Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[BadPhormula]

Quote:

Originally Posted by 3x2

Just as an aside - There are lot's of good reasons why companies like Google should oppose Phorm but for the moment they should stay away. If Phorm can turn this into some "David and Goliath" commercial confrontation they will. Let Google et al get involved in the extremely unlikely event that BTPhorm goes into production.

Forget Google coming to the rescue. Google are the enemy too. If this DPI ***** takes off you can expect Googleb*strds to be getting their dirty sneaky hands on it as well. Don't forget Phorm is a public traded company and the Googleb*strd only needs start slurping up shares in order to get its dirty big proboscis into our personal data.

[mark777]

900

[Chroma]

Hackers used packet sniffers to filch credit card data

http://arstechnica.com/news.ars/post...card-data.html

A sign of things to come?

So will the fact that inspection equipment will become widely available affect changes to the credit card/banks terms and conditions regarding fraud?

I mean if i was in control of a financial institustion i would be all over my terms and conditions regarding fraud like a dog eating rhubarb.

It seems to me that using your cards online AP (Anno Phormini) means your informed that there an unacceptable risk and therefore my institution wont pay out if theres been fraud committed whilst buying online.

Seems like the only reason the hapless idiots got caught was because they had no idea how to actualy write software that could be restarted should the server be rebooted. (a fairly straighforward task under unix flavoured systems)
Now had they been able to actualy test software before deploying (ie had they been rational) i doubt they would have been caught.

in this case the packet sniffers where merely background programs (simmilar to trojans and keyloggers on a home computer) however when you move on to dedicated hardware inspectors whos job it is to actively sniff, detection becomes even more difficult and administration of rogue code becomes exponentialy easier, a single on site visit is enough to compromise an entire exchange.
And with our ever depreciating track record of actualy catching and convicting cyber criminals the outlook is good for criminals, bad for the people at large.

[Wildie]

Read on the BT forum if you use OZ or Fon they will not route the web request to the webwise/phorm spyware, so one way round the issue for a quick fix till one can get out of the contract, also if thats true then they can do the same for the opt ins, done by mac hub what ever they use, no cookies no opt out and no interception unless you are a mug, like the opt in for BTFon.

[Phormic Acid]

Quote:

Originally Posted by R Jones

So the Webwise invitation page will be displayed how? and where? By traffic interception? By interrupting my request for http://news.bbc.co.uk and giving me a Webwise invitation page instead?

This was one of the first things about Phorm/Webwise that caused alarm, because we didn’t need to know how it would work technically to see the problem. Yes, your request will be hijacked and you’ll be shown an interstitial consent page.

If someone goes to visit, say, http://www.hsbc.co.uk/, they may instead end up at some ‘strange’ page they weren’t expecting. At this point, I hope they’d stop. If it were one of my relatives, I’d hope they’d also contact me and ask my advice. I don’t want them to start thinking that page hijacking is normal and nothing to worry about. If the strange behaviour is being caused by malware on their computer, no amount of fancy Phorm anti-phishing technology in the network is going to be able to protect them.

[AlexanderHanff]

Phorm have been rather naughty in their Annual Report. They state that they have exclusive agreements with VM, TT and BT and that trials will commence shortly and (here is the naughty part)

Quote:

...followed by roll-out across these networks.

Which is basically an out and out lie. Trials are to begin with BT shortly sure, but VM and TT have not mentioned progressing to any trials and furthermore VM have stated publicly that they have not signed any agreement to deploy the technology.

Other than that their Annual Report is just the same old story they have been spouting in the press for the last 3 months. Their operating costs were quite high last year though certainly more than the cash they reported as having on hand in the annual report, so it is difficult to see how they will sustain the ongoing operating costs without acquiring more investment from somewhere. Their market capital is too volatile to make any forecasts on at the moment so it is difficult to see how much money they actually have in order to go forward.

There will be substantial costs involved in deploying the technology if it should ever get to that phase. Not only will they have hardware costs but installation costs will be significant too.

Lets see what their next annual report has to offer

Alexander Hanff

[Rchivist]

Quote:

Originally Posted by Phormic Acid

This was one of the first things about Phorm/Webwise that caused alarm, because we didn’t need to know how it would work technically to see the problem. Yes, your request will be hijacked and you’ll be shown an interstitial consent page.

If someone goes to visit, say, http://www.hsbc.co.uk/, they may instead end up at some ‘strange’ page they weren’t expecting. At this point, I hope they’d stop. If it were one of my relatives, I’d hope they’d also contact me and ask my advice. I don’t want them to start thinking that page hijacking is normal and nothing to worry about. If the strange behaviour is being caused by malware on their computer, no amount of fancy Phorm anti-phishing technology in the network is going to be able to protect them.

Of course some of them may even be brave enough to ring telephone support, and half an hour to an hour later will be told that it looks like they might have spyware, but they can remove it by formatting their C:\ drive and rebooting their router.

[BetBlowWhistler]

can someone remind me of the date that the ICO said they expected this to be 'opt-in' please?

[Dephormation]

Quote:

Originally Posted by AlexanderHanff

Trials are to begin with BT shortly sure, but VM and TT have not mentioned progressing to any trials and furthermore VM have stated publicly that they have not signed any agreement to deploy the technology.

Phorm aren't the only ones spinning ********. Recall VM customer zone 3 April 2008 said (now withdrawn);

"[We] will be writing to you nearer the time to advise when the solution will be ‘switched on’ providing more detail of what this will mean to you. Given the benefits of Webwise, we’re pleased to be offering you this service and making your web experience safer and more relevant."

They might be denying it now; but they *did* make it very clear on their own web site they planned to rollout.

Also from the FAQ

Why has Virgin Media >>>partnered<<< with Phorm?
We are very keen to ensure our customers have a safer online experience, but without blocking access. In this respect Webwise allows us to alert customers that they may be attempting to visit a site known to be fraudulent. Additionally, by providing customers with more relevant advertising, they should be able to find products and services that are more interesting for them.
Will customers be able to decide whether to use the system?
Customers won’t be forced to use the system, and will have the choice to keep their internet experience exactly as it is now. As we get closer to launch we’ll explain how this will work.

Virgin could redeem themselves, but they have can't rewrite history. They won't regain my trust quickly.

[NTLVictim]

Quote:

Originally Posted by Dephormation

Particularly until a certain product specialist finds a new role.

May I suggest the role of deceased?

[jelv]

Would you say the attached extract from the Annual Report was an accurate representation of the current situation?

[Florence]

Quote:

Originally Posted by BetBlowWhistler

can someone remind me of the date that the ICO said they expected this to be 'opt-in' please?

sometime early Aprill if you check Portly_Giraffe posts earlier as we were both incontact with them over emails.

[mark777]

Quote:

Originally Posted by BetBlowWhistler

can someone remind me of the date that the ICO said they expected this to be 'opt-in' please?

http://www.theregister.co.uk/2008/04...phorm_tougher/

links to ICO statements are in this.

(The link to the 'Phorm Files' at the very bottom of The Register front page is a good way to find the main events)

[Florence]

Hi Alex@phorm have you been given permission to speak to the forum members and answer a few questions.

First what has happened to the recording of the public meeting since phorm wanted to show they were transparent?

[Rchivist]

Well I did enjoy reading the annual 2007 Phorm report - some highlights for your delectation...

refers to the "exclusive agreements to adopt our online advertising platform" with BT, VM and TalkTalk (a statement not supported by subsequent evidence nor by statements of VM in particular),

refers to ICO pat on the back, (the pat on the back they think they had got, before the ICO rejected their opt-out model and said they had to be opt-IN),

refers to "extensive due diligence" (the "irrelevant to the UK" report by the somewhat tainted Ernst and Young, and also refers to the oft misdescribed PIA, (actually an interim privacy report, and a "late stage" PIA that hasn't been published yet - although it was due end of April), and despite the fact that all this "due diligence" did not suitably anticipate the many changes that would be required to their model to even begin to make it legal in UK/EU - hence all the retrofitting that has apparently been going on behind the scenes at BT. (BT - We are developing an alternative opt-in model...etc. etc.)

refers to implementation being "on track" when in fact it is seriously behind schedule as far as BT trials are concerned (it's so much more inconvenient when you have to tell people in advance about the trials instead of doing them secretly and illegally, and it is so tedious having to retrofit the technology to try and keep up with all those scaremongering privacy campaigners.)

refers to the fact that he is in discussion with "several other UK ISPs" and is in a trial phase with them. Names please? That will be an interesting claim to follow through.

refers to the denial that they store data, (despite the Phorm claim elsewhere in promotional interviews that they can use the information on what pages you viewed 3 days earlier).

My favourite Phorm articles and documents are always the one's where Kent Ertugrul is given a free hand - he really does love to spin.