Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 20-06-2008, 14:27   #9630
pseudonym
Inactive
 
Join Date: Apr 2008
Posts: 76
pseudonym is on a distinguished roadpseudonym is on a distinguished road
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Phormic Acid View Post
I managed to attribute the previous quote to the wrong New York Times blog entry about NebuAd. It should have been:
NebuAd Observes ‘Useful, but Innocuous’ Web Browsing

Mr. Dykes said that the company also examines other information about users’ computers in order to identify when an I.P. address is changed. But he declined to explain what that information is and how it is used.
Dykes also goes on about the benefits of the vagueness inherent in using only IP addresses. That article is dated early in April. It looks like things have moved on. I remember being puzzled by:
Infighting At ISPs Over Using NebuAD

I’m told NebuAD is even able to build profiles of individual people using the same IP address (ex: users behind a NAT device).
While it may have once been an IP address tracker, it certainly looks like a cookie tracker now. As you say, it’s not how often you can read the cookie, but when you read it. You only have to read the cookie when there is no referrer header. You can link up all the subsequent pages, with a high degree of reliability, using only the IP address and later referrer headers. You’ll have a root page and a fairly sparse tree.


I imagine only a handful of such root pages cover a very large proportion of all web browsing graphs.
I'd imagine you're right, and if you want to know a user's interests you'd ideally want to identify the root pages commonly visited by them, as many of them will be the user's bookmarks - which would typically be given away by the presence of a cookie and no referer in the header of the initial request.

If I was designing a MITM system, I'd be very tempted to capture a hash of the user's cookie whenever they are updated for those sites, that way I'd have a good chance of IDing them next time they visit the site from their initial request just by comparing the cookie hash.

Only manipulating the datastream to read a user's master cookie when you need to, would make it less likely for end-users to notice the interventions and also minimise the risk of causing browsing artifacts. If that is what Nebuad are doing, then Phorm's system is very primative in comparisson.
pseudonym is offline