Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Virgin Media Services > Virgin Media Internet Service

Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Poll Results: Will you be opting out of the Virgin Ad Deal?
Yes, Definitely. 958 95.51%
No, I am quite happy to share my surfing habits with anyone. 45 4.49%
Voters: 1003. You may not vote on this poll

Closed Thread
 
Thread Tools
Old 12-05-2008, 00:15   #6346
BadPhormula
cf.addict
 
Join Date: May 2008
Posts: 133
BadPhormula will become famous soon enoughBadPhormula will become famous soon enoughBadPhormula will become famous soon enough
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by Wild Oscar View Post
I posted about this back on page 408, but it got swallowed up in the 'heat of battle' .. I don't know anybody had a chance to have a look ... it might be useful as an anti-phorm measure!

any thoughts folks?
Yes there are several VPN services like 'Relakks' but it comes down to trust. How do you know you can trust Relakks? I've read their site and all the T&C and all the nods to privacy laws, but what guarantees do we have? Where are the testimonials and who vetted them in the first place.

There are some VPN service providers that sound really great and they offer good deals but then they go and spoit it by having just a PO Box office address in some far away country and no contact with a real person that can be held to account.

Sorry I don't want to throw cold ice water on your new discovery, and I hope you get what you think you will get which is a privacy solution for $5 per month. That is the value you have put on your privacy.
BadPhormula is offline  
Advertisement
Old 12-05-2008, 00:15   #6347
Kursk
-.- ..- .-. ... -.-
 
Kursk's Avatar
 
Join Date: Mar 2008
Posts: 2,842
Kursk has disabled reputation
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by Wild Oscar View Post
I posted about this back on page 408, but it got swallowed up in the 'heat of battle' .. I don't know anybody had a chance to have a look ... it might be useful as an anti-phorm measure!

any thoughts folks?
I dunno really Wild Oscar; why should we trust them?

Incidentally, in that 'heated battle' did you notice that the principle of Oblonsky's suggestion was a bit of 80/20 thinking?

Apparently, the 80/20 principle – the fact that 80% of results flow from 20% of causes – is the "one true principle of highly effective people and organisations. The principle shows how you can achieve much more with much less effort, time and resources, simply by concentrating on that all-important 20%.

It is suggested that if we can latch on to the few powerful forces within and around us, we can leverage our efforts to multiply effectiveness. Most of what we do has trivial results. A little of what we do really matters. So if we focus on the latter, we can control events instead of being controlled by them, and achieve several times the results".


Perhaps that is what Oblonsky was getting at?

Quote:
Originally Posted by AlexanderHanff View Post
I have been working on some stuff over the past couple of days which I can't disclose as of yet but hopefully early next week I should have some pretty big news from a publicity standpoint.
Alexander Hanff
Intriguing.
Kursk is offline  
Old 12-05-2008, 00:27   #6348
Wild Oscar
cf.addict
 
Join Date: Sep 2007
Posts: 330
Wild Oscar is on a distinguished roadWild Oscar is on a distinguished road
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by BadPhormula View Post
Sorry I don't want to throw cold ice water on your new discovery, and I hope you get what you think you will get which is a privacy solution for $5 per month. That is the value you have put on your privacy.
Don't worry .. I'm not advocating it's use, just asking for opinions as I'd never heard of these sort of things before!

Obviously getting Virgin to give Phorm the elbow is the only way to go ...
Wild Oscar is offline  
Old 12-05-2008, 00:31   #6349
SpinyNorman
Inactive
 
Join Date: Apr 2008
Posts: 8
SpinyNorman is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

There is Stunnel

http://www.stunnel.org/

Its an SSL wrapper

but to be honest you're better off dropping virgin altogether. Thats what I intend to do
SpinyNorman is offline  
Old 12-05-2008, 00:40   #6350
AlexanderHanff
Permanently Banned
 
Join Date: Mar 2008
Posts: 1,028
AlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful one
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by BadPhormula View Post
Agreed there are problems with TOR.

but... with regard to your later comments.

It sounds like running for the hills the way you describe it. Laws can be broken, 128bit encryption cannot. Phorm is a wake up call and you are fighting to slow them down (and I sincerely wish you the best of luck) but those sneaky parasites will never stop exploiting this open system. Look what Mark Klein uncovered at AT&T if you don't believe they will break the law. What happens when you throw the law in their face and take them to court, they lie, they get away with it on a technicality, then they modify the law. Encryption will STOP them dead, and when they outlaw encryption we will resort to encrypted steganography.

It's not turning our backs on the problem it's finding ways to guarantee the communications have not been intercepted and looked at by unwanted parties. Even if you managed to get privacy laws to stop Phorm I doubt it will stop some devious entity out there from exploiting this open system.
Firstly Tor is not secure, a proven fact that has been reported on several times.

Secondly even if it was secure, it doesn't fix the problem. Sure you can go and use Tor and your surfing will be "safer" and maybe 0.01% of the UK broadband population who are tech savvy enough to know about Tor might be too. But what about the millions of others out there, are we to just forget about them and only look after our own interests? And of course if a significant number of people start using Tor, how long do you think it will be until commercial organisations start setting up Tor exit nodes and harvest everything going through it in pretty much the same way Phorm are doing right now? It simply offsets the problems for a little, and it certainly isn't a wakeup call.

That isn't what I am about, my ISP won't be using Phorm or similar technologies so I have no personal threats to my privacy from Phorm, my involvement in this entire issue is to try and help to protect the 10s of millions who are not so lucky, not so technically minded and not so aware of the issues.

Alexander Hanff
AlexanderHanff is offline  
Old 12-05-2008, 01:05   #6351
icsys
Inactive
 
Join Date: Apr 2008
Services: Virgin - BB,TV,Phone Sky box - with no sub Freeview - idtv
Posts: 270
icsys is just really niceicsys is just really niceicsys is just really niceicsys is just really niceicsys is just really niceicsys is just really nice
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

with reference to post #6267 posted yesterday but now six pages back.
Quote:
Originally Posted by icsys View Post
I've been reading the BT forums for updates on Phormware and came across an interesting discussion.

Now that VM have made it clear that they never signed any contract to use Webwise, if it is established that Phorm deliberately misrepresented the potential value of the company, thereby effectively conning the stock market and share buyers into believing that they had an extremely valuable contract with a huge company, Phorm could be in serious trouble, their shares could be suspended and they could face fines and possible prison sentences for any individual who is proven to have been involved in what is effectively fraud.

It was also suggested that an investigation into this matter is already underway but there is no confirmation of this from any source.
Have you, or anyone else, heard or seen anything about such an investigation?
icsys is offline  
Old 12-05-2008, 01:11   #6352
BadPhormula
cf.addict
 
Join Date: May 2008
Posts: 133
BadPhormula will become famous soon enoughBadPhormula will become famous soon enoughBadPhormula will become famous soon enough
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by AlexanderHanff View Post
Firstly Tor is not secure, a proven fact that has been reported on several times.

Secondly even if it was secure, it doesn't fix the problem. Sure you can go and use Tor and your surfing will be "safer" and maybe 0.01% of the UK broadband population who are tech savvy enough to know about Tor might be too. But what about the millions of others out there, are we to just forget about them and only look after our own interests? And of course if a significant number of people start using Tor, how long do you think it will be until commercial organisations start setting up Tor exit nodes and harvest everything going through it in pretty much the same way Phorm are doing right now? It simply offsets the problems for a little, and it certainly isn't a wakeup call.

That isn't what I am about, my ISP won't be using Phorm or similar technologies so I have no personal threats to my privacy from Phorm, my involvement in this entire issue is to try and help to protect the 10s of millions who are not so lucky, not so technically minded and not so aware of the issues.

Alexander Hanff

You're right there are 10s of millions of potential victims for Phorm(and Phormlikes) and these people may not be able to defend themselves with a raft load of encryption techniques many of us take for granted. But end-to-end encryption is secure and reliable via SSL/TLS and it is very simple to use and built into most browsers. People need to be educated in the value of their privacy and what reliable systems they can use to secure that privacy, because when Phorm is defeated there will be another threat along similar line to Phorm just around the corner. More servers need to adopt HTTPS as standard until such a point there will be nothing left for Phormlikes to read.

So if you like the problem isn't the clients side, it is the server side. Eventually people that run servers will move over to HTTPS because there client/customer/readership will demand it.
BadPhormula is offline  
Old 12-05-2008, 01:58   #6353
AlexanderHanff
Permanently Banned
 
Join Date: Mar 2008
Posts: 1,028
AlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful one
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by BadPhormula View Post
You're right there are 10s of millions of potential victims for Phorm(and Phormlikes) and these people may not be able to defend themselves with a raft load of encryption techniques many of us take for granted. But end-to-end encryption is secure and reliable via SSL/TLS and it is very simple to use and built into most browsers. People need to be educated in the value of their privacy and what reliable systems they can use to secure that privacy, because when Phorm is defeated there will be another threat along similar line to Phorm just around the corner. More servers need to adopt HTTPS as standard until such a point there will be nothing left for Phormlikes to read.

So if you like the problem isn't the clients side, it is the server side. Eventually people that run servers will move over to HTTPS because there client/customer/readership will demand it.
Yes but the problem with Tor is that it isn't end to end encryption. The exit node is open to all sorts of abuse of equal severity to Phorm (including DPI).

I agree HTTPS is the way to go, but perhaps pressuring browser developers to include OpenCA support as an authentic CA would be better than just switching to Tor. Then SSL will be available to everyone for free.

Alexander Hanff
AlexanderHanff is offline  
Old 12-05-2008, 02:03   #6354
Phormic Acid
Inactive
 
Join Date: Mar 2008
Services: Still to decide on Aquiss or Be
Posts: 62
Phormic Acid is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by AlexanderHanff View Post
Tor is not the be all and end all of security. There have already been cases in the US and Germany where exit nodes were forced to give up their logs to the authorities.
No, Tor isn’t much to do with security, in the sense that most people think of the security of a network. By default, Tor doesn’t produce any logs that might be useful to the authorities. If forced to produce such logs, those running the node would probably just shut it.


Quote:
Originally Posted by AlexanderHanff View Post
Tor also causes significant latency on your connection (and I mean significant) so it is not ideal under any circumstances. Furthermore wtf should we have to jump into sneakernets just to ensure our privacy…
I hope you’re not suggesting that Tor is a sneakernet.


Quote:
Originally Posted by Wild Oscar View Post
Quote:
Originally Posted by Wild Oscar View Post
I just stumbled into this via another web-site ... https://www.relakks.com/ ..
I posted about this back on page 408, but it got swallowed up in the 'heat of battle' .. I don't know anybody had a chance to have a look ... it might be useful as an anti-phorm measure!

any thoughts folks?
There’s a thread on BadPhorm called Relakks - A Phorm workaround? Relakks works fine. Note, though, that it’s only PPTP. This is not as secure as L2TP or OpenVPN. L2TP is apparently currently problematic to support. Relakks used to provide L2TP, but gave up on it. OpenVPN is built upon SSL/TLS, which we all know from HTTPS.

There’s an interesting alternative in the form of JonDonym. This was previously called Java Anon Proxy (JAP) and AN.ON. While a VPN may tunnel most things, Tor is more restrictive, being effectively a TCP proxy with further restrictions possible at the exit nodes. JonDonym is even more restrictive, being a HTTP proxy only. However, it tries to combine the best parts of VPNs and networks like Tor. Tor’s weakness is that anyone can set up as one or more nodes. A VPN’s weakness is that all your traffic can easily be monitored from a single point. Your VPN provider may find themselves forced, possibly by court order, to monitor your traffic. All you’ve done is move the ‘Phorm problem’ to a different place. JonDonym’s solution is to have a number of nodes in series, but to allow only identified businesses and institutions to provide those nodes.

As long ago as 2003, the service faced the problem of complying with a court order. There was a press release a little while after – AN.ON still guarantees anonymity. You can read more on the Law enforcement page and there’s a detailed paper entitled Revocable Anonymity that explains the process . The important point is that the German courts have only allowed for the monitoring of specific URLs. General logs that the authorities could trawl through have not been allowed. To make the legal process even harder for those who want to brake the anonymity, you can choose to have your traffic pass through nodes in different countries. Thus, court orders in more than one country would be required.
Phormic Acid is offline  
Old 12-05-2008, 02:19   #6355
AlexanderHanff
Permanently Banned
 
Join Date: Mar 2008
Posts: 1,028
AlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful one
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by Phormic Acid View Post
No, Tor isn’t much to do with security, in the sense that most people think of the security of a network. By default, Tor doesn’t produce any logs that might be useful to the authorities. If forced to produce such logs, those running the node would probably just shut it.
Under European (at least) Data Retention Laws they are required to keep logs for a period of not less than 12 months. So whether Tor logs by default or not is not really issue, it would be very easy to force them to without even needing to change the law. And Tor logs have been seized in the past as I mentioned earlier.

The best way to defeat Phorm is HTTPS but unfortunately this is not cost viable for the majority of websites out there due to processing overhead and CA certificates. OpenCA have been working for some time to be accepted as a valid CA and as I said, if this happened across the majority of mainstream browsers anyone would be able to setup SSL for free without the user's browser throwing up a certificate warning dialogue.

Alexander Hanff
AlexanderHanff is offline  
Old 12-05-2008, 02:57   #6356
Digbert
Inactive
 
Join Date: Apr 2008
Location: Derby
Age: 86
Posts: 40
Digbert will become famous soon enoughDigbert will become famous soon enoughDigbert will become famous soon enough
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

I was just browsing round some online computer retailers (pcworld, ebuyer, scan, etc) adding items to my shopping basket. If I then go to the checkout all the items and prices are listed, it's only when I go to pay that http: changes to https:

Does this mean that Phorm/Webwise will not only be able to see all the items/prices of everything I want to purchase but will also be able to calculate the value and volume of daily sales of such sites, something I'm sure those sort of sites would prefer to keep confidential.
Digbert is offline  
Old 12-05-2008, 03:12   #6357
OldBear
Inactive
 
Join Date: Apr 2008
Posts: 118
OldBear is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Anybody spotted this one on BBC today? Facebook users warned about ads

This is the sort of thing I can imagine Phorm would be right up to their eyes in, if they ever got going.
OldBear is offline  
Old 12-05-2008, 03:14   #6358
Phormic Acid
Inactive
 
Join Date: Mar 2008
Services: Still to decide on Aquiss or Be
Posts: 62
Phormic Acid is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by AlexanderHanff View Post
Under European (at least) Data Retention Laws they are required to keep logs for a period of not less than 12 months.
That’s certainly not the case yet in Germany. There, it won’t come into effect until 2009. Each member state is different. There’s no requirement yet in Sweden, the home of Relakks, either. Also, does this EU directive apply to private individuals, when not engaged in a commercial activity? Even after the start of 2009, would the Chaos Computer Club’s Tor node be required to retain logs for twelve months? Is the directive going to catch every user of Skype with a non-NAT IP address, anonymous P2P client or game server within the EU?
Phormic Acid is offline  
Old 12-05-2008, 03:50   #6359
AlexanderHanff
Permanently Banned
 
Join Date: Mar 2008
Posts: 1,028
AlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful oneAlexanderHanff is the helpful one
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by Phormic Acid View Post
That’s certainly not the case yet in Germany. There, it won’t come into effect until 2009. Each member state is different. There’s no requirement yet in Sweden, the home of Relakks, either. Also, does this EU directive apply to private individuals, when not engaged in a commercial activity? Even after the start of 2009, would the Chaos Computer Club’s Tor node be required to retain logs for twelve months? Is the directive going to catch every user of Skype with a non-NAT IP address, anonymous P2P client or game server within the EU?
Yes I was reading something last week about how these services are regarded as ISP services under the directive. In fact iirc don't even Relakk's state on their website that they are basically seen as an ISP? And the directive is EU wide so all EU countries will have to ratify it. Of course in the UK we are ahead of the game on this issue.

As far as I am aware Skype are already required to retain data and lets not forget the famous ruling by the FCC that Skype have to provide a federal backdoor for any communications which jump from SIPS to PSTN, a backdoor which has existed in Skype for about 3-4 years now if memory serves me correctly.

Alexander Hanff
AlexanderHanff is offline  
Old 12-05-2008, 05:24   #6360
Cumulus
Inactive
 
Join Date: Apr 2008
Posts: 4
Cumulus is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Quote:
Originally Posted by Digbert View Post
I was just browsing round some online computer retailers (pcworld, ebuyer, scan, etc) adding items to my shopping basket. If I then go to the checkout all the items and prices are listed, it's only when I go to pay that http: changes to https:

Does this mean that Phorm/Webwise will not only be able to see all the items/prices of everything I want to purchase but will also be able to calculate the value and volume of daily sales of such sites, something I'm sure those sort of sites would prefer to keep confidential.
All the content of the http pages will be scanned, so in theory the contents of a number of shopping baskets (for example) could be analysed to calculate this information. However, from what we know about the Webwise/OIX system (see Richard Clayton's analysis), the software does not appear to record information at the level of detail to do this consistently and accurately, and as far as I know there is no intention to do this anyway.

This is an important point you raise as most of the discussion about Webwise/OIX so far has centered on the privacy concerns of the internet user rather than the websites and the individuals, companies and other organisations that are running these websites. My feeling is that there is currently a low level of awareness about Webwise/OIX amongst website owners - I certainly have concerns but until we know more details including which pages are going to be scanned, I can't advise clients as to what actions to take. My feeling is that website owners shouldn't have to take any action - it should be opt-in for website owners as well as for web users.

As a example of how Webwise/OIX can affect a company's business consider an ecommerce site as you described. A company is likely to have spent a lot of time and money attracting people to the site through providing good, relevant content, pay-per-click advertising etc. Any prospective customers and the content they view will get picked up by Webwise, and on visiting an OIX partner site, that prospective customer may be delivered an advert for a product related to that content. Retailers will not be pleased that their hard work is effectively being used to deliver adverts for a competitor!

Another area that is likely to be important to website owners concerns protected content. There is no indication that Webwise can accurately determine whether a user is authenticated (there are a large number of ways that a user may be authenticated) so it looks likely that protected content will be scanned in many cases - this information may be commercially sensitive so this is clearly a concern for the website owner.

I could go on but these are some of the issues that website owners will be interested in, and Phorm's proposed opt-out for websites using a file originally designed to tell search engines which pages cannot be indexed (robots.txt) does not adequately address the issues. And this totally ignores any legal issues there may be with the Webwise/OIX system in the first place.
Cumulus is offline  
Closed Thread


Currently Active Users Viewing This Thread: 2 (0 members and 2 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 15:17.


Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.