It Could Be Worse

BT, Virgin and Talktalk broker deal with Phorm.com, who intercept internet traffic, set anonymous cookies and deliver targeted ads…

There are lots of comments on this Guardian article, including this one from martinusher:

I had a quick look at this system today on a technical website and it appears that the system effectively routes all your web traffic through a proxy server which records your browsing habits (and, while its about it, obscures your browsing habits from anyone else downstream from it). This is why they require the cooperation of your ISP – they have to intercept your network traffic before it passes onto the Internet proper. (Typically the link to an ISP is a point to point link just like a dial-up even if you’re using broadband.) This has implications far beyond just figuring out what you’re doing so they can feed you ‘relevant’ advertisements; its nothing less than packet by packet control of everything you do.

This may sound infeasible because of the volume of traffic but a quick look at the equipment suppliers will show that its not — the industry is quite capable of examining and categorizing everything you do CIA style but won’t at the moment because its not cost-effective. The ads will give it the motivation to install the kit, the other uses will follow.

Its also got the potential to cut off the air supply to sites like Google.

– You might call it "resistance": 95% say they’ll opt out of ISP’s data-sharing deal

See also:

• Bad phorm
• On Techdirt: Phorm.com are an (ex?) spyware firm
• More Phorm horrors

Update: seems I was a little late to the party (I only noticed it when it made it to The Guardian). The Register’s been rather prolific in chronicling the various angles on this, including the the possibility that BT lied as to its involvement and that the traffic snooping actually violates several laws:

• ISP data deal with former ’spyware’ boss triggers privacy fears
• Data pimping: surveillance expert raises illegal wiretap worries
• BT pimped customer web data to advertisers last summer
• How Phorm plans to tap your internet connection
• The Phorm files

I’m rather enamoured of OpenID, the really neat, decentralised way to log in to any OpenID-supporting web site with one username/password. Simultaneously, I’ve had a Vox account since I was invited to try the beta pre-launch. It was moderately interesting as a community-based approach to blogging, but as I already have this blog I never used it for that purpose.

At some point (I forget when), Vox became an OpenID provider. “Great,” I thought, “I’ll use it as my OpenID.” All was well until a few days ago, when I tried to sign in to Vox using Opera Mini on my Sony Ericsson K800i. Here’s a screenshot of the sign-in form:

The orange “Sign in” button is a button — right? Wrong. It’s made up of the following markup:

<a class="command-submit orange-button button"><b>Sign In</b><s></s></a>
<input type="submit" class="invisible-button" />

So, they’ve got a “real” submit button there, which probably attends to an imagined screen reader scenario–CSS and JavaScript off; but because Opera Mini usually behaves — for all intents and purposes — like a desktop browser, it attempts to render the fancy orange button but doesn’t quite have the nous to interpret whatever JavaScript event binding code Six Apart are using to make the orange button submit the form.

I emailed Vox support:

The sign-in button isn’t a ‘real’ html button and therefore I can’t sign in using Opera Mini.

They replied:

We’re sorry you’re having problems signing in to Vox. We would like to suggest that you try using Internet Explorer or Firefox when signing in to Vox. We fully support these browsers and you’ll find that you can use all of Vox’s functions when using them.

For more information about what Vox needs in order to work, check out our Requirements for using Vox article. (emphasis mine)

I replied to them, for what it’s worth:

OK - that’s fine. I would say something about “just use normal HTML and it works anywhere!” but I guess I’ll just find another OpenID provider.

So that’s what I did. I signed up with MyOpenId, who seemingly know how to use normal HTML elements for their intended purpose, rendering the service usable on Opera Mini.

If ever there was a lesson in keeping things simple and using Progressive Enhancement, there it is. For no extra effort, more people can use your service in more places and using more devices and platforms. What’s not to like?