Quote:
Originally Posted by R Jones
(beginning of BT quote)
1. Website cookie forging by Webwise/Phorm remains murky and unexplained by Phorm - who gave anyone permission to forge a cookie purporting to come from one of my registered domains? I withhold consent for BT/Phorm to use the domain names of my sites within any cookie set by Webwise.
A: Webwise cookies are clearly associated with the Webwise service. Where a website uses cookies, we prefix the Webwise UID (unique ID, a random number) to a cookie coming from the website. It is clear in this cookie at what point the Webwise UID starts and the domain cookie stops (and vice versa). Where cookies are not used by a website, only the Webwise UID is placed into a new cookie which will be associated with the domain of the website being visited. In both cases, the Webwise UID element of the cookie is clearly labelled so as to be associated with the Webwise service.
|
What the h3ll.
If Phorm are monkeying around with client side cookie values set by applications... then if client side code uses those cookies to manipulate values such as counters or names or shopping baskets... The client side cookies are randomly going to be prefixed by 16 bytes of random guff that Phorm insert.
Think how that would look if you set a cookie with the user's name for example. Pull the value back in Javascript and display it... yet you find the name presented is "Hello webwiseuidsf4g2+/gdsHE32q5||Pete. Welcome back to this site".
If that's what Phorm/BT are intending to do, they will embarrass and shame themselves even more than they have done already. If that's truly what they are planning its simply madness.
That piece of text either cannot be right, or reflects very poorly on the competence of the technologists behind this.