accept an ‘opt-out cookie’ – and by the nature of cookies, some part of the user’s traffic has to have hit a NebuAd server before they can act on it. So what is the user opting out of? Certainly the display of targetted ads, but the privacy issue is around the collection and sharing of data, and the jury’s out on that part.

Users have been shown targetted ads for years – a large site selects ads based on its own knowledge of the user’s behaviour on that site. A site which is a member of one of the large ad networks allows the network to track users with cookies to help target ads. Google shows ads related to the search terms you typed, and AdWords ads based on the content of the page you’re looking at. Gmail shows you ads based on the content of your email inbox. None of this is new. But what’s different here is the collection of data within the ISP network, without the explicit consent of the user, and sharing with unknown parties. It’s probably the way of the future – it’s not going to get un-invented, but it’s not going to be deployed without a fight.