|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Anyone else wondered why the allegedly random Webwise UID is so LARGE?
According to Richard Clayton's technical notes point 31, Phorm say that the Webwise UID numbers that will be stored in our browser's cookies is a 16 byte random number. A 16 byte number can range from 0 to 4.3 x 10^38 (or to express it another way that is 43 followed by 37 zeros). It is a mind-boggling large number, so why is the random number so big? It seems (to me) too much of a coincidence that the replacement IPv6 addressing scheme is 16 bytes long... For info, an IPv4 address, ones that you may be familar with (e.g. 87.106.129.133) is just a 4 byte number written in a form that is slightly easier for humans to understand. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Quote:
Quote:
http://www.inphormationdesk.org/ which will be the "official" address now. Thanks for the name, Ravenheart. The old address will of course still work. So, let's get http://www.inphormationdesk.org viral! |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Perhaps it's because they anticipate a lot of people blocking the permanent cookie, and thus requiring a new unique number for every page they visit? At least with that many to choose from, we might actually avoid being given a recycled one that was previously assigned to someone else (and may well be associated with that person's "habits") One thing that struck me about Richard's technical description was the fact that the UID number will also be incorporated into the site cookie of each website you visit that uses the OIX advertising platform. If that's true, then won't each site be able to associate the user's IP address with their Phorm UID number (and, if you've entered your real name, address, credit card number, etc. on their site, also to all of these "real world" details)? That potentially means that each website that uses OIX adverts will be able to link your real identity, personal details and financial details with your web activity profile. Hmmm. Tell me again Phorm, how is this better than Google? |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I found this article, not sure is it's been posted before. It does mention phorm and its evil ways.
http://www.washingtonpost.com/wp-dyn...040304052.html |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
The posts on this site seem to state that the US is already infested with Phorm like advertising.
http://blog.clickz.com/archives/topics/advertising.html |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Code:
22. The specious cookie (from the point of view of www.cnn.com) will be removed as the request passes through the Layer 7 switch. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
I agree - adding things and stripping things out of my web traffic is not something I want anyone to do, especially a spyware company. |
Phorm and Claims towards illegal use
http://news.bbc.co.uk/1/hi/technology/7331493.stm
Virgin Media might have to drop the use of PHORM as the legality of it is being questioned, breach of privacy. Specially in the states there shhh**** hot on that |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Please, someone tell me I'm wrong:
So much for the anonymous UID. On a website that hosts the Phorm/OIX adverts when the advert is fetched by the browser from the use of either an IMG tag or an Iframe, then the (Phorm/OIX) 'adserver' has the UID from the cookie (to know which advert to serve) and the users IP address from the request header (or we won't get the advert back)... So Phorm now have your (so called anonymous) UID tied to your IP address... |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Hi there just gone throught the 10,000 mark and we will soon be in the top 10!
http://petitions.pm.gov.uk/ispphorm/ Also the USA is beginning to wake up too! http://www.washingtonpost.com/wp-dyn..._Comments.html |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Section E 65-66 of the analysis explains it. Still very unhappy with it though. ('Trust me, I'm anonymising everything...') |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Can I suggest adding copyright infringement to the list (if you haven't already). A good overview of statute law is at http://www.jisclegal.ac.uk/ipr/IntellectualProperty.htm but this does not really explain the relationship of copyright to electronic media. Your library may have Laddie, Prescott & Vittoria, or Copinger and Skone James, which are the main practitioners legal textbooks on copyright. I hope the following is also useful: Computer programs are "literary works" in the terms of the Copyright, Designs and Patents Acts 1988 (CDPA) and computer screens, such as those displayed on websites, are liable to be "artistic works" in accordance with the CDPA. Literary and artistic works are protected by copyright if they have sufficient originality and complexity. (In practice, most things that have had more than a few minutes work put into them will be protected by copyright.) There is no need to register copyright: it arises automatically as soon as a non-trivial, original work has been created. The author of the work can license others to reproduce the work in an unlimited way, can forbid all reproduction or can specify limited circumstances in which reproduction is be permitted. The author may transfer his interest in the rights to another. The new owner of the rights can then specify the terms on which reproduction will be allowed. Any unlicensed reproduction of a copyright work is a criminal offence, punishable by imprisonment, and potentially gives rise to entitlement on the part of the owner of the rights to apply in the High Court for an injunction to prevent any further infringement and can sue for damages and/or an "account of profits" (payment to the victim of the profit that the infringer has made from the infringing act). In the case of copyright works in electronic form, reproduction occurs when (among other things) the work or a significant part of it is copied into transient computer memory, stored on disk in virtual memory or stored more permanently on disk or any similar medium. This point is the basis of all software licensing: even to execute a program, it is necessary to have a licence in order to avoid civil and criminal liability for the reproduction of the program code transiently in computer memory. The ISP effects a reproduction when it directs streams of data through its computer systems as a necessary part of its service. In order to do this lawfully, the ISP must have a licence to reproduce any copyright works. Is this reproduction lawful? If it is licensed, then it is. If unlicensed, the reproduction is unlawful. The licence may be express or implied. The concept of implied licences makes not much sense in RIPA terms, but perfect sense in the context of copyright. If you publish a website, open to the world, then in the absence of any express terms there is an implied licence for end users and ISPs to reproduce the copyright material - as it a necessary part of the process of access and delivery. If the user has to register, accept terms and conditions and use a password (perhaps even pay) to access parts of the website, then reproduction of those parts of the website without complying with the registration etc. requirements is almost certainly an infringing act - unless you are the ISP, who has an implied licence to direct and transmit data streams to the duly registered user. Many websites have express licences in the published terms and conditions: these specify the terms and scope of the copyright licence to reproduce the materials that comprise the website. Is the further reproduction by the ISP for the purposes of Phorm's analysis lawful? It's difficult for me to see an argument that by publishing a website, an implied licence is given to Phorm or its partners to reproduce in order extract commercial value from the copyright material: this does not arise by necessary implication as a part of the directing of traffic. And, as many posters have pointed out, there are express licence terms on many large, commercial websites, which would not permit the reproduction envisaged by Phorm and its ISP partners. It seems to me that a website publisher would be able to apply to the court for an injunction to prevent Phorm from infringing the website owner's copyright. After the event, I do not see why in principle a copyright owner should not seek to obtain damages or an account of profits from the ISP and/or Phorm that they have made as a result of their infringing acts. All that's stopping rights owners is the cost - which would of course be very substantial. This is the problem with rights: they are expensive to enforce. Keep up the good work, |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
If I read it correctly, would the advent of systems such as Phorm on the www warrant the writing of a new class of generic copyright notice that allows reproduction for the purposes of relay and profit for the holder, but at the same time expressly denying it's reproduction for profit by any intermediary? This notice would then be available to all website owners to include in their pages if they wish to deny Phorm their use for profit. (I'm thinking of similar generic copyright notices that are in common use by, for example, photographers on sites like Flickr) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
If you have explicit terms on your web site denying consent then obviously copyright becomes a much stronger argument. I have to say I don't actually agree with some comments I have seen from people claiming that their web activities are copyrighted as they are not actually "works" they are interactions/actions so I am not convinced the customer has any argument regards copyright. It could be argued that someone editing their blog, or creating other types of content (over a non-encrypted link) falls under copyright but Phorm are arguing that they don't profile POST data. Of course during discovery you could ask the court to force Phorm to provide the hardware and source code for inspection to prove that they are not processing POST data but this would be very expensive and the Judge might refuse the request on the grounds of "Trade Secrets". I am steering clear of the copyright aspects at the moment, I may include something at a later date though. Incidentally are you a law student/graduate? I ask because that was one of the best explanations of copyright I have seen on a non legal forum, so if you are not qualified or studying law then I take my hat off to you for taking the time to research it so thoroughly. Another point though is this, if we are assuming no implied consent from web sites (or explicit terms denying consent) then I think RIPA is the stronger legislation to use in court simple because it is criminal. Whereas Copyright Infringement can be criminal if it occurs for commercial gain or profit it is more often than not a civil matter. The injunction is a good idea and one I already expressed last week, although I was looking at a High Court injunction under RIPA based on the consent angle as opposed to an Injunction under Copyright Law (which would also be using the consent argument). It is an interesting debate though. With Intellectual Property being the litigant's favourite target at the moment and with harsher penalties being lobbied for (even an attempt to change infringement from civil to criminal offences) it could be that copyright law might be seen as a more serious issue than RIPA in the eyes of the Judge (which is actually really a scary thought because I can't think of anything more serious than unlawful interception in my mind). Anyway I am probably waffling because I have been up all night and all day so forgive me if I am, and again thanks for the post :) Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Also, I'm not sure I would call Phorm a new element of the internet. That is exactly how Phorm would like us to see it, but it is not part of the internet, but a wart on the side, a parasite. Perhaps it is "a new surveillance technology, aimed at ordinary people". That is an accurate description which puts a different complexion on what Phorm would like to do. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
It certainly wasn't my intention to elevate Phorm's system to being the next generation of www !! Of course, Portly-Giraffe is free to edit and change what I've written for the greater good...:) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I am actually so motivated by this entire issue that I am considering converting my article to use for my dissertation. I have been working on my dissertation for some time now which is based on the impact of a Microsoft Centric Public Sector but I have had difficulty in getting replies from local/central government with regards to the economic impact (how much does the government spend on MS licences each year etc.)
I actually believe this Phorm issue is more important and more inline with my other work on Privacy, Biometrics etc. so I am having a rethink on my dissertation. The article might prove useful for my application for my LL.M too, so that is another good reason for changing my dissertation. Waffling again, I know... /me gets his coat. Alexander Hanff ---------- Post added at 17:05 ---------- Previous post was at 16:46 ---------- Y'all need to chat more cos I have to stay awake until gone 10pm now and if I don't find something to keep me occupied I am gonna fall asleep. I feel a bit lost now that I can't continue my article until I hear back from Pinsent Masons or manage to find Trespass to Chattels case law somewhere. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
"Hi and thanks for the post. I actually know a great deal about copyright law (which is understandable if you google my full name hehehe) and yes there is an argument via copyright and case law to back it up (google and archive.org are just 2 organisations which have fallen foul of copyright judgements as a result of caching) however there is precious little case law in the UK on this front."
Yes, I see! Don’t forget, though, that English copyright law is different from in the US. There isn’t a lot of case law because the CDPA is fairly clear and does not need a lot of interpretation. "If you have explicit terms on your web site denying consent then obviously copyright becomes a much stronger argument. I have to say I don't actually agree with some comments I have seen from people claiming that their web activities are copyrighted as they are not actually "works" they are interactions/actions so I am not convinced the customer has any argument regards copyright. It could be argued that someone editing their blog, or creating other types of content (over a non-encrypted link) falls under copyright but Phorm are arguing that they don't profile POST data." Phorm might not profile it, but as I understand it, the ISP is reproducing POST data in order to decide whether to send any of it to Phorm or not. If the reproduction of a copyright work is unlicensed, then it is an infringing act. If, say, the reproduction for this purpose is happening at the ISP on different kit and as part of a separate process from the straightforward direction of traffic, then it would be relatively easy to separate this potentially infringing reproduction from the lawful (impliedly licensed) reproduction on the ISP's normal, production servers. "provide the hardware and source code for inspection to prove that they are not processing POST data but this would be very expensive and the Judge might refuse the request on the grounds of "Trade Secrets"." In England and Wales (Scotland has a different legal system) instead of discovery, there is disclosure. As part of the parties’ legal duty to the court, the onus is on each party to volunteer any documents to the other side that may harm its own case. A judge would not refuse a disclosure request on trades secrets grounds: the most he might do is limit the ability to read the information to lawyers and expert witnesses. "I am steering clear of the copyright aspects at the moment, I may include something at a later date though." Copyright is such a well-understood area of the law, I would be inclined to put it in. I would anticipate that your paper might be shown to lawyers, and a copyright argument will be seen as mainstream and therefore be more accessible than the newer, less well-understood things like RIPA. "Incidentally are you a law student/graduate? I ask because that was one of the best explanations of copyright I have seen on a non legal forum, so if you are not qualified or studying law then I take my hat off to you for taking the time to research it so thoroughly." Thanks very much! I do work in a relevant area. "Another point though is this, if we are assuming no implied consent from web sites (or explicit terms denying consent) then I think RIPA is the stronger legislation to use in court simple because it is criminal. Whereas Copyright Infringement can be criminal if it occurs for commercial gain or profit it is more often than not a civil matter. The injunction is a good idea and one I already expressed last week, although I was looking at a High Court injunction under RIPA based on the consent angle as opposed to an Injunction under Copyright Law (which would also be using the consent argument)." Copyright infringement is criminal, whatever the motive. The judges in the Chancery division understand copyright very well, and deal with injunctions in that respect quite often. RIPA is new, and judges might have to think about it a bit longer. But rIPA also covers the parts of the transaction that are not likely to be subject to copyright. So the two approaches look as though they might be complementary. "It is an interesting debate though. With Intellectual Property being the litigant's favourite target at the moment and with harsher penalties being lobbied for (even an attempt to change infringement from civil to criminal offences) it could be that copyright law might be seen as a more serious issue than RIPA in the eyes of the Judge (which is actually really a scary thought because I can't think of anything more serious than unlawful interception in my mind)." More familiar, at any rate, to High Court judges. I wonder if I sense a reluctance to get into copyright because of your previous brush with it, which is understandable - but maybe think of it as a neutral (ish) tool that you can now use for a virtuous end? "Anyway I am probably waffling because I have been up all night and all day so forgive me if I am, and again thanks for the post :)" It all makes perfect sense to me. And thanks for what you are doing. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I won't hit "quote" this time as the posts are getting bit a long but this post is directed at amateria.
With regards to processing POST data, this is an area I have been umming and arring on too. There is an argument appearing from some academics/experts that are questioning the legitimacy of ICO's claims that this is not a privacy issue. Based on the fact that intercepting and copying the communication/data; scanning; and anonymising the data is defined as processing. I actually agree with this and have been considering adding the DPA to the article to cover this topic. I agree Copyright is relevant as well and I think in order to make the article comprehensive it would certainly be advisable to include it. You are probably right regarding my aversion to copyright law due to my past experiences; the entire situation took a lot out of me at the time so it is something I try to steer clear of now. So I will be adding Copyright and hope to have something written on the subject sometime tomorrow. It is also interesting to see the Fraud Act 2006 mentioned on the UKCrypto mailing list so I will be adding some information on that topic as well. Thanks again for your input. Alexander Hanff ---------- Post added at 17:44 ---------- Previous post was at 17:40 ---------- This issue seems to have taken over my life. I research, write, research, write, drink coffee, research, eventually sleep, wake up and start the process all over again. I actually sat here for a whole hour this morning puzzled that I was not seeing any action on the stock markets before I realised it was Saturday. Mind you idle hands and all that so I suppose it is a good thing to keep me busy ;) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
So to recap: Quite apart from the obvious moral issue at stake, on the legal front we now have:
Wow. That legal advice Mr. Ertugrul sought must have been really convincing. :D I forgot...there's Also the Human Rights Act. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Not to mention...
It is getting to be a long list eh? Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
And the European Convention on Human Rights
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Hey peeps, get your teeth into this little gem :)
The Council of Europe's Convention on Cybercrime Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
That's food for thought - is it what was behind RIPA?
Have you ever heard of The Interception of Communications Commissioner, whose remit includes: the adequacy of arrangements made by the Secretary of State for the protection of communications data and encryption keys for intercepted material. (http://www.ipt-uk.com/default.asp?sectionID=8&chapter=2) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
"Internet Trespass :
If a person, without permission, interferes with another persons possessions this may amount to trespass to goods. Traditionally trespass cases have dealt with interference with physical goods but a number of US cases have suggested that accessing a computer hard drive can amount to trespass. The barrier preventing the use of trespass as a means of legal complaint about Adware, Spyware or DRM in the US has been the need to prove that the complainant has suffered actual damage. However, last month a Californian District Court ruled that allegations that Adware had damaged existing software and reduced the efficiency of the complainants computer were sufficient to amount to damage for the purposes of trespass. This was not a final ruling in this case but it is the second Adware trespass case known to the author to get past the first hurdle in US court procedure no doubt other cases are pending or will soon be launched. In the UK it is not necessary to prove that the trespass has caused damage but a complainant must show that the interference with his property has gone beyond generally acceptable standards of conduct. The surreptitious downloading of software which impairs the function of the users computer and is only of benefit to the commercial entity causing it to be installed is likely to fall foul of this UK test and amount to trespass. In the US cases the litigation has been brought not only against the seller of the software but against the agencies and advertisers who employ such software. If advertisers in the UK do not think through their use of Adware and DRM technology there is a real risk that they could be subject to trespass claims." (emphasis added)(source: http://www.legalday.com/commentaries...ss-050306.html ) The above is with regards to Trespass to Chattels and I am happy to say it basically re-iterates my comments from earlier today :) Pay particular attention to the part I formatted in italics. It would seem that the Javascript which was inserted in the 2006/2007 trials satisfies this definition pretty much verbatim (especially since Webwise was not part of the trials). Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
[QUOTE
http://petitions.pm.gov.uk/ispphorm/ A[/QUOTE] Hi, I've signed the petition, BUT why have the closing date March 2009?? - it won't be looked at until then, by that time Phorm may already be intercepting our data. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
As regards Interception of Communications Commissioner, looks like another useful person to add to the list of those we write to. Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I have just checked the downing street petition site again and still my third petition isnt showing up as being rejected which I find curious. Maybe they are just ignoring it after the snooty email I sent them pointing out that I thought they were protecting BT because of the Patricia Hewitt issue?
Keep up the good work guys. ---------- Post added at 19:19 ---------- Previous post was at 19:17 ---------- Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
to highlight that UK rises to number two in cyber-crime chart
as mentioned here #2377 Richard's posted more on this subject matter ;) http://www.lightbluetouchpaper.org/2...-into-the-cni/ " Adding webwise.net into the CNI April 5th, 2008 at 14:13 UTC by Richard Clayton The way in which the Phorm system works (see yesterday’s blog post) creates an interesting, and possibly unexpected, risk for the ISPs that decide to go ahead and deploy the system. Quite clearly, web browsing from within these ISPs now depends on the correct functioning of the “Layer 7 switch” and Phorm’s “Anonymiser” machine.... " and Radha / Marc (remember them PRteam) are non to pleased with it .... |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
On looking further on the Interception Tribunal site I found this on the "Limitations" page:
"The Tribunal has no jurisdiction to investigate complaints about private individuals or companies unless you believe they are acting on behalf of an intelligence agency, law enforcement body or other public authority covered by RIPA." BOOOOOOOOOOOOO! |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
The way the ICO and the Pm's petition website are behaving over all this, it wouldn't surprise me if Phorm are a CIA/MI5 front company. . . .
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
From the comments section of Richard Clayton's new blog entry linked above:
-> http://www.lightbluetouchpaper.org/2...-into-the-cni/ A small criticism/winge from phorm Quote:
Quote:
Well done on digging a deeper hole, Phorm! |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Back in the stone age, the internet was composed of national academic networks joined together. At some point, commercial providers joined in.
Were any covenent's or similar agreements made with, in the case of the UK, JANET, over acceptable commercial use? My thanks to you all who are spending a lot of time exploring the legal issues. It's way beyond me. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Richard Clayton said:
Quote:
And I thought I was cracking a joke! :D |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I'd like to express my thanks to those working on the legal stuff, goes way over my head..
Thank You :) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
and : Article 8 – Computer-related fraud |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Had to have a little chuckle as I imagined the lights on late somewhere in Moscow as the Phorm scammers, sorry, programmers, burn the midnight oil muttering something along the lines of, "Crapski! I can't believe nobody thought of this before. Quick, plug those holes in the code and get someone to stall Clayton...what?...I don't know, Radha, Marc, anyone...you said nobody would notice this and now we have to look as if we had it covered all along...it was never like this with rootkits...you know where you are with rootkits...":D |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Any Virgin Media folks (particularly in North London) may want to try setting their router to block access to Oix, Webwise and Phorm domains and then see what happens....
I did and straight away half a dozen well know sites started acting very badly. Unless I'm being denser than usual, that shouldn't happen! Budge |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
I think copyright licensing comes in here, because the absence of one means that you are "without right". |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Wow I just had a comment on the DenyPhorm blog from the PR team inviting me to talk to Kent in a Skype call.
I certainly can't do it tonight as I am entirely too tired, but if I get chance over the next couple of days I might take them up on the offer. I have a lot of questions of my own, but if people want me to ask any questions on their behalf, let me know and I will try to get some answers. Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
whats your UBR, use the connection button above or just click here http://www.cableforum.co.uk/board/mi...?do=connection remove the cust* bit we dont need to see that. if there is something going on on your UBR or its site, then others can also check it if their on that section,and rule out a false positive or confirm the same bad activity, what is this activity doing to the pages exactly? ---------- Post added at 20:58 ---------- Previous post was at 20:53 ---------- name and business address of that QC for starters.... |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Questions I'd like answers to: - has he signed contracts with Virgin or BT yet - which other ISPs is he talking to - can he let us have a list of subscribers to OIX - why does he think the Guardian backed away |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
plus as they wont have it seems web sites permision ( nor mine ;) lol ) then as they are doing it for to make money then the second one would kick in i don't fully get the copy right thing all together but if that helps to good for it |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
IMHO there are only two ways in which this massive invasion of our privacy will be beaten.
1. The legal path (probably our best bet) 2. The rejection of this system by enough ordinary internet users to make it financially unviable to the ISP's/phorm. (difficult given the apathy of our current society, and that is something phorm must be counting on) We must not stop trying to educate everyone, friends, family, colleges, MP's etc to this threat. If it becomes a reality, it really will be goodbye to internet privacy for ever. I would like to add my thanks and appreciation of the work into the legal side of this issue, particularly Alexander (are you really only one person?). To Mr Giraffe and the other contributors to http://www.whyphormisbad.org/ this is bang on as regards informing the more technically challenged and it sets out all of the major points that affect your average user in a way that anyone can understand. Thankyou |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
i know being lazy but this second bottle of red seems to have affected my head ;) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
whats your UBR?
cable.ubr04.camd.blueyonder.co.uk if there is something going on on your UBR or its site, then others can also check it if their on that section,and rule out a false positive or confirm the same bad activity, what is this activity doing to the pages exactly? Uploading files; for example adding an attachment to a Hotmail email will give "Network Error" messages. Happens independent of Machine, OS, Browser etc etc. Occurs on a number of sites. The Phorm domains are the *only* ones in the Block list on the router (Netgear, up to date firmware). Budge |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Hia Alexander, I've had a look at your blog at http://denyphorm.blogspot.com/ but can't find the Phorm reply you mention. Actually, there's nothing recent on that site. Am I looking in the wrong place?
Ali. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
http://www.lightbluetouchpaper.org/2...ebwise-system/
" 15. Phorm | April 5th, 2008 at 18:11 UTC Richard, Many thanks for the report, it’s very detailed and has proved very helpful in dispelling confusion around the technology;we’re very pleased that you agreed to come in. I’ve posted a response to your security question and will post later on http://blog.phorm.com/ Thanks too for providing clarity around the PII question on ukcrypto and for reiterating that our claim of not storing personal information is correct. We eagerly await the A29 ruling on Monday and hope for a a positive outcome: IP addresses to be designated PII. We also hope for further measures to be put in place to limit timeframes for data storage. Radha" the A29? "Gavin Jamie | April 5th, 2008 at 20:12 UTC Server side phorm detector prototype now available to play with. https://www.cableforum.co.uk/images/...2008/04/27.gif " " InPhormer https://www.cableforum.co.uk/images/local/2008/04/1.php This is a simple example of a system that should detect the Phorm user tracking system. It requires some cookies to be set. This is done here with javascript but could be set in any way. Javascript is used as it is quite simple to put into existing pages, but does of course depend on the user actualling having javascript enabled. The page then loads an image which is actually a small piece of php code which determines what the image to show. The code could probably be better - I am not really a programmer. The images could definitely be better! This is simply a proof of concept. For instance iframes could be used instead of images. All code and images are placed in the public domain. See source of this page for the javascript and image tag. The php code is here. The system uses the fact that the Phorm system will, as described here block a cookie called web wise. Actually the system will still work if they let it through but change the value. It will fail if the name of the cookie changes. An excercise for the reader could be to produce a bit of javascript code which retrieves the value of the webwise cookies before resetting it. A completely javascript phorm finder is also very feasible. As Phorm is not active you can test the system by going to your browsers cookie setting now, finding the cookies from www.mythic-beasts.com and deleting the webwise one. Now just load the image on its own. Gavin Jamie - feedback at gpcontract.co.uk" |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Popper : A29 ?
http://ec.europa.eu/justice_home/fsj...p/index_en.htm I don't know, but I suspect it's the right area. Probably somewhere in all the Euro-Guff, IP nos. will be confirmed as Personally Identifiable Information. Phorm, walking hand-in-hand with St. Francis, will support this. Who needs a 4 bit IP no when you have your own 16 bit identifier? -------- Q: How many Phorm bods does it take to change a light bulb? A: None, they can see what you are doing without one. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Lets hope the Gruniard/Observer take this up as a crusade, particularly as the Times bods seem to be up to their necks in it. Anyone know if Private Eye has a view on Phorm, could be fun! ---------- Post added at 00:48 ---------- Previous post was at 00:35 ---------- Private Eye informed http://www.inphormationdesk.org/ quoted as an initial resource. Nice site Portly_Giraffe, thankyou. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Time to throw in the towel?
http://news.bbc.co.uk/1/hi/technology/7331493.stm Quote:
From day one I have viewed RIPA as the protection we have. The DPA reads more like a memorandum of understanding and so naturally this is what Phorm have used to defend themselves. RIPA on the other hand is clear in that it states that it is illegal to intercept my communications full stop. No woolly get out clauses - the very act of interception itself is illegal, how long the interception lasts or what is done with the results is irrelevant . Neither Phorm nor my ISP has any safe harbour for their interception under RIPA. Here's the problem they have then. In order to discover that I have refused consent to the intercept they have to intercept my communication. The "spokesperson for Phorm" (and Presumably Phorm as a whole) seem to have now recognised this flaw in their system. Sorry boys, "It is not designed to criminalise legitimate business activities" is your opinion and you are welcome to test it against what the law actually states. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I'm sure many of the laws regarding the postal system were originated in the 1800's, but we still use them to lock up postal workers who open our letters.
-- Thinking about things, 121Media must have scoured the planet a couple of years ago to find a dodgy ISP partner. They found BT and that's why we are the guinae pigs. How could we find out if BT is a major institutional shareholder in Phorm? |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
The Downing Street Petition is at number 10 and in the next month or so, six petitions above are due to close.
It's going to be quite prominent on that site then. ;) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
To be listed in a Notification of Holding needs a shareholding of 3% or more - So no, does not look like BT have a share of Phorm... |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
As many of us have said, the whole Phorm thing is the thin end of the wedge, if we don't do something now our internet services will be at a crawl, no matter what speed we have, as dozens of companies intercept our usage for their own money making ends.
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Mind you, some of the blurb on their website reads very similar to the Phorm BS to me! At Hitwise, our DNA is based on three values: Integrity, Innovation and Exceptional Client Service. These values form the basis of everything we do – including how we interact with our clients - and are detailed in the Hitwise Client Commitment statement: |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
This could be useful for concerned website owners (linked to from Richard Clayton's blog)
http://www.cs.washington.edu/researc...tripwires.html |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
The analogy for our telephones would be if BT entered into a mutual contract with a firm that installed wire-tapping (bugging equipment) into the local telephone exchanges, so that they could monitor the number of BT customers that rang up businesses asking questions (i.e. our search terms) about product and services that we are interested in. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
The difference that I'd consider makes Hitwise less dangerous than Phorm is that they only receive amalgamated data from the ISPs (rather than 'personalised and maybe anonymous' data for Phorm) and, for their saleable statistics, they're only interested in very large datasets. I've no objection to, say, Amazon knowing that 10% of all VM users visited a bbc.co.uk webpage every day. Or that only 0.0001% (me) reads my blog every week... I'd put that on about the same level as Google knowing almost every move I make! ;) Go on, burst my security bubble? :o: |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
I wonder if something similar could be used to setup a webpage that could detect if a browser request was being hijacked by an ISP's Phorm server? (I mean, Phorm repeatedly redirecting the request and forging cookies rather than it's ad server substituting adverts onto target webpages.) All those of us who've sent in DPA notices will need a verifiable way to check that VM *aren't* processing our data! |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I have a much simpler method of making a web tripwire. With the beauty of AJAX it should be simple enough to generate an MD5 checksum for each individual web page then use AJAX to check if the page matches the MD5 checksum when it arrives at the users browser. If it doesn't match, simply place a HUGE RED "YOU ARE BEING SPIED ON!" banner at the top of the page :)
In fact it should be possible to create a firefox extension/addon to do it. Alexander Hanff ---------- Post added at 11:43 ---------- Previous post was at 11:38 ---------- On a side note, I slept soooooooooooo fine last night so I am nice and refreshed. I think I came up with an angle for the UK version of Computer Misuse Act 1990 in one of my dreams, I will be adding it to my article this afternoon. (Yes I actually dream about Phorm, I will do my penance later) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Maybe someone can clarify this? Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Details of how adblock+ works can be found here...
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
That seems to match my theory. So it seems the entire page is downloaded and the content policy is applied once it is loaded by the browser in real time as opposed to making physical changes to the file. Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Shame it's a Sunday -- you sound as though you're on phine phorm to have that chat with Kent... Talking of which, if you do get him on Skype sometime I wonder if you'd consider recording the conversation for future distribution? If nothing else, it would make transcribing much simpler! There's a useful summary of available applications at "How to Record Skype Conversations: Tools, Resources, Tips" :tu: |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
If I have a chat with him I will lay out my terms in an email first stating that I will be recording the call and making a copy available online and if they are not happy with that a call won't happen. Personally I would prefer to have a live chat with him for a number of reasons: 1. It can be logged so I don't have to spend hours transcribing it 2. I can formulate my questions first and cut and paste them into the chat so I don't forget anything or go off on a tangent. 3. It is -much- easier to keep your emotions in check in an Internet chat than it is on the telephone. Alexander Hanff Edit: Let's not forget also that Skype has a backdoor in it to enable the feds to monitor calls which cross the threshold between SIPS and PSTN as enforced by the FCC back in about oooo 2005 I think... "The FCC specified in an August 5 release that VOIP providers that interconnect with the PSTN must facilitate wire taps within 18 months of the release of the order (see FCC Requires VOIP E911). So at least the PSTN-connected “SkypeOut” portion of Skype’s business appears to be on the hook for compliance under the CALEA laws. But the DOJ wants more. The Department of Justice's response to the FCC's August 5 announcement, it cheered the commission for progress made, but said, in effect, the work is not yet done (see The FCC Plays Musical Chairs). The FCC's official order will arrive this month, sources say, and it will likely put more color around the new CALEA rules. But the Commission too seems to acknowledge that the issue is not yet settled. On the same day the new order was announced, it issued another notice of proposed rulemaking (NPRM) asking for a new round of comments on CALEA." (source: http://www.lightreading.com/document.asp?doc_id=79570 ) Which is exactly why I refuse to use Skype. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Surely, we won't be getting modified webpages back from sites with OIX adverts? Won't we need something that'll simply detect the repeat HTTP redirects or weird cookie activity? :shrug: |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Quote:
Why I think the collecting of a URL clickstream is just as bad as Phorm DPI full page scanning: Your ISP, like your telephone provider, is supposed to just be a conduit for the conversation, it isn't entitled to listen in and profit directly on your conversation (there is an exception, that an ISP may listen in for the express purpose of network routing for such purposes as managing high bandwidth data (e.g. streaming of films) that would otherwise impact low bandwidth activities (e.g. collecting email). A search based clickstream consists of two parts, the telephone number and the question that you are asking. Let's look at an example for a well known book seller, The first part of the URL, http://www.amazon.co.uk is the equivalent of a telephone number. If you look up the name of a book shop in your local town in the telephone directory, you'll hopefully find the telephone number. The equivalent online is performed automatically by the web browser, it asks a DNS (a sort of IP address "telephone" directory) for the IP address for Amazon. The question that I want to ask my local book shop is do you have products with Bewitched in the title? Online I would enter my question, the search term "Bewitched" into a box on the web page, but when you press <Enter> or click "Go!", your search term is converted into part of a URL s/ref=nb_ss_w_h_/202-2376015-4728622?url=search-alias%3Daps&field-keywords=Bewitched&Go.x=0&Go.y=0&Go=Go. In my opinion, the ISP has no right to record, use or directly profit from my question. The equivalent for a telephone, would be if my local telephone exchange was being wire-tapped, and a marketing company was listening in on my conversation with my local book shop, recording or using that conversation would be illegal in the UK. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
I only brought up Skype because it was previously mentioned. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
From the Wikipedia entry I took it to be more akin to a brewery paying a pub landlord to record how many customers requested beer rather than wine. I didn't notice any suggestion that any de-personalised or even individualised information is passed to Webwise just hugely amalgamated gross totals. I got the impression that Webwise wouldn't have any clue that you'd personally searched Amazon, let alone for a particular title. :shrug: Edit: Apologies -- read Hitwise for Webwise -- there's just too much wise around today! :) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
And wouldn't use any of them to discuss something that I wouldn't mind talking about in the proverbial crowded room of strangers. If it's not encrypted -- don't trust it. If it is -- don't rely on it. ;) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Lets not even get me started on Echelon. As for mobile phones, I cancelled mine at Christmas (after 8 years) due to the activation of clauses in RIPA in late October which require all mobile operators to log and retain: 1. Who made a call. 2. Where the call was made from (geographical location based on triangulation from cell towers as opposed to phone number) 3. Who received the call. 4. Where the call was received (triangulation again) 5. The time and duration of the call. Orange are constantly harassing me to pay them for the rest of my contract but I refuse. I would rather go to court and argue my case. Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
To quote Richard Clayton's technical article on how Phorm works;
"14. The Layer 7 switch will see that the request does not contain a Phorm “cookie†and will direct the request to a machine located within the ISP network that will pretend to be www.cnn.com and will return a “307†response which says, in effect, “you want that page over thereâ€Â. The page that will be directed to is webwise.net/bind/?<parameters> where the parameters record the original URL that was wanted. " I seem to remember someone over on The Reg commenting that Apple's Safari browser doesn't accept these 307-redirects, and I think I remember reading somewhere in Phorm's own guff that if your browser isn't one the "94% of browsers in use on the web" then the intercept proceeds no further." Presumably this is determined by inspecting your browser id string, so wouldn't it be possible to bypass the vast majority of the interception process by either using Safari or spoofing your own browser string? (I know, an interception has still taken place - that of your browser id string- but is it abandoned before any DPI takes place on your traffic content?) Apologies if this is going over old ground. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
For example, if I change my user agent to match the user agent of the iPhone browser (to access BBC iPlayer for example since I use 64bit Linux) it completely cocks up other sites if I try to refresh the page. Example of sites this "breaks" are Gmail and Facebook. I end up getting the page sent in a customized format for a hand held device, which is a pain in the butt to navigate on a desktop PC. In the case of gmail, it actually breaks the page if I switch User Agent in the middle of a session. Because gmail uses AJAX to update your inbox on a regular basis, it sends gmail into an infinite "We have encountered a problem" loop. Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Maybe I'm completely wrong (it has been known occasionally..) but I concluded that Hitwise relies on your ISP collating browsing data into huge, amalgamated (and necessarily anonymous) statistics, unlike Phorm which is totally dependent on targetting individual browsing habits. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
I wasn't using the sales person as a conduit to talk to the boss, the sales person was the book shop in that example. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Alexander Hanff ---------- Post added at 14:43 ---------- Previous post was at 14:28 ---------- Wow my fingers seem to be obsessed with flowers instead of books for some reason...I better check the calendar and make sure it is not a birthday/mother's day/anniversary. All references I made to flower shops should be replaced with book shop :) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Alexander if you go ahead with a chat with kent maybe doing it on irc would be a good idea? What ya think?
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
In Hitwise, because of the nature of URLs, something that I tried to explain technically in a previous post, some of your internet conversation is appended to the IP address. The Hitwise web-site was vague by what they meant by methodology, it could mean they supply either "the know how", or the software and/or hardware, to enable the ISP to collect the search terms. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
I guess it boils down to who the Layer 7 network technology belongs too, so far we have been led to believe (through their PR) that it is Phorm's. Alexander Hanff |
| All times are GMT +1. The time now is 09:32. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are Cable Forum