Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Completely ignored your question and your concerns. Altering an existing cookie from a domain without permission could be seen to infringe Copyright, Designs and Patents Act 1988 as well as Computer Misuse Act 1990 and Fraud Act 2006. Creating a new cookie because a domain does not issues cookies, is almost definitely a violation of Fraud Act 2006 as explained by Dr Richard Clayton at the PIA public meeting.

Nicholas Bohm is currently looking into this issue after I raised my concerns with him on the subject of complicity. It would seem likely that if the system is illegal, knowingly opting into that system and then initiating an unauthorised interception by communicating with a web site who have denied consent, that the user would be complicit and guilty of incitement.

An outright lie. It has been confirmed by the Home Office and ICO that neither BT nor Phorm have communicated with them prior to January this year. Also, they have yet again left themselves wide open for liability with regards to the 2006/2007 trials in saying they believe the steps they "are taking" will be compatible with RIPA as opposed to saying the system is currently and always has been compatible with RIPA.

Basically, their entire reply is nothing but a charade.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

The senior managers at BT are, to all intents and purposes, smoking their own dope.

:dozey:

Hank

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I had a feeling you'd be underwhelmed. ;)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Alexander and Robert

Thanks for your explanations regarding my post #4851, much appreciated.

John

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Excellent :D

But I think you've missed that Man In The Middle can and does know what encrypted data was transferred to your machine when you went to your bank's login page. That page is (if it's like my bank's) full of "we is teh secure" logos + the usual corporate graphic identity crap. That's a damn good start to cracking an SSL session key which is why people who know worry about MITM attacks. The best way to crack any kind of crypto is to have an example of what the answer was. Every session may be "unique" (within the limits of finite integers) but if you have that level of access to a version of the answer then maybe it wouldn't be that hard. History shows that, very often.

Pick two places in the world where I would go to get some serious maths (of the crypto kind) done...

My bank told me to contact my ISP if I had any privacy concerns. My credit card company didn't even bother to respond to my secure message. Not naming any names but :naughty: let's just say I think that Smile and Egg are a bit thick when it comes to stuff like this.

Dave

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I wonder if it might rattle BT's corporate cage if you asked them to publicly indemnify all consenting BT Webwise users should any legal proceedings be started against them? (Although if I remember correctly, you cannot enforce an indemnity against an illegal action?)

If nothing else, it might get somebody to evaluate the potential legal liability should all BT's privacy and legal research be overturned...

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

OK Update on the video. I just had a very long phone call with Simon who was good to his word and phoned me back. He assures me he is on the case with regards the video and we should have some official statement on it soon.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

The next question to follow up BT's answer on this one is along the lines of:..
"I showed your answer to website TOUGHGUYdotCOM and they said they specifically forbid me to visit their site and they also specifically forbid you to use their domain name in their cookie,and they said there was a notice to that effect on their site, and that if they saw me anywhere near their site with my Webwise rubbish, they'd sue the kilobytes off both me and my *!X$*|**! ISP - is it still safe to visit that site while signed up to Webwise?"

They amaze me - they seem to think that if they say it's legal then everything is okay no matter what any other party thinks.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

If they thought it was legal, they would be running the trial now.

One day, with all the cut and paste going on, they will make a mistake and send something out with all the legal/PR comments included.;)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Has anyone seen or mentioned http://www.theregister.co.uk/2008/04...rial_ad_firms/ yet?

"The Anti-Spyware Coalition has launched a review of Phorm, NebuAd, and other behavioral targeting firms that track user data from inside the world's ISPs.

Today, the ASC - a collection of anti-spyware companies, academics, and various consumer advocates - announced a new internal working group to decide how Phorm and the Phormettes will affect the organization's overarching policies on spyware....

[snip]

Phorm hasn't officially rolled out its service, but it has agreements with BT, Carphone Warehouse, and Virgin in the UK (though Virgin insists this does not mean it will actually use the service). Carphone has said it will ask for user consent before turning Phorm on, but the others have not. In 2006 and 2007, Phorm conducted trials on BT's network without telling customers diddly."

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I think Alexander has discussed it on Badphorm. There is also a 'related link' on the recent BBC pages to the Anti-spyware coalition.

ISP-in-the-middle attacks must be very fertile ground for them!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I've been wondering about this. Why are BT et al allowed no access to the software running on the phorm box(s)?

From what we have been led to believe, all they are doing are some cookie placement, 307 redirects, ad placement and profiling of pages visited.

Cookies... duh!

307 redirects are a standard HTTP protocol mechanism.

Ad placement is just placing a pic in a given box based on a randomised or prioritised queue.

Profiling involves (from what I remember) removing chaff and generating a list of the most commonly used words on the page that was browsed and then categorising it.

None of this requires any commercially sensitive algorithms or coding. The whole system is actually pretty simple and I could probably have a good stab at writing it in a few hours.

There is NO reason why phorm could not supply the software to the ISPys in source code format and allow them to inspect the code and build and deploy it themselves.

Why the secrecy?

Why the apparent willingness of the ISPy network engineers to jeopardise potentially their careers and possibly time at her nibs's pleasure or loss of serious pocket money of the managers in allowing it?

I think we should be told.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I've mentioned before how as an IT professional I find it offensive and unacceptable that anything on my network's internal infrastructure should not be accessible to me to monitor, manage, report and audit. If I (and others who've commented on this aspect) are as aghast as we are then how the hell are ISPs falling for the "You can trust us" approach?

Everything on a network infrastructure has to have an audit trail or changelog of some description. It's basic management stuff. By allowing an alien presence on your network the ISP is leaving itself wide open to abuse by Phorm (or whoever the provider is) which it cannot track or do anything about.

It all comes back to the keywords of openness, honesty and transparency.

Let's rearrange that into Honesty, Openness and Transparency. The HOT test. We could add Respect into the mix and make it the THOR test. Personally I don't like the way the word "respect" has been twisted in common parlance, so I'll stick with the HOT test.

And right now I don't think Phorm gets anywhere near passing the HOT test.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Excuse me Mr. ISP. Can I put my box right in front of your pipe and you just give it all to me! i promise you'll have lots of money.

(Apologies for the crude euphemism but it just fits so well)

((Damn! :)))

I wouldn't allow it, if I was in charge of a major public network infrastructure. (any jobs going in that area yet? :))

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

http://www.phormdesign.co.uk/
[img]Download Failed (1)[/img]


http://www.phorm.com/
[img]Download Failed (1)[/img]