FYI: It appears that Phorm (a targeted advertising system which taps into
ISP networks) will be setting its own persistent for most every
website the user visits. It appears as though the may be named
"webwise". One technical description of the system and this aspect can
be found via:

http://www.lightbluetouchpaper.org/2...ebwise-system/

or if you want to go straight to the report:

http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf

For those unfamiliar with Phorm:

http://news.google.com/news?hl=en&ne...h+News&q=Phorm
http://www.badphorm.co.uk

*sigh*

On 04/06/08 09:38 am, WiW wrote:
> FYI: It appears that Phorm (a targeted advertising system which taps into
> ISP networks) will be setting its own persistent for most every
> website the user visits. It appears as though the may be named
> "webwise". One technical description of the system and this aspect can
> be found via:
>
Firefox (and Seamonkey) allows you considerable control over how
are managed. From accepting none at all, a whitelist or a blacklist of
sites, retained for the session or forever. Your choice.

--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)

"Jim Moe" <jmm-list.AXSPAMGN@sohnen-moe.com> wrote in message news:RuWdnYujhelNvmTanZ2dnUVZ_v_inZ2d@giganews.com ...
> On 04/06/08 09:38 am, WiW wrote:
>> FYI: It appears that Phorm (a targeted advertising system which taps into
>> ISP networks) will be setting its own persistent for most every
>> website the user visits. It appears as though the may be named
>> "webwise". One technical description of the system and this aspect can
>> be found via:
>>
> Firefox (and Seamonkey) allows you considerable control over how
> are managed. From accepting none at all, a whitelist or a blacklist of
> sites, retained for the session or forever. Your choice.

Your comment seems geared towards ing me, as a user, cope with the
system. While I appreciate that, I posted this here because there is a
potential issue for those of us who have websites. Namely, that this system
(and potentially others like it) will be setting for our domains. Read
the report: http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf for the details.

"WiW" <wiw@invalid.invalid> writes:

> FYI: It appears that Phorm (a targeted advertising system which taps into
> ISP networks) will be setting its own persistent for most every
> website the user visits. It appears as though the may be named
> "webwise". One technical description of the system and this aspect can
> be found via:
>
> http://www.lightbluetouchpaper.org/2...ebwise-system/
>
> or if you want to go straight to the report:
>
> http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf

Very interesting. Thanks for the pointer.

It might be worth having a site that uses in exactly the same
format as Phorm's , so that it breaks if/when they strip them
out. At the very least this mechanism might provide a way for sites
to display a: "your connection is being monitored by Phorm with the
approval of your ISP" banner as part of an "opt out" campaign.

Of course, site owners (i.e. many readers here) may think this is the
way to go to get revenue, but the whole thing unsettles me deeply.

--
Ben.

WiW wrote:
>
> "Jim Moe" <jmm-list.AXSPAMGN@sohnen-moe.com> wrote in message
> news:RuWdnYujhelNvmTanZ2dnUVZ_v_inZ2d@giganews.com ...
>> On 04/06/08 09:38 am, WiW wrote:
>>> FYI: It appears that Phorm (a targeted advertising system which taps
>>> into
>>> ISP networks) will be setting its own persistent for most every
>>> website the user visits. It appears as though the may be named
>>> "webwise". One technical description of the system and this aspect can
>>> be found via:
>>>
>> Firefox (and Seamonkey) allows you considerable control over how
>> are managed. From accepting none at all, a whitelist or a blacklist of
>> sites, retained for the session or forever. Your choice.
>
> Your comment seems geared towards ing me, as a user, cope with the
> system. While I appreciate that, I posted this here because there is a
> potential issue for those of us who have websites. Namely, that this
> system
> (and potentially others like it) will be setting for our
> domains. Read
> the report: http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf for the details.

I'm stunned.

I also wondered whether maybe browsers don't set from responses
with status codes not in the 200 series, but I ran a test and Firefox does.

I just finished e-mailing my congressman and both senators.

On 6 Apr, 20:26, Jim Moe <jmm-list.AXSPA...@sohnen-moe.com> wrote:

> Firefox (and Seamonkey) allows you considerable control over how
> are managed.

Not over Phorm's though, because of the spoofing that Phorm inserts
(Phorm isn't the host site, but it pretends to be). Making Firefox
Phorm-resistant will surely happen, but it isn't there yet.

Phorm should be resisted strongly, including by lobbying your
congresscritter, as appears to be so far working succesfully in the
UK. Searching "The Register" (http://theregister.co.uk) for Phorm
stories may be interesting to you.

WiW schreef:
> FYI: It appears that Phorm (a targeted advertising system which taps into
> ISP networks) will be setting its own persistent for most every
> website the user visits. It appears as though the may be named
> "webwise". One technical description of the system and this aspect can
> be found via:
>
> http://www.lightbluetouchpaper.org/2...ebwise-system/
>
> or if you want to go straight to the report:
>
> http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf
>
> For those unfamiliar with Phorm:
>
> http://news.google.com/news?hl=en&ne...h+News&q=Phorm
> http://www.badphorm.co.uk
>
> *sigh*
>
>

Hi WiW,

Thanks for the link.
And thanks to Richard Clayton for writing the comprehensive article.

In my opinion, this kind of fooling around at the ISP is completely
criminal.
Temporarely changing targetserver (with some DNS-trick, or something) to
get some freaking criminal set. Pfft...

I know my ISP (XS4ALL, the Netherlands) never cooperates with such
criminals, but you get what you pay for: Other pricefighter ISP might
cooperate, selling out their customers.
Bah.

Erwin Moller

On 04/06/08 02:48 pm, WiW wrote:
>>>
>> Firefox (and Seamonkey) allows you considerable control over how
>> are managed. From accepting none at all, a whitelist or a blacklist of
>> sites, retained for the session or forever. Your choice.
>
> Your comment seems geared towards ing me, as a user, cope with the
> system.
>
I finally read it. Scary! It's a classic man-in-the-middle attack. While
I am sure this has marketeers and government spooks drooling, the whole
profiling aspect is creepy.
Apparently the only way to prevent it (so far) is to disallow
completely.

--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)