Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 03-05-2008, 23:40   #5622
pseudonym
Inactive
 
Join Date: Apr 2008
Posts: 76
pseudonym is on a distinguished roadpseudonym is on a distinguished road
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by JohnHorb View Post
This diagram STILL does not address the issue of someone gaining a Webwise cookie and then accessing the website via a non-phormed ISP (e.g. browsing from a laptop at home via a phormed ISP, then from work via a non-phormed ISP) who strips off the Webwise cookie then?
I think a bigger problem is websites will be able to read your webwise tracking cookie by embedding some https content on their page. Phorm can't strip the cookie from encrypted streams, so the website will get to see your unique user id. If the website doesn't want to pay for a certificate to read your UID, it should also work if they use a port other than 80.

Taking it one step further, the anti-phishing protection phorm claims to provide, is supposed to protect the sort of person who would be likely to click on a dodgy link in an email and provide their details, but just by tricking them into clicking on a link in an email you send them, you can capture their email address along with their webwise UID.
pseudonym is offline