Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Phorm Discussion :: Security |
|
<< Previous thread | Next thread >> |
| Server Operators also need to act! | ||
| Go to page >> | |
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy, revrob
|
| Author | Post | ||
| kitschcamp |
| ||
 Registered Member #220 Joined: Wed Mar 19 2008, 07:32AMPosts: 8 | As a server operator, I'm worried about Phorm monitoring my data without *my* permission. After all, it's not just end users but website owners that are monitored, even though we're not the customer of BT, TalkTalk or Virgin Media! Heck, I'm not even based in the UK, and neither are my servers.... I've set my .htaccess file with the following to add a header to every web page and graphic served to explicitly say I don't consent to Phorm monitoring traffic from my server. We need to get every webmaster to do the same! If it's in everything served from the server, we're explicitly saying we don't give consent, it'll be difficult to claim they don't. Add the following to .htaccess: Header add Phorm "Phorm Inc, All Subsidiary Companies of Phorm Inc, OIX Network, Internet Service Providers using the technologies provided by the former mentioned companies; We specifically deny permission for the former mentioned companies to intercept any communication between a remote user accessing content on our Server and that person's Internet Web Browser, or any other Interface that such a remote user may use to obtain our data." Header add Phorm-Consent "No" This generates a response like the one in the link below to any application requesting anything from the server: http://web-sniffer.net/?url=http%3A%2F%2Falledal.nu&submit=Submit&http=1.1&type=GET&uak=0 Stephen M Baines [ Edited Wed Mar 19 2008, 07:50AM ] | ||
| Back to top | | ||
| tiddlr |
| ||
 Registered Member #36 Joined: Wed Feb 27 2008, 01:35PMPosts: 35 | Do we need to do this? If we do this, doesn't it enforce their argument that, by default, they do have permission to monitor traffic? Which, they don't have permission to do - by default. | ||
| Back to top | | ||
| phormweezil |
| ||
  Registered Member #147 Joined: Mon Mar 10 2008, 11:13AMPosts: 61 | NebuAd is another one you might want to add | ||
| Back to top | | ||
| Quiscustodiet |
| ||
| Registered Member #140 Joined: Sun Mar 09 2008, 02:06AMPosts: 70 | tiddlr wrote ... If we do this, doesn't it enforce their argument that, by default, they do have permission to monitor traffic? The use of copyright notices doesn't seem to have weakened coyright law in any way. An appropriate notice on servers and web pages would serve to make the situation clearer and would also bring the problem of profiling to the attention of more people. If you like, it 'asserts the right' to refuse profiling | ||
| Back to top | | ||
| Mel |
| ||
 Registered Member #137 Joined: Sat Mar 08 2008, 06:00PMPosts: 322 | Would a copyright notice "hidden" in the header be legally binding, wouldn't it be best to include it on the site somewhere as well. What about server side poisoning.. Check if the IP address is from an ISP that does Phorming, and if it is add to each webpage a carefully selected group of 10 keywords* in random order that have absolutely no relation to the subject matter and are least likely to reflect an interest of the reader, repeated many times, all hidden of course so the end-user doesn't see them. When Phorm analyses the page it will pick out the 10 most common words and the URL to decide the advert categories that best match. *something like "hemorrhoid cream, piles constipation, nappy rash, double glazing... [ Edited Wed Mar 19 2008, 05:08PM ] | ||
| Back to top | | ||
| kitschcamp |
| ||
| Registered Member #220 Joined: Wed Mar 19 2008, 07:32AMPosts: 8 | I already have terms and conditions on most sites I operate, but this makes sure everything is properly set. I take the view that reinforcement of my choice - especially in light of the Information Commissions naff and woolly answer - is better than saying "but of course I don't agree" and complaining afterwards. I think we should make it clear right now that we don't agree to profiling our websites. To me, as mentioned elsewhere above, it's like reinforcing the copyright notice that actually doesn't have to be on anything. | ||
| Back to top | | ||
| tiddlr |
| ||
| Registered Member #36 Joined: Wed Feb 27 2008, 01:35PMPosts: 35 | Quiscustodiet wrote ... ... The use of copyright notices doesn't seem to have weakened coyright law in any way. ... Good point. | ||
| Back to top | | ||
| nym |
| ||
| Registered Member #225 Joined: Wed Mar 19 2008, 08:43PMPosts: 10 | OK, my previous comment was removed. Let's try again. SSL. Install a certificate. Redirect all the HTTP to HTTPS. This encrypts traffic in both directions. Phorm cannot then read your user's traffic to the website or your website content. If you are serious about your user's privacy or the security of your website content, you should already be doing this. | ||
| Back to top | | ||
| felixcatuk |
| ||
felixcatuk   Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 2626 | Problem for Phorm would be this; without the explicit consent of each and every web site they are intercepting communication illegally. Even if (big if) you assume that consent is implied, if in one single case it explicitly isn't implied by the terms of the web page, by the time they read that message on their profiling systems they've ALREADY broken the law by intercepting a communication without explicit consent :o) If every form of wording is different/unique/non-standard (long may it be so) then their problem is they won't be able to switch their silly profiling machines on without risking breaking the law. [ Edited Wed Mar 19 2008, 10:40PM ] | ||
| Back to top | | ||
| Mel |
| ||
| Registered Member #137 Joined: Sat Mar 08 2008, 06:00PMPosts: 322 | So, if your server is located in another country, would the interception also be subject to the legislation (and if illegal prosecutable) in that country as well as in the UK, or as the interception actually occurs in the UK, would it only be subject to UK laws. | ||
| Back to top | | ||
| Go to page >> | |
Powered by e107 Forum System