Comments on: Twisty little passages, all alike http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/ Security Research, Computer Laboratory, University of Cambridge Fri, 05 Dec 2008 08:44:29 +0000 http://wordpress.org/?v=2.6.3 By: Richard Clayton http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-30053 Richard Clayton Sat, 01 Nov 2008 15:10:03 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-30053 @Jonah <i>In other words does it only Profile on Port 80 or on all ports when using the HTTP Protocol?</i> See paragraph #3 of <a href="http://www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf" rel="nofollow">my report!</a> @Jonah
In other words does it only Profile on Port 80 or on all ports when using the HTTP Protocol?

See paragraph #3 of my report!

]]> By: Jonah http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-30048 Jonah Sat, 01 Nov 2008 13:57:48 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-30048 Something I meant to ask some time ago, if a Web Server does this is the Phorm/Webwise System supposed to follow with Profiling or abort the Operation? {www.anywhereh.com redirection code to www.anywherh.com:7034} In other words does it only Profile on Port 80 or on all ports when using the HTTP Protocol? Something I meant to ask some time ago, if a Web Server does this is the Phorm/Webwise System supposed to follow with Profiling or abort the Operation?

{www.anywhereh.com redirection code to http://www.anywherh.com:7034}

In other words does it only Profile on Port 80 or on all ports when using the HTTP Protocol?

]]> By: Jonah http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-29604 Jonah Fri, 18 Jul 2008 15:19:25 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-29604 Richard I fully understand the implications of doing this but BT have a contract with me to provide WWW internet access & as far as I know they do NOT have the right to intercept my traffic. The moment I am blocked from access to the WWW I will politely ask BT to properly reconnect me to the WWW or give me a MAC to go elsewhere as "they have broken their contract to provide WWW access"! Since BT intercepted my traffic in 2006 & 2007, I am very likely to have that happen again! Richard I fully understand the implications of doing this but BT have a contract with me to provide WWW internet access & as far as I know they do NOT have the right to intercept my traffic.

The moment I am blocked from access to the WWW I will politely ask BT to properly reconnect me to the WWW or give me a MAC to go elsewhere as “they have broken their contract to provide WWW access”!

Since BT intercepted my traffic in 2006 & 2007, I am very likely to have that happen again!

]]> By: Richard Clayton http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-29482 Richard Clayton Fri, 04 Jul 2008 17:51:18 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-29482 @Jonah If you do #1 then, because of the way Phorm works, you will not be able to browse to any website. I don't think that the ISP is likely to "remedy this" by any other method than telling you that putting 127.0.0.1 in your hosts file for the webwise.net domain is anything other than a damn fool thing to do. The other entries are unlikely to have any practical effect one way or another. Have a further read of how the system works! @Jonah

If you do #1 then, because of the way Phorm works, you will not be able to browse to any website. I don’t think that the ISP is likely to “remedy this” by any other method than telling you that putting 127.0.0.1 in your hosts file for the webwise.net domain is anything other than a damn fool thing to do. The other entries are unlikely to have any practical effect one way or another. Have a further read of how the system works!

]]> By: Jonah http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-29480 Jonah Fri, 04 Jul 2008 15:08:45 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-29480 If such a System goes "live", I would actually recommend #1. Your ISP has a contract with you to provide access to the Internet through their switching device, the moment they cut off your Browsing they have cut off your Access & they are obliged to remedy this! If such a System goes “live”, I would actually recommend #1.

Your ISP has a contract with you to provide access to the Internet through their switching device, the moment they cut off your Browsing they have cut off your Access & they are obliged to remedy this!

]]> By: Richard Clayton http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-29424 Richard Clayton Sat, 28 Jun 2008 13:29:23 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-29424 @v4vendetta #1 no don't do this, it will break things #2 this should work (and if it doesn't I expect they'll fix it) #3 this is rather over the top and will affect your browsing in other ways might I suggest #4, which is to change ISP ? though even that may not be needed since no-one has rolled the 'service' out yet. @v4vendetta

#1 no don’t do this, it will break things
#2 this should work (and if it doesn’t I expect they’ll fix it)
#3 this is rather over the top and will affect your browsing in other ways

might I suggest #4, which is to change ISP ? though even that may not be needed since no-one has rolled the ’service’ out yet.

]]> By: v4vendetta http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-29423 v4vendetta Sat, 28 Jun 2008 11:47:55 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-29423 Phorm counter-measures 1) Edit your 'Hosts' file... Start --> Run --> Type: notepad "c:\windows\system32\drivers\etc\hosts" Add the following line to the bottom of the file: 127.0.0.1 oix.net 127.0.0.1 oix.com 127.0.0.1 phorm.com 127.0.0.1 webwise.net 127.0.0.1 webwise.com 127.0.0.1 sysip.net 127.0.0.1 qkilbdr.net 127.0.0.1 121media.com 127.0.0.1 openinternetalliance.com 127.0.0.1 openinternetalliance.net 127.0.0.1 youcanoptin.com 127.0.0.1 youcanoptin.net 127.0.0.1 youcanoptout.com 127.0.0.1 youcanoptout.net File --> Save File --> Exit (You may, at first, have go into the file's temporary and untick the 'Read-only' box). (HEY MOD! Have I got the first bit right, this time)? 2) Visit http://www.dephormation.org.uk/ and Download the Dephormation v2.1 Firefox Add On. "The Dephormation Add On ensures that your decision to permanently opt out of Phorm profiling cannot be undone in Firefox. Optionally, the Add On can also alert you to sites using Phorm/ Webwise/ OIX profile based advertising. With each page you view in your browser, a Phorm 'opt out' cookie is set automatically, and the Phorm UID cookie is randomised. Even if you delete all your cookies regularly". 3) Visit http://www.torproject.org/ and install TorBrowser, a Windows Browser Bundle (Containing Tor, Torbutton, Polipo, and Firefox). Phorm counter-measures

1)

Edit your ‘Hosts’ file…

Start –> Run –> Type:

notepad “c:\windows\system32\drivers\etc\hosts”

Add the following line to the bottom of the file:

127.0.0.1 oix.net
127.0.0.1 oix.com
127.0.0.1 phorm.com
127.0.0.1 webwise.net
127.0.0.1 webwise.com
127.0.0.1 sysip.net
127.0.0.1 qkilbdr.net
127.0.0.1 121media.com
127.0.0.1 openinternetalliance.com
127.0.0.1 openinternetalliance.net
127.0.0.1 youcanoptin.com
127.0.0.1 youcanoptin.net
127.0.0.1 youcanoptout.com
127.0.0.1 youcanoptout.net

File –> Save

File –> Exit

(You may, at first, have go into the file’s temporary and untick the ‘Read-only’ box).

(HEY MOD! Have I got the first bit right, this time)?

2)

Visit http://www.dephormation.org.uk/ and Download the Dephormation v2.1 Firefox Add On.

“The Dephormation Add On ensures that your decision to permanently opt out of Phorm profiling cannot be undone in Firefox.

Optionally, the Add On can also alert you to sites using Phorm/ Webwise/ OIX profile based advertising.

With each page you view in your browser, a Phorm ‘opt out’ cookie is set automatically, and the Phorm UID cookie is randomised. Even if you delete all your cookies regularly”.

3)

Visit http://www.torproject.org/ and install TorBrowser, a Windows Browser Bundle (Containing Tor, Torbutton, Polipo, and Firefox).

]]> By: popper http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-29284 popper Thu, 05 Jun 2008 06:23:15 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-29284 more twists today richard, from Alexander's new NoDPI page http://digg.com/tech_news/BT_commited_113_million_allegedly_illegal_acts_in_8_days "BT commited 113 million allegedly illegal acts in 8 days nodpi.org — [EXCLUSIVE] An article summarising an internal report by BT regarding their covert trials of PageSense (Phorm) in September 2006. IP addresses were used (despite BT assuring the public and ICO that no personally identifiable data was used) and 130 000 charity ads were hijacked and replaced with Phorm's ads. ... " http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-532.html#post34567434 more twists today richard, from Alexander’s new NoDPI page

http://digg.com/tech_news/BT_commited_113_million_allegedly_illegal_acts_in_8_days

“BT commited 113 million allegedly illegal acts in 8 days
nodpi.org — [EXCLUSIVE] An article summarising an internal report by BT regarding their covert trials of PageSense (Phorm) in September 2006. IP addresses were used (despite BT assuring the public and ICO that no personally identifiable data was used) and 130 000 charity ads were hijacked and replaced with Phorm’s ads.



http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-532.html#post34567434

]]> By: david M http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-29225 david M Wed, 28 May 2008 00:19:49 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-29225 BTW Richard, Tharrick and ravenheart both got a reply from EU Commisioner today, read it here http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-485.html#post34560783 scans here http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-486.html#post34560921 and a news post related to this official EU stance "...The data concerned in this particular matter i.e. the content of search queries, constitute communication within the meaning of this Directive and the URLs used in the packets constitute traffic data. This data should therefore be protected appropriately..." here for a digg and link http://digg.com/tech_news/EU_Commission_respond_to_the_publics_complaints_about_Phorm BTW Richard,
Tharrick and ravenheart both got a reply from EU Commisioner today, read it here
http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-485.html#post34560783

scans here
http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-486.html#post34560921

and a news post related to this official EU stance
“…The data concerned in this particular matter i.e. the content of search queries, constitute communication within the meaning of this Directive and the URLs used in the packets constitute traffic data. This data should therefore be protected appropriately…”
here for a digg and link
http://digg.com/tech_news/EU_Commission_respond_to_the_publics_complaints_about_Phorm

]]> By: david M http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/#comment-29213 david M Fri, 23 May 2008 22:30:12 +0000 http://www.lightbluetouchpaper.org/?p=321#comment-29213 sorry about that, and sammy's point,just above that... "When originally asked about Phorm- KE and Co stated that the profile created can be transfered from one ISP to another. ie. Once a profile is created using my VM connection, I can use another PC or lets BT, and the Profile created will deliver the same ads, as if I was on my home connection. Which clearly shows something has been missed, in respects of our analysis - to deliver this Phorm must have the capability to transfer the data from VM to BT, then BT to CPW and so on. To do this will depend on far more more than a mere Cookie dependant on your browser. IMO Phorm's System, using the methods they claim to, must Intercept clearly indentifiable PII to reference with the profile they save for the user. " sorry about that, and sammy’s point,just above that…

“When originally asked about Phorm- KE and Co stated that the profile created can be transfered from one ISP to another.

ie. Once a profile is created using my VM connection, I can use another PC or lets BT, and the Profile created will deliver the same ads, as if I was on my home connection.

Which clearly shows something has been missed, in respects of our analysis - to deliver this Phorm must have the capability to transfer the data from VM to BT, then BT to CPW and so on.

To do this will depend on far more more than a mere Cookie dependant on your browser.

IMO Phorm’s System, using the methods they claim to, must Intercept clearly indentifiable PII to reference with the profile they save for the user.

]]>