Quote:
Originally Posted by R Jones
I can confirm that a bt.com username cookie remains set AFTER I logout of bt.com. Currently I am only logged into and showing this one CF page, and my bt.com cookies are (FIREFOX)
btcom.dateVisited
JSESSIONIS_btPortalWebApp (contains encryped data)
btcom.isLoggedIn (says Yes)
btcom.userName (contains my email address for bt.com login- was supposed to expire five minutes ago - the time I logged off bt.com)
SMSESSION (says LOGGEDOFF)
JMSESSIONID_bta (contains encrypted data)
btcom.isLoggedIn (says No)
|
Unbelieveable.
So in effect BT have merrily gifted Phorm a list of customer email addresses, enough information to spoof a login session, and for the avoidance of doubt a flag that tells Phorm whether or not the customer was logged in.
And even if you are diligent and log out of BT.com, your email address is still secretly provided to Phorm anyway.
While Kent Erfsfs was simultaneously assuring BT customers “We cannot know who you are or where you’ve been”.
Quite unbelieveable. And quite intolerable if you're a BT customer concerned about Phorm.
All this while claiming ehanced privacy and security.