Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 07-07-2008, 14:14   #11258
rryles
Inactive
 
Join Date: May 2008
Posts: 147
rryles will become famous soon enoughrryles will become famous soon enoughrryles will become famous soon enough
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by isf View Post
I'd compute a hash value for the UID using the client IP as the salt. Webwise is no longer leaking IDs, is IP locked and they still wouldn't be storing any PII. Not that I'm here to solve their problems nor that I have any real confidence in Phorm having any technical competence whatsoever.
It might be possible to get something along these line to work, but it isn't easy. A hash on it's own is no protection against forgery. They'd have to use cryptographic signatures. I'd like to see them try and make it IP locked without storing, processing or even possibly coming into possesion of any IP addresses.

If the cookie is locked to your ip then a brute force attack will allow phorm to derive your ip from the cookie. (with IPv4 addresses this brute force attack is fairly trivial)
rryles is offline