Lets take a moment to feel sorry for Internet Explorer users, and Non Digital Spy readers
Matt
I agree. Let's face it, DS forum users are a select band of people who are very interested in computers, broadband and TV issues. It's why we joined in the first place. You average Joe Bloggs in the street won't have a clue Phorm and that their internet use is being monitored to a certain extent. I'm sure if more of the general public actually knew about what is going on, lots of them would be deeply unhappy about it.
Please understand, Dephormation is not a solution to Phorm. Its a fig leaf.
It cannot protect applications other than Firefox, and cannot guarantee your privacy wishes are respected.
The more you understand Phorms opt out the more you will come to realise you can NEVER opt out of Phorm, except by opting out of your ISP.
Applications which will be affected include web services, mail clients, remote desktop apps, collaboration tools, Microsoft Office, the list is literally endless. All applications which are using http.
If you block Phorm cookies, you have no opt out cookie, so you opt in by default.
If you can't store Phorm cookies, you have no opt out cookie, you opt in by default.
Phorm's cookie expires after 2 year; thereafter you opt in by default.
Phorm claim to have an unpublished white list of application 'agents' which they don't target. Show me the list.
Phorm claim to have a black list of webmail sites which they don't target. Show me the list.
Phorm categorise you, but have not published the categories your identity will be associated with. Show me the list.
Phorm do not publish the specification for their cookies. Show me the specification.
Dephormation is the best protection you have, but it is not the solution.
People fought and died to give you the freedoms and rights you have. You have the right to privacy. Protect your rights or lose them.
Opt in is the solution, or opting out of your ISP.
The current implementation sets a 2 year cookie as mentioned based on the hostname of the user, it's currently got 'checks' for the 3 ISP's and a 'TEST BLOCK' which checks for a domain 'thelathe.com' any users from this domain are assigned a 'Test User' cookie
all others are identified as BT, Virgin and TalkTalk (the good news for some VM users is that there is currently NO check for NTL or Blueyonder hosts but I imagine that would change. As mentioned by Pete aka Dephormation the current code opts you IN
<p>
<a href="#" onclick="return setBTWebwiseStatus(true);">
Switch BT Webwise ON
</a>
|
<a href="#" onclick="return setBTWebwiseStatus(false);">
Keep BT Webwise OFF for Now
</a>
</p>
This domain is registered (from 2003) to 'The Lathe Inc' via 'Go Daddy' this appears to tie in with the other 'Phorm' domains as far although this one has not been registered via a 'proxy'
The more I look at this the more it seems to 'smell fishy' however in fairness to Phorm they have gone to a great length to speak about the service the constant refrences to 'phising protection' and 'fraud protection' are complete red herrings.
When you switch on INSERT YOUR ISP HERE Webwise, your additional fraud protection will begin. Also, the ads you see on regular websites will begin to have additional relevance to the topics you are interested in.
KE: It's important to understand the distinction between actually recording stuff and concluding stuff. All of our systems sit inside BT's network.
So why is the OPT in and OPT out system pointing to the webwise domain (which is not maintained or controlled by BT)
So then Phorm APPEAR to have systems located in VM and TalkTalk to ala 'The Profiler' wil the optout for these ISP's also use the webwise domain which from what I can gather is currently using PHORM nameservers, a traceroute on this points to the US first then back to the UK (seemingly Fasthosts)
Also something else that occured to me was the idea that as URL's from major search engines are collected could this not prove 'legal for Phorm as it could be argued they are 'trading' off the goodwill of an established 'brand'
I delete my cookies regularly, and I want to keep Webwise switched off. How do I do that?
If you regularly delete your cookies and want to ensure that Webwise is permanently switched off, simply add "www.webwise.net" to the Blocked Cookies settings in your browser.
[Although, of course, even when "opted out", data is still "mirrored to the profiler"]
I have done the download....What should I see in cookies? I keep getting two....
a.webwise.net and webwise.net.
I thought Virgin had not implemented it yet.....or are these from the download?
Thanks.
I added the block in the browser. That seems to have worked......
Still concerned that VM may have already started.....
Anyone have the email address to forward complaints to please...
Still concerned that VM may have already started.....
From the virginmedia website:
"We are currently at the early stages of working to deliver the Webwise solution and will be writing to you nearer the time to advise when the solution will be ‘switched on’ providing more detail of what this will mean to you."
From the FAQs, "Customers won’t be forced to use the system, and will have the choice to keep their internet experience exactly as it is now. As we get closer to launch we’ll explain how this will work."
Maybe someone out there could answer this question for me...
I use OpenDNS so will phorm impact upon me the same as everyone else?
From my understanding looking at the following documents it appears the request made by the browser to visit a site is intercepted, docs here:
Well it looks like VM have started installing Webwise without telling anyone or giving anyone a choice.......Check your cookies......
If you have the dephormation extension installed, you will see a cookie that looks like it is from Webwise when in fact it is the one automatically created each time that you launch Firefox.
I think that you might also pick up a cookie if you visit the Webwise site via one of the many links that have been posted (but I am not 100% sure).
If you have the dephormation extension installed, you will see a cookie that looks like it is from Webwise when in fact it is the one automatically created each time that you launch Firefox.
I think that you might also pick up a cookie if you visit the Webwise site via one of the many links that have been posted (but I am not 100% sure).
Ok. I have blocked both the cookies. Does this mean that Dephormation will not work......??
Ok. I have blocked both the cookies. Does this mean that Dephormation will not work......??
I don't think that you need to block anything - dephormation will either create its own cookie or will overwrite anything that Phorm/Webwise might throw at you, regardless as to whether VM have implemented anything yet (which I doubt)
I use OpenDNS so will phorm impact upon me the same as everyone else?
From my understanding looking at the following documents it appears the request made by the browser to visit a site is intercepted.
Using OpenDNS makes no difference. Phorm works by intercepting the HTTP request, not the DNS query. The DNS query just provides the IP address so that the HTTP request can be made.
Even if it did work by intercepting the DNS query, the query is still going through the Virgin network. (OpenDNS's servers are not owned by Virgin, but every query you make to them takes place over the Virgin network for the first couple of hops, so they could still intercept the information if they wanted to.)
The HTTP request will always go through Virgin's network, along with all the rest of your Internet traffic on any protocol. There's nothing you can do about it, apart from switching to a different ISP.
At least all the commotion now is gaining momentum, Phorms share price has dropped 20% today and it also appears that certain 'investors' are starting to reduce their stock hodings in the company.
If cookies are blocked, then the assumption by Phorm is that you are opted-in.
But then a major part of their data is missing, the unique ID (UID) that is stored in their cookie, this means that their data cannot be tied back to your browser
I've downloaded the anti-phorm add-on that was given by the OP. I've since downloaded a few different add-ons to firefox (mainly adblock). This won't affect the anti-phorm add-on that i originally downloaded will it?
Comments
I agree. Let's face it, DS forum users are a select band of people who are very interested in computers, broadband and TV issues. It's why we joined in the first place. You average Joe Bloggs in the street won't have a clue Phorm and that their internet use is being monitored to a certain extent. I'm sure if more of the general public actually knew about what is going on, lots of them would be deeply unhappy about it.
I'm Pete. I wrote Dephormation. (see www.dephormation.org.uk)
Please understand, Dephormation is not a solution to Phorm. Its a fig leaf.
It cannot protect applications other than Firefox, and cannot guarantee your privacy wishes are respected.
The more you understand Phorms opt out the more you will come to realise you can NEVER opt out of Phorm, except by opting out of your ISP.
Applications which will be affected include web services, mail clients, remote desktop apps, collaboration tools, Microsoft Office, the list is literally endless. All applications which are using http.
If you block Phorm cookies, you have no opt out cookie, so you opt in by default.
If you can't store Phorm cookies, you have no opt out cookie, you opt in by default.
Phorm's cookie expires after 2 year; thereafter you opt in by default.
Phorm claim to have an unpublished white list of application 'agents' which they don't target. Show me the list.
Phorm claim to have a black list of webmail sites which they don't target. Show me the list.
Phorm categorise you, but have not published the categories your identity will be associated with. Show me the list.
Phorm do not publish the specification for their cookies. Show me the specification.
Dephormation is the best protection you have, but it is not the solution.
People fought and died to give you the freedoms and rights you have. You have the right to privacy. Protect your rights or lose them.
Opt in is the solution, or opting out of your ISP.
Pete.
This, my friends, has got to be their downfall.
Calling all Legal Eagles....
The current javascript code can be found at BT (clicking this link will NOT switch on Phorm etc it will simply show as text in your browser)
http://webwise.bt.com/includes/consumer/consumerProducts/js/webwise/webwise.js
The current implementation sets a 2 year cookie as mentioned based on the hostname of the user, it's currently got 'checks' for the 3 ISP's and a 'TEST BLOCK' which checks for a domain 'thelathe.com' any users from this domain are assigned a 'Test User' cookie
all others are identified as BT, Virgin and TalkTalk (the good news for some VM users is that there is currently NO check for NTL or Blueyonder hosts but I imagine that would change. As mentioned by Pete aka Dephormation the current code opts you IN
Note the URL in the function above is not on SSL
This domain is registered (from 2003) to 'The Lathe Inc' via 'Go Daddy' this appears to tie in with the other 'Phorm' domains as far although this one has not been registered via a 'proxy'
The company here are registered in New York the CEO is a chap named Seth Perlman whom it appears MAY be a senior partner in a NY Law firm Perlman & Perlman the 'business' is definately though registered to a 'virtual' office 73 Spring Street, Suite 407
The more I look at this the more it seems to 'smell fishy' however in fairness to Phorm they have gone to a great length to speak about the service the constant refrences to 'phising protection' and 'fraud protection' are complete red herrings.
It has just occured to me we have a glimpse of an 'untruth' now the interview that Kent Ertegrul (CEO of Phorm) gave to the register (read the full interview at http://www.theregister.co.uk/2008/03/07/phorm_interview_burgess_ertegrul/) states:
So why is the OPT in and OPT out system pointing to the webwise domain (which is not maintained or controlled by BT)
So then Phorm APPEAR to have systems located in VM and TalkTalk to ala 'The Profiler' wil the optout for these ISP's also use the webwise domain which from what I can gather is currently using PHORM nameservers, a traceroute on this points to the US first then back to the UK (seemingly Fasthosts)
Also something else that occured to me was the idea that as URL's from major search engines are collected could this not prove 'legal for Phorm as it could be argued they are 'trading' off the goodwill of an established 'brand'
I thought that they had specifically said that blocking their cookies = permanent opt-out.
[Although, of course, even when "opted out", data is still "mirrored to the profiler"]
a.webwise.net and webwise.net.
I thought Virgin had not implemented it yet.....or are these from the download?
Thanks.
I added the block in the browser. That seems to have worked......
Still concerned that VM may have already started.....
Anyone have the email address to forward complaints to please...
From the virginmedia website:
"We are currently at the early stages of working to deliver the Webwise solution and will be writing to you nearer the time to advise when the solution will be ‘switched on’ providing more detail of what this will mean to you."
From the FAQs, "Customers won’t be forced to use the system, and will have the choice to keep their internet experience exactly as it is now. As we get closer to launch we’ll explain how this will work."
Maybe someone out there could answer this question for me...
I use OpenDNS so will phorm impact upon me the same as everyone else?
From my understanding looking at the following documents it appears the request made by the browser to visit a site is intercepted, docs here:
http://www.theregister.co.uk/2008/02/29/phorm_documents/
From my understanding, as I use OpenDNS, when my browser requests to visit a site it makes that request to the OpenDNS servers and not Virgins?
I'm half asleep though so I could have misread things and misunderstood. Would phorm be able to intercept the request from my browser to OpenDNS?
NOT happy
An aptly named soundbite titled Privacy Laws.
I thought it best to give as many customers as possible a hint about Phorm
Anyone else care to have their say?
http://boards.virginmedia.com/siren/celebrity/haveyoursay/privacylaws.html
I think that you might also pick up a cookie if you visit the Webwise site via one of the many links that have been posted (but I am not 100% sure).
Ok. I have blocked both the cookies. Does this mean that Dephormation will not work......??
Using OpenDNS makes no difference. Phorm works by intercepting the HTTP request, not the DNS query. The DNS query just provides the IP address so that the HTTP request can be made.
Even if it did work by intercepting the DNS query, the query is still going through the Virgin network. (OpenDNS's servers are not owned by Virgin, but every query you make to them takes place over the Virgin network for the first couple of hops, so they could still intercept the information if they wanted to.)
The HTTP request will always go through Virgin's network, along with all the rest of your Internet traffic on any protocol. There's nothing you can do about it, apart from switching to a different ISP.
Started on the 8th and been active ever since Suprised you missed it.
Take a look at this post for some links
http://www.digitalspy.co.uk/forums/showpost.php?p=22155723&postcount=2
But then a major part of their data is missing, the unique ID (UID) that is stored in their cookie, this means that their data cannot be tied back to your browser
Thanks Pete, keep up the good work.
I've downloaded the anti-phorm add-on that was given by the OP. I've since downloaded a few different add-ons to firefox (mainly adblock). This won't affect the anti-phorm add-on that i originally downloaded will it?