Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 05-06-2008, 10:49   #8116
BetBlowWhistler
Inactive
 
Join Date: Apr 2008
Posts: 114
BetBlowWhistler has a spectacular aura about themBetBlowWhistler has a spectacular aura about themBetBlowWhistler has a spectacular aura about themBetBlowWhistler has a spectacular aura about them
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
#1 - Well done to the person who leaked this document. Hopefully by now you were fully aware of the potential consequences of doing so and have taken steps to remain anonymous. (I was remarkably naive in this regard )

#2 - Well done Alex for getting this into the public domain. I'll be there next month.

#3 - I've analysed the document and have a few points to make over and above what Alex and others have already pointed out.

- p5, para 8 - Broadband Terms and Conditions
Quote:
The change [to the T's&C's] must permit BT's broadband network to silently drop cookies on customers' PCs.
Read - we want to do this thing by stealth.

- p6, para 5 - Network Components
Quote:
The trial involved approximately 18000 users with a maximum 10000 concurrent
- p7, para 3 - Advertising Method and Campaign
Quote:
<snip>, since not all of the 10000 triallists were covered in the initial-drop
This reference to 10000 users is then used throughout the rest of the document.

In fact, on p45 the table that references how many users were part of trial we see
Quote:
Unique ID's seen : 15800 (27-Sep figures)
which were presumably a large subset of the days total ip's tracked :
Quote:
IP addresses seen through the proxy servers : 17593 (27-Sep figures)
~So, considering that BT have claimed that they could not and did not know who was part of the trial, this document proves that claim to be false.
Furthermore, p13, para 9 - Observations and Exhibits
Quote:
At least 15-20 seperate users did detect the presence of the system as evidenced from web message board posts
Whilst these 15-20 trialists reported the problems they were seeing via the message boards, the table at the top of p13 details a requirement for tranparancy, with the success criteria being
Quote:
No customer calls to helpdesk related to...issues of Pagesense
- with the result being
Quote:
Partially compliant
yet document claims (para 8 same page)
Quote:
no calls were received
Not exactly consistant there is it?

Sorry if this is getting tedious, but there's so much more wrong with this than I can readily assimilate. Read on..

-p14, para 1,
Quote:
Despite the fact that the system is intended to improve the relevance of advertisments through anonymous collation of browsing histories, communications regarding advertisment systems and information collection could lead to negative perception if not carefully handled.
Really? The phrase "no ****, Sherlock" springs to mind.

And the part that will really fry them..
-p14, para 3 - Source IP address Change
Quote:
The proxy-servers fetch users content from the web; hence the source ip address of the user is changed for all HTTP transactions...
So, their claim that the system does not store IP addresses is patently false. Not only do they see them, they have to store them so the the traffic collected on behalf of the user can be sent back to their REAL ip address. This is known in the trade as a 'state table' which holds session information for proxied connections which includes the source ip address of the originator.

Also, on p21 there is a table that lists different types of traffic flows and what the system does with that traffic in each case and lists whether or not advert injection was successful.

Entries 12 and 16 are noteworthy..
Quote:
Windows Update http/1.1 - Inject?-yes <snip> behaviour-Injects like into any normal website, no negative effects.
YouTube/other video sites http/1.1 - Inject?-yes <snip> behaviour-Injects like on any site, no negative effects
So, BT, care to explain how you know that the system successfully injects adverts into these sites? Is M$ and Youtube+others aware you were diverting their revenue streams for the purposes of your trial? Fraud and deception are the keywords your lawers will need to be looking up here.

-p22, para 3
Quote:
<snip>The current solution would require the network[21CN] to be reengineered <snip>
To quote the vernacular - **** me backwards! 21CN is a wholesale network as far as I'm aware. What the hell is BT Retail thinking of here? The number of projected servers they need to run this kit is in the region of 300 servers, and mention is made of having to find suitable places to host the equipment. Good luck with that. I know for a fact that your latest datacenter at Rochdale is already pretty much fully subscribed, and unless you take all that reserved space for NHS off them you aren't getting it into Cardiff either (which for those of you not familiar with BT is their main 21CN site). 300 servers? hahahahahaha. Most BT datacenters are running out of/or have run out of power. Unless the Rochdale site is fully subscribed *because* of this project, I don't see where you're going to put this stuff anyway.

Lastly, but not leastly, security.
p41, para 3 - Observations and Exhibits
Quote:
System is secured at network level with local firewall (iptables) rules restricting access only by BT users.
So, when you mentioned before that Phorm would be managing the kit on your behalf, I suppose you meant that you are going to let them have access to the BT network then? Either that or you will be managing the kit yourselves, which you said you weren't doing (can't remember the reason why but it was something to do with you not being able to run the kit yourselfs due to regulations - someone help me here please.)

The next para also says
Quote:
121Media also warrant that the system is able to resist DoS attacks including SYN flood
You mean the firewalls don't you? But how the hell will it protect from DDoS attacks? Take the system down and you take BT down. ****, everyone one this site please stop protesting and actually let them put this in place. It'll last about 10 minutes but the fireworks will be spectacular. Headline : DDoS hits 3.5 million ADSL users!


It is clear to me that BT have performed a lot of due diligence regarding the technical implementation of the platform, there is evidence in the document showing this. The fact that there are sections clearly stating the system is 'opt-out only' and that they knew that even opted out customers were intercepted shows that the legal advice they sought was either ficticious or completely wrong, why else would they have re-designed the system to be 'opt-in'. They are chasing their tails on this one.

If they had dropped it right at the start they *may* have avoided a lot of this. Now they are well and truly fsck'd.

Oh, very lastly, I though the system was supposed to ignore search fields?
p43, para2
Quote:
<snip> then performs a search matching auto finance
Alex, I'm assuming this is the basis of contact with Google's lawyers?
BetBlowWhistler is offline