BT pull out of Phorm

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <20090708215936.GA10634 at annexia.org>, Richard Jones
<rich at annexia.org> writes

>On Wed, Jul 08, 2009 at 07:03:12PM +0100, Nicholas Bohm wrote:
>> Might it be that once it was decisively determined that an individual
>> opt in from each user was required, trials showed that not enough users
>> would opt in to make it worthwhile?  Or that problem coupled with the
>> prospect of many major sites opting themselves out and reducing the
>> effectiveness of the profiling?
>
>There also seems to have been a lot of technical risk.

Several people have suggested to me over the past few months that BT had
decided to deploy a "network level opt-out" (viz: that if you opted-out
of using Phorm then your traffic would never go near the Phorm
equipment, fixing one of the PR/legal problems that people perceived
with the originally described system design).

However, designing and deploying this new scheme turned out -- for some
reason -- to be rather difficult.  This seems to resonate with:

    "[Our decision has] nothing to do with cost or privacy, it's about
    resources and priority,"

suggesting to me that the decision was ultimately seen to be about tying
up engineering expertise in making a not-especially-important system
work, rather than getting on with core business.  viz: it was killed by
the opportunity cost rather than the cost of rackspace or power budgets.

But, absent any more detail from BT (or a less than loyal employee) my
scenario remains merely speculation, albeit I would suggest, very
plausible speculation.

{BTW: this ties in with Clayton's law of RADIUS servers; that every ISP
runs the version of RADIUS one after the version that was current when
they first went into business -- after one upgrade cycle, everyone in
the department swears never again!}

>  Assuming that
>the diagram below is accurate, then you've got Phorm boxes and
>multiple round-trips on the path between each customer and their
>websites.  

correct, but only if you access a site without a webwise cookie to hand
(ie for most people just the one time)

>Seems like much room for things to go wrong, 

yes, in some circumstances you can never reach the site, and you have to
rely on Phorm's assurance that they will detect this and disable their
system automagically.

>and even when
>it works it must slow things down.  

yes a little -- only someone who was on the test could say how much

>Maybe Richard Clayton could
>comment?
>
>https://secure.wikimedia.org/wikipedia/en/wiki/Phorm#Implementation

I find it droll that the image itself is only available over HTTP
(rather spoiling the point of you providing an HTTPS URL)

Also the Wikipedia article links to the old version of my description
document [superseded within days of publication] :-( It also describes
me as a "member" of ORG (which is wrong [and controversial]) and a
member of FIPR (which I think technically is correct but, unless you
have read the Articles of Association, isn't very helpful) ... but since
I understand that editing Wikipedia articles when you actually know
anything about a topic from personal experience is not allowed, that
part of the article will have to remain wrong :)

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSlU+kpoAxkTY1oPiEQI0GgCcCqbH21XeSD7TRSFnWDKE9VuuIpUAnRuX
5KBpQPp7+m4Yv2UPvZ998nJR
=V9o5
-----END PGP SIGNATURE-----