Phorm's Webwise

By: chrisc on 7 April 2008
Posted in Surveillance

In recent weeks, there has been considerable press coverage of Webwise, an application designed by Phorm to track Web browsing behavior by ISP users and then target advertising at those users based on the sites that they visit. The coverage followed news that several UK ISPs were considering implementing the system and that at least one, British Telecom, had in fact tested the system despite previously denying doing so.

Notably, Phorm has been aggressive in promoting not only the commercial advantages of its product but also the privacy concerns. Its Web site claims that Webwise "takes consumer privacy protection to a new level. Our technology doesn't store any personally identifiable information or IP addresses, and we don't retain information on user browsing behaviour. So we never know - and can't record - who's browsing, or where they've browsed."

The response by privacy advocates is unsurprisingly skeptical, for several reasons. First, the system is expressly designed to collect browsing information and use that to target advertisements; by its very definition, this seems to implicate privacy and monitoring concerns. The fact that Phorm itself cannot easily identify the user in question does not remove the privacy implications; to that extent, the statement above blurs the importance and implications of anonymity and privacy.

Second, claims of anonymized data are suspect, as past debacles - such as AOL's release of search data and NetFlix's release of movie rankings - show that simply removing identifying information from a data set does not render that data set anonymous.

In addition, while the Webwise ID is intended to be stripped out so that the destination web site does not see it, that only happens if a browser always uses an ISP running Webwise. If, say, a user with a laptop connects through more than one location, the Webwise ID for that user will be visible both to other ISPs and to web sites that are part of the Webwise program.

Fortunately, the Webwise system appears to be, at minimum, very difficult to de-anonymize. Richard Clayton has spoken with Phorm and provided a terrific technical description of Website. While the Webwise application scans visited Web sites, search terms, and the like for information, it stores only associated "channels" (roughly, the advertising categories that match web sites the user has viewed) rather than the actual sites visited or even the keywords scraped from those sites. It seems likely to be impossible to derive either the user identity or the actual set of Web sites visited by a specific user without additional information captured at the ISP level, and even if the Webwise records could be associated with a specific individual, they appear to have very little forensic or other value, since only authorized advertising channels are recorded (and thus browsing implying illegal activity cannot readily be identified).

Webwise clearly has privacy implications; the fact that it monitors a substantial amount of common Web traffic to derive behavioral profiles and advertise on their basis is reason enough for concern; from a surveillance view, it certainly constitutes monitoring conducted by Phorm, even if only partial information is stored and identifying the specific individual in question is difficult. On the other hand, assuming Webwise conforms with the specifications above, there is very little risk of additional use or abuse of the collected information; unlike other tools that have additional surveillance implications, Webwise's issues are at least self-contained; no one can use Phorm records for other surveillance purposes.