Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[AlexanderHanff]

Another article:

http://www.p2pnet.net/story/16105

I should be getting a link to yet another article later tonight.

Alexander Hanff

[icsys]

Quote:

Originally Posted by icsys

It would appear then that Phorm are playing around with the opt-in opt-out pages. The pages to switch webwise on/off were standard html and probably the ones that set cookies. Unfortunately i never checked to see if cookies were being set but then I was on a corporate network.

For those interested, here is a link to the Dun & Bradstreet website.

And here they are:
http://www.webwise.com/privacy/opt/out.html
http://www.webwise.com/privacy/opt/in.html

and a cookie was set...
OPTED_OUT
YES
webwise.net/
1024
3592440064
30081716
4226224960
29934865
*

Hugo Drayton, Phorm's UK CEO :

"ISPs are the Internet and they're being expected to roll out ever better networks to support functions that they do not gain from"

He got that from Simon Davies:

"There's an argument that what Phorm and other similar companies are doing is necessary because people are demanding more services and more bandwidth and they're not prepared to pay the price so they'll sacrifice their privacy - I don't believe that."

Well ISP's... that's what you get when you knock down prices to win customers and as a result over-subscribe the available bandwidth in the hope that 90% of them will only go online to check their email twice every week! And now they want the full service you promised you're going to rape them?

****Wits!

[popper]

given that its apparently in vouge to be spying in theboardroom with stories of HP and yesturdays http://www.theinquirer.net/gb/inquir...spying-scandal
"Vodafone accused of spying

The sort of thing that got HP into hot water

By Tony Dennis: Monday, 02 June 2008, 10:55 AM

were Vodafone immediately issued this statement ... "Vodafone is completely confident it never deliberately or knowingly conducted any investigation in contravention of the UK Data Protection Act or other laws."

given the upcoming BT AGM, perhaps some visiting shareholders should be asking for a simular statement from the BT board and executive.

have or are any boardroom members, or any of the BT investors that were using any BT retail Broadband or other types of electronic data connections (with installed and active Phorm gifted Deep Packet Interception or other unnamed interception kit) being spy on or otherwise, intercepted, collected or processed in any way, at any time, including the prior 2006/2007, or upcoming Phorm/webwise trials.

[Dephormation]

Quote:

Originally Posted by icsys

And here they are:
http://www.webwise.com/privacy/opt/out.html
http://www.webwise.com/privacy/opt/in.html

and a cookie was set...
OPTED_OUT
YES
webwise.net/
1024
3592440064
30081716
4226224960
29934865
*

Thanks for the tip, I'll investigate this morning.

regards
Pete.

---------- Post added at 08:56 ---------- Previous post was at 08:39 ----------

Can confirm the analysis;

Opt out:-

Domain: .webwise.net
Cookie: OPTED_OUT = YES
Path: /
Expiry: 2 years

Opt In:-

Host:a.webwise.net
Cookie: uid= base64 encoded value
Path: /services/
Expiry: 12 months

If this isn't mirrored on a BT site, I'd suspect it was more to do with a demo to another client... possibly USA?

Either way, Dephormation is setting the right opted out cookie (do not rely on Dephormation as a long term solution... find a new ISP).

Pete.

---------- Post added at 09:01 ---------- Previous post was at 08:56 ----------

Looking at the code on that site, there's a possibility BT users will get sent to "http://bt.webwise.com" after opting out.

REMINDER: This is a Phorm operated third party web site with BT branding

Anyone able to confirm?

Pete.

---------- Post added at 09:11 ---------- Previous post was at 09:01 ----------

For anyone using Dephormation v2.0, note it logs only cookie sending not cookie setting so you may not see the cookies being set during the Webwise opt in/out process.

Cookie sending is the most important bit (which is logged).

But I can see I need to add cookie setting for completeness.

Pete.

---------- Post added at 09:23 ---------- Previous post was at 09:11 ----------

For non-techs bt.webwise.com === www.phorm.com. You'll find if you paste the IP address for bt.webwise.com (http://89.145.112.31/) into your browser you actually get the Phorm website.

==================================

C:\Program Files\Microsoft Visual Studio 8\VC>dig bt.webwise.com

; <<>> DiG 9.5.0 <<>> bt.webwise.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1055
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;bt.webwise.com. IN A

;; ANSWER SECTION:
bt.webwise.com. 642 IN A 89.145.112.31
bt.webwise.com. 642 IN A 89.145.112.32

;; AUTHORITY SECTION:
webwise.com. 642 IN NS ns2.webwise.com.
webwise.com. 642 IN NS ns1.webwise.com.

;; ADDITIONAL SECTION:
ns2.webwise.com. 642 IN A 38.105.138.54
ns1.webwise.com. 642 IN A 38.105.138.53

;; Query time: 31 msec
;; SERVER: 195.74.113.58#53(195.74.113.58)
;; WHEN: Tue Jun 03 09:17:50 2008
;; MSG SIZE rcvd: 132


C:\Program Files\Microsoft Visual Studio 8\VC>dig www.phorm.com

; <<>> DiG 9.5.0 <<>> www.phorm.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1760
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.phorm.com. IN A

;; ANSWER SECTION:
www.phorm.com. 799 IN CNAME phorm.com.
phorm.com. 199 IN A 89.145.112.32
phorm.com. 199 IN A 89.145.112.31

;; AUTHORITY SECTION:
phorm.com. 799 IN NS ns2.phorm.com.
phorm.com. 799 IN NS ns1.phorm.com.

;; ADDITIONAL SECTION:
ns2.phorm.com. 172698 IN A 38.105.138.54
ns1.phorm.com. 172698 IN A 38.105.138.53

;; Query time: 31 msec
;; SERVER: 195.74.113.58#53(195.74.113.58)
;; WHEN: Tue Jun 03 09:18:00 2008
;; MSG SIZE rcvd: 145

[Rchivist]

Quote:

Originally Posted by Dephormation

Thanks for the tip, I'll investigate this morning.

regards
Pete.

---------- Post added at 08:56 ---------- Previous post was at 08:39 ----------

Can confirm the analysis;

Opt out:-

Domain: .webwise.net
Cookie: OPTED_OUT = YES
Path: /
Expiry: 2 years

Opt In:-

Host:a.webwise.net
Cookie: uid= base64 encoded value
Path: /services/
Expiry: 12 months

If this isn't mirrored on a BT site, I'd suspect it was more to do with a demo to another client... possibly USA?

Either way, Dephormation is setting the right opted out cookie (do not rely on Dephormation as a long term solution... find a new ISP).

Pete.

---------- Post added at 09:01 ---------- Previous post was at 08:56 ----------

Looking at the code on that site, there's a possibility BT users will get sent to "http://bt.webwise.com" after opting out.

REMINDER: This is a Phorm operated third party web site with BT branding

Anyone able to confirm?

Pete.

---------- Post added at 09:11 ---------- Previous post was at 09:01 ----------

For anyone using Dephormation v2.0, note it logs only cookie sending not cookie setting so you may not see the cookies being set during the Webwise opt in/out process.

Cookie sending is the most important bit (which is logged).

But I can see I need to add cookie setting for completeness.

Pete.

---------- Post added at 09:23 ---------- Previous post was at 09:11 ----------

For non-techs bt.webwise.com === www.phorm.com. You'll find if you paste the IP address for bt.webwise.com (http://89.145.112.31/) into your browser you actually get the Phorm website.

==================================

C:\Program Files\Microsoft Visual Studio 8\VC>dig bt.webwise.com

; <<>> DiG 9.5.0 <<>> bt.webwise.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1055
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;bt.webwise.com. IN A

;; ANSWER SECTION:
bt.webwise.com. 642 IN A 89.145.112.31
bt.webwise.com. 642 IN A 89.145.112.32

;; AUTHORITY SECTION:
webwise.com. 642 IN NS ns2.webwise.com.
webwise.com. 642 IN NS ns1.webwise.com.

;; ADDITIONAL SECTION:
ns2.webwise.com. 642 IN A 38.105.138.54
ns1.webwise.com. 642 IN A 38.105.138.53

;; Query time: 31 msec
;; SERVER: 195.74.113.58#53(195.74.113.58)
;; WHEN: Tue Jun 03 09:17:50 2008
;; MSG SIZE rcvd: 132


C:\Program Files\Microsoft Visual Studio 8\VC>dig www.phorm.com

; <<>> DiG 9.5.0 <<>> www.phorm.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1760
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.phorm.com. IN A

;; ANSWER SECTION:
www.phorm.com. 799 IN CNAME phorm.com.
phorm.com. 199 IN A 89.145.112.32
phorm.com. 199 IN A 89.145.112.31

;; AUTHORITY SECTION:
phorm.com. 799 IN NS ns2.phorm.com.
phorm.com. 799 IN NS ns1.phorm.com.

;; ADDITIONAL SECTION:
ns2.phorm.com. 172698 IN A 38.105.138.54
ns1.phorm.com. 172698 IN A 38.105.138.53

;; Query time: 31 msec
;; SERVER: 195.74.113.58#53(195.74.113.58)
;; WHEN: Tue Jun 03 09:18:00 2008
;; MSG SIZE rcvd: 145

that's a new one!

So far we have

www.webwise.bt.com - Houston - still offline after explosion
http://webwise.bt.com
the products and services BT mirror
and now
bt.webwise.com

to add to the vanilla www.webwise.com

I'm ready to do whatever you want done Pete so just let me know, and whether you want me logged in or out of bt.com while doing it.

I'm happy to use the Phorm Webwise page/contact form as well.

Feel free to PM with a list of what to do. I currently have dephormation 1.9.


I am not seeing anything mirroring the Phorm opt-in or opt out pages, on the BT Webwise pages. they still say "not available".

However I haven't previously spotted bt.webwise.com so I will investigate it. I note that the contact form goes via custhelp.com so it looks like they closed that loophole on ALL the BT Webwise pages now. I've had a reply to a BT Webwise contact form via custhelp.com and it has no dubious References: headers with ww3.phorm.com or 121Media.com in them, and no FW in the subject line. (But it nevertheless asks for my BT account number and phone number which were not "required" in the original contact form, even though my enquiry was not account related but about Webwise generally.)

It looks like they are very very busy on BT Webwise sites (and it is a very confusing picture keeping up with all those domains with identical page structures and logos but different urls), and that they have definitely realised the boo boo over the contact form replies - and ;lugged that hole, so that one could well be worth taking up with ICO - if you are a BT customer with data from an earlier BT Webwise contact page enquiry - don't lose it.

[Florence]

I had a reply from Emma Sanderson today will summerise the answers to the questions as I didn't ask for permissioin to post it all.

1. The two batches of research you did were completed without the customer knowing and according to reportsd from Emma you don't know who they are except the ones who found out they were being diverted on so how could you tell what the customers response was?

Summery of the reply was.
BT did their own customer research which gave encouraging results.

MPO was the question placed in an informed way so customers would know BT were going to deep packet sniff each click.

2. I have a lot of websites that I spend my time building designing etc is this right that you come along and plagiarize it to sell the customers clicks for profit when they already pay for the internet connection?

Summery of reply.

BT do not plagerize websites. Any website owner can choose to participate or not in the OIX. they can opt out with robots.txt or give BT urls to and proof you are owner of website.

MPO was if they use google robots txt then thye are plagerizing since google use the search to bring people to my website phorm will harvest keywords then direct adverts that wil take them away.

3. Why use a company that is noted for its spyware/adware in the past company with a bad reputation that many knowledgeable internet uses know of and avoid?

summery of reply. BT have signed agreements here Emma also says other ISPs have so is VM being economical with the truth, does Emma really know they have signed or was it kents words. Emma also says phorm is in discussions with other ISPs.

MPO unless Emma has seen the signed contracts for the other ISPs then she cannot prove this it is only hear say to make BT not look like the only company.

4. I am working on this with my own experience of them as 121media which wasn't a happy one with children falling foul of their rootkits plus a member of the ISP community where I have moderated a forum for a number of years helping members with ISP related issues. I am trying to think it both ways but it still comes down to flag warning even more since it has been spotted that webwise.bt.com is in phorm control gathered customer details and hosted in Huston. At a company that is ranked in the top 10 phishing hosting companies world wide. This allowed phorm access to customer phone number's account number plus the form filled out went to phorm and not BT as the members were led to believe.

the latest problem brought to my attention is that if you visit BT.com the cookie placed will give any BT.com website including webwise.bt.com the customer details and enough information for someone to attempt to access.

Looking forward to your reply on this and what plans BT has to protect the customers from the effects of phorm phishing the customers information on servers outside the EU?

Summery of reply. Phorm are operating the webwise information site www.bt.com/webwise there is also a mail https link in the reply. This is done as Phorm is a trusted partner to BT and has BT's explicit consent was added this is not uncommon in brackets. Emma says she is confidant it doesnt pose any security risk. Emma also says the BT.com websites includes functionality so once you have signed in the website will remember the users until the browser is closed. This is to make it so customers do not have to repeatedly relog in. You have one secure login in then cookie tells the site you move around who you are the design also prevents unautherised access to users login sessions..

Emma admits Phorm have been hosting a contact phorm (oops sorry form) Which phorms system has to forward the customers requests. Emma says they do not require customer consent to allow phorm to host the site but assures me that BT complies to relevent law. In the last week BT have altered the contact phorm(form) so it is a standard BT contact to replace the ones hosted by phorm.

Oh yes in reply to one questions Emma did use the words due diligence.
-------------------------------------------------------------------

I bet this was forced through using the proxy vote from chairperson no sane person would go for this deeppacket sniffing spying on every click.

[jelv]

How many ISP's are preparing to participate in the Webwise "trial".

If I go to http://www.webwise.com/privacy/can-choose-NA.html from the office I get a page that says:

Quote:

You Can Choose
Webwise is currently not enabled by your ISP

If I go to the same page from my home connection I get:

Quote:

You Can Choose
Webwise is currently: OFF

My ISP is NOT BT, Talk Talk or VM.

[Dephormation]

Just seen on BT's BETA forum Miles Golding's post;

BT's legal department has written to ask for my website URL(s) and confirmation of ownership, without which they will not be able to honour my request to refrain from interfering with code and scanning/logging data exchange bewteen my site(s) and visitors' computers. If I do not provide the information, they do not consider themselves to be under an obligation to pro-actively check websites to ascertain if they contain 'opt-out' wording, and are confident that this position is compatible with the relevant legislation.

Three things.

One, that's an admission of copyright liability.

Two, you are under no obligation to make their system legal.

Three, they are obliged to obtain your consent before copying your work.

Miles if you're reading, can you post a scan/the text of their correspondance?

[Florence]

Jelv you with Sky or Be?

Phorm will only target large ISPs hence why I went small and friendly the MD participates on the ISP forum regularly he has a laugh and jokes with customers.

He also uses the same network so you can be sure he will not be going down this path how many BT Directors will allow phorm to deep packet sniff their every clicks?

---------- Post added at 10:34 ---------- Previous post was at 10:31 ----------

Quote:

Originally Posted by Dephormation

Just seen on BT's BETA forum Miles Golding's post;

BT's legal department has written to ask for my website URL(s) and confirmation of ownership, without which they will not be able to honour my request to refrain from interfering with code and scanning/logging data exchange bewteen my site(s) and visitors' computers. If I do not provide the information, they do not consider themselves to be under an obligation to pro-actively check websites to ascertain if they contain 'opt-out' wording, and are confident that this position is compatible with the relevant legislation.

Three things.

One, that's an admission of copyright liability.

Two, you are under no obligation to make their system legal.

Three, they are obliged to obtain your consent before copying your work.

Miles if you're reading, can you post a scan/the text of their correspondance?

If there was a co-ordinated sending in of URLs to BT from thousands of website owners would they have the resources and time to do this correctly/

[jelv]

Quote:

Originally Posted by Florence

Jelv you with Sky or Be?

No, I'm with a smaller ISP that is owned by BT and has said publicly that they are not going to use Phorm.

I actually suspect this is a BT foul-up and they might have to go back to the drawing board to determine who is a BT user.

[thebarron]

Quote:

Originally Posted by Florence

Jelv you with Sky or Be?

Phorm will only target large ISPs hence why I went small and friendly the MD participates on the ISP forum regularly he has a laugh and jokes with customers.

He also uses the same network so you can be sure he will not be going down this path how many BT Directors will allow phorm to deep packet sniff their every clicks?

---------- Post added at 10:34 ---------- Previous post was at 10:31 ----------


If there was a co-ordinated sending in of URLs to BT from thousands of website owners would they have the resources and time to do this correctly/

Careful as that would be doing an opt-out and is not something we should have to do.

I am still waiting to hear from Tesco as to their position on this, its been nearly two weeks now so I think I will send them a prompt.

[Rchivist]

Quote:

Originally Posted by Florence

I had a reply from Emma Sanderson today will summerise the answers to the questions as I didn't ask for permissioin to post it all.

1. The two batches of research you did were completed without the customer knowing and according to reportsd from Emma you don't know who they are except the ones who found out they were being diverted on so how could you tell what the customers response was?

Summery of the reply was.
BT did their own customer research which gave encouraging results.

MPO was the question placed in an informed way so customers would know BT were going to deep packet sniff each click.

2. I have a lot of websites that I spend my time building designing etc is this right that you come along and plagiarize it to sell the customers clicks for profit when they already pay for the internet connection?

Summery of reply.

BT do not plagerize websites. Any website owner can choose to participate or not in the OIX. they can opt out with robots.txt or give BT urls to and proof you are owner of website.

MPO was if they use google robots txt then thye are plagerizing since google use the search to bring people to my website phorm will harvest keywords then direct adverts that wil take them away.

3. Why use a company that is noted for its spyware/adware in the past company with a bad reputation that many knowledgeable internet uses know of and avoid?

summery of reply. BT have signed agreements here Emma also says other ISPs have so is VM being economical with the truth, does Emma really know they have signed or was it kents words. Emma also says phorm is in discussions with other ISPs.

MPO unless Emma has seen the signed contracts for the other ISPs then she cannot prove this it is only hear say to make BT not look like the only company.

4. I am working on this with my own experience of them as 121media which wasn't a happy one with children falling foul of their rootkits plus a member of the ISP community where I have moderated a forum for a number of years helping members with ISP related issues. I am trying to think it both ways but it still comes down to flag warning even more since it has been spotted that webwise.bt.com is in phorm control gathered customer details and hosted in Huston. At a company that is ranked in the top 10 phishing hosting companies world wide. This allowed phorm access to customer phone number's account number plus the form filled out went to phorm and not BT as the members were led to believe.

the latest problem brought to my attention is that if you visit BT.com the cookie placed will give any BT.com website including webwise.bt.com the customer details and enough information for someone to attempt to access.

Looking forward to your reply on this and what plans BT has to protect the customers from the effects of phorm phishing the customers information on servers outside the EU?

Summery of reply. Phorm are operating the webwise information site www.bt.com/webwise there is also a mail https link in the reply. This is done as Phorm is a trusted partner to BT and has BT's explicit consent was added this is not uncommon in brackets. Emma says she is confidant it doesnt pose any security risk. Emma also says the BT.com websites includes functionality so once you have signed in the website will remember the users until the browser is closed. This is to make it so customers do not have to repeatedly relog in. You have one secure login in then cookie tells the site you move around who you are the design also prevents unautherised access to users login sessions..

Emma admits Phorm have been hosting a contact phorm (oops sorry form) Which phorms system has to forward the customers requests. Emma says they do not require customer consent to allow phorm to host the site but assures me that BT complies to relevent law. In the last week BT have altered the contact phorm(form) so it is a standard BT contact to replace the ones hosted by phorm.

Oh yes in reply to one questions Emma did use the words due diligence.
-------------------------------------------------------------------

I bet this was forced through using the proxy vote from chairperson no sane person would go for this deeppacket sniffing spying on every click.

Well done Florence. That suggests to me that the things I have recently been moaning about are all true (especially about the BT Webwise site and contact form run by Phorm). And they are pretending it's all legal. But they just changed it all anyway, just in case. Cos actually we caught them at it. So they stopped doing it.

If they are that worried then I imagine they are being roasted by their legal team. Good.

---------- Post added at 10:41 ---------- Previous post was at 10:39 ----------

Quote:

Originally Posted by Dephormation

Just seen on BT's BETA forum Miles Golding's post;

BT's legal department has written to ask for my website URL(s) and confirmation of ownership, without which they will not be able to honour my request to refrain from interfering with code and scanning/logging data exchange bewteen my site(s) and visitors' computers. If I do not provide the information, they do not consider themselves to be under an obligation to pro-actively check websites to ascertain if they contain 'opt-out' wording, and are confident that this position is compatible with the relevant legislation.

Three things.

One, that's an admission of copyright liability.

Two, you are under no obligation to make their system legal.

Three, they are obliged to obtain your consent before copying your work.

Miles if you're reading, can you post a scan/the text of their correspondance?

He he - thought you'd like that!

---------- Post added at 10:44 ---------- Previous post was at 10:41 ----------

Quote:

Originally Posted by Florence

If there was a co-ordinated sending in of URLs to BT from thousands of website owners would they have the resources and time to do this correctly/

Don't do that. I did and it was a mistake. That legitimates "opt-out" for webmasters and they need a webmaster "opt-in" solution which is impossible. My current line of attack is

Don't give them your urls
Do put a "privacy policy" on your website refusing them access
Do look at Dephormation to learn about the coyright issues
Do ask them awkward questions about intellectual property rights, derivative works, copyright, and how much they will pay per page for copying and exploiting your website content
Do ask them what the relevance of robots.txt googlebot directives is to a Webwise visit?
Do ask them whether Webwise will identify itself with a unique user-agent - if not, why not?

[Dephormation]

Quote:

Originally Posted by jelv

My ISP is NOT BT, Talk Talk or VM.

Noted the URL you refer to is a www.webwise.com URL.

The time for Plusnet/BT customers to get acutely concerned is when you visit

bt.webwise.com
webwise.bt.com
www.webwise.bt.com

... and see your ISP is participating and/or your status indicated as opted in/out.

Pete.

[jelv]

Can people go to http://www.webwise.com/privacy/index.html and then repeatedly click the bottom "You can choose" link.

I'm now seeing something very strange and wonder if others are seeing the same.