DOCSLIB.ORG

LAP: Lightweight Anonymity and Privacy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
LAP: Lightweight Anonymity and Privacy 2012 IEEE Symposium on Security and Privacy LAP: Lightweight Anonymity and Privacy Hsu-Chun Hsiao† Tiffany Hyun-Jin Kim† Adrian Perrig† Akira Yamada‡ Samuel C. Nelson§ Marco Gruteser§ Wei Meng †CyLab/CMU ‡KDDI Labs §Rutgers University Tsinghua University Abstract—Popular anonymous communication systems often Attack class require sending packets through a sequence of relays on dilated No anonymity protection paths for strong anonymity protection. As a result, increased Lightweight anonymity end-to-end latency renders such systems inadequate for the Low-latency anonymity majority of Internet users who seek an intermediate level of End-server LAP High-latency anonymity anonymity protection while using latency-sensitive applications, such as Web applications. This paper serves to bridge the gap Government between communication systems that provide strong anonymity class Tor [1] protection but with intolerable latency and non-anonymous Global communication systems by considering a new design space eavesdropper Optimal solution Mix network [8] for the setting. More specifically, we explore how to achieve near-optimal latency while achieving an intermediate level of Latency anonymity with a weaker yet practical adversary model (i.e., Figure 1. The design space of anonymous schemes. protecting an end-host’s identity and location from servers) such that users can choose between the level of anonymity may be impatient to wait.2 and usability. We propose Lightweight Anonymity and Privacy (LAP), an efficient network-based solution featuring lightweight Despite existing work that attempts to protect end-users’ path establishment and stateless communication, by concealing anonymity [1], [7], [8], it still remains a challenge to provide an end-host’s topological location to enhance anonymity against an intermediate level of anonymity and privacy protection remote tracking. To show practicality, we demonstrate that without introducing much latency. In this paper, our main LAP can work on top of the current Internet and proposed goal is to bridge the chasm between systems that provide future Internet architectures. strong anonymity with high latency and systems that support no anonymity with zero latency, and explore how to support lightweight anonymity and privacy that is efficient enough I. INTRODUCTION to protect all traffic. Note that those end-users who want an intermediate level of privacy primarily desire to remain Staying anonymous in today’s Internet requires anony- anonymous from servers such that servers cannot track mous overlay systems, such as Tor [1], to conceal the their behavior. This implies that guaranteeing the end-user’s communicating endpoint’s IP address, as it can reveal the anonymity and privacy against a single remote entity rather end-user’s identity and location [2]. Such overlay systems than a strong, global attacker may be a suitable relaxation attempt to facilitate anonymous communication using layer- of the attacker model to gain higher efficiency. encrypted packets traveling through indirect routes. How- We propose a new setting that we call Lightweight ever, this results in additional latency due to long end-to-end Anonymity and Privacy (LAP-setting for short) for private path length and cryptographic operations indirectly traveling and anonymous communication in the Internet with the through three Tor relays would be approximately four times following properties: slower than traveling along a non-dilated path. Moreover, Tor relays are constantly overloaded [3], further worsening • Low-stretch anonymity: packets for anonymous and the latency and throughput. Measurements show that the private communication should travel through near- average time to fetch an HTTP header using Tor is 4.04s — optimal routes such that the increase in the number ten times higher than fetching it without Tor [4]. Although of Autonomous Domains (ADs) normalized over the privacy-anxious users may tolerate seconds of latency for original path length is low. strong privacy, users desiring an intermediate level of privacy • Relaxed attacker model: an intermediate level of for default protection of daily online activities (e.g., prevent privacy can be achieved with sender and receiver websites from tracking them for behavioral advertising1) anonymity and location privacy. Hence, we relax the strong attacker model (e.g., global or government-class 1Users might enable the DO-NOT-TRACK option supported by most 2Studies have shown that online users are sensitive to waiting time: mainstream browsers. However, a recent study [5] has shown that this Amazon’s sales dropped by 1% for every 100ms increase in page load mechanism is hard to use due to configuration complexity and provides time, and Google’s ad revenue decreased by 20% for a 500ms increase in no guarantee as it depends on the self-regulation of online organizations. search result display time [6]. © 2012, Hsu-Chun Hsiao. Under license to IEEE. 506 DOI 10.1109/SP.2012.37 attackers) considered by existing anonymity systems. mechanisms for other layers, as recognized by previous As Figure 1 shows, our aim is to address a relaxed attacker network-based proposals [7], [14]. model (e.g., end-server attack) with near-optimal latency Contributions. while existing work addresses stronger attacker models 1) We explore the design space of anonymous protocols (e.g., government class or global eavesdropper) with higher in the context of a relaxed adversary model. latency. Although low-latency designs are shown to be 2) We propose Lightweight Anonymity and Privacy inherently vulnerable to a global eavesdropper, some users (LAP), an efficient network-based solution that en- who trust their local ISPs can achieve much higher efficiency ables lightweight path establishment and efficient for- under the LAP-setting. warding. Our mechanism, Lightweight Anonymity and Privacy 3) We evaluate LAP’s security and performance advan- (LAP), is an efficient and practical network-based solution tages. Our systematic analysis and the evaluation of featuring lightweight path establishment and efficient com- our software implementation confirm that LAP can munication. LAP attempts to enhance anonymity by obscur- improve anonymity with low performance overhead. ing an end-host’s topological location, based on two building blocks: packet-carried forwarding state, and forwarding-state II. PROBLEM DEFINITION encryption. We study how to camouflage an end-host’s topological lo- • Packet-carried forwarding state: each packet carries cation (i.e., potential origin within a given topological neigh- its own forwarding state such that ADs can determine borhood) in a network architecture to enhance anonymity the next hop from the packet without keeping local per- and location privacy in a practical manner. More specifically, flow state. we study how to design an anonymous forwarding protocol • Forwarding-state encryption: existing anonymity sys- that can protect the identities and locations of end-hosts from tems require entire packets to be decrypted/encrypted a weaker yet practical adversary, while demanding minimal as they travel using shared keys between the sender increase in latency. We do not claim to achieve complete and intermediate relays. In contrast, LAP allows each anonymity, but rather focus on providing an intermediate AD to use a secret key (known to the AD only) level of anonymity. to encrypt/decrypt forwarding information in packet In this section, we scope our problem in terms of desired headers. As a result, an AD’s forwarding information properties, assumptions, and threat model. can be hidden from all other entities while a LAP packet remains the same at each hop. A. Desired Privacy Properties LAP is extremely lightweight in the sense that (i) it Sender/receiver anonymity. Anonymity can be viewed introduces minimal overhead over non-anonymous packets as being unidentifiable within a set of subjects (e.g., users), in terms of latency and computational overhead on routers, also known as an anonymity set [15]. This implies that a (ii) it does not require any per-flow state to be stored on sender or a receiver can achieve stronger anonymity if its routers, and (iii) no separate keys are required to be set identity is hidden in a larger anonymity set [16].3 As a up with routers. In addition to its performance advantages, result, an attacker cannot link the sender and receiver if LAP’s unique design provides two additional merits. First, either sender anonymity or receiver anonymity is achieved. LAP supports different privacy levels such that an end-host Since the design of a full anonymous communication system can trade privacy for improved performance. Second, LAP is that can defend against timing attacks and conceal unique a generic design that can work with a wide range of routing platform characteristics is beyond the scope of this paper, protocols, which includes the inter-domain routing protocol we focus on concealing an end-host’s network identifier and BGP and new proposals such as SCION [9] and Mobility- location in the network topology (which we call “topological First [10]. Furthermore, we show that LAP fits especially anonymity”), which is an important step towards improving well with proposed routing protocols that support packet- sender/receiver anonymity. For simplicity in expression, carried forwarding state, such as SCION and ICING [11]. we also abbreviate “topological anonymity” simply with In this paper we focus on network-based solutions, where “anonymity” in the paper. users and locations can be identified
Load more

Recommended publications
  • Security Forum Strategic Panel Phorm Position Paper
    Security Forum Strategic Panel Phorm Position Paper PHORM – PRIVACY IMPACT OF NEW INTERNET ADVERTISING MECHANISMS 1. INTRODUCTION 1.1. Online advertising company Phorm has caused a stir in the Internet community because of its profile-driven service. Phorm has trialled this service with BT, and signed further contracts with Virgin Media and TalkTalk. However, critics claim that the service breaches the Regulation of Investigatory Powers Act (2000), and that Phorm’s approach is contrary to users’ privacy wishes. 1.2. The BCS believes that the solution to this debate rests in self-regulation of online advertising: companies must establish and enforce a code of conduct; be completely transparent about their practices; resist sharing data with third parties; and submit to ongoing oversight from an independent third party organisation. 2. THE BATTLE FOR THE INTERNET 2.1. The massive market for online advertising is one that affects every Internet user: many search engines and websites depend upon advertising revenues for funding, and some ISPs use advertising to subsidise subscription costs. In the absence of those funding sources they would either have to pass on additional operating costs to users, or cease trading altogether. 2.2. The battle for control of Internet advertising had, until recently, been confined to a small number of (rapidly consolidating) players including the likes of Microsoft, Google, Yahoo! and DoubleClick. These well-established companies have built their offerings over many years and believed themselves to control the market, with little threat from new companies. 2.3. However, a new breed of online advertising company has recently appeared.
    [Show full text]
  • Phorm PIA Interim
    80/20 Thinking Ltd: Interim PIA for Phorm Inc 1 80/20 Thinking Ltd First Stage (Interim) Privacy Impact Assessment For Phorm Inc. February 10, 2008 80/20 Thinking Limited Registered office: 4th floor, 18 Pall Mall, London, SW1Y 5LU Company number 06483833 80/20 Thinking Ltd: Interim PIA for Phorm Inc 2 INTRODUCTION Phorm Inc has engaged 80/20 Thinking Ltd to deliver a Privacy Impact Assessment (PIA) as an integrated component of product development and deployment of its technology. This document serves as an Interim (first stage) report that will lead to the publication of a full PIA in March 2008. The commissioned work involves the following elements: • Scoping the technology and engineering elements to assess privacy functionality. • Assessment of due diligence and compliance aspects. • Conducting a full risk assessment of presentational and other elements of the product launch and deployment. • Working collaboratively to develop a sustainable privacy framework within the organisation. • Conducting privacy training to all Phorm staff. • Auditing the privacy policies. • Developing an outreach and stakeholder engagement process. • Creating a rapid response privacy reporting & response regime. • Follow-up for nine months, involving meetings with the executive team. As this assessment is being conducted relatively late in the lifecycle of Phorm’s product deployment, 80/20 Thinking has developed a “late stage implementation” PIA model that aims to satisfy most, if not all, of the criteria of a “full product cycle” PIA. This model is specifically designed to assist the implementation of a risk mitigation strategy for the implementation and lifecycle of IT projects that either involve personal data or which deploy potentially complex or controversial technologies and techniques.
    [Show full text]
  • Shunned Profiling Technology on the Verge of Comeback
    Dow Jones Reprints: This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers, use the Order Reprints tool at the bottom of any article or visit www.djreprints.com See a sample reprint in PDF format. Order a reprint of this article now WHAT THEY KNOW November 23, 2010, 11:31 p.m. ET Shunned Profiling Technology on the Verge of Comeback By STEVE STECKLOW and PAUL SONNE One of the most potentially intrusive technologies for profiling and targeting Internet users with ads is on the verge of a comeback, two years after an outcry by privacy advocates in the U.S. and Britain appeared to kill it. The technology, known as "deep packet inspection," is capable of reading and analyzing the A History of Phorm "packets" of data traveling across the Internet. It can be far more powerful than "cookies" and other techniques commonly used to track people online because it can be used to monitor all online activity, not just Web browsing. Spy agencies use the technology for surveillance. Now, two U.S. companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads More interactive graphics and photos to people based on extremely detailed profiles of their Internet activity.
    [Show full text]
  • A Company Promises the Deepest Data Mining Yet - New York Times
    A Company Promises the Deepest Data Mining Yet - New York Times http://www.nytimes.com/2008/03/20/business/media/20adcoside.html?_... March 20, 2008 A Company Promises the Deepest Data Mining Yet By LOUISE STORY Amid debate over how much data companies like Google and Yahoo should gather about people who surf the Web, one new company is drawing attention — and controversy — by boasting that it will collect the most complete information of all. The company, called Phorm, has created a tool that can track every single online action of a given consumer, based on data from that person’s Internet service provider. The trick for Phorm is to gain access to that data, and it is trying to negotiate deals with telephone and cable companies, like AT&T, Verizon and Comcast, that provide broadband service to millions. Phorm’s pitch to these companies is that its software can give them a new stream of revenue from advertising. Using Phorm’s comprehensive views of individuals, the companies can help advertisers show different ads to people based on their interests. “As you browse, we’re able to categorize all of your Internet actions,” said Virasb Vahidi, the chief operating officer of Phorm. “We actually can see the entire Internet.” Phorm is not the first company to realize that providers of broadband services are sitting on deep caches of consumer data. Other advertising companies like Front Porch, NebuAd, Adzilla and Project Rialto are trying to do much the same thing. What distinguishes Phorm is the success — and scrutiny — it has had in the British market.
    [Show full text]
  • The Case for a Right of Audit in Private Databases
    LITTLE BROTHER'S BIG BOOK: THE CASE FOR A RIGHT OF AUDIT IN PRIVATE DATABASES Preston N. Thomast I. INTRODUCTION To even the most dedicated scholars, the concept of privacy has proven "ex- asperatingly vague and evanescent"' and "infected with pernicious ambigui- ties."2 Because privacy is difficult to define, it does not fit neatly into existing legal frameworks.3 Instead, privacy has produced years of "well-meaning but intractable debates."4 English legal scholar and privacy advocate Raymond Wacks suggests that "[i]nstead of pursuing the false god of 'privacy', attention should be paid to identifying what specific interests of the individual we think the law ought to protect."' Following this advice, many legal scholars grappling with the problem of protecting privacy have advocated a more operationalized view of privacy that breaks the abstract concept into concrete assertions more readily incorporated t J.D. Candidate, May 2010, The Catholic University of America, Columbus School of Law. The author wishes to express his deep gratitude to the associates and editors of the Com- mLaw Conspectus for their hard work on this project. I Daniel Solove, "I've Got Nothing to Hide " and Other Misunderstandings of Privacy, 44 SAN DIEGO L. REV. 745, 754 (2007) (quoting ARTHUR R. MILLER, THE ASSAULT ON PRI- VACY: COMPUTERS, DATA BANKS, AND DOSSIERS 25 (1971)). 2 Id. at 754 (quoting Hyman Gross, The Concept of Privacy, 42 N.Y.U. L. REV. 34, 35 (1967)). 3 RAYMOND WACKS, PERSONAL INFORMATION: PRIVACY AND THE LAW 10-11 (1989). Wacks argues that a rights-based approach to privacy, as opposed to a holistic approach, will avoid forcing personal information problems into the "strait-jacket of 'privacy."' Id.
    [Show full text]
  • The Phorm “Webwise” System
    The Phorm \Webwise" System Richard Clayton, 4th April 2008 Introduction On Wednesday 26th March 2008 I put on my \hat" as Treasurer of FIPR and accompanied Becky Hogge, Director of the Open Rights Group, to a meeting with Phorm, the company whose advertising platform has been much in the news lately. We had a wide-ranging briefing about the technical aspects of their system, the way in which it preserves privacy and their vision of how it will transform online advertising. The meeting was very technical throughout, and these notes reflect that. Doubtless more user-friendly explanations will be provided in time. The meeting was entirely on the record, with the sole agreed exception of Phorm telling us the identities of their suppliers of \phishing" URLs. They fully understood that we would be writing about what we learnt from the meeting. Some of the information which was imparted had already been made public in various places, but a fair bit is entirely new. I provided an initial draft of this document to Phorm, who corrected a handful of details (mainly timeout periods) which they'd mis-remembered in the meeting, and pointed out a couple of errors I'd made { which I have been happy to correct. Because the relevant person was travelling, this has engendered a slight delay, but I felt that the resulting accuracy of the document made this worthwhile. Naturally, when describing such a complex system, there is ample opportunity for errors to creep in, or important detail to have been glossed over. A single meeting is inadequate for delving into every detail { hence it must be assumed that there is still more to be usefully learnt about the system's operation.
    [Show full text]
  • Article Profiling Phorm
    Profiling Phorm: an autopoietic approach to Article the audience-as-commodity Andrew McStay Bangor University, Wales. [email protected] Abstract As advertisers’ media spend on online advertising continues to increase, there exists a need to update the means by which we understand and critique advertising. Reliance on textual analysis and visuality is of little use in a milieu increasingly predicated on technics and surveillance. A post-hegemonic critique is advanced here that argues for a stronger understanding of feedback relations and the means by which we as users contribute to heterogeneous advertising experiences. This paper progresses and updates Dallas Smythe’s (1977) audience-as-commodity argument. It examines developments in online behavioural advertising that employs deep-packet inspection (DPI), which has caused consternation to technologically savvy consumers, privacy activists and regulators. Drawing upon the case study of Phorm that received national media attention in the UK and policy-maker attention in Europe, this paper highlights key features of DPI-based advertising, non-personally identifiable profiling and their implications for contemporary commercial autopoietic feedback relationships where users themselves are a fundamental component of online behavioural advertising practices. Introduction As Ball et al. (2006) recognise, critical accounts of surveillance technologies benefit from an understanding of technological and political specifics, as well as theoretical conceptualisation. This paper thus initially offers a detailed exposition of behavioural advertising technologies, drawing on the privacy situation in Europe involving Phorm, the behavioural advertising company whose intentions to roll out deep-packet inspection (DPI) across the most popular UK broadband providers received a severe reception from interested citizens, privacy activists and the European Commission alike.
    [Show full text]
  • This Item Was Submitted to Loughborough's Institutional
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Loughborough University Institutional Repository This item was submitted to Loughborough’s Institutional Repository (https://dspace.lboro.ac.uk/) by the author and is made available under the following Creative Commons Licence conditions. For the full text of this licence, please go to: http://creativecommons.org/licenses/by-nc-nd/2.5/ Privacy Impact Assessments: the UK experience Dr Adam Warrena, Robin Bayleyb, Professor Colin Bennettb, Andrew Charlesworthc, Dr Roger Clarked, Professor Charles Oppenheime aDepartment of Geography, Loughborough University, UK. Email: [email protected] bLinden Consulting, Inc., Victoria, BC, Canada cSchool of Law, Bristol University, UK dXamax Consultancy Pty Ltd., Chapman, ACT, Australia eDepartment of Information Science, Loughborough University, UK Abstract This paper builds on original work undertaken as part of a team of researchers into Privacy Impact Assessments (PIAs), defined as a systematic risk assessment tool that can be usefully integrated into decision-making processes. The team were commissioned by the UK Information Commissioner’s Office (ICO) in June 2007 to develop a study of PIAs in overseas jurisdictions and a handbook to guide UK organisations through the PIA process. This research has subsequently attracted interest in the UK and overseas. PIAs are now mandatory for all UK central government departments. In this paper, the development of the project team’s PIA methodology and subsequent user experiences led to a key project output, the PIA handbook. The handbook has become a significant part of the privacy ‘toolkit’ and has impacted on public policy.
    [Show full text]
  • Freedom on the Net 2011
    1 FREEDOM HOUSE Freedom on the Net 2011 UNITED KINGDOM 2009 2011 POPULATION: 62.2 million INTERNET FREEDOM Free Free TATUS INTERNET PENETRATION: 84 percent S 0 WEB 2.0 APPLICATIONS BLOCKED: No Obstacles to Access 2 1 SUBSTANTIAL POLITICAL CENSORSHIP: No Limits on Content 7 8 BLOGGERS/ONLINE USERS ARRESTED: Yes Violations of User Rights 14 16 PRESS FREEDOM STATUS: Free Total 23 25 INTRODUCTION The United Kingdom has high levels of internet penetration, and online freedom of expression is generally respected. However, both the government and private parties have presented ongoing challenges to free speech rights in connection with antiterrorism efforts, public order, and intellectual property. The biggest controversy in the past year was the adoption of the Digital Economy Act on the last day of the outgoing government in April 2010. The law allows for the blocking of websites as well as the cutting off of user accounts based on claims of intellectual-property rights violations. In a positive development, the newly elected coalition government has promised to review and repeal a number of laws that negatively affect online free expression and privacy. The United Kingdom has been an early adopter of new information and communication technologies. The University of London was one of the first international nodes of the ARPAnet, the world‟s first operational packet switching network that later came to compose the global internet, and the Queen sent her first ceremonial email in 1976. Academic institutions began to connect to the network in the mid 1980s. Internet service providers (ISPs) began appearing in the late 1980s and more general commercial access was available by the early 1990s.
    [Show full text]
  • Nebuad Report Final
    NebuAd and Partner ISPs: Wiretapping, Forgery and Browser Hijacking Robert M. Topolski Chief Technology Consultant Free Press and Public Knowledge June 18, 2008 Executive Summary This report addresses the technical aspects of NebuAd, a targeted behavioral advertising company with offices located in the United States and United Kingdom that recently began seeking deals with Internet Service Providers (ISPs). NebuAd recently made headlines when the cable operator Charter announced that it had struck a deal with the company. Charter’s announcement prompted public and congressional inquiries into NebuAd’s practices, including a letter from Rep. Ed Markey (D-Mass.) and Rep. Joe Barton (R-Texas). NebuAd has also been deployed by WOW!, Embarq, Broadstripe, CenturyTel, Metro Provider and others. To determine NebuAd’s practices, this investigation used sound and reproducible network testing methods. The investigation concludes that NebuAd’s advertising hardware monitors, intercepts and modifies the contents of Internet packets using Transmission Control Protocol on Internet Protocol (TCP/IP). In doing so, NebuAd commandeers users’ Web browsers and collects uniquely identifying tracking cookies to facilitate its advertising model. Apparently, neither the consumers nor the affected Web sites have actual knowledge of NebuAd’s interceptions and modifications. NebuAd exploits several forms of “attack” on users’ and applications’ security, the use of which has always generated considerable controversy and user condemnation, including browser hijacking, cross-site scripting and man-in-the-middle attacks. These practices -- committed upon users with the paid-for cooperation of ISPs -- violate several fundamental expectations of Internet privacy, security and standards-based interoperability. Moreover, NebuAd violates the Internet Engineering Task Force (IETF) standards that created today’s Internet where the network operators transmit packets between end users without inspecting or interfering with them.
    [Show full text]
  • Who Wants to Snoop on Your Internet Traffic?
    Who wants to snoop on your Internet traffic? Dr Richard Clayton BCS, Hertfordshire 30th September 2009 verview • Phorm • Great Firewall of China (GFC) • Peer-to-Peer (p2p) • Internet Watch Foundation (IWF) • Interception Modernisation Programme (IMP) • …and many more Behavioural advertising • Advertising is big bu$ine$$! • Basic Google model is —put ads on relevant pages“ • Alternative approach is —show ads that are relevant to people who happen to visit“ ° DoubleClick tracks visits to participating sites by cookies (returned to DoubleClick) ° Phorm proposed to inspect HTML on (almost) all visited pages to deduce nature of content, then serves relevant advert if you visit a participating site • Advertisers want to know what you do, not who you are ° they break people down into categories ° ABC1, —empty nesters“, lots of fancy new names…. • So they can live with anonymity Phorm design #1 Layer 7 switch 16byte unique ident channel server profiler anonymiser Phorm design #2 2istilled pages attack advertising consumers CleanFeed content format leading document OIX inquiry event ISP online partners Phorm legal Phorm packets technology PIA Virgin paper privacy PDF websites School Webwise system system Thinking This is what all those rubbish search engines used to do before Google came along! Channel server • Channel server is also told about URLs • Hence channel server is also told of search terms (Google &c keep them within the URLs) and these are then mined • Channel server only learns UID not IP address ° hence some —anonymity“ properties
    [Show full text]
  • BT Shelves Phorm's Web Usage Monitoring for Ads 7 July 2009, by ROBERT BARR , Associated Press Writer
    BT shelves Phorm's Web usage monitoring for ads 7 July 2009, By ROBERT BARR , Associated Press Writer (AP) -- British telecommunications provider BT "To allow someone to snoop on your Internet traffic PLC is indefinitely shelving plans to target online is to allow them to put a television camera in your advertising to individual customers by using Web room, except it will tell them a whole lot more about monitoring techniques that have drawn privacy you than the television camera," Berners-Lee said complaints. in March at a Parliamentary event where he clashed with Phorm's chief executive, Kent BT announced this week that it had no immediate Ertugrul. plans to deploy Phorm Inc.'s Webwise ad-targeting system for BT's 4.8 million broadband customers, Phorm has said its system would ask users saying it needed to spend its resources on more whether they wanted to use the Webwise system, urgent projects. BT did not address the privacy and that it would not store browsing histories or concerns in its statement. Internet Protocol addresses, the online equivalent of a street address. Shares in Phorm fell Tuesday for a second day. The company has said it received assurances from In the United States, potential partners for a similar the British government that its technology can be ad-targeting system from NebuAd Inc. began operated lawfully. The European Union, however, backing out amid privacy complaints and has started legal action against Britain for not congressional inquiries, prompting NebuAd to shut applying EU data privacy rules to Internet down. monitoring such as Phorm's activities.
    [Show full text]