Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 20-06-2008, 01:21   #9513
pseudonym
Inactive
 
Join Date: Apr 2008
Posts: 76
pseudonym is on a distinguished roadpseudonym is on a distinguished road
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Phormic Acid View Post
I read things like,
Charter Will Monitor Customers’ Web Surfing to Target Ads

Mr. Dykes said that the company also examines other information about users’ computers in order to identify when an I.P. address is changed. But he declined to explain what that information is and how it is used.
And, I thought the best explanation was that an ISP’s DHCP servers would pass on changes of IP address, the other information being the MAC of the modem or similar. If the whole process is bootstrapped using a tracking cookie, then, fundamentally, it’s a cookie tracking system. NebuAd and Mr Dykes are far more opaque than Phorm. I agree that NebuAd are Phorm’s evil twin. Phorm may be wrong, but at least they’re trying. Richard Clayton found them very trying.
My initial thought when I first read stuff like that was that they might be doing something a bit questionable like permanently storing hashes of users cookies for popular sites or even doing the same with email account log-ins, (basically the more obvious techniques available to MITM exploits to passively track multiple users) so I was relieved to read about the use of a master tracking cookie!

I'm still puzzled why the a.faireagle and b.faireagle cookies they set when I've visited the opt-in page are different http://pathogenrush.blogspot.com/200...s-opt-out.html - my best guess was it might be some kind of hash from the IP address and either the time or a counter. Perhaps they don't even use the b subdomain cookies they set. Phorm have "a", "b", and "c" webwise.net subdomains but apparently only use a.webwise.net.


Quote:


Phorm managed to get a test of PageSense up and running without injecting cookies, by seeding the cookies through an advert delivery system. If, once NebuAd have tied an IP address to a particular cookie, the system is passive, I have to wonder at the need to inject packets at all. Could they not seed cookies through their advert delivery system, as Phorm did? NebuAd’s system will notice any IP address change as soon as one of their adverts is requested.
A user might fo a fair amount of time and do quite an amount of browsing without visiting a site carrying a Nebuad advert - I guess you could track a user if he follows link to other sites by checking for the referal header, but once he enters a URL in address bar you'd no longer be certain if it was the same user, or another user at the same address sharing the connection, or even if the IP address has been freed-up and allocated to another user. This could result in a lot of valuable data either being discarded or allocated to the wrong user. So it would make sense to at least ocassionally inject some code, or use a redirection, or even keep hashes of user's cookies for popular sites.
pseudonym is offline