Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 07-07-2008, 15:38   #11269
rryles
Inactive
 
Join Date: May 2008
Posts: 147
rryles will become famous soon enoughrryles will become famous soon enoughrryles will become famous soon enough
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by isf View Post
Only so long as we can know the exact mechanism they're using, I was just giving an example If they add a "secret" key prior to hashing it's more difficult still. I think Phorms "privacy enhancing" feature of leaking the UID over the entire web is the bigger issue for them to solve -- along with all the other show stoppers.
There are several big issues for Phorm to solve and no easy solutions. I don't see the point in debating which is the biggest.

The ironic thing is that in trying to design a system that mitigates the problem of UIDs leaking, you give yourself the problem of handling more PII (The IP address).

Quote:
Originally Posted by isf View Post
I don't think that matters, it's the uid number that links you to your profile and they'd simply set a valid cookie over the stale one. I'm only giving examples, they could use the hostname of the site so long as we don't know the mechanism (security by obscurity).
I think it does matter. How do you lock the uid to an IP address then allow the IP address to be dynamic?

When you reference 'security by obscurity' I hope you understand how bad a reputation this approach has!?
rryles is offline