A leaked internal report detailing the secret test of a targeted advertising system by British operator BT in 2006 could fuel further complaints that the test violated data protection regulations.

The 52-page report was posted Wednesday on Wikileaks, a Web site that publishes sensitive information such as internal documents from companies.

The report details a trial of the Phorm advertising system, formerly known and referred to in the report as PageSense. The system monitors people's browsing in order to serve ads matched to their searches or Web pages visited.

BT conducted a two-week test in September and October 2006 without informing users. That was already known, since some users who had been targeted for the test noticed something was wrong with their computers and began posting messages on discussion forums.

BT eventually came forward and acknowledged the test but maintained it did not violate data protection regulations that mandate how companies process personal data.

After BT was outed, a storm of complaints came from users and privacy activists, who say the system -- with or without a user's consent -- poses serious threats to privacy.

The leaked report includes interesting details of how BT endorsed evasive means to deploy Phorm so as to not come in conflict with the terms and conditions its subscribers agree to.

Phorm assign a cookie -- a piece of data stored in the browser -- in order to track a user's Internet activity. The cookie contains an anonymous user ID, which is then associated with certain categories, such as "cameras" or "computers," which then determine what ads a person may see on Web pages that use Phorm to serve ads.

Phorm would normally deploy the cookie directly to a user's machine. But the leaked report says that would have violated BT's terms and conditions. Instead, the company Phorm -- which was then known as 121Media -- bought advertising on popular third-party Web sites in the two weeks prior to the trial.

Those Web sites then silently dropped the Phorm cookie onto user's machines without their consent. Most of the 18,000 users never noticed, but between 15 to 20 did, according to the report. Glitches, such as "navigation bar flutter" and "web-page tag insertion" were cited.

The IDG News Service is a Network World affiliate.