PHWinfo - Afficher un message - Phorm setting its own persistent cookie for most websites...

11/04/2008, 01h48

"WiW" <wiw@invalid.invalid> writes:

> "Jim Moe" <jmm-list.AXSPAMGN@sohnen-moe.com> wrote in message news:OaOdnYnN2aYnnWbanZ2dnUVZ_r3inZ2d@giganews.com ...
>
>> I finally read it. Scary! It's a classic man-in-the-middle attack. While
>> I am sure this has marketeers and government spooks drooling, the whole
>> profiling aspect is creepy.
>> Apparently the only way to prevent it (so far) is to disallow
>> completely.
>
> Actually, I don't think you can fully opt-out of it.

Maybe the idea can be (somewhat) discredited using a technical ruse.
Note this:

22. The specious (from the point of view of www.cnn.com) will be
removed as the request passes through the Layer 7 switch.

23. The has a lifetime of three days.

24. If, later on, the www.cnn.com website was to be visited via
another ISP that was not using a Phorm system (or if subsequent
accesses were made using the â€œhttpsâ€ protocol) then the
would reach www.cnn.com.

25. Phorm believe that by placing their name (webwise) within the
they place within the www.cnn.com domain, no clash â€“ or
other bad effects â€“ can occur.

What happens if I choose to require a with webwise in its name?
Will it too be removed by Phom-using ISPs? If so, I can tell my
"customers" that Phorm has broken their "browsing experience" when my
site does not behave for them.

Just a thought...

--
Ben.

11/04/2008, 01h48	#12
Ben Bacarisse Messages: n/a Hébergeur:	Re: Phorm setting its own persistent for most websites... "WiW" <wiw@invalid.invalid> writes: > "Jim Moe" <jmm-list.AXSPAMGN@sohnen-moe.com> wrote in message news:OaOdnYnN2aYnnWbanZ2dnUVZ_r3inZ2d@giganews.com ... > >> I finally read it. Scary! It's a classic man-in-the-middle attack. While >> I am sure this has marketeers and government spooks drooling, the whole >> profiling aspect is creepy. >> Apparently the only way to prevent it (so far) is to disallow >> completely. > > Actually, I don't think you can fully opt-out of it. Maybe the idea can be (somewhat) discredited using a technical ruse. Note this: 22. The specious (from the point of view of www.cnn.com) will be removed as the request passes through the Layer 7 switch. 23. The has a lifetime of three days. 24. If, later on, the www.cnn.com website was to be visited via another ISP that was not using a Phorm system (or if subsequent accesses were made using the â€œhttpsâ€ protocol) then the would reach www.cnn.com. 25. Phorm believe that by placing their name (webwise) within the they place within the www.cnn.com domain, no clash â€“ or other bad effects â€“ can occur. What happens if I choose to require a with webwise in its name? Will it too be removed by Phom-using ISPs? If so, I can tell my "customers" that Phorm has broken their "browsing experience" when my site does not behave for them. Just a thought... -- Ben.