Thursday 10 April 2008

Is Phorm a serious threat to search engines?

It occurred to me this evening that given the nature of Deep Packet Inspection it would be a trivial task for Phorm to configure their Layer 7 hardware in such a way that creates a significant threat to search engines.

The technology has the ability to alter the information in the traffic data and so through the use of some fairly trivial regular expressions, the technology could be used to alter search results on their way back to the user. They could potentially insert their OIX partners directly into the top of the search results.

Moreover it would be incredibly difficult to detect (if even possible) that this is happening given the pseudo random manner in which search results are returned by the search engine; at best it would very difficult to detect and even more difficult to prove.

This could have a direct impact on the business models of many search engines including Google, Yahoo! and Microsoft Live Search who are competing in exactly the same markets as Phorm and OIX.

To this end I have emailed Tom Coates at Yahoo! expressing my concerns and have also talked to a close friend who works for Google. I will be talking to another friend who works in Redmond for MS over the next couple of days.

If the major search engines take a consolidated stance on this issue and all implement SSL versions of their search pages; it would go a long way in preventing Phorm building revenue from work which is in essence being done by the search engines.

It is Google's assets which process the search results (at great cost) for Google search pages so why should a company like Phorm be permitted to read and possibly alter the traffic data on the way back to the end users in order to make a profit?

Alexander Hanff

Please use the following link to Digg this post:


Anonymous said...

From what I've seen Phorm seem to be saying that if you block search engines from spidering your site then Phorm will not scrape you. They actually said that if you are happy to be spidered by a search engine then you are happy to be scraped by Phorm. This is, of course a misrepresentation - I'm happy to have my website spidered as it brings me traffic. Phorm don't

So if the only way to stop Phorm scraping you is to block search engines using robots.txt (not that they say which entry they will respect) then that search engine company is being disadvantaged by Phorm's activity.

There has been a lot of talk about consent. Consent for this interception is needed by both parties. The ICO says the surfers have to opt-in (and not opt-out) but the opt-in/opt-out of the content providers is being totally ignored by Phorm and the media.

Anonymous said...

Hi I touched on the matter of web traffic data being worth alot of money in a post on ecademy, I see what you mean about search engines - my theory is it could potential effect many area's of advertsing including affiliate agencies as if a webmaster/pulisher chooses phorm they are essentially agreeing that phorm is taking the place of other advertsing methods.

I relise alot of people are concerned with the end customer but what about B2B relations ? - I still don't get how phorm can be appointed direct at the ISP over other advertisers - how much commission are BT (and other ISPs) getting in exchange for our data being sold ? - why aren't customers in on the revenue deal ?