Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[Tharrick]

For everyone at the protests:

http://www.urban75.org/legal/section44.html

This might be a good read.

[isf]

Quote:

Originally Posted by Wildie

would fuzzing of inputting key words like sex medical health lots of em stop the ad`s ?

If I follow you, it might make them stop profiling a page.

Quote:

and would a list of all the web sites that the ad`s want you to goto be handy to add to ones host file, so blacklisting the very sites the ads want you to visit, ok you still get phormed but by blacklisting the ones who paid for the ad would that not hurt the model as well?

Anything that negatively impacts the clickthrough rate for OIX ads reduces the appeal of OIX to advertisers. Done on a massive scale, Phorm would be left advertising scam gambling and malware sites.

Quote:

ok but the advert has to point to some web site they want you to visit has it not?

Usually this is via redirects through the ad networks servers. Blocking the ad network blocks the clickthroughs, boycotting the advertiser is something else entirely.

[bluecar1]

just got these gems via email, a bit OT but we need a break

thought they so apply to Phorm and BT so thought i would share them with you to lighten the day (and fuzz up phorms filters a bit in the future)

peter

Lesson 1:

A man is getting into the shower just as his wife is finishing up her shower, when the doorbell rings.

The wife quickly wraps herself in a towel and runs downstairs.

When she opens the door, there stands Bob, the next-door neighbour.

Before she says a word, Bob says, 'I'll give you £800 to drop that towel.'

After thinking for a moment, the woman drops her towel and stands naked in front of Bob, after a few seconds, Bob hands her £800 and leaves.

The woman wraps back up in the towel and goes back upstairs.

When she gets to the bathroom, her husband asks, 'Who was that?'

'It was Bob the next door neighbour,' she replies.

'Great,' the husband says, 'did he say anything about the £800 he owes me?'

Moral of the story:

If you share critical information pertaining to credit and risk with your shareholders in time, you may be in a position to prevent avoidable exposure.



Lesson 2

An eagle was sitting on a tree resting, doing nothing.

A small rabbit saw the eagle and asked him, 'Can I also sit like you and do nothing?'
The eagle answered: 'Sure, why not.'

So, the rabbit sat on the ground below the eagle and rested. All of a sudden, a fox appeared, jumped on the rabbit and ate it.

Moral of the story:
To be sitting and doing nothing, you must be sitting very, very high up.


Lesson 3

A turkey was chatting with a bull.

'I would love to be able to get to the top of that tree' sighed the turkey, 'but I haven't got the energy.'
'Well, why don't you nibble on some of my droppings?' replied the bull. They're packed with nutrients.'

The turkey pecked at a lump of dung, and found it actually gave him enough strength to reach the lowest branch of the tree.

The next day, after eating some more dung, he reached the second branch.

Finally after a fourth night, the turkey was proudly perched at the top of the tree.

He was promptly spotted by a farmer, who shot him out of the tree.


Moral of the story:
BS might get you to the top, but it won't keep you there..

Lesson 4

A little bird was flying south for the winter. It was so cold the bird froze and fell to the ground into a large field.

While he was lying there, a cow came by and dropped some dung on him.

As the frozen bird lay there in the pile of cow dung, he began to realize how warm he was.

The dung was actually thawing him out!

He lay there all warm and happy, and soon began to sing for joy.
A passing cat heard the bird singing and came to investigate.

Following the sound, the cat discovered the bird under the pile of cow dung, and promptly dug him out and ate him.


Morals of the story:
(1) Not everyone who ***** on you is your enemy.

(2) Not everyone who gets you out of **** is your
friend.

(3) And when you're in deep doo doo, it's best to keep
your mouth shut!


THUS ENDS THE three MINUTE MANAGEMENT COURSE

[pseudonym]

Quote:

Originally Posted by isf

The value in connecting an advertiser with their target market is accuracy. When there's a sizable percentage of sites detecting phorm and sending them unrelated keywords it undermines their entire business model.

I thought I'd made it clear I wasn't talking about that specific piece of software? In fact, I didn't have a client side solution in mind at all.
If fuzzing were widespread, it would impact their bottom line because they could no longer deliver the relevance advertisers would be paying them for.

One method of messing with Phorm's data that I think has a great deal of potential would be for a server side Phorm webwise UID exchange system.

If websites replaced the UID in the webwise cookie Phorm forges for their domain with one donated by another site with totally unrelated content and dontated your UID into a pool, your browsing of the site would polute someone else's profile, and similarily your profile would be poluted by other people's browsing and the website would benefit as Phorm adverts targeted on their content would be severed up to people who had never visited their site

[bluecar1]

Quote:

Originally Posted by pseudonym

One method of messing with Phorm's data that I think has a great deal of potential would be for a server side Phorm webwise UID exchange system.

If websites replaced the UID in the webwise cookie Phorm forges for their domain with one donated by another site with totally unrelated content and dontated your UID into a pool, your browsing of the site would polute someone else's profile, and similarily your profile would be poluted by other people's browsing and the website would benefit as Phorm adverts targeted on their content would be severed up to people who had never visit their site

web wise's cookie handling is supposed to strip out the UID before passing the cookie to the website

so a server side swap of uid etc would not help

peter

[Deko]

Ah But, the Cookie will not be removed on HTTPS on non standard ports methinks.

[pseudonym]

Quote:

Originally Posted by bluecar1

web wise's cookie handling is supposed to strip out the UID before passing the cookie to the website

so a server side swap of uid etc would not help

peter

They WILL leak if a site uses https: for any of its content, they are also expected to leak if a site uses a port other than 80, because Phorm have stated that they only process traffic on port 80.

They MAY also be accessible using client side javascript.

Quote:

Originally Posted by Wildie

ok but the advert has to point to some web site they want you to visit has it not? unless its redirected cos its hashed in the serving server, either way the end result has to be a web site they want you to visit and that`s the one needs to be blacklisted.

Not necessarily. You may look for information that suggests that you are buying a new car. The adverts targetted at you may be for a particular manufacturer such as Ford and there's no real need to visit Ford's own website.

Where it gets down and dirty is that Phorm only regard your actual address as PII so they are free to keep note of your location in other wats. This means that you could get an advert for your local Ford main agent instead of Ford Motor Company.

It depends entirely on how far the no PII statement is valid. At the most basic level, Phorm already know that you are in the UK because of the ISP's they are dealing with and that narrows the whole game down to 1% of the World's population before they even start. Factor in the other information that can be assumed from your search - car buyers are over 17 - are you searching for a people carrier which would indicate a family etc etc.

The simple act of looking for a new car says so much about you that coupled with similar amounts of between-the-lines analysis of other searches would make it very simple to identify you.

Just how close can Phorm get before it becomes "personally identifiable" in a legal sense especially when they are have access to multiple sets of data even though each data is anonymous in it's own right?

The answer is that even under the ICO guidelines Webwise will have more than enough information to be able to identify you within your first few hours on-line and there's no way around that other than to ban these systems before they can be used even for a few minutes.

[Dephormation]

Quote:

Originally Posted by pseudonym

They WILL leak if a site uses https: for any of its content, they are also expected to leak if a site uses a port other than 80, because Phorm have stated that they only process traffic on port 80.

They MAY also be collectable using client side javascript.

And you can rewrite the cookie client side too, recoding or encrypting them, to make certain the UID leaks whatever filtering they claim.

Check the Dephormation site for sample code. Its a doddle to capture User Identifiers. SSL, non standard ports, non Phorm ISPs, cookie rewriting... all will cause User Identifiers to leak.

Its a shame the ICO didn't consult external web development expertise.. It might have saved them some avoidable and profound embarrasment.

[bluecar1]

Quote:

Originally Posted by pseudonym

They WILL leak if a site uses https: for any of its content, they are also expected to leak if a site uses a port other than 80, because Phorm have stated that they only process traffic on port 80.

They MAY also be accessible using client side javascript.

fair comment, had not thought about the fact if a user had visited the website on a normal http connection then gone to the same websites on a https conection they should be able to see the cookie complete with UID

now thye other question to that is , is that going to break any websites?

also it is a method of extracting UID's for an attack

Peter

Quote:

Originally Posted by pseudonym

They WILL leak if a site uses https: for any of its content, they are also expected to leak if a site uses a port other than 80, because Phorm have stated that they only process traffic on port 80.

They MAY also be accessible using client side javascript.

Presumably, they will also leak if you have a laptop and regularly log in via different ISPs (some Phormed, some not).

[bluecar1]

Quote:

Originally Posted by JohnHorb

Presumably, they will also leak if you have a laptop and regularly log in via different ISPs (some Phormed, some not).

don't forget they are also working on a cookieless optout, could the delay be the fact they have dropped the cookie based opt-out due to to many issues(and poss legal probs) and trying to get the cookieless opt-out to work

just a thought

peter

[isf]

Quote:

Originally Posted by bluecar1

don't forget they are also working on a cookieless optout, could the delay be the fact they have dropped the cookie based opt-out due to to many issues(and poss legal probs) and trying to get the cookieless opt-out to work

I thought the HO were clear the system was to be opt in? Still, is this going to be a true network level opt-out, without unlawful interception at the profiler?

Quote:

Originally Posted by bluecar1

don't forget they are also working on a cookieless optout, could the delay be the fact they have dropped the cookie based opt-out due to to many issues(and poss legal probs) and trying to get the cookieless opt-out to work

just a thought

peter

That should only affect the initial check to see if a Webwise cookie exists and how it is set - in or out. They have to avoid this as it is an offence under the Computer Misuse Act for anyone to install, alter or remove any file - including a cookie - without your knowledge or consent which makes it illegal for BT to even read the opted-out cookie. All of the regular cookies will remain and will contain the extra Webwise data. They will be as vulnerable or as safe as any other cookie on the PC.

I suspect that you are right about the cause of the delay. It remains to be seen how they will implement this cookie-free opt-out check but given their usual incompetence and lack of attention to detail it's a fair bet that it doesn't work and/or is illegal and unsafe.

[bluecar1]

Quote:

Originally Posted by Peter N

That should only affect the initial check to see if a Webwise cookie exists and how it is set - in or out. They have to avoid this as it is an offence under the Computer Misuse Act for anyone to install, alter or remove any file - including a cookie - without your knowledge or consent which makes it illegal for BT to even read the opted-out cookie. All of the regular cookies will remain and will contain the extra Webwise data. They will be as vulnerable or as safe as any other cookie on the PC.

I suspect that you are right about the cause of the delay. It remains to be seen how they will implement this cookie-free opt-out check but given their usual incompetence and lack of attention to detail it's a fair bet that it doesn't work and/or is illegal and unsafe.

the best way is an account level opt-in / out where opted out traffic takes a different rout out to the net bypassing all the phorm kit due to ip subnet (but this requires help from BTW who operate the RAS servers and issue IP's

BUT, what happens if the main account holder opts in, but a subaccount holder doesnot want there traffic going via the profiler even if they are opted out?

no win me thinks for BT

peter