Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 04-05-2008, 11:50   #5638
AlexanderHanff
Permanently Banned
 
Join Date: Mar 2008
Posts: 1,028
AlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful one
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by serial View Post
I'm sorry if I'm being overly cynical, but I'm looking at my choice of hats and have selected the tinfoil one.

8020 Advisory group contains: Ray Stanton, Global Head of Business Continuity, Security & Governance, BT plc

So, Phorm, pioneered by BT plc have paid an auditing company to green light its system when that company also has a high level BT plc employee as an advisor.

Anyone else see a major problem here?
They also have the Earl of Northesk on their advisory board who has been very outspoken against Phorm in his official capacity as a peer in the House of Lords.

So no I don't see a problem with 80/20 Thinking having influential and important people on their advisory boards.

Alexander Hanff

---------- Post added at 11:50 ---------- Previous post was at 11:40 ----------

Quote:
Originally Posted by davews View Post
Much has been suggested about the https:// cookie. But in fact this will only work for those sites where all the code on that site is secure, ie an https://site (and which Phorm is unable to profile even if it tries). Just having a single https:// image will mean that site has mixed secure and unsecure content and most browsers will flag this up with a weak security popup error which will alert the user to something not quite right going on. So it is broadly unviable.

I believe the Phorm servers are set up just to strip the cookies which accompany a [GET] request. But any site can easily read all the cookies on a visitor's computer using simple javascript document.cookie. It is not clear whether Phorm attempts to strip cookies obtained in this way, my gut feeling is that they probably don't.
Dav, the point being made was that less ethical web site owners could simply include some HTTPS content in order to "see" the cookie and grab the UID then associate it with IP. The way the Phorm technology works is it strips the cookie out of the communication before it gets to the website, however it is unable to do this with https, so using https you can see any cookie the user has stored under your domain (included the forged Phorm ones).

Alexander Hanff
AlexanderHanff is offline