Quote:
Originally Posted by tarka
We know that the device that intercepts your requests strips out the forged cookies that they create. What is to stop them stripping out any cookies from competing ad networks? Eg doubleclick, google etc. I'm not saying that I approve of the other ad networks but there is definately an unfair advantage to be gained by doing so.
|
You worry about competing ad networks? How about when Phorm was trying to sign up as an affiliate at all the ad networks - would you trust them not to modify the affiliate ID? No one would expect them to modify 100% of the IDs because that would be too easy to trace. What about 1% - or even 0.1%?
When someone sits in the middle of a datastream, you really do have to trust them with everything. Start to think about it and the only conclusion that you can come to is that if just one thing can be injected into the datastream then the final delivery can no longer be trusted. Neither the up nor the down stream is pure.
Where DPI is used for traffic control, the worst thing that happens is that the ISP router delays some data packets in preference for other data packets. There is no modification of or addition to the data packets.
With Phorm, there are additional data packets and those packets can contain anything. Only cookies, as far as we know. UIDs are stored in cookies. Affiliate IDs are stored in cookies. Passwords are stored in cookies. Usernames are stored in cookies. IP addresses are stored in cookies. Anything can be stored in cookies.
Trust.