So with BT, VM and TT on board there would be three webwise.nets out there. (Or rather in there, as the webwise.net server for each ISP would need to be at the ISP).

This being so, the DNS resolution of webwise.net, for clients of those ISPs, must be done in the Level 7 equipment and not by the usual Internet DNS servers at all. Though I expect these will all resolve yet a further webwise.net, for access by users of non-Phorm ISPs.

Hmmm. Does this Level 7 interception and forced resolution of webwise.net break any RFCs, I wonder?

A standard ad-blocking technique is to use a hosts file that maps advert serving domains to 127.0.0.1, see eg:
http://www.mvps.org/winhelp2002/hosts.htm

An interesting (deliberate?) side-effect of the way that phorm works is that blocking their adverts will be more difficult.

One thing that has struck me is the “engagement” approach taken by Phorm to deal with negative publicity. This idea of going out and undergoing PR combat in the blogosphere, and maintaining a frequent blog of their own (6 posts already in nine days of April)… I wonder if it is fanning the flames?

In the UK when there is a banking security story, which LBT has plenty of experience of, the information content and engagement from the banks is absolutely minimal. And it sinks stories pretty quickly, not permitting them two sides. Now of course the big five banks are well established companies — here today, here tomorrow (except Northern Rock!), and Phorm is new and just getting started, so of course they may be justified in adopting different tactics, but still, is this level of engagement likely to be a successful tactic? My gut tells me no, better sometimes to be sheepish and suffer a little unrebutted criticsm.

Undertaking a thought experiment… put yourself in Phorm’s situation, and suppose also that you had no ethical or legal scruples at all, what would be the optimal tactic to ride out this negative publicity storm?

Mike

Also, apart from the word of a PR representative, how do we ‘know’ what due diligence has been applied to the software that Phorm will be supplying in their ‘black boxes’

Colin”

what Phorm ISO 27001 might that be ?

is it another case of not registering until someone mentions it?, such as was the case with the
http://www.ico.gov.uk/ESDWebPages/Search.asp?EC=1 (search onphorm and you get)
“Date Registered: 30 January 2008 Registration Expires: 29 January 2009

Data Controller: PHORM UK INC”

it seems clear as late as March 10th Phorm didnt have a ISO 27001 registration.

http://www.piglet-net.net/pigblog/?p=861
“Phorm Comms team Says:
March 10th, 2008 at 3:24 pm
Hello CB,
No need for sarcasm! Google alerts alerted us. Google knows all. No we are not ISO 27001 certified.”

You talk about conventions, but Phorm is by your own press releases still in the pre-deployment phase. It is not a live system, therefore to discuss potential weaknesses in the open could not directly help attackers. Trials are planned for April, and you’ll just have to delay them if you consider this as a risk.

Furthermore there is a convention on the internet to follow established protocols and document new additions in an RFC - your rather severe use of edge-of-protocols methods (THREE UNWARRANTED 307 REDIRECTS IN ALL MY BROWSING).

I rather trust Dr Richard and his colleagues a damned site more than a company who is promoting their own wares.

Colin

Radha/Marc

Many users do resolve unwanted hosts to 127.0.0.1 in order that no information is exchanged with those hosts.

I have thousands of unwanted sites including several Phorm related sites such as webwise.net that I ensure are resolved to 127.0.0.1.

If the Phorm system is implemented by my ISP, it sounds like my internet connection will effectively be broken or degraded. This is totally unacceptable.

Tim

Then again, as has been said, if the DNS were to break entirely, the request won’t leave the user’s computer. So potential for DoS.

Presumably all that process is shown in your ISO 27001 registration scope document?