Comments on: The Phorm “Webwise” System http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/ Security Research, Computer Laboratory, University of Cambridge Thu, 18 Mar 2010 06:07:38 +0000 http://wordpress.org/?v=2.7.1 hourly 1 By: Lee http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29903 Lee Fri, 17 Oct 2008 00:00:01 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29903 @88 From what ive read the ISP companies will be required to amend thier terms and conditions to implement Phorm, with a change of terms and conditions you have the right to 'not agree' to them to which I doubt they would have any legal standing in terms of remaining contract lengths as they have pro activly changed thier service to you. @88

From what ive read the ISP companies will be required to amend thier terms and conditions to implement Phorm, with a change of terms and conditions you have the right to ‘not agree’ to them to which I doubt they would have any legal standing in terms of remaining contract lengths as they have pro activly changed thier service to you.

]]> By: frank bailey http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29793 frank bailey Fri, 05 Sep 2008 13:31:33 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29793 thanks much for your diligence and hard work. The worse thing about this PHORM, as in all these cases, is IT IS THE THIN EDGE OF THE WEDGE. Once this is deployed and assimilated -and forgotten about by the main stream media- it will then be no problem for these details to be sold to WHOEVER THEY LIKE. thanks much for your diligence and hard work.

The worse thing about this PHORM, as in all these cases, is IT IS THE THIN EDGE OF THE WEDGE.

Once this is deployed and assimilated -and forgotten about by the main stream media- it will then be no problem for these details to be sold to WHOEVER THEY LIKE.

]]> By: David s http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29671 David s Wed, 30 Jul 2008 11:44:41 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29671 Thank you for your efforts regarding this matter. I find BT's behavior very offensive and i regard any snooping as illegal and it amounts to wiretapping/eavesdropping. How on earth the authorities have not gotten involved yet is beyond me but then again they cant even keep track of their own records as has been proven time and time again in this last year alone. We will have have to vote and move with our feet/wallets when this goes live. I would like to know if i can get out of my contract based on not wanting to take part even though i have still got 6 months or so left. Thank you for your efforts regarding this matter. I find BT’s behavior very offensive and i regard any snooping as illegal and it amounts to wiretapping/eavesdropping.

How on earth the authorities have not gotten involved yet is beyond me but then again they cant even keep track of their own records as has been proven time and time again in this last year alone.

We will have have to vote and move with our feet/wallets when this goes live. I would like to know if i can get out of my contract based on not wanting to take part even though i have still got 6 months or so left.

]]> By: OldBear http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29403 OldBear Wed, 25 Jun 2008 21:22:40 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29403 Richard, re. your Update (2008-04-06) where you notice that, "Phorm have now quoted sections of this article on their own blog: http://blog.phorm.com/?p=12. Perhaps not surprisingly, they’ve quoted the paragraph that was favourable to their cause, and failed to mention all the paragraphs that followed that were sharply critical." Just noticed that they are still using the same single paragraph from your report to justify their system. Spotted this in a reply to an interview ISPReview had with Alex Hanff. http://www.ispreview.co.uk/articles/08phorm/03.shtml Richard, re. your Update (2008-04-06) where you notice that, “Phorm have now quoted sections of this article on their own blog: http://blog.phorm.com/?p=12. Perhaps not surprisingly, they’ve quoted the paragraph that was favourable to their cause, and failed to mention all the paragraphs that followed that were sharply critical.”

Just noticed that they are still using the same single paragraph from your report to justify their system. Spotted this in a reply to an interview ISPReview had with Alex Hanff.

http://www.ispreview.co.uk/articles/08phorm/03.shtml

]]> By: Richard Clayton http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29359 Richard Clayton Sun, 22 Jun 2008 12:16:55 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29359 The channel server is located at the ISP (see #53 in the tech document) The channel server is located at the ISP (see #53 in the tech document)

]]> By: Ian http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29357 Ian Sun, 22 Jun 2008 08:58:42 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29357 I have read all the technical and legal analysis documents. I thought I had a rough understanding of how this system's hardware will sit. As I understand it, there is a profiler/anonymiser that sits within the ISP network (or is supposed to) which collects the data and anonymises it. This is passed to a Channel server. Where does the channel server sit? Is this meant to be in the same location as the profiler or is it located elsewhere / not within the ISP network? I have read all the technical and legal analysis documents.
I thought I had a rough understanding of how this system’s hardware will sit.

As I understand it, there is a profiler/anonymiser that sits within the ISP network (or is supposed to) which collects the data and anonymises it. This is passed to a Channel server. Where does the channel server sit? Is this meant to be in the same location as the profiler or is it located elsewhere / not within the ISP network?

]]> By: BT Customer (not much longer) http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29218 BT Customer (not much longer) Sun, 25 May 2008 12:05:51 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29218 All of this appears to ignore the fact this is not merely cookie insertion & forgery, it is also "Browser/Application Hijacking" & "Browser/Application Forgery", anything can be added or removed without the express wish of the Account holder! All of this appears to ignore the fact this is not merely cookie insertion & forgery, it is also “Browser/Application Hijacking” & “Browser/Application Forgery”, anything can be added or removed without the express wish of the Account holder!

]]> By: Richard Clayton http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29163 Richard Clayton Fri, 16 May 2008 18:59:00 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29163 @Alan <i>A question: In the article you mention that the Channel Server would located at the ISP site. Does this imply that it would have a domain name similar to the ISP’s main one or something different?</i> the article does not imply that it would have a host name at all, leave alone which domain it would be in <i>The article seemed to confuse the Anonymiser and Channel servers.</i> sorry! <i>Are they one and the same?</i> no @Alan

A question: In the article you mention that the Channel Server would located at the ISP site. Does this imply that it would have a domain name similar to the ISP’s main one or something different?

the article does not imply that it would have a host name at all, leave alone which domain it would be in

The article seemed to confuse the Anonymiser and Channel servers.

sorry!

Are they one and the same?

no

]]> By: Alan Cameron http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29162 Alan Cameron Fri, 16 May 2008 18:45:48 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29162 A question: In the article you mention that the Channel Server would located at the ISP site. Does this imply that it would have a domain name similar to the ISP's main one or something different? The article seemed to confuse the Anonymiser and Channel servers. Are they one and the same? A question: In the article you mention that the Channel Server would located at the ISP site. Does this imply that it would have a domain name similar to the ISP’s main one or something different?

The article seemed to confuse the Anonymiser and Channel servers. Are they one and the same?

]]> By: Ciara http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/comment-page-2/#comment-29155 Ciara Wed, 14 May 2008 17:37:54 +0000 http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/#comment-29155 Has anyone even looked at how this is going to affect businesses? I know that where I work, such a deep intrusion into what business we do with other companies and what is sent between us would NOT be welcomed. Matter of fact, considering much of it is proprietary, it may even be grounds for a lawsuit if they're attempting deep analysis of data packets. Has anyone even looked at how this is going to affect businesses? I know that where I work, such a deep intrusion into what business we do with other companies and what is sent between us would NOT be welcomed. Matter of fact, considering much of it is proprietary, it may even be grounds for a lawsuit if they’re attempting deep analysis of data packets.

]]>