Slight invasion of privacy - Phorm

Talk about anything you like here, as long as it's non-technical and within the rules. No support questions here please! Posts here do not count towards your total
Post Reply
User avatar
Neo
RouterTech Team
RouterTech Team
Posts: 3586
Joined: Thu Jan 26, 2006 1:09 pm
Contact:

Slight invasion of privacy - Phorm

Post by Neo » Thu Feb 28, 2008 2:33 pm

Article: http://www.iht.com/articles/2008/02/15/ ... s/AD18.php

Users of BT, Carphone Warehouse and Vigin Media might want to read this:
Internation Herald Tribune wrote:Now three Internet providers in Britain have gotten together to try to grab a plump piece of online advertising for themselves. Last week, BT, Carphone Warehouse and Virgin Media announced a deal with a company called Phorm, whose technology tracks Web users and serves them ads related to their interests.

...

At a time when many people are worried about privacy, the Internet service providers' agreement to share records of users' Web habits might set new alarm bells ringing.

Phorm said it would guarantee anonymity by tracking individual users with an assigned number only, and by regularly clearing the data. Phorm said its privacy procedures had been examined and approved by the accounting firm Ernst & Young.
Edit: Another link - http://www.badphorm.co.uk
RouterTech Team and Founding Member
Image
RouterTech Merchandise (UK)
No support via PM, please ask your questions on the forum!
User avatar
Shotokan101
RouterTech Team
RouterTech Team
Posts: 4779
Joined: Thu Jan 26, 2006 3:17 pm
Location: Glasgow, Scotland

Post by Shotokan101 » Thu Feb 28, 2008 3:15 pm

Sounds too much like clandestine surveillance to me...... :(
Jim

.....I'm Sorry But I Can't Do That Dave.....
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Post by mstombs » Thu Feb 28, 2008 3:22 pm

Another link for balance!

http://www.torproject.org/

Something is very fishy about all this, it would take a massive distributed system to sniff all the web traffic from all of an ISP - Virgin have given up with web proxies because they couldn't keep up. BUT it could be implemented by everyone getting spyware in their browsers, using your CPU power and your bandwidth allocation to send back usage data.

By the way Google already does this if you use gmail and their toolbar and didn't tick the correct box to opt out!

http://www.google.com/history/

Edit: Active forum thread where all the latest news on this seem to get linked

http://www.cableforum.co.uk/board/12/33 ... dated.html

El Reg has published some details of how the system is proposed to work - based on an interceptor using your computer to store cookies, they'll also use the cookie for your opt-in/opt out!...

http://www.theregister.co.uk/2008/02/29/phorm_roundup/

There's also a Prime Ministers petition to complain about the privacy issue:-

http://petitions.pm.gov.uk/ispphorm/
User avatar
Kieran
RouterTech Team
RouterTech Team
Posts: 2675
Joined: Fri Jan 20, 2006 11:30 am
Location: London
Contact:

Post by Kieran » Sat Mar 22, 2008 1:43 am

I intend to deal with this by:

a) Not using an ISP which uses Phorm
b) Encouraging all those I know responsible for configuring routes in data centres and the like to drop packets destined to and originating from Phorm
c) Move as many sites I run as possible to run completely on HTTPS (traffic which I note never reaches Phorm) in order to protect those who have to use ISPs which use Phorm.
Kieran
"Indeed!"
Invaluable links: Forum Rules | Networking Guides | FAQ | Site Search | Forum Search <-- Use it or feel my wrath!
No support via PM, please ask your questions in the forum!
User avatar
Steve
Ex RouterTech Team
Ex RouterTech Team
Posts: 980
Joined: Fri Jan 27, 2006 2:34 am

Post by Steve » Sat Mar 22, 2008 3:50 am

Kieran wrote:I intend to deal with this by:

....
b) Encouraging all those I know responsible for configuring routes in data centres and the like to drop packets destined to and originating from Phorm
Can anything be done with the RT firmware to enable this? Blacklisting thier server IP's etc?
He ached all over. It wasn't just that his brain was writing cheques that his body couldn't cash. It had gone beyond that. Now his feet were borrowing money that his legs hadn't got, and his back muscles were looking for loose change under the sofa cushions.
- Terry Pratchett

www.bliss.org.uk
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Post by thechief » Sat Mar 22, 2008 8:03 am

Steve wrote:Can anything be done with the RT firmware to enable this? Blacklisting thier server IP's etc?
Tinyproxy?
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
lukegb
Novice
Novice
Posts: 16
Joined: Thu Jul 05, 2007 7:23 pm

Post by lukegb » Sat Mar 29, 2008 6:22 pm

Of course, knowing BT, you're going to have to provides lots of personal details, navigate through their highly unintuitive website and click on a tiny link which says "Opt Out of Tracking" hidden behind a white box due to incorrect usage of HTML and CSS (I use Firefox 4 Beta, which enforces standards VERY strictly).

--- WARNING: TECHNICAL DATA BELOW (reading the name of the forum)---


However, I may just set the cookie to an incredibly long value to see if I can disrupt the system somewhat and if they don't actually bother checking to escape it, maybe

Code: Select all

"; DELETE * FROM *; --
for the sake of SQL injection and privacy. "If you weren't intercepting my traffic - nothing would have happened!"

Also, since it uses a sneaky URL redirect tactic, you could change /etc/hosts (on Windows c:\windows\drivers\etc\hosts) and add the entry

Code: Select all

dns.sysip.net 217.32.165.148
- pushing all the spyware DNS traffic to BT's main webserver, forcing it to turn down the connection.

You could also block the oix.net cookie that is given to your computer (which will OF COURSE work) which supposedly contains anonymous random data to identify you...
Hardware:
[s]Router[/s] Wi-fi AP is an ADDON GWAR3000 running PSPBoot and the v2.3 firmware.
Wi-fi REPEATER is a Linksys WRE54G Wireless-G Range Expander (v.3)
Router is a BT Home Hub (1st v. hardware with 6.2.6.E BT FON firmware)
PC is a Shuttle PC running Vista, Mac, XP and OpenSUSE 10.2.
User avatar
Neo
RouterTech Team
RouterTech Team
Posts: 3586
Joined: Thu Jan 26, 2006 1:09 pm
Contact:

Post by Neo » Sat Apr 05, 2008 12:48 am

Seems this issue is getting more an more media coverage, especially since BT have admitted they trialled Phorm on more than 30,000 customers in 2006 and 2007:

http://news.bbc.co.uk/1/hi/technology/7325451.stm
BBC Interview
Channel 4 interview

What I don't understand is if the trial was completely anonymous then how would it be of any use? :loopy: They couldn't deliver the targeted advertising to the right people and they could determine if the unwitting guinea pigs were experiencing problems because of the trial...

It does seem to be a breech of the RIPA so maybe companies will think twice before rolling out Phorm?
RouterTech Team and Founding Member
Image
RouterTech Merchandise (UK)
No support via PM, please ask your questions on the forum!
Post Reply