Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[Dephormation]

Quote:

Originally Posted by JohnHorb

I get CDR logged on both. I think it checks whether you are on a POTENTIALLY phormed ISP (BT, VM, t'other one) OR have a Webwise phorged cookie.

Yep that's right.

With a view to two methods of charging;

Either (assuming UIDs leak)

1) Listing specific evidence of RIPA/Copyright violation by UID

or

2) Listing all evidence of access from a Phorm ISP allowing you to make a statistical royalty claim against BT/ Virgin/ TalkTalk on the basis of number of Phormed users as a % of their audience.

No doubt they'll publish stats to convince advertisers "Huge numbers have signed up to Webwise, as many as 0.02% of our customers are keen to sacrifice their privacy and security just to see your advertising on their monitor".

0.02% * hits * £100 per page for commercial exploitation = my holiday to The Bahamas

Pete.

[Florence]

Quote:

Originally Posted by davethejag

Hi All, Many thanks again for all the hard work you are all putting in to this fight! Slightly off topic I am a bit worried about when I clicked on the link to the video of the Phorm meeting the other day. I am not too computer literate but my AVG free edition picked up a virus which I put in the Virus Vault and I then cleared it, I also cleared my temporary internet files. The next day when AVG did a scan it picked a "HTML/Framer" as a threat, I think that this was in the temporary internet files again and I cleared them again. AVG has never found anything before and it seems ok now?. I do not undrestand the Russian hacking business and I would be very pleased if one of you brainier ones could put my mind at rest! Thanks again to all of you for the tremendous effort that you are all putting in to this fight.

davethejag.

Hi Dave

When did this happen was it the first time that the website was hacked or is it now since?

Clear tempory files and make sure the recycle bin is empty reboot and run AV again without connecting to the internet first.

This isnt a virus or trojan as such it is an HTML exploit similar to what Phorm plan to use on people no doubt to use their cookies...

[Dephormation]

Quote:

Originally Posted by mark777

Pete

I've just been looking at your post on the new system over on Badphorm.

Might I suggest you offer the ISP's 60 days payment terms if they wish to pass on the costs to their users? This will give them a chance to collect the money.

Heh, just thought. They can't do this. They can't pass the cost on to their customers for one simple reason.

You know why not? Its a cracker...

BECAUSE THEY TOLD THEIR CUSTOMERS THE PHORM UID IS ANONYMOUS!!

I think I'm going to have to change my trousers. I'm laughing so much I'm in danger of needing to put them the washing machine.

Lets go to the pub.



Pete.

[tdadyslexia]

Quote:

Originally Posted by Dephormation

And speaking of copyright abuse I've coded up a CDR generator.

If you're feeling kind, please help me test by clicking here;

http://www.dephormation.org.uk:8080/..._cdr/usage.php

If you're feeling very generous, please try the following link too (sets a temporary Phorm UID alike cookie);

http://www.dephormation.org.uk:8080/...ge.php?debug=y

No invoices will follow.

Please feel free to click a few times. You'll either see CDR LOGGED or NO CDR LOGGED according to the copyright risk/RIPA risk identified by the code. If you're with a Phorming ISP or you present a Phorm UID (by using the debug link) then you'll be classed a high risk (and a log entry will be created). If you're on a non-Phorm ISP you'll be classed a low risk (and no log is created).

Sadly, people who share the same IP address range as Phorm in Delaware or Moscow may see the words 'Sorry!'.

This is a known fault.

I'll release the code once I'm happy its doing what was intended.

If you think the code hasn't classified your request correctly, please can you drop me a PM (ideally with your IP/ISP details).

Pete.

UPDATE; thanks for your test clicks, its made/making a huge difference to the code, please keep clicking, thank you!

The Report I got is this:

Quote:

Thanks for your help!

This page is instrumented to log access from Phormed users and Phorming ISPs

According to the risk associated with your visit, a CDR (call detail record) is logged for copyright royalty claims.

The same data could be used for a RIPA complaint to the Police, demonstrating Phorged cookie setting had occurred.

CDR Data: 2008-05-10 15:48:49 GMT Daylight Time,82.**.***.**,cpc4-stkn4-0-0-cust786.midd.cable.ntl.com,,www.dephormation.org.uk,www.dephormation.org.uk
:8080,http://www.cableforum.co.uk/board/
12/33628733-virgin-media-phorm-webwise-adverts-updated-page-418.html,/server/ripa_cdr/usage.php,/server/ripa_cdr/usage.php,
D:\\Domains\\dephormation.org.uk\\wwwroot\\server\ \ripa_cdr\\usage.php,,,,,

CDR LOGGED

Hmm shud I be worried?

[edit] Edited IP
[edit] URL lengh being to long

[davethejag]

Quote:

Originally Posted by Florence

Hi Dave

When did this happen was it the first time that the website was hacked or is it now since?

Clear tempory files and make sure the recycle bin is empty reboot and run AV again without connecting to the internet first.

This isnt a virus or trojan as such it is an HTML exploit similar to what Phorm plan to use on people no doubt to use their cookies...

Many thanks for your reply Florence. I am pretty sure it was the first time that the link was posted on the forum, I have been trying to keep up to date with what has been going on and I have not clicked on any other link since. The HTML/Framer threat is dated 30th April in the AVG results. Thanks for the swift reply Florence. I will take your advice regarding a scan etc.

Kind Regards to all,

davethejag

[mark777]

Quote:

Originally Posted by tdadyslexia

The Report I got is this:
{snip}
Hmm shud I be worried?

You might want to edit your IP in the post.

I don't think you need to worry about anything, it's just being tested at the moment.

(@Popper above - I don't think there is anything in here, i've checked nothing is going off the screen)

[popper]

and edit the url as the display just scrolled off the right hand side of my screen due to (i asume) the unbroken url lengh being to long.

although i didnt notice it until marks's reply so perhaps theres something hidden in there! that needs checking too.

thanks, that edit worked, and i can now see the whole page in screen again

[Sirius]

VM's change of Terms and conditions has me worried now. All i am waiting for now is that god dam letter saying the Phorm Spyware system is about to be rolled out.

[popper]

its usually a good idea to * your cust***.midd bit too.

[tdadyslexia]

Done

[icsys]

Quote:

Originally Posted by Sirius

VM's change of Terms and conditions as me worried now. All i am waiting for now is that god dam letter saying the Phorm Spyware system is about to be rolled out.

As previously posted...
I was of the impression that you cannot have a requirement that is against the law in any contract conditions, therefore they CANNOT rely on acceptance of terms and conditions to give explicit consent.

I was also of the impression that any changes to T&Cs must be notifed IN WRITING (Not simply posted on a web page) to those that it affects.

Any clarification on this would be appreciated.

[BadPhormula]

Quote:

Originally Posted by Dephormation

Heh, just thought. They can't do this. They can't pass the cost on to their customers for one simple reason.

You know why not? Its a cracker...

BECAUSE THEY TOLD THEIR CUSTOMERS THE PHORM UID IS ANONYMOUS!!

I think I'm going to have to change my trousers. I'm laughing so much I'm in danger of needing to put them the washing machine.

Lets go to the pub.



Pete.

No problems Pete, you don't have to mention the secret anony UID just the IP/Date-Time/and Pages that you have collected for your invoicing. This way keeps eveyone happy, except the end-user of course.

Another thought with your new found wealth as a hyper-parasite, you should join OIX as a partner. This will have two main benefits
1) Phormscum will be promoting your site for the unlucky Phormited user and therefore will give greater gravitational pull for your hits.
2) As well as your ContentWise income you will be able to add extra pennies from the OIX deal.

Double whammy!


It think this effect is known as 'thermal runaway' lookup laws of entropy and thermodynamics.


Any chance get a weekend trip for two on your yacht for this helpful tip?

[mark777]

Quote:

Originally Posted by BadPhormula

No problems Pete, you don't have to mention the secret anony UID just the IP/Date-Time/and Pages that you have collected for your invoicing. This way keeps eveyone happy, except the end-user of course.

Another thought with your new found wealth as a hyper-parasite, you should join OIX as a partner. This will have two main benefits
1) Phormscum will be promoting your site for the unlucky Phormited user and therefore will give greater gravitational pull for your hits.
2) As well as your ContentWise income you will be able to add extra pennies from the OIX deal.

Double whammy!


It think this effect is known as 'thermal runaway' lookup laws of entropy and thermodynamics.


Any chance get a weekend trip for two on your yacht for this helpful tip?

I don't think the ISP's will be very happy with anyone making money out of the browsing habits of their customers.

They might not like anyone demonstrating how easy it is for a 3rd party to link phorm UID to IP either.

When ContentWise goes global, if the various partners (CIX?) pooled data they would have IP, date/time, Phorm UID and URL. They could think about branching out into, say, behavioural targetted advertising.

[BadPhormula]

Quote:

Originally Posted by davethejag

Hi All, Many thanks again for all the hard work you are all putting in to this fight! Slightly off topic I am a bit worried about when I clicked on the link to the video of the Phorm meeting the other day. I am not too computer literate but my AVG free edition picked up a virus which I put in the Virus Vault and I then cleared it, I also cleared my temporary internet files. The next day when AVG did a scan it picked a "HTML/Framer" as a threat, I think that this was in the temporary internet files again and I cleared them again. AVG has never found anything before and it seems ok now?. I do not undrestand the Russian hacking business and I would be very pleased if one of you brainier ones could put my mind at rest! Thanks again to all of you for the tremendous effort that you are all putting in to this fight.

davethejag.

Hi Dave,

I can't give you comfort words but I can at least give it you straight. Russia is run by two factions, the guberment and the mafia. Russia is quite unstable really, they have the authoritarian state terror machine who will ruthlessly surpress genuine progress towards a stable democracy and then they have a twisted form of capitalism run by gangsters, crooks and the mafia. Russia does not abide by international treaties or global laws so they have become a safe haven for cyber-criminals and malicious hackers. There is a lot of money to be made by the criminal elements in Russia by exploiting the rest of the world through the interconnected wires. They know they will never get prosecuted and so they have no incentive to stop until the Russian guberment sorts itself out and abides by international norms. (USA, FBI has managed a few high profile arrests of Russian cyber-criminals but that is unlikely to happen over here as the UK government is inept)

Kent Ertugrul the criminal entrepreneur picked Russia as a base because he knew his kind of business operations (deception/theft/trespass) would only work from the rotten core of deprived immoral like minded bandits that he likes to associate with. (Hi Stratis!).

As you have gathered from reading this forum, the UK was not the easy pushover that Kent the criminal was counting on in order to setup his despicable parasitic business. In order to find some comfort from the Russian attacks you will have to continue to read forums like this to keep abreast of events and news as it happens, pickup good technical advice, and share our siege mentality and comradery.

Good luck, keep your head down.

[Florence]

Quote:

Originally Posted by mark777

I don't think the ISP's will be very happy with anyone making money out of the browsing habits of their customers.

They might not like anyone demonstrating how easy it is for a 3rd party to link phorm UID to IP either.

When ContentWise goes global, if the various partners (CIX?) pooled data they would have IP, date/time, Phorm UID and URL. They could think about branching out into, say, behavioural targetted advertising.

Only big difference is he can get more out of his scripting without rusian hackers help in one day than phorm can in a year.

Well done