Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Just come across this
http://www.lancs.ac.uk/iss/rules/cmisuse.htm

I particularly like the inference from Example 1
In my head the webwise system is using another person's id to get the data from my password protected systems - in breach of the computer misuse act?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

http://www.p2pnet.net/story/15980

There you go.

Alexander Hanff

---------- Post added at 19:24 ---------- Previous post was at 19:22 ----------

You in Lancaster too? Maybe we could get together after next week (when I finish my degree) for coffee and a chat if you like?

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Unfortunately, not been there for many years. I sometimes stop in again if I'm in the area, but it's been more years than I care to remember since I was at Uni there.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Looks good Alexander, the bibliography alone will keep me busy for hours.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I don't think this has been mentioned on here yet (thanks to madslug on BadPhorm forums for spotting it):

Change to webwise FAQ http://www.webwise.com/how-it-works/faq.html

"What about FIPR's analysis of the legality and RIPA?

We don't agree with FIPR's analysis. And its description of the Phorm system is inaccurate. Our technology complies with the Data Protection Act, RIPA and other applicable UK laws. We've sought our own legal opinions as well as consulted widely with experts such as Ernst & Young, 80/20 Thinking, the Home Office, Ofcom and the Information Commissioner's Office (ICO). We discussed our system with the ICO prior to launching it and continue to be in dialogue with the organisation."

I find it rich that they accuse FIPR of inaccurately describing the phorm system, in the light of phorms own inaccurate description of the system to Richard Clayton. I think it is an indication of how BT will try to discredit opponents of phorm/webwise.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

The entire comment is completely untenable given the fact that they had the opportunity to correct any errors (and reportedly did so) before Dr Clayton published the analysis. The published document was agreed to be accurate by Phorm themselves.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I suppose FIPR can always say that they had to rely on Clayton 1.0, and ICO 1.0 whereas we are now on Clayton 1.3 and ICO 1.3. Clayton 1.3 of course had to be issued because Phorm had a sudden rush of blood to the head and remembered there were more browser redirects than they had originally told Dr Clayton about in the first version.

---------- Post added at 21:39 ---------- Previous post was at 21:08 ----------

I've now found the relevant bit of an email from BT about this: (from Director, Value Added Services)

Now let me try to allay your concerns as to what will happen with the private, password protected areas of your own website……

First of all let me say that we completely understand the potential concerns of some website owners, who have sensitive/private/password protected websites or areas on their website, and are taking the necessary steps to ensure that password protected sites are excluded from this service and no information will be scanned from these pages. We are also excluding a range of more sensitive categories for example medical, religious and gambling websites. We are also taking steps to ensure that those websites that do not want search engines to 'crawl' them (by the use of robots.txt) will also be excluded from the Webwise service.

And here is the extensive explanation from the BT Webwise FAQ
http://webwise.bt.com/webwise/help.h...14,15,16,17,18

Actuallly it's so extensive, it's worth quoting in full
"BT Webwise does not scan password-protected content so it is ignored."

Richard Clayton Mark 3 (after Phorm phessed up to misleading him)
http://www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf
refers to this briefly in para 37, p5

---------- Post added at 21:43 ---------- Previous post was at 21:39 ----------

Did you mean Clayton or Bohm here Alexander?

the problem is that the Phorm goalposts are sliding sideways at the moment, a bit like the ad boards go up and down on the side of the pitch. As Dr Clayton is finding - having to constantly revise his analysis because Phorm keep "remembering" things they forgot to tell him earlier.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Dr Clayton. It was his technical paper which originally alleged the technology was illegal iirc, which is what the webwise citation is referring to.

Alexander Hanff

Re: Virgin Media and BT both part of the ISPA
 

That could get quite expensive for BT.

OTELO is an OFCOM approved Alternative Dispute Resolution (arbitration) service.

OfCom require communication providers to be a member of either OTELO or CISAS. Customers can complain to an ISP's ADR once their provider's internal complaint procedure has been exhausted (a deadlock letter is usually required, or else proof that the complaint has not been resolved within three months). The ADR's decision is binding on the ISP.

It is free for the complainant as the ISP picks up OTELO's case fees (was £325 per case in 2005 - http://www.otelo.org.uk/downloads/Cu...Survey2005.pdf )

http://www.otelo.org.uk/pages/4howtocomplain.php

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Thanks for that - I'll raise the question in my next exchange.

Just had a thought - does anyone have details of the IP ranges for the affected ISPs (or the default dynamic names given) in order to warn their victims?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Pete at Dephormation.org.uk

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Bit old, but does this sort of thing help to explain a man in the middle attack to joe public?

http://www.dailymail.co.uk/news/arti...staurants.html

Especially when lots of big name companies tell you it's perfectly safe. In fact, an improvement on what you had before, and nothing can go wrong. Trust us.

There are probably better articles to quote out there somewhere.

edit : (sorry, ISP in the middle, with a dodgy mate, who employs dodgy people, from dodgy countries)

edit again: Of course, if your chip and pin has been nicked, eventually the problem will go away when you change your bank account number and card etc. You will have to do all that and move house if phorm goes wrong. And even then they will have your name, DoB, NI number etc..

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I’ve just seen Procera Networks’ advert for universal end-to-end encryption!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Just seen the BT ad on the box. Looks like the bloke's about to cheat on his missus.:shocked:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

just looking at the first line of my yahoo cookie from BT

Y
v=1&n=fdv4pcpalqqrg&l=6h4o2em@1j8dj4hd4j.2ec/o&p=m21vvuk013000000&iz=MEXX5DT&r=ia&lg=en-GB&intl=uk
yahoo.com/

notice the bit in red

MY POSTCODE!!!!!! (x'ed out 2 chars for privacy)

easy for phorm to get my post code and match it to MY unique random number ID as when you logon to parental controls it will see the cookie go by along with its own

i also notice the reference to strings of numbers longer than 3 digits has gone from the webwise faq page

also notice http://routeplanner.rac.co.uk/showmulti.php?saddress=meXX%205dt&daddress=b69%206lt&vaddress1=&vaddress2=&vaddress 3=&vaddress4=&vaddress5=&rtype=fast&preferences=3& trafficconditions=3&maptype=JAVA&nextgengeo=1

can pick up post code from travel sites when it passes data from one page to the next (my postcode above in red x'ed again),

so no identifiable data???? pull the other one