Page last updated at 06:58 GMT, Tuesday, 22 April 2008 07:58 UK

Security firms scrutinise Phorm

Hand and computer mouse, Eyewire
Phorm works by watching where you go online and serving up ads to match

Online advert system Phorm could be automatically blocked by security programs, BBC News has learned.

The controversial system is based around small files called cookies that some computer security firms say they may label as "adware" and block.

Other firms are waiting until the system is rolled out until they decide what to do with Phorm cookies.

Phorm said the firm was talking to security companies to explain how its system worked.

Many security firms contacted by BBC News said the tools included in security programs would let computer owners stop the cookie being used.

Privacy fear

Phorm works by watching a user's web browsing habits and then slipping adverts related to that history onto websites that have signed up.

To target ads Phorm, like many other web businesses, uses a small text file called a cookie.

So far three net firms, BT, Virgin and Carphone Warehouse, have signed up for Phorm. Carphone Warehouse has said its customers will have to opt in to the system the other two will automatically enrol anyone that does not explicitly ask to be excluded.

Some computer security companies contacted by the BBC say they may block the cookie that Phorm uses to keep an eye on a web user's habits.

Stefan Lundstrom, an anti-spyware researcher at F-Secure, said it had been in discussion with Phorm about how its system works. He added that it would take a firm decision when the system goes live.

"Phorm have hinted that most ISP's will choose an opt-out solution based on a cookie," he said. "We have expressed our concern that's not informed consent and most likely will meet our detection criteria."

Warning label on computer, Eyewire
Security software may start warning users about the Phorm cookie

The result would be blocking of the cookie and labelling it as adware.

Simon Heron, managing director of UK security firm Network Box, which provides security services to small businesses, said it would block the cookie initially.

Mr Heron acknowledged Phorm's efforts to abide by the Anti-Spyware Coalition's code of practice and its links with net firms but said security and privacy concerns had driven its blocking decision.

He added: "We will continue to monitor this situation but browsing information is the user's property not the ISP's or anybody else's."

Symantec, Trend Micro and McAfee said they would monitor Phorm as it gets rolled out to see how the cookie is used in practice and whether users need warning about it.

In a statement Symantec said: "At this point we are assessing the full implications of this technology and how it fits into the established criteria we use for categorising and classifying new technologies such as Phorm's."

Graham Cluley, senior technology consultant at Sophos, said because it only provided services to businesses it was unlikely to be called on to block Phorm cookies.

He added that the website Phorm uses to serve up targeted ads would be entered into its security database to give customers the option of blocking that.

"Our aim is to give companies the power to police their users' safe use of the web, rather than disrupt what some may consider legitimate internet traffic," he added.

Greg Day, security analyst at McAfee, said it was still talking to Phorm about how the ad-serving system worked.

"At this point we have not rushed to give it a classification," he said.

Its eventual classification would come down to how the system was used, added Mr Day.

"Is the customer aware of it and do they have the choice of whether to opt in or out?"

Mr Day said that the cookie could end up being blocked by many users if security programs warn them about the tiny file.

"Most people do not differentiate between viruses, worms, mass mailers or trojans," he said. "When they see a pop up from a security vendor they will see it as a bad thing and worry about it."

A spokesman for Phorm said: "The reality of it is that the Phorm cookie is a cookie like any other. It is an inactive piece of text that's dropped on your computer just like any other third party tracking software."

He added that any company that blocked the Phorm cookie could consider blocking cookies from other ad-serving companies, such as Google, which gave users no choice to avoid being shown targeted ads.

He said Phorm was talking to security companies to explain how its system worked so they could understand what it did and respect the methods it used to help people opt out.

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific