Stealing Phorm's business model

[Paul Barnfather]

> On 07 April 2008 12:59, Richard Clayton wrote:
> > This cookie can then be used in an access to the webwise.net domain in
> > order to fetch an advertisement, and analysing the nature of that
> > advertisement will permit the website to serve their own targeted-by-
> > behaviour advert.

On Mon, Apr 7, 2008 at 1:17 PM, James Firth <james2@jfirth.net> wrote:
> Say I'm a website owner, and I have registered users' details, and I want to
> find out a bit more about these users.  Next time they visit, I steal their
> Phorm UUID.

If the GUID is easily available then any website operator has access
to a very valuable data set:  GUID + registration info (which may
include name, address, email, credit card, etc). This data can (and
presumably will) be sold on by unscrupulous operators.

Any site operator purchasing this data will be able to instantly
obtain personally identifiable data on every visitor by simply
recording the GUID.

Surely this would enable a privacy invasion of spectacular proportions?