Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 02-07-2008, 01:31   #10764
madslug
Inactive
 
Join Date: Jun 2008
Posts: 161
madslug is a jewel in the roughmadslug is a jewel in the roughmadslug is a jewel in the roughmadslug is a jewel in the roughmadslug is a jewel in the rough
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by SimonHickling View Post
This received today from BT.

I'm pondering my response
I have asked both ICO and HO for their opinion on this as I got tired of reading the same response from BT. Unfortunately, if the ICO go by their standard response time of 28 days, I won't have an acknowledgment of my question until after the AGM.

I see no point in complying with a request for PI on what domains and URLs are under my control when I have no idea who the data controller is nor confirmation that the data will be destroyed after the trial - the final system has to be opt-in and they do not need this data for that. Even less as some domains or portions of domains are part of the 'invisible web' and I have no intention of making that public.

As BT are refusing to confirm the IP address ranges during the trial, the only option open to me is to block all BT IP addresses and offer them only a page explaining why they are not able to access the site.

My hope is that a court order will require BT to reveal the IP addresses of the 2006 and 2007 trials so that all webmasters can go through their logs and put in claims for Copyright and RIPA infringement during those trials too.

Maybe the ICO or HO will make the request to BT so that they can prove that they complied with the legal requirement to request permission before intercepting the traffic which is not part of the ad delivery network.

That's a thought, refer BT to the HO opinion and point out that only opted in customers and sites delivering ads can be assumed to have agreed to the interception:
"17. The provision of a targeted online advertising service, contracted by an ISP as part of the service to the ISP's users, can probably be regarded as being carried out "on behalf of" the ISP for the purpose of section 3(3)(a)."

The ISP has no contract with my sites to provide targeted advertising and is, therefore, not doing anything 'on behalf of' the ISP for any section under RIPA. Any interception is, therefore, protected by RIPA and is a criminal act.

---------- Post added at 01:31 ---------- Previous post was at 01:12 ----------

Quote:
Originally Posted by thebarron View Post
Both IE7 & Opera warned me about this site so what is your point?
I think that the point he is trying to make is that Webwise will also warn you before you visit a phishing site, as long as it uses a valid http URL.

Sorry HW, I have a honeypot for phishing emails and I rarely see an http URL - they are ALL https.

This is the real description of the phishing protection offered:

Sorry Webwise users, Webwise is unable to warn you about 99.9% of phishing urls included in emails as they point to https URLs which we do not intercept. The few http URLs are pointing to invalid subdomains of sites which are not connected to phishing, [as they are invalid, Webwise will also not have them on the warning list] and the Webwise system is unable to detect the XSS script included in the URL.

Isn't it sad to see technical ignorance being taken advantage of?

Webwise is dangerous for the ignorant. It offers no protection and gives a false sense of security.

[sorry to drag up a thread that had started to go quiet - I did not notice anyone else make this point about the primary weakness of the 'protection' offered.]
madslug is offline