Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 30-07-2008, 01:26   #12930
madslug
Inactive
 
Join Date: Jun 2008
Posts: 161
madslug is a jewel in the roughmadslug is a jewel in the roughmadslug is a jewel in the roughmadslug is a jewel in the roughmadslug is a jewel in the rough
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by pseudonym View Post
As it stands, Safari is compatible with Phorm's cookie forging via redirects, but wasn't supported because phorm's adverts use third party cookies, which it blocks.

If only someone could convince Safari's developers to treat cookies set after a redirect to another domain as third party cookies as is done by Opera, and convince Opera's developers to block third party cookies by default as is done by Safari, then both browsers would be incompatible with Phorm's system. Although I for one still would not be happy with my browsing going through Phorm's DPI kit, whether they claim to process it or not.
Since I enabled browser logging and started looking at browser requests and server responses in those logs, I find that some tracking scripts are setting cookies even though they are what I would think of as 3rd party scripts / cookies. For example, scripts called from tracker.domain.tld are setting cookies in the domain domain.tracker.tld. Some even go so far as to set cookies for domain.tracker2.tld.
(Most cookies are set when images are called so surfing without images greatly reduces the risk of cookies, even when javascript is enabled.
Visit bt.com home page.
Without images, bt.com only sets cookies in the domain .bt.com.
With images enabled, the home page sets cookies in the domains:- .doubleclick.net, .2o7.net, btow.touchclarity.com, .bt.com.
Virginmedia.com home page has fewer cookies:- .virginmedia.com and .advertising.com plus without images the travelsupermarket.com cookie not declaring a domain, and no javascript option giving me a cookie in the domain .atdmt.com
Settings included no images from foreign servers and no javascript from foreign servers.)

If this is what ordinary 'trusted' websites are doing with their 3rd party analytics / tracking / profiling scripts which start off calling a first party script hosted on their server, how much more can a DPI system do? There is nothing in the DPI process that will decrease the number of 3rd party trackers and profilers that have your surfing data, it just adds one known layer of profiling and hides multiple other potential layers.

---------- Post added at 01:26 ---------- Previous post was at 01:20 ----------

Quote:
Originally Posted by Hank View Post
Oh, it's after midnight. No appearance of a Webwise Phorm BT partership actually doing anything. Sweet dreams
Does anybody know when the BT servers are 'rebooted'. I would expect it to be somewhere between 2 am and 4 am.
Even if they are only sending out 10k invites on the 24 hour notice, most mail systems will fall over if more than 50 emails are sent out per batch so it will take a few hours to send out all those advance warning messages.
madslug is offline