There’s been plenty of buzz (more of the angry hornet variety rather than the just-inhaled-a-lungful-of-dope variety) about Phorm of late, precipitated by a press release that the company put out on Feb 14 in the UK, announcing partnerships with three major UK ISPs to provide a system “…which ensures fewer irrelevant adverts and additional protection against malicious websites”. Critics of the system (led by noted UK cage-rattler, The Register) claim that the technology is little more than spyware by another name. The negative press around Phorm’s announcement has caused at least one of their ISP partners to back away from the deal, and cause their stock to plummet by more than 30%. It looks like this could be the latest in an increasingly long line of bungled targeting announcements from the industry (Beacon, anyone?). But what went wrong?
What is Phorm?
Phorm as a company is the new name for 121Media, a UK AIM-listed company who started out producing a browser toolbar which tracked your page usage to provide a social media environment, connecting you with other people who were looking at the same page. Ad-funded, the toolbar quickly picked up a reputation for being spyware (even though I agree with Phorm’s protestations that it was really adware, which is better, but still tarred with the same brush), so it was dropped and the company renamed Phorm.
The new service Phorm has launched is called Webwise (not to be confused with the BBC site of the same name). Essentially it is technology that ISPs install at their data centers which analyzes the URL and textual content of web pages being served and uses this information to place users into interest categories so that they can be served behaviorally-targeted ads. The technology does this by intercepting the page request and sending a copy of it to a “Profiling” server which extracts keywords and uses this information to assign users to interest groups:
The same technology has a function to alert the user to phishing web sites; since the URL and content is being examined, phishing sites can be spotted and blocked. This functionality forms a core part of Webwise’s value proposition to users.
The other part of the alleged value to users is that this profiling process does not permit the ISP to associate a user’s profile with their IP address; that means that the ISP (and any government agency who subpoenaed the ISP’s records) could not re-associate the Phorm data with a customer record (ISPs can tell which IP address was assigned to which customer at a particular time). The Phorm system does also not store any of the page information or extracted keywords; once the interest “channel” has been arrived at, all the rest of the data is deleted.
So Phorm claims that its system is a real step forward for user privacy on the Internet, whilst at the same time enabling advertisers to reach their audience more effectively. But the industry (and the public) haven’t really seen it like this.
Why all the fuss?
Phorm’s announcement was always bound to generate a certain amount of controversy, because it’s in the sensitive area of behavioral profiling & targeting. But there has been a particularly virulent reaction in the UK, which, whilst started by sites like the Register, has now spread to the “mainstream” media.
Some of the reasons for the fuss are (comparatively) silly things – for example, the renaming of the company from 121Media, which has just made people nervous, especially given the previous company’s adware history, or the fact that the company operates out of serviced offices in the UK and doesn’t really have a physical address in the US.
A more serious blunder on Phorm’s part is their failure to anticipate the scrutiny that this kind of system would be placed under. In this kind of environment, given the firm’s history, absolute transparency is essential, and Phorm hasn’t provided this. There are still unanswered technical questions about Phorm’s system, such as how it manages the opt-out (does data still get collected, or not?), and there have been inconsistencies in the claims that Phorm has made about third-party privacy audits of their software.
Phorm has also made the mistake of launching prematurely, with many of their partnerships still only half-baked. At the moment there is no benefit to users being delivered, because none of the systems that Phorm has announced are actually live within ISPs, and so all the focus is on the downside. Phorm would have done much better to wait until the service was fully baked with at least one of their partners and they had some real users onboard who could testify to the increased relevance of ads and how comfortable they were with their privacy with Phorm, before making a big splash. The press release looks like the product of an over-zealous PR agency looking to ensure their monthly coverage targets were being hit. Well, they’ve certainly done that.
What can we learn?
The main problem here is a poorly thought-out balance of benefits for ‘costs’ in this offer. Phorm have claimed that this system protects user privacy, but it doesn’t really; it’s just an ad targeting system with a better-than-average approach to protecting privacy. Users who are opted into Phorm will still receive cookies and targeted ads from other ad networks, and their behavior will still be tracked by those other networks.
Apart from the phishing protection (which is already baked into IE7 and Firefox anyway, and turned on by default), there’s nothing in the Phorm system which provides users with protection of their personal data across the Internet. The only way that Phorm’s entry into this market can elevate user privacy overall is if other providers of targeted ads who are storing more data decide to pack up and go home – which I doubt will happen.
The furore also highlights the challenges of partnering with ISPs for this kind of service. Because ISPs are the gatekeepers of the Internet (and because, for many people, switching ISPs is a pain in the a**), users are very sensitive to any perceived exploitation of this relationship by the ISPs. In the UK, ISPs are some of the best-known Internet brands, but also some of the least liked. Ironically the cause of this dislike (poor customer service) is a direct result of the price war that has precipitated ISPs’ interest in this kind of service, as they are receiving a cut of the revenues, of course.
Ultimately the tale makes clear how careful any company has to be in launching a service like this – the balance of benefits has to be clearly stacked in favor of the user. As Chris Williams of The Register said during an interview with Phorm’s CEO, Kent Ertegrul, said:
“a big difference I see between what you’re
doing and what Google does is that people feel that they’re getting a service from Google. I don’t think people feel they’ll be getting a service from you”
It will be interesting to see how the Phorm saga plays out. Perhaps one day it’ll find its way onto an online marketing MBA module syllabus.