An emerging and intrusive technology may soon be coming to your ISP. Three companies, NebuAd, Front Porch and Phorm, are best-known for using deep packet inspection of ISPs’ user’s browsing habits as a way to present targeted advertising to users. Advertising on the web is nothing new, but the way these companies’ services work is something you should know about.

Basically, these companies, with the consent of ISPs, install an appliance into the ISP’s network. This device acts as a proxy: when you browse to a page, this proxy device intercepts your request, then inspects the content of the requested page for key words, and uses this information to present targeted ads to the user. (Steve Gibson goes into detail regarding how Phorm’s WebWise service gathers information in his Security Now! podcast #151.)

So with these companies’ devices placed inside of your ISP’s network, ISPs make money, and their customers’ surfing habits get analyzed.


While these companies, especially Phorm, claim to go to great lengths to protect users’ privacy, they are under close scrutiny. Much of the firestorm of controversy surrounding Phorm began in June, 2007. BT, one of the top 3 British ISPs, secretly conducted tests of customer data with the WebWise technology. At that time, some of BT’s customers noticed that their computers’ browsers were accessing the domain dns.sysip.net when their users visited any website.

One of those customers, concerned that his computers were infected with malware, spent the weekend reformatting hard drives and restoring backups, only to discover that his computers continued to access dns.sysip.net. After learning of BT’s business agreement with Phorm, this customer contacted BT to learn if his “malware” troubles occurred with BT’s consent. BT at first denied this, but then confirmed that they had been working with Phorm, and that customers’ data was used to test the WebWise technology.

While there have been no conclusive decisions regarding the legality of Phorm’s technology, the top 3 British ISPs have signed agreements with Phorm. Since these ISPs currently service 70% of British broadband customers, many people will be affected by the final outcome. The WebWise technology currently offers an “opt-out” option. A compromise may be reached only if customers can “opt in,” rather than be subjected to this technology without their knowledge.

The Anti-Spyware Coalition has weighed in as their members “agreed to review the privacy concerns that rise out of partnerships between behavioral targeting advertising companies and ISPs, where all, or substantially all, user Web traffic is passed to advertisers in order to allow them to engage in targeted advertising.”

Takeaway: This technology is just beginning to be implemented in the US. While these advertising companies may be sincere and diligent in their efforts to protect privacy, consumers need more information about the technology in order to make an informed choice. Be proactive and ask your ISP if they are partnering with NebuAd, Front Porch or Phorm.