Phorm: A New Paradigm in Internet Advertising

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Brooks Dobbs

March 2009

Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.

Note: This essay was contributed by the author to the Office of the Privacy Commissioner of Canada's Deep Packet Inspection Project

Phorm is an innovative digital technology company focused on creating a more relevant Internet experience for users and more value for advertisers, publishers, Internet Service Providers (ISPs) and others in the online ecosystem. Produced after years of customer research and technological development, Phorm’s proprietary, patent-pending technology offers a paradigm shift in both audience segmenting techniques and online user data privacy.

In February 2008, in conjunction with its UK ISP partners BT, Virgin Media and TalkTalk, Phorm launched the Open Internet Exchange (OIX), an online behavioral advertising platform designed to protect user privacy and anonymity.  Unlike other online advertising models popular today, Phorm’s OIX is revolutionary in that it provides direct benefit not just for publishers and advertisers but also for consumers and ISPs without using Personally Identifiable Information (PII) or storing specific browsing information.  While other advertising technologies routinely store data such as search terms, IP addresses, login or account details or other information which could be used to derive identity, Phorm stores none of these.  In fact, Phorm’s OIX technology records only an anonymous cookie containing a randomly generated user ID and a time stamp in conjunction with a pre-existing interest category.

While the cookie logged to this category or “channel” is completely anonymous, Phorm’s privacy protection does not stop there.  The OIX system is built in such a way that there must be multiple triggers for user inclusion in any channel.  The result is that end user inclusion in a channel cannot be used to determine which specific event or “trigger” caused membership.  OIX cannot determine this because the specific trigger is not recorded – only the membership in the larger channel.  This new approach makes it impossible to look at any stored data and to know where a user has browsed on the Internet or what a user searched.

Phorm’s privacy controls work by assigning an anonymous cookie to each consenting customer within a participating ISP.  This cookie is in no way related or linked to ISPs’ authentication systems or technology within the ISP that would allow the ID to be made identifiable.  Indeed, this cookie is not accessible outside of the OIX system and therefore cannot be linked to external data sources, a problem common to other technologies.

Through partnerships with ISPs the OIX technology is able to determine when a specific cookie has triggered channel membership and assign the anonymous cookie to the appropriate channel.  The system is designed so as not to follow an anonymous browser as it traverses certain “sensitive” areas.  To avoid encountering potentially identifiable or sensitive information, OIX specifically excludes secure sites and pages (https), non-web traffic (such as email, FTP or VoIP), popular web-based email systems and form submissions.   To further avoid potential privacy concerns the OIX technology does not allow targeting or the delivery of ads based upon certain sensitive categories such as adult content, sensitive medical information or alcohol/drug interest.  The OIX does not look at numeric content over 3 digits in length which could contain personal information, and is designed to exclude proper names.

In addition, Phorm also has instituted procedural controls and human oversight to prevent the creation of any channel which could inadvertently target or collect information specific to identified individuals.  All this is done to prevent even the inadvertent ability for Phorm, our ISP partners or any third party to ever be able to connect even the limited data Phorm stores (anonymous cookie, channel and timestamp) to an identified person.  Phorm believes the first tenet of data security is data minimization – data not stored is data not at risk of being misused or misappropriated.

Phorm’s revolutionary approach to online advertising provides numerous benefits to all participants in the Internet ecosystem.

For Consumers

With transparency and choice, OIX allows consumers to receive more relevant advertising, and unlike other systems with lower standards of transparency and choice, OIX is not reliant on knowing who the consumer is to provide relevant advertising.

For Advertisers

Advertisers are able to reach the audience appropriate to their offering.  Tailored advertising allows niche advertisers who previously were not able or willing to advertise online to participate.

Online Publishers

OIX allows participating publishers to achieve a premium value for their advertising space.  This increased value for publishers offers them the ability to reduce the number of less valuable ads in favor of fewer, more valuable and tailored ads.  It also allows smaller (“long tail”) publishers to effectively enter the competitive online market and serve a wider array of advertisers.  Also, as time has shown, increased publisher success has led to a richer array of free offerings and a move away from subscription-based content.


Phorm’s OIX technology provides a new and much-needed revenue stream to broadband providers facing dramatically increasing bandwidth consumption by subscribers using online video, music, VoIP and gaming.  This allows ISPs to invest in their networks without increasing rates for consumers.

In summary, Phorm has built a system from the ground up to respect user anonymity, transparency and consumer choice.  This system has been audited by Ernst and Young, and leading privacy consultancy 80/20 Thinking has completed a full Privacy Impact Assessment (PIA) on Phorm’s technology (copies available at  Phorm’s technology has been cleared by the relevant UK regulatory authorities as capable of compliance with the European Data Directive, and as of October 2008, Phorm is in a technical trial phase with British Telecom.  As other global ISPs continue to examine the many benefits of Phorm for the Internet ecosystem, Phorm expects many more ISPs to conclude that they too can play a role in creating a new model for a more relevant, yet more private, Internet experience for consumers.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.


Date modified: