Quote:
Originally Posted by Portly_Giraffe
|
This is what I get:
Quote:
$ dig www.webwise.bt.com
; <<>> DiG 9.4.1-P1 <<>> www.webwise.bt.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29860
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;www.webwise.bt.com. IN A
;; ANSWER SECTION:
www.webwise.bt.com. 600 IN A 207.44.186.90
;; AUTHORITY SECTION:
webwise.bt.com. 600 IN NS DYDNS0.bt.com.
webwise.bt.com. 600 IN NS DYDNS1.bt.com.
webwise.bt.com. 600 IN NS EDDNS0.bt.com.
webwise.bt.com. 600 IN NS EDDNS1.bt.com.
;; ADDITIONAL SECTION:
DYDNS0.bt.com. 133199 IN A 193.113.32.156
DYDNS1.bt.com. 53 IN A 193.113.32.157
EDDNS0.bt.com. 53 IN A 193.113.57.242
EDDNS1.bt.com. 53 IN A 193.113.57.243
;; Query time: 37 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:35:19 2008
;; MSG SIZE rcvd: 218
|
Quote:
$ dig openinternetalliance.net
; <<>> DiG 9.4.1-P1 <<>> openinternetalliance.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61265
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;openinternetalliance.net. IN A
;; ANSWER SECTION:
openinternetalliance.net. 86400 IN A 89.145.112.31
openinternetalliance.net. 86400 IN A 89.145.112.32
;; AUTHORITY SECTION:
openinternetalliance.net. 86400 IN NS ns1.openinternetalliance.net.
openinternetalliance.net. 86400 IN NS ns2.openinternetalliance.net.
;; ADDITIONAL SECTION:
ns1.openinternetalliance.net. 86400 IN A 38.105.138.53
ns2.openinternetalliance.net. 86400 IN A 38.105.138.54
;; Query time: 140 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:38:43 2008
;; MSG SIZE rcvd: 166
|
Quote:
$ dig www.121media.com
; <<>> DiG 9.4.1-P1 <<>> www.121media.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63399
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.121media.com. IN A
;; ANSWER SECTION:
www.121media.com. 900 IN CNAME phorm.com.
phorm.com. 98 IN A 89.145.112.31
phorm.com. 98 IN A 89.145.112.32
;; AUTHORITY SECTION:
phorm.com. 172598 IN NS ns1.phorm.com.
phorm.com. 172598 IN NS ns2.phorm.com.
;; ADDITIONAL SECTION:
ns1.phorm.com. 172598 IN A 38.105.138.53
ns2.phorm.com. 172598 IN A 38.105.138.54
;; Query time: 127 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:39:50 2008
;; MSG SIZE rcvd: 170
|
Quote:
$ dig www.phorm.com
; <<>> DiG 9.4.1-P1 <<>> www.phorm.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5394
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.phorm.com. IN A
;; ANSWER SECTION:
www.phorm.com. 900 IN CNAME phorm.com.
phorm.com. 300 IN A 89.145.112.31
phorm.com. 300 IN A 89.145.112.32
;; AUTHORITY SECTION:
phorm.com. 172800 IN NS ns1.phorm.com.
phorm.com. 172800 IN NS ns2.phorm.com.
;; ADDITIONAL SECTION:
ns1.phorm.com. 172800 IN A 38.105.138.53
ns2.phorm.com. 172800 IN A 38.105.138.54
;; Query time: 489 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:36:27 2008
;; MSG SIZE rcvd: 158
|
Quote:
$ dig www.webwise.com
; <<>> DiG 9.4.1-P1 <<>> www.webwise.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8547
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.webwise.com. IN A
;; ANSWER SECTION:
www.webwise.com. 900 IN A 89.145.112.31
www.webwise.com. 900 IN A 89.145.112.32
;; AUTHORITY SECTION:
webwise.com. 900 IN NS ns1.webwise.com.
webwise.com. 900 IN NS ns2.webwise.com.
;; ADDITIONAL SECTION:
ns1.webwise.com. 900 IN A 38.105.138.53
ns2.webwise.com. 900 IN A 38.105.138.54
;; Query time: 141 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:41:21 2008
;; MSG SIZE rcvd: 148
|
And if I check all 3 IPs I get the following:
Quote:
$ whois 207.44.186.90
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US
ReferralServer: rwhois://rwhois.theplanet.com:4321
NetRange: 207.44.128.0 - 207.44.255.255
CIDR: 207.44.128.0/17
OriginAS: AS13749, AS13884, AS21844, AS30315
OriginAS: AS36420
NetName: NETBLK-THEPLANET-BLK-EV1-9
NetHandle: NET-207-44-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1SERVERS.NET
NameServer: NS2.EV1SERVERS.NET
Comment:
RegDate:
Updated: 2008-02-28
OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: The Planet Abuse
OrgAbusePhone: +1-281-714-3560
OrgAbuseEmail: abuse@theplanet.com
OrgNOCHandle: THEPL-ARIN
OrgNOCName: The Planet NOC
OrgNOCPhone: +1-281-714-3555
OrgNOCEmail: noc@theplanet.com
OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: admins@theplanet.com
# ARIN WHOIS database, last updated 2008-05-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Found a referral to rwhois.theplanet.com:4321.
%rwhois V-1.5:003eff:00 whois.theplanet.com (by Network Solutions, Inc. V-1.5.9.5)
%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok
|
Quote:
$ whois 89.145.112.31
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '89.145.112.0 - 89.145.113.255'
inetnum: 89.145.112.0 - 89.145.113.255
netname: G-CUS-PH02
descr: Phorm IPv4 Assignment
country: GB
admin-c: GAT1-RIPE
tech-c: GAT1-RIPE
status: ASSIGNED PA
mnt-by: GYRON-MNT
mnt-lower: GYRON-MNT
mnt-routes: GYRON-MNT
source: RIPE # Filtered
role: Gyron Admin Team
address: Gyron Internet Ltd
address: 6 Greenwich View Place
address: Millharbour
address: LONDON
address: E14 9NN
phone: +44 (0) 207 043 1443
fax-no: +44 (0) 207 043 1444
abuse-mailbox: abuse@gyron.net
admin-c: RB30-RIPE
tech-c: RB30-RIPE
tech-c: OB924-RIPE
tech-c: BPM1-RIPE
nic-hdl: GAT1-RIPE
remarks: Please use this contact in preference to any others
remarks: that may be listed in the RIPE database
source: RIPE # Filtered
% Information related to '89.145.64.0/18AS29017'
route: 89.145.64.0/18
descr: GYRON-AGG Gyron Internet Ltd AS29017
origin: AS29017
mnt-by: GYRON-MNT
source: RIPE # Filtered
NOTE: the .32 IP is the same
|
So it seems the
www.webwise.bt.com is in fact in the US and all the rest are controlled by Phorm in the UK (registered to Phorm in the UK).
Of course this means the
www.webwise.bt.com is subject to US Law and can have all the logs subpoenaed. It would be advisable not enter any information onto that website. It also seems it should be classed as illegal under Data Protection Act which disallows the exporting of personal data outside the EU.
Anyone brought this to the attention of ICO yet? I notice there is at least 1 form on there which requires you to enter sensitive personal data:
http://www.webwise.bt.com/webwise/contact.php
So this would indeed appear to be in direct breach of the DPA. In theory if ThePlanet have any DPI kit in their data centre (which I believe although I could be wrong, is required under US anti terrorist initiatives) they could in essence get all the details you enter on that form. I know there is a degree of logging in the US similar to data retention laws in the EU, but I don't know to what extent so I can't give any informed comments on it. I will however try to find out.
One thing I do know however, is there are no rights afforded under the Fourth Amendment of the Constitution for any personal data given to third parties (I covered this just the other day on a paper I wrote about the Patriot Act Sunset Clauses), so in essence if ThePlanet were to use any of the data going through their networks, I don't think BT would have any recourse (or the public).
Alexander Hanff