Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 07-07-2008, 15:21   #11265
isf
Inactive
 
Join Date: Apr 2006
Posts: 73
isf is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by rryles View Post
A webmaster could still swap uid's of two of his visitors by xor ing their cookies with the sha1 of each ip address.
Only so long as we can know the exact mechanism they're using, I was just giving an example If they add a "secret" key prior to hashing it's more difficult still. I think Phorms "privacy enhancing" feature of leaking the UID over the entire web is the bigger issue for them to solve -- along with all the other show stoppers.

---------- Post added at 14:21 ---------- Previous post was at 14:16 ----------

Quote:
Originally Posted by bluecar1 View Post
only problem with that is BT Retail use dynamic IP's

peter
I don't think that matters, it's the uid number that links you to your profile and they'd simply set a valid cookie over the stale one. I'm only giving examples, they could use the hostname of the site so long as we don't know the mechanism (security by obscurity).
isf is offline