[begin predicatable rant :-) ]
Regulars might have noticed that this is something I feel extremely strongly about, not just because of the Phorm-BT dishonesty involved but because of the possible future effect on the public trust in the "believeability" of the internet.
The background to this is a trend where we find
- ISPs redirecting traffic (freeserve caught red handed redirecting SMTP some years ago and then admitting it in a reply to my MP),
- giving false dns results and putting up duplicate fake websites (OpenDNS)
- and now modifying traffic in transit as part of a dishonest covert trial (PHORM).
And so the question I recently asked myself "is what happens when some future scare disrupts the public's faith in whether or not they can even know whether the web they see is "real" or tampered with?". I can imagine the economic effects on internet commerce could be serious. The right thing is for governments to simply ban any such covert tampering, redirection and false DNS reporting to send a message for once before things go bad.
I noticed recently when I did an experiment with Facebook. I created an account with personal info details that were bogus, and watched its servers crawl a website associated with the fake user, only for it to then send ads promoting my fake user's rivals to the user's 'friends'. So that's a new example of how an abuser can "monetize" unwitting users, by offering trojan horse free services and getting ever more creative in how they profit from them, involving dishonesty or underhand practice. By "dishonesty" I mean engaging in practices that users would not like if they knew about them.
I have decided to implement a PHORM denial filter system when I have a bit of time to spare, which will either deny BT-PHORM servers access by IP address blacklist, or to require SSL for suspect users. If I were to catch a PHORM server accessing my websites then I would be delighted to be able to launch a legal action against BT Group for breach of copyright since I deny them permission to make copies of my content on their servers without obtaining permission. But as I am under no duty to keep them informed of what my websites domain names or IP addresses might be it would be pretty impossible for them to be sure of their ability to comply from then on after an action.