Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

popper · 05-04-2008, 22:04

http://www.lightbluetouchpaper.org/2...ebwise-system/
"
15. Phorm | April 5th, 2008 at 18:11 UTC
Richard,
Many thanks for the report, it’s very detailed and has proved very helpful in dispelling confusion around the technology;we’re very pleased that you agreed to come in.

I’ve posted a response to your security question and will post later on http://blog.phorm.com/

Thanks too for providing clarity around the PII question on ukcrypto and for reiterating that our claim of not storing personal information is correct.

We eagerly await the A29 ruling on Monday and hope for a a positive outcome: IP addresses to be designated PII. We also hope for further measures to be put in place to limit timeframes for data storage.
Radha"

the A29?

"Gavin Jamie | April 5th, 2008 at 20:12 UTC
Server side phorm detector prototype now available to play with.

"
"
InPhormer

This is a simple example of a system that should detect the Phorm user tracking system.

It requires some cookies to be set. This is done here with javascript but could be set in any way. Javascript is used as it is quite simple to put into existing pages, but does of course depend on the user actualling having javascript enabled.

The page then loads an image which is actually a small piece of php code which determines what the image to show.

The code could probably be better - I am not really a programmer. The images could definitely be better! This is simply a proof of concept.

For instance iframes could be used instead of images. All code and images are placed in the public domain. See source of this page for the javascript and image tag.

The php code is here. The system uses the fact that the Phorm system will, as described here block a cookie called web wise.

Actually the system will still work if they let it through but change the value. It will fail if the name of the cookie changes.

An excercise for the reader could be to produce a bit of javascript code which retrieves the value of the webwise cookies before resetting it. A completely javascript phorm finder is also very feasible.

As Phorm is not active you can test the system by going to your browsers cookie setting now, finding the cookies from www.mythic-beasts.com and deleting the webwise one.

Now just load the image on its own.
Gavin Jamie - feedback at gpcontract.co.uk"

05-04-2008, 22:04	#2457
popper Inactive Join Date: Jan 2006 Posts: 3,270	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] http://www.lightbluetouchpaper.org/2...ebwise-system/ " 15. Phorm \| April 5th, 2008 at 18:11 UTC Richard, Many thanks for the report, it’s very detailed and has proved very helpful in dispelling confusion around the technology;we’re very pleased that you agreed to come in. I’ve posted a response to your security question and will post later on http://blog.phorm.com/ Thanks too for providing clarity around the PII question on ukcrypto and for reiterating that our claim of not storing personal information is correct. We eagerly await the A29 ruling on Monday and hope for a a positive outcome: IP addresses to be designated PII. We also hope for further measures to be put in place to limit timeframes for data storage. Radha" the A29? "Gavin Jamie \| April 5th, 2008 at 20:12 UTC Server side phorm detector prototype now available to play with. " " InPhormer This is a simple example of a system that should detect the Phorm user tracking system. It requires some cookies to be set. This is done here with javascript but could be set in any way. Javascript is used as it is quite simple to put into existing pages, but does of course depend on the user actualling having javascript enabled. The page then loads an image which is actually a small piece of php code which determines what the image to show. The code could probably be better - I am not really a programmer. The images could definitely be better! This is simply a proof of concept. For instance iframes could be used instead of images. All code and images are placed in the public domain. See source of this page for the javascript and image tag. The php code is here. The system uses the fact that the Phorm system will, as described here block a cookie called web wise. Actually the system will still work if they let it through but change the value. It will fail if the name of the cookie changes. An excercise for the reader could be to produce a bit of javascript code which retrieves the value of the webwise cookies before resetting it. A completely javascript phorm finder is also very feasible. As Phorm is not active you can test the system by going to your browsers cookie setting now, finding the cookies from www.mythic-beasts.com and deleting the webwise one. Now just load the image on its own. Gavin Jamie - feedback at gpcontract.co.uk"