Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 06-04-2008, 14:14   #2494
AlexanderHanff
Permanently Banned
 
Join Date: Mar 2008
Posts: 1,028
AlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful one
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by lucevans View Post
To quote Richard Clayton's technical article on how Phorm works;

"14. The Layer 7 switch will see that the request does not contain a Phorm “cookie” and
will direct the request to a machine located within the ISP network that will pretend to
be www.cnn.com and will return a “307” response which says, in effect, “you want that
page over there”. The page that will be directed to is webwise.net/bind/?<parameters>
where the parameters record the original URL that was wanted.
"

I seem to remember someone over on The Reg commenting that Apple's Safari browser doesn't accept these 307-redirects, and I think I remember reading somewhere in Phorm's own guff that if your browser isn't one the "94% of browsers in use on the web" then the intercept proceeds no further."

Presumably this is determined by inspecting your browser id string, so wouldn't it be possible to bypass the vast majority of the interception process by either using Safari or spoofing your own browser string? (I know, an interception has still taken place - that of your browser id string- but is it abandoned before any DPI takes place on your traffic content?)

Apologies if this is going over old ground.
The problem with that is that many sites detect the browser User Agent and send a "customised" web page specifically for that User Agent (especially in the world of Web 2.0). So reporting the wrong user agent could effect the way the site is rendered in your actual browser.

For example, if I change my user agent to match the user agent of the iPhone browser (to access BBC iPlayer for example since I use 64bit Linux) it completely cocks up other sites if I try to refresh the page. Example of sites this "breaks" are Gmail and Facebook. I end up getting the page sent in a customized format for a hand held device, which is a pain in the butt to navigate on a desktop PC. In the case of gmail, it actually breaks the page if I switch User Agent in the middle of a session. Because gmail uses AJAX to update your inbox on a regular basis, it sends gmail into an infinite "We have encountered a problem" loop.

Alexander Hanff
AlexanderHanff is offline