Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

fidbod · 18-07-2008, 18:31

@ Devils Advocate.

One of your previous posts stated you would be concerned if it could be shown that the Phorm system made personally identifiable information (PII) available. I would argue that Phorm also increases your security risk significantly. I am interested in your thoughts on the following thought experiment.

1. The cookie that Phorm set on your PC contains a unique identifier (UID)

2. Your PC's IP address can be read from the HTML requests generated when browsing.

3. Malicous Javascript code on a website can "read" the Phorm UID from your machine.

As a malicous person I now have two pieces of information unique to your PC. That I can use to target you.

You could argue for a long time whether these two bits of information are PII and I will not offer judgement on that. However it is now much easier for me to target your PC to extract further infomation.

thoughts?

18-07-2008, 18:31	#12163
fidbod Inactive Join Date: Apr 2008 Location: South of the River Posts: 46	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] @ Devils Advocate. One of your previous posts stated you would be concerned if it could be shown that the Phorm system made personally identifiable information (PII) available. I would argue that Phorm also increases your security risk significantly. I am interested in your thoughts on the following thought experiment. 1. The cookie that Phorm set on your PC contains a unique identifier (UID) 2. Your PC's IP address can be read from the HTML requests generated when browsing. 3. Malicous Javascript code on a website can "read" the Phorm UID from your machine. As a malicous person I now have two pieces of information unique to your PC. That I can use to target you. You could argue for a long time whether these two bits of information are PII and I will not offer judgement on that. However it is now much easier for me to target your PC to extract further infomation. thoughts?