Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I do. And for Virgin (and TalkTalk) customers too. I'd draw their attention to the wise words of Prof. Ross Anderson and Sir Tim Berners Lee;

“The message has to be this: if you care about your privacy, do not use BT, Virgin or Talk-Talk as your internet provider”
- Professor Ross Anderson, Cambridge University, UK (source)

"I would want to use an ISP that doesn't [monitor which websites I go to]. I personally want to feel free."
- Sir Tim Berners Lee, Inventor of the World Wide Web, Director of the World Wide Web Consortium (source)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Latest entity-relationship diagram of Phorm/BT:

http://img90.imageshack.us/img90/4263/phormumlbr9.jpg

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I quoted Dabs at the AGM (as a pertinent example to the question to Hanif Lalani regarding eCommerce). Would a firm like Dabs.com want their private unencrypted communications with customers sold to Maplin for advertising?

Of course not. It would be damaging to them. So how could the idiots at the Home Office imply any web site would tolerate interception of their private unencrypted communication.

Pete

---------- Post added at 22:26 ---------- Previous post was at 22:15 ----------

The people who want to do this, are mad. Simply mad. Particularly so if a certain bunch of alleged spyware/rootkit suppliers are involved in any way shape or Phorm.

Why? Because if you can't trust your ISP, you're going to tend toward encrypting your data (if you've got any sense). Server and client side. Encrypted web sites, encrypted email.

When that happens, how are they going to sustain their clever 'security' measures, if they can't read a flipping thing anyone transmits. How are they going to differentiate between suspicious use of encryption, and general use of encryption?

Suddenly the promise of security through intrusion evaporates, and you're left in a bleak world where the Govt has even less idea what even the crooks are up to because they can't be separated from normal society, and the communication data can't be decoded.

:doh:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

the kit we use, uses this passive mode to monitor traffic volume and network strends, it can also archive, IM traffic, emails and lots of other scary stuff it is mainly used to demo to clients just what is going on on their networks.

the scary mode of the kit we use is transparent, you stick it in the line and the network cards do not have mac addresses or IP addresses, it can then inspect, listen, block traffic, (i must add the kit does not add anything as it is firewall / content filter / traffic shaping kit)

with a small agent on a pc it can even tell you the apps listening on what port, inventory hardware and software and many more scary things

peter

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Plus the information overload which would remove vital personnel from the front line defenses in the back-room probably dealing with too many false reports!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

IMP currently doesn't exist and may never according to the debate in the HoL on Thursday. It is being discussed but no decisions have been made as far as I am aware. Certainly that is what Lord Spithead stated in his reply.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Yup, as I said, it is still very much a concept only, with out any concrete plans currently in place.

It is worth noting that Richard Thomas recently commented on proposals for IMP and if I remember correctly stated something along the lines of "I don't think this would be legal." or words to that effect. I don't have the reference to hand but it shouldn't be too hard to dig up, it was just last week if I remember correctly.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

BT did not claim it - it is part of Richard Clayton's 2nd version of how the intercept system works. The script is being modified so that repeated calls with no answer turn off the redirection - http://www.lightbluetouchpaper.org/2...ges-all-alike/ - "It is also apparent that if you resolve webwise.net to 127.0.0.1 that you’ll never get past the first redirection; and you will need to rely on the Phorm system spotting these repeated failures and turning off redirection for your IP address."

Somewhere else I recall reading that this would not be ready for the trial.

Until there is a full technical analysis of the 'final version' I leave an unasked question hanging in the air.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Thank you for the info. I was truthfully about to order something from Dabs.com this weekend. Boycott begins from now.

Hey, I get a chance to vote with my pocket already. ;)

I though Virgin Media could be my first boycott. I don't buy anything from the known OIX sites anyhow.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

>Thank you for the info. I was truthfully about to order something from Dabs.com this weekend. Boycott begins from now.

That's great - but be sure to let them know why you're boycotting them, or BT won't be motivated to change their behaviour.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Please do your homework before commenting on the abilities of others and their decision about which flag to support. Providing a daily 'blog' of your new discoveries would be very informative to old and new readers alike. What I report below is my blog of what I have learned today about some tracking cookies (I suspected it, but did not KNOW it).

While you are looking for flags .... have you been able to discover the difference between the tracking scripts used by [generically] search engines, AOL, Research Science, omniture, 2o7 (are they still into adult content?), ad networks, plus many others that are hosted by sites and seen by the webmaster as a benefit to the site, and Phorm/OIX and other profilers?

Have you analysed them and decided which ones you will ensure are permitted and which are permanently blocked from your system, which cookies you regularly delete before closing a browser session, which sites you will never open in the same window as the window/browser which was used to visit a site hosting one of these scripts?

Just one site - bt.com - hosts tracking scripts from 5 (could be more) different domains - and that is before they start to use any DPI to track their customers around the internet.

In general, do you allow tracking cookies?

I personally will never enable javascript, accept cookies nor fill in a form on any site which hosts 3rd party tracking cookies. There are plenty of sites out there that are internet savvy about security and do respect the privacy of their visitors and I would rather support them.

Who are the worst sites on the internet? - banking.

I have just looked at one bank's home page - I won't mention the name. They have tried to set cookies (without javascript) in the following domains.

domain=.mediaplex.com (Mediaplex - Intelligent Technology for Digital Marketing, Provides online advertising, direct marketing and interactive marketing technologies.)
domain=.apmebf.com - blocked by spybot, quantcast says of it 'Apmebf.com is a top 10,000 site that reaches over 324K U.S. monthly uniques. The site is popular among a youthful, very slightly female biased crowd.The typical visitor visits ...' (neither me nor the bank I visited is USA based but quantcast knows how many calls there are to the site and the demographics of those 'visitors' - try visiting the site - "Network Error
An error occurred while accessing "apmebf.com".
Maybe the domain name is not valid or there's a typo in the internet address."), also used by some affiliate networks during redirects

Generally, both domains appear on lists of domains which are blocked as adware.

I tried another bank and no cookies were set with javascript disabled. However, allowing javascript tries to give me cookies that originate from
touchclarity (omniture) where the CNAME for the bank's subdomain resolves to tcliveeu.com - IP range belongs to omniture
and a HitBox Gateway cookies where the CNAME for the bank's subdomain resolves to a hitbox.com domain

Now, why would banks want to give visitor tracking history to 3rd parties AND expect people to use internet banking? In case you are wondering - I actually bank with both banks used in this little exercise and never use any service other than their counter service, nor am I ever likely to use any internet service they offer. I just have to trust that the intranet used to record bank transactions is more secure.

Before you say, see, Phorm is not so bad, it gives you privacy. What? - where? - how? Will Phorm report the leakage of PII that these bank sites stream? I don't usually visit these sites. My browser blocks these tracking cookies - I could only find them in the browser logs with none saved to my computer's disk. What I don't know is how much the javascripts sent to the 3rd party sites. Frightening.

How does the Phorm tracking get blocked? - by changing to a non Phorming ISP - this is the only way.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I tried apmebf.com and got a redirect to a site owned by Commission Junction.

A quick check up on CJ shows that they are owned by ValueClick and that both companies are being sued in the US under a Class Act law suit realting to adware activity with a final ruling expected early next year. CJ were also dropped by eBay earlier this year at which point those "324k" monthly clicks dropped to around 30k.

Many non-techy computer users are aware of the presence and purpose of these tracking cookies and many more are now clued up on the sort of data gathering conducted by sites like Google.

What annoys me is the fact that Ken Turtleleg keeps wittering on about how his product is "safer" than these others but he forgets to mention that the other tracking apps will still be there. Even if Webwise is the most secure and none personalised system in the world it is still just another form of tracking and will do nothing to enhance privacy as all the rest will still be there.

The other fact that Phorm seem to ignore is that if DPI by ISPs is approved there will be a lot of competition and we won't just be trawled once when we access the internet - we'll be put through the same process dozens of times by the same or other companies as our webpage requests are not a simple, direct link conducted entirely on our own ISP's system.

If Phorm's system adds, say, a 1% overhead, you then have to factor in all of the other points in the chain where such inspections can take place. Every picture hosted off-site could involve another scan and so it goes on. In a very short time span the internet would end up with 1% useful traffic and 99% interception which will leave the ISPs having to purchase far greater bandwidth than at present. The very systems that the ISPs believe will make them money will cost them many more times as much as they make from a few adverts or they will be forced to raise their charges to the end-users.

The authorities are looking at the situation in terms of one interception per data request. That's not how it will happen and the internet will be massively overloaded within months unless action is taken to keep the internet open and free from any unnecessary interceptions.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I am hoping that AD will also discover this, and learn something.

It is more like 2 redirects if you started with the non-www domain and the browser redirected to the www domain. apmebf.com goes nowhere.

www dot apmebf.com has a meta refresh to cj.com - a page telling me what to do if I have received spam. However, the www domain does also contain some text "You are currently being redirected to an information page about qksrv.net. If your browser does not support redirects, please click here to access the page directly." Odd that, as I was not requesting any domain called qksrv.net - looks like that is the spyware domain

I used the non-www domain in the quote as that was the domain quoted by quantcast. I assume that they are like alexa and count all subdomains when counting hits. It looks like every site hosting the adware tracking script gets its own subdomain of apmebf.com

Anyway, I hope this small digression from the thread shows something of what internet users think of tracking cookies and the length businesses go to to try and keep the tracking going. CJ looks like such a respected business - it provides advertising [affiliate] content to millions of websites. Imagine the database it has and how much it earns by selling the data - it even knows the monetary value and which product the affiliate / advertiser site visitor bought.

Imagine the effect of mission creep between the 2 tracking systems.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

As people here will be aware, I'm always interested in what ISNT said, and what questions ARENT answered.

It strikes me that BT have delayed the trials because of unanswered questions that either they hadn't thought of, or that they didn't think the public would care about. And they have been retrofitting that trial like mad to try and make it "fit" the new climate. And they aren't ready yet.

We are now in the interesting phase of growing "perception" particularly amongst the legislative/enforcement community, and amongst BT customers and shareholders. So the longer the trials can be delayed the better because I think the legislative/enforcement process may create further difficulties for Phorm/Webwise.

So what else might BT not have thought about, or be hoping that no one actually asks them?

If you wanted to challenge BT (and hence the other watching and waiting ISP's) about the UNanswered questions prior to their trialling of Webwise, what do think would be on the list?

At he moment my list includes the following fairly obvious ones - but I'd like a few more with worrying legal implications.

When are the trials going to start?

Will the Webwise trial invitation pop up during ordinary browsing of anyone using a BT Broadband Residential IP address, or only when a BT Broadband Residential customer visits www.bt.com or BTYahoo! customer pages as a logged in and verified BTBroadband residential primary account holder?

What steps will be taken to check that the person responding to the Webwise invitation is the BT Broadband primary account holder? At the moment extra password control is used to check the identity of anyone trying to alter personal info or account details on a BT Broadband account. Yet with Webwise it looks as if ANYONE will be able to opt in to Webwise and thus effect a change in the T&C's of the BT Broadband primary account.

How will the BT Broadband primary account holder be notified of the change to their T&C's, in the event that a third party consents to Webwise while using the BT Account holder's IP address?

Is BT confident that a material change to the T&C's of a BT Broadband residential primary account holder can be enforced in law, when for example a child of 10 (or anyoone else) using their laptop at home, on the BT Broadband IP address, during a browsing session which the parent thought was controlled, innocently clicks on a Webwise invitation?

If a third party using the BT Broadband account holder's IP address (say an adult daughter with her own laptop visting home from uni) gets the pop up Webwise invitation and chooses to opt-IN to the Webwise trial without the BT Broadband primary account holders knowledge, and the primary BT Broadband residential account holder independently and later, not knowing the action taken by their adult child, who is no longer in the house) chooses to block a variety of domains using a hosts file, including key domains connected with Webwise, what will happen to their browsing?

How often should a BT Broadband primary account holder (for BT Webwise cookies) check all the computers belonging to all the people who might be sharing (or have shared) his IP address?

What information are helpdesks going to be given about the Webwise system and possible technical difficulties? In previous covert trials they have been given NO information and have therefore misled customers, resulting in those customers suffering material harm.

What is the FULL list of domains associated with Webwise operation?

Now - anyone got any fairly simple legal or other technical questions of the sort that could be asked of BT (or VM or TalkTalk when it is their turn), and which they might not yet have answers to?

The sort of question I'm after is the sort that might make the BT "lawyer" or exec say "oh ***** we didn't think of that!" - or "oh ****** - we hoped no one would notice that!" - and cause a further delay.

Any thoughts anyone, and I'll compile a list.