Quote:
Originally Posted by jtechs
even if you invest in SSL, if the page is public then they can just follow your URL, unless this is encapsulated in the SSL tunnel... if you goto https://www.somesite.org/secret/location.php they can see the GET (or am i wrong on this?)
J |
I believe the only things they will get from SSL is the destination IP address/domain, date & time of your request, and a block of random garbage on which to run their profiling engine.
That could still be valuable, for example it would allow them to know which bank you use, when you use it, how often, how long, whether you visit after or before making a purchase, but not much else.
If they did eventually decide it was permissible to use that data (noting they currently claim not to, I'm so reassured I left Virgin) then you might see loan ads, savings ads, or competitive banking ads shortly after doing your normal online banking for example. Or ads for ASDA, after completing an SSL checkout at Sainsbury. Or ads for Dabs, after completing an SSL checkout at Maplin.
You get the picture I'm sure.
Once you pawn the privacy of your connection to Phorm, you may be suprised how much they learn about you and/or your customers even from snooping on encrypted traffic.
Phorm has to be stopped. You can't operate an economy with parasites snooping on private communication traffic.