22-07-2008, 23:08
|
#12526
|
Guest
Location: Gloucestershire
Posts: n/a
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
So they wrote to him on the 22nd July to tell him that they couldn't reply until the 19th July
Here's the info explaining the Qualified Exemption and Public Interest Tests. I'll not comment on the reasons for the police taking this line but it is worth pointing out the factors that are taken into account in the Test.
Based on guidance information and other publications, relevant factors that should be considered by an Institution include: -
* the general public interest in accessible information;
* would disclosure contribute to the administration of justice or enforcement of law?;
* would disclosure inform the public of any danger to public health or safety?;
* would disclosure contribute to a debate of importance?; and
* would disclosure prejudice a person's privacy rights?
Factors which should NOT be taken into account by an Institution include: -
* the possible embarrassment of Institutions or other officials;
* the possible loss of confidence in Institutions or public authority;
* the seniority of persons involved; and
* the risk of an applicant misinterpreting the information.
|
|
|
22-07-2008, 23:14
|
#12527
|
Inactive
Join Date: May 2008
Posts: 254
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
>So they wrote to him on the 22nd July to tell him that they couldn't reply until the 19th July
Sorry, a post on BadPhorm later explains that that's a typo: it's meant to say Aug 19th.
|
|
|
22-07-2008, 23:15
|
#12528
|
Guest
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by phormwatch
Kent Ertugrul:
There's no obvious way to pay for a better, faster browsing experience.
|
Er yes there is Kent... Provide services customers want and will pay for.
As I type that, I want to do that expression Kent did in the BBC Click video when he pretended to be confused and shocked by something Alexander said.
D'oh! So obvious really. So obvious but yet so unclear to Kent who, bless, cannot understand why consumers would not want his Phorm Webwise 'service'. Awwww.
|
|
|
22-07-2008, 23:17
|
#12529
|
Inactive
Join Date: Jun 2003
Services: Cablevision
Posts: 8,305
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Portly_Giraffe
So would you share Lord West's view, or do you mean that we should behave as though Internet communications are no more secure than sending a postcard?
|
Internet communication should be as secure as sending a letter. The packet headers (or envelope) are read to deliver the letter. Already DPI is occuring to monitor the type of traffic, this means the envelope is being opened making the envelope more akin to an unsealed letter with the flap tucked in.
I don't share Lord Wests view, I feel Internet communications are no more secure than sending a postcard, then again I know that everything I do on the internet and email connections I am predominantly in front of is subject to retention and review anyway.
|
|
|
22-07-2008, 23:21
|
#12530
|
Inactive
Join Date: Jun 2003
Location: Cambridge
Posts: 16,760
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
May I please remind everyone that deliberately "misspelling" someone's name in such a way that it can be confused with a rather offensive word is not acceptable, and has previously been warned against. Please do not resort to petty insults against those on the other side of the Phorm issue - it does you no good. Your cause is a just one IMO, and there is no need to stoop to insults to fight it.
|
|
|
22-07-2008, 23:22
|
#12531
|
Inactive
Join Date: May 2008
Posts: 254
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Sorry, I didn't see that warning.
|
|
|
22-07-2008, 23:22
|
#12532
|
Guest
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Peter N
I'll not comment on the reasons for the police taking this line
|
I was about to wade into each point you made but I think I'll do the same, no comment (for now - until about August 19th anyway)
Good night all.
|
|
|
22-07-2008, 23:37
|
#12533
|
Inactive
Join Date: Jun 2003
Services: Cablevision
Posts: 8,305
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
http://news.bbc.co.uk/1/hi/england/7520598.stm
Not greatly related to Phorm but of course a good example of how power without checks and balances can corrupt and be misused. While Phorm now say of course we won't look at... Over time...
|
|
|
23-07-2008, 00:23
|
#12534
|
cf.addict
Join Date: Apr 2008
Posts: 337
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by SMHarman
http://news.bbc.co.uk/1/hi/england/7520598.stm
Not greatly related to Phorm but of course a good example of how power without checks and balances can corrupt and be misused. While Phorm now say of course we won't look at... Over time...
|
I think it was George Bernard Shaw who said, "Power does not corrupt men; fools, however, if they get into a position of power, corrupt power"
---------- Post added at 00:23 ---------- Previous post was at 00:14 ----------
Quote:
Originally Posted by Hank
Er yes there is Kent... Provide services customers want and will pay for.
As I type that, I want to do that expression Kent did in the BBC Click video when he pretended to be confused and shocked by something Alexander said.
D'oh! So obvious really. So obvious but yet so unclear to Kent who, bless, cannot understand why consumers would not want his Phorm Webwise 'service'. Awwww.
|
It was quite a Kent'ish moment. Such a natural actor... Not!
|
|
|
23-07-2008, 00:55
|
#12535
|
Inactive
Join Date: Apr 2008
Services: Virgin - BB,TV,Phone
Sky box - with no sub
Freeview - idtv
Posts: 270
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Decided it is time for another FoI request.
We have heard too many times that BT 'sought legal advice'. Its time it was made public.
What are the chances of the information being released?
http://www.whatdotheyknow.com/reques...#outgoing-1864
|
|
|
23-07-2008, 08:05
|
#12536
|
Inactive
Join Date: Apr 2008
Posts: 114
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Peter N
Based on guidance information and other publications, relevant factors that should be considered by an Institution include: -
* would disclosure contribute to the administration of justice or enforcement of law?;
|
Do you think the situation being investigated by the Police courtesy of Alex might explain it?
---------- Post added at 08:05 ---------- Previous post was at 07:52 ----------
Quote:
Originally Posted by SMHarman
Internet communication should be as secure as sending a letter. The packet headers (or envelope) are read to deliver the letter. Already DPI is occuring to monitor the type of traffic, this means the envelope is being opened making the envelope more akin to an unsealed letter with the flap tucked in.
I don't share Lord Wests view, I feel Internet communications are no more secure than sending a postcard, then again I know that everything I do on the internet and email connections I am predominantly in front of is subject to retention and review anyway.
|
It's worth pointing out to the non technical that the IP packets that everyone refers to has two sections.
1. IP Header
2. Payload
The IP header contains information to allow the packet to traverse the internet. Source IP, Destination IP, protocol type etc.
You should note that the information in this header cannot be used for traffic shaping of http traffic and the like as it would only mention the protocol 'tcp'.
You have to process this packet to 'strip off the outer layer' thus revealing the payload to consist of the following (let's continue with the http example)..
1. TCP Header
2. Payload
The TCP header contains other information for the processing computer so it knows what to do with it and how the packet fits in with other packets. Key fields in this header are the source and destination ports.
Most people will know by now that http runs on tcp/80, and this is all the information you really need to shape this traffic. You could distinguish between ftp, http and bit-torrent traffic at this level assuming everyone is using the standard ports for such protocols.
What DPI does is to look into the payload section which contains information for the application that is listening on the mentioned port, in this case port 80. For the sake of simplicity this is where your personal information is kept and you could also analyse the payload to see if you really are looking at http traffic or if you have disguised a bit-torrent stream on port 80.
My point is, it is nothing like a postcard apart from the fact that the packet isn't encrypted. (With encrypted traffic you would typically only see the IP header information so it can get where it's going).
It is very much like an envelope within an envelope within an envelope.
Anyone wishing to understand further is encouraged to google 'osi 7 layer model' - you should be able to find some general overviews. Even the wiki pages might be understandable
|
|
|
23-07-2008, 08:19
|
#12537
|
Inactive
Join Date: Apr 2008
Posts: 831
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by BetBlowWhistler
Do you think the situation being investigated by the Police courtesy of Alex might explain it?
---------- Post added at 08:05 ---------- Previous post was at 07:52 ----------
It's worth pointing out to the non technical that the IP packets that everyone refers to has two sections.
1. IP Header
2. Payload
The IP header contains information to allow the packet to traverse the internet. Source IP, Destination IP, protocol type etc.
You should note that the information in this header cannot be used for traffic shaping of http traffic and the like as it would only mention the protocol 'tcp'.
You have to process this packet to 'strip off the outer layer' thus revealing the payload to consist of the following (let's continue with the http example)..
1. TCP Header
2. Payload
The TCP header contains other information for the processing computer so it knows what to do with it and how the packet fits in with other packets. Key fields in this header are the source and destination ports.
Most people will know by now that http runs on tcp/80, and this is all the information you really need to shape this traffic. You could distinguish between ftp, http and bit-torrent traffic at this level assuming everyone is using the standard ports for such protocols.
What DPI does is to look into the payload section which contains information for the application that is listening on the mentioned port, in this case port 80. For the sake of simplicity this is where your personal information is kept and you could also analyse the payload to see if you really are looking at http traffic or if you have disguised a bit-torrent stream on port 80.
My point is, it is nothing like a postcard apart from the fact that the packet isn't encrypted. (With encrypted traffic you would typically only see the IP header information so it can get where it's going).
It is very much like an envelope within an envelope within an envelope.
Anyone wishing to understand further is encouraged to google 'osi 7 layer model' - you should be able to find some general overviews. Even the wiki pages might be understandable
|
I have no idea if this is relevant or not as it is too technical for me - but as a BT customer I now find that the ThinkBroadband speed test on default settings does not give me an accurate reading - generally very very low- I have to rerun it using the port 80 alternative to get a proper result.
And the BT official speedtester has a weird Firefox related fault (for some people, including me, who get a java socket error in the results and the test hangs) that can be overcome by using either IE7 (with same Java) or using our Firefox, putting in the IP address, instead of the url.
These are the sort of problems that BT "investigate" but never seem to be able to solve nowadays.
Might this be in any way connected ? (quite happy to be totally wrong here - please educate me)
---------- Post added at 08:19 ---------- Previous post was at 08:18 ----------
Quote:
Originally Posted by icsys
|
Not sure there is a lot of point as BT being a commercial company and not a public body, won't be required to disclose commercial legal advice. AFAIK
|
|
|
23-07-2008, 08:57
|
#12538
|
Inactive
Join Date: May 2008
Location: Kent
Services: No DPI Kit snooping on USERS
Posts: 447
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by fidbod
@ Devils Advocate.
One of your previous posts stated you would be concerned if it could be shown that the Phorm system made personally identifiable information (PII) available. I would argue that Phorm also increases your security risk significantly. I am interested in your thoughts on the following thought experiment.
1. The cookie that Phorm set on your PC contains a unique identifier (UID)
2. Your PC's IP address can be read from the HTML requests generated when browsing.
3. Malicous Javascript code on a website can "read" the Phorm UID from your machine.
As a malicous person I now have two pieces of information unique to your PC. That I can use to target you.
You could argue for a long time whether these two bits of information are PII and I will not offer judgement on that. However it is now much easier for me to target your PC to extract further infomation.
thoughts?
|
catching up as have been very busy lately
phorms profiler is supposed to strip the phorm related data back out of the cookie on the fly when a website requests it, but if a web site switches from port 80 to another port 443(ssl) for instance that information will not be stripped and will then be visible to the website
so the cookie can leak you UID
peter
---------- Post added at 08:36 ---------- Previous post was at 08:32 ----------
Quote:
Originally Posted by rryles
I have looked at the RIPA explanatory notes and I'm afraid I still see a problem. I think phorm will argue the following:
Code:
The data is not made available to any person.
The data is processed by an automated system which produces some other data.
This other data is made available to another automated system and potentially certain people.
This other data does not represent any part of the communication.
I really would love to be shown the error of my thinking. I want phorm and BT to be held legally accountable for the trials and I want the whole idea of dpi for advertising to be litigated into oblivion.
|
still catching up.
on thing you miss, the data is available to the system admins in the form of the diagnostic logs, which we are told are kept for upto 14 days but not told what happens after that
peter
---------- Post added at 08:57 ---------- Previous post was at 08:36 ----------
Quote:
Originally Posted by rryles
|
not sure if below is relevant
***************
The Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead): My Lords, the Home Office provides guidance about lawful interception conducted under warrant for law-enforcement purposes. This is separate from advice provided by the Department for Business, Enterprise and Regulatory Reform on the relevant business facing legislation. ISPs may, with the consent of the consumer, use information about consumers’ internet use for the provision of value-added services. The Information Commissioner provides information to the public on privacy issues.
***************
my bold / UL so is this say that the HO should only give advice regarding interception under warrant? if so does that mean that phorm spoke to the wrong dept and got duff info?
and that DBERR are the ones they should be checking with and so should we? anyone done an FoI request to DBERR?
note the important point "provision of value add service" AKA anti phishing
could it not be argued that to be a value add service it would need to be a service users required not duplicate one they already have? if this were so then webwise would lose its immunity from perc as it would no longer be a value add service?
peter
|
|
|
23-07-2008, 09:26
|
#12539
|
Inactive
Join Date: Apr 2008
Posts: 114
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by R Jones
putting in the IP address, instead of the url.
|
What you are doing here is bypassing the DNS lookup phase (udp/53).
DNS has a default timeout of 2 seconds, and since the traffic is udp (connectionless) if the packet is 'lost' along the way there is no automatic re-submission.
If the DNS is busy (this takes a lot but it depends on which dns servers you have configured) you can easily wait up to 6 seconds for a dns response (an eternity!) or even get a page not found error in your browser (which tells you to refresh which effectively resubmits the dns request).
This has been a public service announcement by the geek-squad
|
|
|
23-07-2008, 10:21
|
#12540
|
Inactive
Join Date: May 2008
Posts: 147
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by bluecar1
on thing you miss, the data is available to the system admins in the form of the diagnostic logs, which we are told are kept for upto 14 days but not told what happens after that
peter
|
I think this was mentioned. If they keep any logs that contain what is deemed communication data then would likely be an interception under RIPA (if it's stored it can be accessed by someone). However, they may well change what is logged for the roll out and we don't know what was logged during the trials either. If they logged IP addresses, I don't think that is communication data, but traffic data, so may not fall fowl of RIPA. It would however come under DPA, as it is PII.
Looking at the bigger picture -
There are many potential legal problems with what phorm is trying to do. Whilst it may be possible to work within the bounds of the law, it certainly isn't easy. The trials seem to fall well short of the requirements for legality. (no consent from anyone at all, code injection, etc.) However a lot of the evidence relating to the trials has probably conveniently disappeared now. All that we are left with is the claims of phorm and BT. The same claims that got them the all clear from the legal advice they sought.
I imagine an exchange something like this:
"We don't store anything and We don't use any PII"
"Well it should be legal then"
Of course, they do store various bits of data, and they do process PII, and they do copy copyrighted content. All of which puts the legality into serious doubt.
I know some of you don't care about the legality or not - "it simply must be stopped". To which I say this: If it is found to be illegal by a court, then it will be stopped - dead.
P.S. (Going off on a tangent slightly) I'm surprised that any lawyer would give a simple statement that something was legal. It'd leave them too vulnerable. Instead I'd expect something along the lines of "Based on the information available to me at this time, I believe that the proposal in its current form is unlikely to be in breach of <specific act of parliament>"
|
|
|
Currently Active Users Viewing This Thread: 15 (0 members and 15 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 03:58.
|