Google and others have had great success with online advertising, while the provision of the mere “pipes” of the internet has become an increasingly competitive, commoditised business. So, it is no surprise that some ISPs have felt they have missed out on the real success of the internet and are keen to join the party.
The holy grail of advertising is to be able to precisely tailor ads to a behavioural profile of their intended target. ISPs have one enormous advantage when it comes to profiling web-surfing habits: the one node of the internet that users cannot bypass is their way in, their ISP. Companies such as Phorm, NebuAd and FrontPorch have developed technologies to exploit this advantage and have tempted a number of ISPs to install their systems with the promise of a slice of the advertising action.
The problem is that many people do not like the idea that their web-surfing is being tracked and these systems have been made “opt out” rather than “opt in”. Furthermore, they operate in such a “transparent” manner that most users would be unaware that the profiling is taking place.
I was first made aware of Phorm (previously known as 121Media, creators of a notorious piece of spyware) listening to episode 149 of the Security Now podcast. This podcast featured a fairly technical description of the “cookie dance” that Phorm uses, redirecting your web requests from the destination site, to Phorm’s own site and back again, all with the aim of ensuring you get a tracking cookie file for every site you visit. Phorm uses these cookies to build the profile of sites you like to visit and this profile is then used to deliver you targeted ads. Security Now followed up a couple of weeks later (episode 151) with a less technical interview with anti-Phorm advocate Alexander Hanff from the UK. Despite the fact that the UK and Europe have quite stringent privacy legislation relating to digital media, the communication giant BT has been trialling the Phorm system and triggered a storm of protest as a result.
This led me to wonder whether these “data pimps”, as the Register likes to call them, are likely to appear in Australia. I contacted my ISP, Optus, and this was their response:
Optus does not actively monitor internet use due to the Privacy Act & Law. Having said that, upon request from the proper authorities Optus may be approached to deliver information if any individual account was deemed to have breached the Federal Law.
They then referred me to their Terms and Conditions. The most relevant section there seems to be the following:
We may collect, use and disclose personal information about you, to decide whether to start, stop or limit supply to you of personal credit, the service or the products and services of other Optus group companies. [Italics in original source].
The key would appear to be that they will only disclose information for advertising purposes within the Optus group. It would be interesting to know whether other Australian ISPs will be taking the same strict view of their privacy obligations. Maybe you should ask your ISP…let me know what you find out.