|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Dephormation.org has various webmaster tools available but I haven't examined them yet - I will if Webwise actually goes live. The one I would most like is the Webwise detector, followed by a redirection of the Webwise-using browser by the affected site, to a Phorm/Webwise information page which encourages people to opt out of Webwise, complain to their ISP and offers links to all the various anti-Webwise sites available. Now that is what I call targeted advertising! |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
What we should be doing is encouraging as many website owners as possible to place a notice on their site prohibiting interception. If we all do it in our own words to make it difficult for Phorm to automatically detect the notice - so much the better. If the notice is there they have to obey it. What should be happening is that Phorm specify either an entry in robots.txt, or a similar file just for this purpose, which permits Phorm and any similar organisations to intercept the traffic for profiling providing the visitor to the website has also given their informed consent. That is it should be an opt in for websites as well as the Phormed ISPs users. I'm having a PM conversation with Pete @ dephormation about something that would complement this approach very nicely - I hope he'll have something to announce soon. ---------- Post added at 17:24 ---------- Previous post was at 17:22 ---------- Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
http://www.intelcommsalliance.com/ks...04daf53086f015 |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Name: PHPSESSID Content: 6eb1b36ac1a808a682d5c741990b14aa Host: www.webwise.bt.com Path: / Send For: Any type of connection Expires: at end of session Do the lookups and see - webwise.bt.com WHOIS lookup appears kosher, but the reverse IP lookups on the resultant IP's 88.208.250.85 88.208.248.102 88.208.250.66 show the FASTHOSTS details. They seem to have got rid of the IP address that resolved back to Phorm, within the last week. So the pressure is getting to them! They do pretend it's on bt.com in some of their links which put http://bt.com/webwise/ in your browser - but after a lengthy pause and a lot of status bar activity, it ends up at http://www.webwise.bt.com/webwise/index.php and that doesn't resolve to a BT host. I've been asking BT to put their Webwise FAQ on pages hosted on their own domain and they said to me they would do it (a week ago) but they haven't done it yet - at least a site search doesn't find it except on the webwise.bt.com pages. So anyone with Webwise urls blocked can't read the BT Webwise FAQ. Bit much when your ISP puts really vital information on pages hosted outside the internal IP range it is officially responsible for. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
The BT produced schematic for how the trial will work, shows that if there is an opt-out cookie present or if you block Webwise.net, then you data goes nowhere near the profiler. See: http://webwise.bt.com/webwise/customer_choice.html However, if you op-in to the trial and then block Webwise.net, then my understanding is that your browsing could well grind to a halt. John |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Beginning of quote - 11) What will happen to the "browsing experience" of a BT customer who adds all the various oix/phorm/webwise domains to his/her HOSTS file, once Webwise/Phorm is in place? Will that "break" my browsing experience? Answer from manager - If a customer who is invited to participate in the trial adds www.webwise.net to their local HOSTS file with the resolved address of 127.0.0.1, they will not be able to browse the Internet on HTTP port 80 on that PC for the period of the trial. This is because access to www.webwise.net is required in order to process the consent status of the user during the trial. Instead, and as per the advice on the www.bt.com/webwise site, the recommended approach for excluding a PC from the Webwise service if the user regularly deletes cookies is to add www.webwise.net to the browser's blocked cookie list. As previously stated, in parallel with the forthcoming trial, we are developing a solution which will manage the choice of users without the use of cookies. We believe this approach is reasonable and is supported by the advice we have received. - end of quote As you can see the answer is ambiguous, and only refers to the trial. It suggests that the trial will require a cookie based opt-out but leaves open the possibility of a non cookie based opt-out for the future. As you can see the answer avoids dealing with the situation of a customer who is NOT in the trial, but has no cookie, and who has the webwise.net domain blocked in HOSTS. I'm sure this vagueness is deliberate. If the trial goes ahead, we'll find out very easily.It could be argued from this manager's answer that even opting out (or ignoring) the trial altogether, will require a cookie and access to www.webwise.net. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Phorm's approach is "Trust us, we're the good guys even though we won't let you anywhere near our kit". |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
The reason for this is all traffic for the entire exchange will be passed through the Layer 7 technology during the trial and then redirected as described by Dr Richard Clayton to a "special machine" masquerading as the web site you want to access. This is the main consequence of the cookie system they are currently using. If you note the correspondence R Jones had with BT (above) you can see it states any user who is "invited" to the trials, not any user who "accepts" an invite. When you read that statement and understand the technical analysis by Richard it is clear that this will include everyone in the exchange as it specifically needs to go to the webwise domain to get the opt-out cookie. If you redirect to localhost that cookie will never be set and you will be stuck in a loop. The loop that Kent stated could only ever effect a maximum of 1% of customers... Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
LOL - Only joshing :dunce::dunce::dunce: (I imagine that would be a step too far and technically hard to do) Hank |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
RE: Secure banking.
Most users online that i know of, myself included have a list of maybe half a dozen passwords/datasets that are frequently used, for instance some people use the same passwords for email (secure and unsecure webbased), forums and banking. Its not outside the realm of possibility to get a users profile and figure out his half dozen passwords and the URL of his bank, then brute force the account with a very small list (generaly 3 attempts before the account is locked and you need to call up your bank) that would result in a 50% chance of gaining access to someones account. This without even discusing the possibilities of an external organisation gaining control of the packet filtering equipment and monitoring the streams from users at a given exchange to their own ends, then redirecting traffic to a spoofed DNS that again redirects people to a frudulent mirror of your banks site. You honestly think that serious criminal and terrorist organisations have no interest in an almost unlimited free source of additional income to pay for whatever will forward their agendas? even if such a move involved actual physical access to the equipment its a striaght forward matter to hand an openreach worker a nice fat brown envelope to look the other way for 30 mins whilst you peruse the premises. Think about this: I (Being a criminal mastermind genius) start sniffing on customers data and begin compiling a list for each customers passwords over unsecured connections. I also generate a list for each customers online banking urls (not the actual secure stuff just the site URL) I also spend a couple of hundred opening bank accounts to the sites found to be most frequently used, i do this merely to gain access to those bank sites and set up my own fake servers, you have to speculate to accumulate ;) Now after mirroring my own bogus servers i start redirecting traffic to them using phorms equipment to route everything through my own shady DNS servers, i do this only to harvest customer passwords and once i have these passwords i display an error stating the website is currently down for "Maintainance" followed by an appology and a request to "please allow up to 24hrs while we fix our errors." (Masterminds are not all like Blofeld we can be nice too) After 12~18hrs i stop redirecting traffic, and do this same redirection every few weeks for the next 6 months farming as much as i can. After this 6 months i would purchase my flights to a non extradition country with a damned good telecommunications network (Russia and China spring to mind as fun destinations) i then run my script to systematicaly log in to and transfer money out of the millions of valid accounts now at my disposal, starting with all business accounts (netting me the most cash) right down through to individal personal accounts. Funneling all this cash into a long list of seperate accounts abroad (that i would have been spending the 6 month profiling time setting up) this is to avoid suspicion of every british resident dumping money into a single tracable account and raising a red flag. Then i would start phase 2 to swap the money around these accounts and bounce it around a little before trickling into a nice large private account, the trick is to keep it moving around and confuse anoyone looking to trace it to a single point, after nine hours of reviewing logs anyone will go squeg eyed and begin to make errors. After touching down in Russia i would then extract as much cash as i could by hand and place it onto a few banks over there before transfering it around further, using some to get myself a nice "black market" new identity. To move around to another country where i would hapily reside for the rest of my life knee deep in banknotes. Once set up i would forward Kent an email enquiring as to the point of targeting adverts to anyone online in the UK when they no longer had any money to be interested in any of them. Thereby pulling off the biggest bank heist in history and netting myself a nice little sum to start a new life of absurd and unending pleasures beyond anyones wildest dreams. Of course i would totaly cripple the UK economy as residents and businessmen woke the next day to have their cards eaten by the machines. But frankly to hell with you guys, i can afford a slew of lawyers to fend you off :) All this with a few months of setup, without having to resort to violence or raising my voice and not placing a single hostage or even myself at any risk. The best of it is that since the police and home office are entirely reluctant to investigate what happens online it could take months of red tape before a single suspect is generated let alone people pointing the finger at me :D It would however make an awesome screenplay (and this has the added benifit of not having an angry nation track me down like the dog that i am.) Ok so maybe im scaremongeing and just a touch sarcastic and upon rereading it, I seem to descend entirely into paranoid drivel and sheer tinfoil hattery. But the simple fact is that monitoring SSL and https isnt nessisary to gain some seriously sensitive information on a person that could be used to his or her detriment. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
More answers from a BT manager. As the person in question is now going on holiday, no more answers for a while! (unless I can provoke someone else or head back upstairs to the CEO's penthouse!)
The questions are somewhat edited, but I've left their version of the question for clarity. These are official management level BT responses. The good thing is that having got someone's attention, I have been given answers and courteous replies for which I am grateful. The content of the replies may still be very very unsatisfactory, but I am getting responses. I'm grateful for small mercies. (beginning of BT quote) 1. Website cookie forging by Webwise/Phorm remains murky and unexplained by Phorm - who gave anyone permission to forge a cookie purporting to come from one of my registered domains? I withhold consent for BT/Phorm to use the domain names of my sites within any cookie set by Webwise. A: Webwise cookies are clearly associated with the Webwise service. Where a website uses cookies, we prefix the Webwise UID (unique ID, a random number) to a cookie coming from the website. It is clear in this cookie at what point the Webwise UID starts and the domain cookie stops (and vice versa). Where cookies are not used by a website, only the Webwise UID is placed into a new cookie which will be associated with the domain of the website being visited. In both cases, the Webwise UID element of the cookie is clearly labelled so as to be associated with the Webwise service. 2. In response to your question this week - whether or not you are liable to prosecution if you visit websites like Amazon etc.... A: Any user who has consented to taking the BT Webwise service will not make any unauthorised use of a website as a result of taking the Webwise service. BT has carefully considered the privacy and legal issues arising from the BT Webwise service and we are confident that operating the service does not lead to issues for our users in this regard. 3. In response to your question yesterday regarding the legality of Webwise/Phorm following the publication of the latest FIPR report and the forthcoming trial dates..... BT and Phorm have sought extensive legal advice over the last two years and been in regular contact with both the ICO and Home Office. I am sure you have seen their recent statements also. We have also reviewed the FIPR report. BT is, of course, aware of the legal requirements regarding interception of communications under the Regulation of Investigatory Powers Act 2000. We consider that the steps we are taking will meet the legal requirements of RIPA and also ensure that customers are able to take a fully informed decision as to whether to take the service (it will be optional and customers will have a clear choice). Furthermore we are confident that Webwise/our approach conforms with other relevant UK laws. We will commence trialling BT Webwise shortly and have committed to providing at least 24 hours notice prior to commencing the trial. We will do this via the BT forums etc.. Rest assured it is not unusual for trial/launch dates to change..... (end BT quote) I think that does not add anything much - it all basically reads to me like - "we know what we are doing and its legal so there!" The cookie answer leaves me somewhat speechless. I hope this person never finds my credit card or cheque book in the street - they may feel they can write my signature on the cheques and use them in the few shops that still take such things. Maybe they would clone my credit card, stick a Webwise logo on it and use it to buy things! If they say that is legal, it must be! I suppose its now time to examine cookies from a variety of organisations to see how obvious it is where they come from. I'll start with BT. And the one good bit - I can now access Webwise FAQ without going to webwise.bt.com. It is interesting to see BT being responsive - I've never ever experienced this level of responsiveness from senior management - usually its one emollient email promising the earth and then back to the normal business of ignoring us and leaving us to the mercy of the outsourced drones - they must be really really rattled. (Recommence BT quote here) Finally we have been working on the Webwise FAQ information on bt.com. It is a work in progress at the moment and there will be further changes to it between now and the trial but for the time being you can access the information via the URL http://www.productsandservices.bt.co...=CON-WEBWISE-I End of BT quote I recommend the experts here to browse the BT Webwise FAQ. It has some gems - for example Q - Will this disrupt my service or make browsing slower? A- No. BT Webwise is run from BT's networks, so it won't disrupt your service or make it slower. Note that - not even 1% of people will be affected. Just a straight NO I love it. If BT were the ministry of Transport... Q - Will the three lanes of roadworks on the M25 and the closure and diversion between Junctions 23 and 27 during June, July and August, affect my commuting journey? A- No, it won't disrupt your journey or make it slower. Bye. |
| All times are GMT +1. The time now is 00:48. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum