Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Alex I sent you a PM
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
nodpi.org goes through as does random.org they just don't like badphorm.co.uk |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
The rumours have been doing the rounds for a while now, as you'll see from the timestamps on Badphorm. Speculation here: this kind of filtering would hamper any attempts to inform BT customers of the Badphorm website, although we have no evidence whatsoever to suggest the cause of the effect you're seeing. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Anyone able to tell me, are Gyron internet owned by BT? Or are they independent?
Update: "Gyron Internet Ltd is a privately owned company" Detail here |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Alex
Your mail has arrived - a little.... well no very late, but no real issue now :) |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Request: gyron.net Registrant: Gyron Internet Ltd Sovereign House 227 Marsh Wall LONDON, E14 9SD GB Domain name: GYRON.NET Administrative Contact: Support Team, Gyron Internet noc@gyron.net Sovereign House 227 Marsh Wall LONDON, E14 9SD GB 0207 043 1443 Fax: 0207 043 1444 Technical Contact: Support Team, Gyron Internet noc@gyron.net Sovereign House 227 Marsh Wall LONDON, E14 9SD GB 0207 043 1443 Fax: 0207 043 1444 Registrar of Record: TUCOWS, INC. Record last updated on 21-Feb-2008. Record expires on 21-Mar-2009. Record created on 21-Mar-2000. Registrar Domain Name Help Center: http://domainhelp.tucows.com Domain servers in listed order: NS01.UK.GYRON.NET 83.223.127.226 NS02.UK.GYRON.NET 77.75.107.85 |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
To repeat and update earlier warning to BT customers who don't want to be involved with Phorm...
BT CUSTOMERS BEWARE Do not log into the BT site, then visit any Phorm/third party operated BT.com web site. Logging out is insufficient; it is necessary you delete all BT.com cookies. Sites Potentially Affected Include webwise.bt.com (hosted by Gyron Internet, operated by Phorm)Explanation BT seem to be using a 'single sign on' product (called Siteminder) which allows you to log in once and gain access to any BT.com web site without being prompted for your user name or password. This is convenient, you sign on once and gain seamless access to all BT.com web sites. During the login process cookie values are set for all BT.com web sites (cookies which include your email address, and a security credential which authenticates you to BT.com web sites). Your browser will present those cookies to any BT.com web site trusting that those sites would not exist without BT consent. This will include BT.com web sites operated by Phorm/third parties outside BT's network, such as webwise.bt.com and www.webwise.bt.com. This creates a security and privacy risk for the following reasons. A security risk is created because an untrustworthy third party able to operate a BT.com web site, who is able to impersonate your IP address, and present a copy of your security credential, may be able to access your BT.com services and account details. This is called a replay/spoofing attack, a known security risk in single sign on solutions. A privacy risk is created because a third party able to operate a BT.com web site has immediate access to your email address, whether or not you choose to enter that information. This allows third parties to obtain your email address, and link your email address and IP address simply by visiting their web site. When Webwise/OIX is trialled, third parties would be able to link your email address, IP address and Webwise UID. If you delete your Webwise UID cookie, third parties would be able to link old/new Webwise UIDs knowing your email address. Even when you log out of BT.com your btcom.userName cookie (which includes your email address) is persistent. Confirmation The 'BT Webwise Help Desk' said "The bt.com site includes functionality which enables it to remember users for the duration of their session (i.e. from when they sign in to when they close their web-browser), in order to provide a smoother customer experience and prevent the need to repeatedly log-in or re-state preferences. This is done by using a secure single-sign-on solution which employs cookies. The design of that system prevents unauthorised access to a user's logged-in session." "Phorm currently operates the Webwise information site (www.bt.com/webwise) on BT's behalf as a trusted partner and with BT's explicit consent (this approach is not uncommon). We are confident that this does not pose any security risk."(Note the www.bt.com/webwise redirects to webwise.bt.com) Cookies Affected SMSESSION = (Netegrity site minder encrypted cookie) btcom.userName = (email address) btcom.dateVisited = (date of visit) Conclusion By allowing Phorm to operate a *.bt.com web site... BT may be giving your email address, and security credentials away to Phorm. Sites like bt.custhelp.com and bt.webwise.com will not be affected (because the browser will not recognise them as BT.com sites). ---------- Post added at 14:50 ---------- Previous post was at 14:40 ---------- Further to above warning; K_nt Ersdfsdf said in this interview "we fully anonymise users by not tying into anything at all that the isp knows about them whether its something in their database, whether its an IP address for example which we don't use at all"Which is either untrue, or BT are giving him PII which he does not need to process. In either case, that's a clear violation of the Data Protection Act (as far as I'm concerned). Consequently it is not possible for Phorm to operate a BT.com web domain and remain compliant with DPA. Or BT need to stop giving customers email addresses and security credentials to Phorm. Or preferably do something their customers might actually value instead. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Do we need an ethical 'kitemark' for ISP's? Perhaps awarded by nodpi.org?
In order to display the kitemark, the ISP would need to state somewhere in it's T&C's that : (a) They have no plans to deploy or investigate the use of DPI for commercial reasons. (b) That if they ever did, customers would be free to walk away from any contract without penalty. (In the first point, they may need to deploy DPI kit, with a warrant, on behalf of the authorities. In the second point, I don't think it would be realistic to ask any business to commit to not doing something for all time). It might gain some publicity, both for the cause and for the ethical ISP's. It would also be interesting to see which ISP's did not apply to use it. EDIT : Also something for web sites that do not deploy ads linked to DPI generated profiles? |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Probably better for ISPReview or a similar site to issue the kite given they will undoubtedly have a great deal more exposure to "customer churn" than NoDPI is likely to experience.
But I think it is a good idea. Alexander Hanff |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Since BT say this phorm c*** will be only on their total packages will they be offering a phorm phree package?
I presume not.. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
For example Plusnet use it to ensure that gaming and VOIP traffic is always given higher priority than general browsing and email and these are given higher priority than P2P. DPI is required to differentiate between this such as genuine gaming and P2P applications attempting to circumvent controls by trying to look like gaming. Plusnet are totally open about how the Ellacoyas prioritise the different traffic types and do not use them to look at actual data contents, just to determine the traffic type. |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
On another note noticed phorm shares are down and phorm is in the bottm 4 MEC.L -35.16 PHRM.L -35.42 YELL.L -40.94 JPR.L -46.69 |
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
All times are GMT +1. The time now is 22:17. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.