Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 10-06-2008, 01:27   #8502
Cumulus
Inactive
 
Join Date: Apr 2008
Posts: 4
Cumulus is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Sorry Mark, I see you've written more posts since I started writing this one and it's clear I'm a bit behind Though hopefully some of the info. below will be useful to those who haven't had much time to read the British_Telecom_Phorm_Page_Sense_External_Validati on_report.

Quote:
Originally Posted by mark777 View Post
If they were not forging cookies in other domains once they had obtained your UID from the previous cookie drop, they couldn't profile all pages.

Unless they linked UID to IP?

I'm not sure how relevant Dr Claytons report would be to the version used in the 2006 trial, but I can't see how it could work without forging cookies or using IP.
You are correct to question the relevancy of Dr Clayton's Webwise to the PageSense system used in 2006 as the technologies worked quite differently. The key difference being that the web page analysis for PageSense was performed on the browser using Javascript, whereas Webwise does the analysis on the server.

In PageSense, BT injected a small bit of Javascript to webpages before delivering them to the browser, which caused the browser to retrieve more Javascript but this time from sysip.net (called the "channel server" in the leaked document). Some of this Javascript analysed the page and sent a summary of the page contents (e.g. common keywords & phrases + unique ID etc) to sysip.net for further processing.

Clues to the cookie question are on pages 7 & 46 of the leaked report. All that would be needed technically would be for the channel server to detect whether a cookie already existed for sysip.net whenever a page is requested, and if not, create one and send it to the browser. This check would need to be done for each page accessed and would be enough to uniquely identify a user so a browsing profile could be built up on sysip.net and ads could be served to the correct user.

However, the report makes it clear that BT did not want to change terms & conditions for its broadband users which prevented this "standard" approach. This is just a guess (IANAL), but by setting the cookie for sysip.net beforehand, but only affecting users who visited certain popular sites, presumably it's the T&Cs of those sites which would apply, not the T&Cs of BTs broadband service? And once the cookie has been set, there's no reason for it to change as it only contains the unique ID, and therefore BT's T&Cs are not affected.

So as far as I can see, there was no need for cookie forging, nor for keeping track of IP addresses.
Cumulus is offline