Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Virgin Media Internet Service (https://www.cableforum.uk/board/forumdisplay.php?f=12)
-   -   Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] (https://www.cableforum.uk/board/showthread.php?t=33628733)

oblonsky 06-06-2008 14:49

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Quote:

Originally Posted by bluecar1 (Post 34569245)
just tested as suggested over on badphorm, anything that has the badphorm .co.uk tag in it is dumped in bulk

interesting

just the word phorm goes through ok

Maybe you could also test with another random blog .co.uk domain name that has nothing to do with Phorm? To be honest this could be a red herring as spam scoring takes a number of factors into account, one of which is usually the precense of a URL (common in SPAM). So e.g. guardian.co.uk would go to spam? Or another forum site that has never mentioned Phorm?

Privacy_Matters 06-06-2008 14:54

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Alex I sent you a PM

bluecar1 06-06-2008 14:58

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Quote:

Originally Posted by oblonsky (Post 34569251)
Maybe you could also test with another random blog .co.uk domain name that has nothing to do with Phorm? To be honest this could be a red herring as spam scoring takes a number of factors into account, one of which is usually the precense of a URL (common in SPAM). So e.g. guardian.co.uk would go to spam? Or another forum site that has never mentioned Phorm?

nope,

nodpi.org goes through as does random.org

they just don't like badphorm.co.uk

oblonsky 06-06-2008 15:13

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Quote:

Originally Posted by bluecar1 (Post 34569275)
nope,

nodpi.org goes through as does random.org

they just don't like badphorm.co.uk

Just for completeness, would you mind trying a regular email which references cableforum.co.uk and one which references adslguide.co.uk? This really is rather interesting.

The rumours have been doing the rounds for a while now, as you'll see from the timestamps on Badphorm. Speculation here: this kind of filtering would hamper any attempts to inform BT customers of the Badphorm website, although we have no evidence whatsoever to suggest the cause of the effect you're seeing.

Dephormation 06-06-2008 15:18

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Anyone able to tell me, are Gyron internet owned by BT? Or are they independent?

Update: "Gyron Internet Ltd is a privately owned company"

Detail here

Privacy_Matters 06-06-2008 15:20

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Alex

Your mail has arrived - a little.... well no very late, but no real issue now :)

Florence 06-06-2008 15:27

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Quote:

Originally Posted by Dephormation (Post 34569317)
Anyone able to tell me, are Gyron internet owned by BT? Or are they independent?

Update: "Gyron Internet Ltd is a privately owned company"

Detail here

Independant

Request: gyron.net
Registrant:
Gyron Internet Ltd
Sovereign House
227 Marsh Wall
LONDON, E14 9SD
GB

Domain name: GYRON.NET

Administrative Contact:
Support Team, Gyron Internet noc@gyron.net
Sovereign House
227 Marsh Wall
LONDON, E14 9SD
GB
0207 043 1443 Fax: 0207 043 1444

Technical Contact:
Support Team, Gyron Internet noc@gyron.net
Sovereign House
227 Marsh Wall
LONDON, E14 9SD
GB
0207 043 1443 Fax: 0207 043 1444



Registrar of Record: TUCOWS, INC.
Record last updated on 21-Feb-2008.
Record expires on 21-Mar-2009.
Record created on 21-Mar-2000.

Registrar Domain Name Help Center:
http://domainhelp.tucows.com

Domain servers in listed order:
NS01.UK.GYRON.NET 83.223.127.226
NS02.UK.GYRON.NET 77.75.107.85

Dephormation 06-06-2008 15:50

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
To repeat and update earlier warning to BT customers who don't want to be involved with Phorm...

BT CUSTOMERS BEWARE

Do not log into the BT site, then visit any Phorm/third party operated BT.com web site.

Logging out is insufficient; it is necessary you delete all BT.com cookies.

Sites Potentially Affected Include
webwise.bt.com (hosted by Gyron Internet, operated by Phorm)
www.webwise.bt.com (hosted by Gyron Internet, operated by Phorm)
Explanation

BT seem to be using a 'single sign on' product (called Siteminder) which allows you to log in once and gain access to any BT.com web site without being prompted for your user name or password. This is convenient, you sign on once and gain seamless access to all BT.com web sites.

During the login process cookie values are set for all BT.com web sites (cookies which include your email address, and a security credential which authenticates you to BT.com web sites).

Your browser will present those cookies to any BT.com web site trusting that those sites would not exist without BT consent. This will include BT.com web sites operated by Phorm/third parties outside BT's network, such as webwise.bt.com and www.webwise.bt.com.

This creates a security and privacy risk for the following reasons.

A security risk is created because an untrustworthy third party able to operate a BT.com web site, who is able to impersonate your IP address, and present a copy of your security credential, may be able to access your BT.com services and account details. This is called a replay/spoofing attack, a known security risk in single sign on solutions.

A privacy risk is created because a third party able to operate a BT.com web site has immediate access to your email address, whether or not you choose to enter that information. This allows third parties to obtain your email address, and link your email address and IP address simply by visiting their web site.

When Webwise/OIX is trialled, third parties would be able to link your email address, IP address and Webwise UID. If you delete your Webwise UID cookie, third parties would be able to link old/new Webwise UIDs knowing your email address.

Even when you log out of BT.com your btcom.userName cookie (which includes your email address) is persistent.

Confirmation

The 'BT Webwise Help Desk' said
"The bt.com site includes functionality which enables it to remember users for the duration of their session (i.e. from when they sign in to when they close their web-browser), in order to provide a smoother customer experience and prevent the need to repeatedly log-in or re-state preferences. This is done by using a secure single-sign-on solution which employs cookies. The design of that system prevents unauthorised access to a user's logged-in session."
"Phorm currently operates the Webwise information site (www.bt.com/webwise) on BT's behalf as a trusted partner and with BT's explicit consent (this approach is not uncommon). We are confident that this does not pose any security risk."
(Note the www.bt.com/webwise redirects to webwise.bt.com)

Cookies Affected

SMSESSION = (Netegrity site minder encrypted cookie)
btcom.userName = (email address)
btcom.dateVisited = (date of visit)

Conclusion

By allowing Phorm to operate a *.bt.com web site... BT may be giving your email address, and security credentials away to Phorm.

Sites like bt.custhelp.com and bt.webwise.com will not be affected (because the browser will not recognise them as BT.com sites).

---------- Post added at 14:50 ---------- Previous post was at 14:40 ----------

Further to above warning; K_nt Ersdfsdf said in this interview
"we fully anonymise users by not tying into anything at all that the isp knows about them whether its something in their database, whether its an IP address for example which we don't use at all"
Which is either untrue, or BT are giving him PII which he does not need to process. In either case, that's a clear violation of the Data Protection Act (as far as I'm concerned).

Consequently it is not possible for Phorm to operate a BT.com web domain and remain compliant with DPA. Or BT need to stop giving customers email addresses and security credentials to Phorm.

Or preferably do something their customers might actually value instead.

jelv 06-06-2008 15:53

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Quote:

Originally Posted by AlexanderHanff (Post 34569239)
Maybe a bunch of the anti phorm domains have been added to spam blacklists either by BT/Phorm as part of the PR or by "fans" (people like HamsterWheel) of Phorm.

A lot of people have said they have not received signup emails to the nodpi.org forums (yet they worked fine for me during testing) so it is not inconceivable that spam blacklist warfare may have been used.

I've successfully signed up to the nodpi.org phorums today so the problem is not on your side.

mark777 06-06-2008 16:09

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Do we need an ethical 'kitemark' for ISP's? Perhaps awarded by nodpi.org?

In order to display the kitemark, the ISP would need to state somewhere in it's T&C's that :

(a) They have no plans to deploy or investigate the use of DPI for commercial reasons.

(b) That if they ever did, customers would be free to walk away from any contract without penalty.

(In the first point, they may need to deploy DPI kit, with a warrant, on behalf of the authorities. In the second point, I don't think it would be realistic to ask any business to commit to not doing something for all time).

It might gain some publicity, both for the cause and for the ethical ISP's.

It would also be interesting to see which ISP's did not apply to use it.

EDIT : Also something for web sites that do not deploy ads linked to DPI generated profiles?

AlexanderHanff 06-06-2008 16:12

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Probably better for ISPReview or a similar site to issue the kite given they will undoubtedly have a great deal more exposure to "customer churn" than NoDPI is likely to experience.

But I think it is a good idea.

Alexander Hanff

Florence 06-06-2008 16:37

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Since BT say this phorm c*** will be only on their total packages will they be offering a phorm phree package?

I presume not..

jelv 06-06-2008 17:03

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Quote:

Originally Posted by mark777 (Post 34569358)
(a) They have no plans to deploy or investigate the use of DPI for commercial reasons.

That definition would need refining a lot - there are legitimate reasons for deploying DPI kit.

For example Plusnet use it to ensure that gaming and VOIP traffic is always given higher priority than general browsing and email and these are given higher priority than P2P. DPI is required to differentiate between this such as genuine gaming and P2P applications attempting to circumvent controls by trying to look like gaming. Plusnet are totally open about how the Ellacoyas prioritise the different traffic types and do not use them to look at actual data contents, just to determine the traffic type.

Florence 06-06-2008 17:15

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Quote:

Originally Posted by jelv (Post 34569386)
That definition would need refining a lot - there are legitimate reasons for deploying DPI kit.

For example Plusnet use it to ensure that gaming and VOIP traffic is always given higher priority than general browsing and email and these are given higher priority than P2P. DPI is required to differentiate between this such as genuine gaming and P2P applications attempting to circumvent controls by trying to look like gaming. Plusnet are totally open about how the Ellacoyas prioritise the different traffic types and do not use them to look at actual data contents, just to determine the traffic type.

Correct that is what they used it for not for monitoring everypage read exactly what I see as if they were sitting at the side of me then sel this information on for monatory gain.

On another note noticed phorm shares are down and phorm is in the bottm 4

MEC.L -35.16
PHRM.L -35.42
YELL.L -40.94
JPR.L -46.69

icsys 06-06-2008 17:33

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 
Quote:

Originally Posted by Florence (Post 34569393)
Correct that is what they used it for not for monitoring everypage read exactly what I see as if they were sitting at the side of me then sel this information on for monatory gain.

On another note noticed phorm shares are down and phorm is in the bottm 4

MEC.L -35.16
PHRM.L -35.42
YELL.L -40.94
JPR.L -46.69

Reuters consider them to be a good buy no doubt because the price is down -62.20% on the price 3 months ago.


All times are GMT +1. The time now is 22:17.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.