Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Phorm Discussion :: Tech Talk |
|
<< Previous thread | Next thread >> |
| The cookie | ||
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy
|
| Author | Post | ||
| mrjolly |
| ||
 Registered Member #25 Joined: Tue Feb 26 2008, 12:22PMPosts: 7 | Just had a random thought! If anyone gets a cookie from Phorm/OIX/Webwise or whatever they're calling it, make a copy of it then delete it from your browser to get another copy. Compare the new & old ones and if the new cookie is identical then they must be somehow identifying the individual IP/PC or something. If it is just a random number, perhaps we should all share the same cookie and never click any ads, that'll be a nice profile for them! | ||
| Back to top | | ||
| Sammy |
| ||
   Registered Member #143 Joined: Sun Mar 09 2008, 08:36PMPosts: 167 | Good point with the cookie. Protect your Privacy; Stop Phorm Petition Government to Stop Phorm | Stop Phorm on Bebo | ||
| Back to top | | ||
| felixcatuk |
| ||
 Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 209 | Non tech people; ignore the gibberish below. Opt out of your ISP if they do Phorming, its the only real choice you should make. ==================================== Tech people; Without a published spec for the cookie settings, particularly the somewhat encrypted looking UID, you can't be sure what's going on. For example, Lets say first time you're assigned a UID comprising a unique number 123123123, add your IP address, and extra version number 1. Encrypt that string and you get ASdT23#4WA4%#VCA. Great. End user cant' decode it, but deletes it anyway to end the profile trail. Hurrah! Next page request you get assigned a new UID. comprising same unique number 123123123, your IP address, and an extra version number 2. Encrypt that UID and you get PGaWERJSDfa. Looks completely different, you think hey cool I've tricked them into assigning a new id, but actually its the same UID number. That's the reason Dephormation actively corrupts the UID (to obliterate any value they set encrypted or otherwise). Now understand; I don't think they are doing that, and I don't know whether they could, but unless the cookie is a) unencrypted and b) the specification public ... it doesn't matter to me. Because if this software isn't COMPLETELY AND UTTERLY TRANSPARENT and obvious to me, I am not touching it with your bargepole given the insight I have at this stage (and now firmly believe no one should). Actually, to tell the truth, I won't touch Virgin or BT with your bargepole after this debacle. There is some indication they are changing the cookie setting behaviour anyway, so watch this space. Changing the cookie behaviour for me is shifting the deck chairs on the Titanic. "CQD Titanic 41.44 N 50.24 W" "CQD CQD SOS Titanic Position 41.44 N 50.24 W. Require immediate assistance. Come at once. We struck an iceberg. Sinking". "Come at once. We have struck a berg. It's a CQD, old man. Position 41.46 N 50.14 W" ... "SOS Titanic sinking by the head. We are about all down. Sinking. . ." [ Edited Sun Mar 16 2008, 12:55AM ] ISP customers; you don't need Phorm, pure and simple. Don't be a passive recipient of Phorm cookies. Until Phorm can be stopped, use the Dephormation Firefox Add On. http://www.dephormation.org.uk Note the user called PhormUKPRTeam/PhormUKTechTeam works for a PR consultancy called Citigate Drew Rogerson. RIPA: ISPs HAVE NO CONSENT FOR INTERCEPTION OF THIS TRANSMISSION ;o) | ||
| Back to top | | ||
| serial |
| ||
| Registered Member #100 Joined: Wed Mar 05 2008, 06:22PMPosts: 133 | Also if an ad website, i.e. guardian.co.uk is able to read the cookie and send you ads, at the same time they can read your IP. So they can keep their own database if they like of IP and interests. The idea that your IP has nothing to do with it is like saying people sending me junk mail don't know my home address. | ||
| Back to top | | ||
| MarkH |
| ||
 Registered Member #183 Joined: Fri Mar 14 2008, 11:31AMPosts: 13 | serial wrote ... Also if an ad website, i.e. guardian.co.uk is able to read the cookie and send you ads, at the same time they can read your IP. So they can keep their own database if they like of IP and interests. The idea that your IP has nothing to do with it is like saying people sending me junk mail don't know my home address. But they don't, only the machine that generates the pho... erm, form letters knows it, and then it is ignored afterwards unless you opt in properly. ;) I think the biggest problem is, they think that their users are as stupid as the companies are greedy, and the vocal minority protesting about it can be ignored as far as they are concerned. | ||
| Back to top | | ||
| felixcatuk |
| ||
| Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 209 | Incidentally, if you see the cookie handling technique become less transparent not more transparent, that should ring very loud alarms bells and sirens in your head. If it becomes even more obscure, less transparent, I would characterise it as a technical arms race. And it means they are trying to make it more and more difficult for me to sustain what little ability anyone has to opt out through Dephormation. And you (currently) barely have the ability to opt out in any meaningful way at all. Phorm has to be stopped. [ Edited Sun Mar 16 2008, 07:33AM ] ISP customers; you don't need Phorm, pure and simple. Don't be a passive recipient of Phorm cookies. Until Phorm can be stopped, use the Dephormation Firefox Add On. http://www.dephormation.org.uk Note the user called PhormUKPRTeam/PhormUKTechTeam works for a PR consultancy called Citigate Drew Rogerson. RIPA: ISPs HAVE NO CONSENT FOR INTERCEPTION OF THIS TRANSMISSION ;o) | ||
| Back to top | | ||
| Midnight_Voice |
| ||
| Registered Member #180 Joined: Thu Mar 13 2008, 08:51PMPosts: 17 | Up until now, I have been under the impression that your summarised browsing information, your 'channel counts', are stored in the Phorm cookie, and this is how your interests are discovered by OIX, when you submit this cookie on encountering one of their sites. But a contrasting view is that there are separate Phorm servers, outside your ISP, where this channel info is stored. And then when you visit an OIX site, all that your cookie contains is your UUID, which the OIX site uses to look up your channel info on the Phorm server. This is perhaps borne out by the following, from page 9 of the Ernst & Young report at: E&Y Phorm Privacy report I have extracted - with no small difficulty, as they don't seem to want you to do that - the following very worrying paragraph: "If you use your computer and usual browser in a country other than your home country to log on to the Internet via one of our partner ISPs in that other country, the data that Phorm holds in its system that is associated with that cookie may be automatically transferred to Phorm's systems in that other country." Which implies not just separate Phorm servers, but also that their cookie may not be quite as random as they claim; or else how would they know in which other country to look? [ Edited Tue Mar 18 2008, 03:26PM ] Big Brother: a programme people watch, or a program watching people? | ||
| Back to top | | ||
| felixcatuk |
| ||
| Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 209 | I'd never considered that. I suspect (without evidence or specifications from Phorm) the reason for encryption/encoding the UID is the use of a compound value such as Country Code + UID + ISP... if you move to a different country, or different ISP they can tie the numbers up. They couldn't do that if the numbers were truly completely random. Phorm absolutely has to be stopped. ISP customers; you don't need Phorm, pure and simple. Don't be a passive recipient of Phorm cookies. Until Phorm can be stopped, use the Dephormation Firefox Add On. http://www.dephormation.org.uk Note the user called PhormUKPRTeam/PhormUKTechTeam works for a PR consultancy called Citigate Drew Rogerson. RIPA: ISPs HAVE NO CONSENT FOR INTERCEPTION OF THIS TRANSMISSION ;o) | ||
| Back to top | | ||
| mrjolly |
| ||
| Registered Member #25 Joined: Tue Feb 26 2008, 12:22PMPosts: 7 | The way I read that statement is that if you have a laptop or take your computer away and use it on a different ISP that also uses Phorm then your information will be spied on there too. Which I find interesting as according to Phorm themselves, they state that: ...IP addresses are not passed in any form, even obfuscated, to Phorm. All that is passed is a limited digest of page data from each navigation. This data is never stored on disk and is immediately deleted from memory as soon as a product category match has been made. Yet, in that paragraph above they state: "the data that Phorm holds in its system that is associated with that cookie may be automatically transferred to Phorm's systems in that other country." So they only store the data in memory and then delete it, but they also don't delete it and will transfer your data to other countries. Haven't they also said before that your details which they intercept never leave your own ISP? | ||
| Back to top | | ||
| EtherDreams |
| ||
| Registered Member #185 Joined: Fri Mar 14 2008, 09:27PMPosts: 17 | Supposedly, the system will capture your HTTP request/response, distill it down into a somewhat sanitized form called a data digest, compare the contents of that data digest against "product category" or "advertising channel" targeting rules, and keep track of the matches. Supposedly, the HTTP request/response and data digest are NOT written to disk whereas the match information IS written to disk. So you have to read and listen very carefully and make sure you know what data they are talking about and what data they aren't talking about. This bit about the Phorm held data associated with your cookie stored ID... which would seem to refer to or at least include match information... being accessible from other Phorm partnered ISPs is somewhat disconcerting. | ||
| Back to top | | ||
Powered by e107 Forum System