Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 30-05-2008, 11:16   #7576
Rchivist
Inactive
 
Join Date: Apr 2008
Posts: 831
Rchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of Quads
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Dephormation View Post
*CONFIRMED*

The btcom.userName/btcom.dateVisited/btcom.isLoggedIn are 'domain cookies' that will be sent to any *.bt.com web site... including webwise.bt.com and www.webwise.bt.com... revealing your email address to Phorm (simply by browsing the pages on webwise.bt.com/ www.webwise.bt.com).

I've asked Rob to do an additional test; I suspect btcom.userName cookie remains set even if you have logged out of bt.com... If so, this would make your email address almost unconditionally available to third parties such as Phorm if you have ever logged in to BT.com.

And presumeably it has been that way for months.

I can confirm that a bt.com username cookie remains set AFTER I logout of bt.com. Currently I am only logged into and showing this one CF page, and my bt.com cookies are (FIREFOX)

btcom.dateVisited
JSESSIONIS_btPortalWebApp (contains encryped data)
btcom.isLoggedIn (says Yes)
btcom.userName (contains my email address for bt.com login- was supposed to expire five minutes ago - the time I logged off bt.com)
SMSESSION (says LOGGEDOFF)
JMSESSIONID_bta (contains encrypted data)
btcom.isLoggedIn (says No)
Rchivist is offline