Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 29-05-2008, 21:23   #7530
Dephormation
Inactive
 
Join Date: Apr 2008
Location: Bristol
Services: Aquiss.net and loving it. No more Virgin Media, no more Virgin Phone, no more Virgin Mobile.
Posts: 629
Dephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to all
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Hank View Post
Are you saying that they fell foul of PECR but have now sorted it by moving to the IBM UK managed service? Or is your analysis that they are falling foul, even now, with this new set up?
Yes - in my analysis of Robs log - they broke PERC Reg 6. They set the following cookies;

btcom.userName = (email address)
btcom.dateVisited = (date of visit)
SMSESSION = (Netegrity site minder encrypted cookie)
.. plus a couple of Java and PHP session cookies.

By setting such cookies without specifying their purpose or allowing a user to refuse storage they broke PERC Reg 6. The Netegrity Siteminder cookie is particularly interesting; I believe it contains encrypted user details and could be intended for 'federated identity management' (ie, allowing you to be identified across a range of sites).

Then they covered it up by scrapping the contact form, and linking to IBM UK bt.custhelp.com instead.

Pete

PS As for their new contact form, if someone wants to make a complaint using the new forms (using the Dephormation logging feature) ... send me a PM and I'll review the results.
Dephormation is offline