FYI: It appears that Phorm (a targeted advertising system which taps into
ISP networks) will be setting its own persistent for most every
website the user visits. It appears as though the may be named
"webwise". One technical description of the system and this aspect can
be found via:

http://www.lightbluetouchpaper.org/2...ebwise-system/

or if you want to go straight to the report:

http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf

For those unfamiliar with Phorm:

http://news.google.com/news?hl=en&ne...h+News&q=Phorm
http://www.badphorm.co.uk

*sigh*

On 04/06/08 09:38 am, WiW wrote:
> FYI: It appears that Phorm (a targeted advertising system which taps into
> ISP networks) will be setting its own persistent for most every
> website the user visits. It appears as though the may be named
> "webwise". One technical description of the system and this aspect can
> be found via:
>
Firefox (and Seamonkey) allows you considerable control over how
are managed. From accepting none at all, a whitelist or a blacklist of
sites, retained for the session or forever. Your choice.

--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)

"Jim Moe" <jmm-list.AXSPAMGN@sohnen-moe.com> wrote in message news:RuWdnYujhelNvmTanZ2dnUVZ_v_inZ2d@giganews.com ...
> On 04/06/08 09:38 am, WiW wrote:
>> FYI: It appears that Phorm (a targeted advertising system which taps into
>> ISP networks) will be setting its own persistent for most every
>> website the user visits. It appears as though the may be named
>> "webwise". One technical description of the system and this aspect can
>> be found via:
>>
> Firefox (and Seamonkey) allows you considerable control over how
> are managed. From accepting none at all, a whitelist or a blacklist of
> sites, retained for the session or forever. Your choice.

Your comment seems geared towards ing me, as a user, cope with the
system. While I appreciate that, I posted this here because there is a
potential issue for those of us who have websites. Namely, that this system
(and potentially others like it) will be setting for our domains. Read
the report: http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf for the details.

"WiW" <wiw@invalid.invalid> writes:

> FYI: It appears that Phorm (a targeted advertising system which taps into
> ISP networks) will be setting its own persistent for most every
> website the user visits. It appears as though the may be named
> "webwise". One technical description of the system and this aspect can
> be found via:
>
> http://www.lightbluetouchpaper.org/2...ebwise-system/
>
> or if you want to go straight to the report:
>
> http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf

Very interesting. Thanks for the pointer.

It might be worth having a site that uses in exactly the same
format as Phorm's , so that it breaks if/when they strip them
out. At the very least this mechanism might provide a way for sites
to display a: "your connection is being monitored by Phorm with the
approval of your ISP" banner as part of an "opt out" campaign.

Of course, site owners (i.e. many readers here) may think this is the
way to go to get revenue, but the whole thing unsettles me deeply.

--
Ben.

WiW wrote:
>
> "Jim Moe" <jmm-list.AXSPAMGN@sohnen-moe.com> wrote in message
> news:RuWdnYujhelNvmTanZ2dnUVZ_v_inZ2d@giganews.com ...
>> On 04/06/08 09:38 am, WiW wrote:
>>> FYI: It appears that Phorm (a targeted advertising system which taps
>>> into
>>> ISP networks) will be setting its own persistent for most every
>>> website the user visits. It appears as though the may be named
>>> "webwise". One technical description of the system and this aspect can
>>> be found via:
>>>
>> Firefox (and Seamonkey) allows you considerable control over how
>> are managed. From accepting none at all, a whitelist or a blacklist of
>> sites, retained for the session or forever. Your choice.
>
> Your comment seems geared towards ing me, as a user, cope with the
> system. While I appreciate that, I posted this here because there is a
> potential issue for those of us who have websites. Namely, that this
> system
> (and potentially others like it) will be setting for our
> domains. Read
> the report: http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf for the details.

I'm stunned.

I also wondered whether maybe browsers don't set from responses
with status codes not in the 200 series, but I ran a test and Firefox does.

I just finished e-mailing my congressman and both senators.

On 6 Apr, 20:26, Jim Moe <jmm-list.AXSPA...@sohnen-moe.com> wrote:

> Firefox (and Seamonkey) allows you considerable control over how
> are managed.

Not over Phorm's though, because of the spoofing that Phorm inserts
(Phorm isn't the host site, but it pretends to be). Making Firefox
Phorm-resistant will surely happen, but it isn't there yet.

Phorm should be resisted strongly, including by lobbying your
congresscritter, as appears to be so far working succesfully in the
UK. Searching "The Register" (http://theregister.co.uk) for Phorm
stories may be interesting to you.

WiW schreef:
> FYI: It appears that Phorm (a targeted advertising system which taps into
> ISP networks) will be setting its own persistent for most every
> website the user visits. It appears as though the may be named
> "webwise". One technical description of the system and this aspect can
> be found via:
>
> http://www.lightbluetouchpaper.org/2...ebwise-system/
>
> or if you want to go straight to the report:
>
> http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf
>
> For those unfamiliar with Phorm:
>
> http://news.google.com/news?hl=en&ne...h+News&q=Phorm
> http://www.badphorm.co.uk
>
> *sigh*
>
>

Hi WiW,

Thanks for the link.
And thanks to Richard Clayton for writing the comprehensive article.

In my opinion, this kind of fooling around at the ISP is completely
criminal.
Temporarely changing targetserver (with some DNS-trick, or something) to
get some freaking criminal set. Pfft...

I know my ISP (XS4ALL, the Netherlands) never cooperates with such
criminals, but you get what you pay for: Other pricefighter ISP might
cooperate, selling out their customers.
Bah.

Erwin Moller

On 04/06/08 02:48 pm, WiW wrote:
>>>
>> Firefox (and Seamonkey) allows you considerable control over how
>> are managed. From accepting none at all, a whitelist or a blacklist of
>> sites, retained for the session or forever. Your choice.
>
> Your comment seems geared towards ing me, as a user, cope with the
> system.
>
I finally read it. Scary! It's a classic man-in-the-middle attack. While
I am sure this has marketeers and government spooks drooling, the whole
profiling aspect is creepy.
Apparently the only way to prevent it (so far) is to disallow
completely.

--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)

"Jim Moe" <jmm-list.AXSPAMGN@sohnen-moe.com> wrote in message news:OaOdnYnN2aYnnWbanZ2dnUVZ_r3inZ2d@giganews.com ...

> I finally read it. Scary! It's a classic man-in-the-middle attack. While
> I am sure this has marketeers and government spooks drooling, the whole
> profiling aspect is creepy.
> Apparently the only way to prevent it (so far) is to disallow
> completely.

Actually, I don't think you can fully opt-out of it. Your traffic will
still be routed through front end system components and IIRC The
Register confirmed during an interview that data is still mirrored to
the profiler. The only way to really guard against tampering and
copying would be to use encrypted tunnels with trustworthy exit
points, and who wants to be bothered with that just to make it
onto the freakin net.

Anyway, I came across a tiny bit of info about how NebuAd works.
It doesn't sound as though it forges and I thought I would
share that. Two articles about NebuAd:

http://bits.blogs.nytimes.com/2008/0...-web-browsing/
http://www.broadbandreports.com/show...-Service-93375

I say off with all their heads and can I take a few swings!

WiW wrote:
>
> "Jim Moe" <jmm-list.AXSPAMGN@sohnen-moe.com> wrote in message
> news:OaOdnYnN2aYnnWbanZ2dnUVZ_r3inZ2d@giganews.com ...
>
>> I finally read it. Scary! It's a classic man-in-the-middle attack. While
>> I am sure this has marketeers and government spooks drooling, the whole
>> profiling aspect is creepy.
>> Apparently the only way to prevent it (so far) is to disallow
>> completely.
>
> Actually, I don't think you can fully opt-out of it. Your traffic will
> still be routed through front end system components and IIRC The
> Register confirmed during an interview that data is still mirrored to
> the profiler. The only way to really guard against tampering and
> copying would be to use encrypted tunnels with trustworthy exit
> points, and who wants to be bothered with that just to make it onto the
> freakin net.

One thing that interests me: they don't see any problem turning every
request into, what four, five, or six round trips across the network?

>
> Anyway, I came across a tiny bit of info about how NebuAd works.
> It doesn't sound as though it forges and I thought I would
> share that. Two articles about NebuAd:
>
> http://bits.blogs.nytimes.com/2008/0...-web-browsing/
>
> http://www.broadbandreports.com/show...-Service-93375
>
> I say off with all their heads and can I take a few swings!

I'm wondering whether it isn't already illegal. Does it fall under the
heading of wiretapping?

"Harlan Messinger" <hmessinger.removethis@comcast.net> wrote in message news:664l06F2ip5ejU1@mid.individual.net...

> One thing that interests me: they don't see any problem turning every
> request into, what four, five, or six round trips across the network?

In the best, perhaps typical not-opted-out case, the Phorm system will
have forged a for the target website. It will see the Phorm UID
in the initial request to that website and thus can snoop that transaction,
copying the request/response and linking everything together without
redirecting the user's browser. There would be some internal traffic as
the Phorm components pass that and related data around, but I don't
think there would be any additional traffic on the customer or Internet
sides.

I think it is in other scenarios where redirects come into play... setting
of the Phorm UID , forging for all the websites the
user visits, recognizing deleted or blocked , and presumably
recognizing the opt-out through case. I think the opt-out and
blocking cases are mitigated through the use of that temporary
IP Address block list.

I whitelist the for a limited number of sites and accept the rest
"until I close Firefox". Say Firefox wipes my 15 times a day,
prior to each wipe say I visit 30 sites I haven't whitelisted. Would
that be 15*30 = 450 "rounds" of redirects to ISP collocated machines?
Even if everyone did that, wouldn't the extra traffic be a drop in the
bucket?

> I'm wondering whether it isn't already illegal. Does it fall under the
> heading of wiretapping?

I'm not qualified to comment on the legal issues.

"WiW" <wiw@invalid.invalid> writes:

> "Jim Moe" <jmm-list.AXSPAMGN@sohnen-moe.com> wrote in message news:OaOdnYnN2aYnnWbanZ2dnUVZ_r3inZ2d@giganews.com ...
>
>> I finally read it. Scary! It's a classic man-in-the-middle attack. While
>> I am sure this has marketeers and government spooks drooling, the whole
>> profiling aspect is creepy.
>> Apparently the only way to prevent it (so far) is to disallow
>> completely.
>
> Actually, I don't think you can fully opt-out of it.

Maybe the idea can be (somewhat) discredited using a technical ruse.
Note this:

22. The specious (from the point of view of www.cnn.com) will be
removed as the request passes through the Layer 7 switch.

23. The has a lifetime of three days.

24. If, later on, the www.cnn.com website was to be visited via
another ISP that was not using a Phorm system (or if subsequent
accesses were made using the “https� protocol) then the
would reach www.cnn.com.

25. Phorm believe that by placing their name (webwise) within the
they place within the www.cnn.com domain, no clash – or
other bad effects – can occur.

What happens if I choose to require a with webwise in its name?
Will it too be removed by Phom-using ISPs? If so, I can tell my
"customers" that Phorm has broken their "browsing experience" when my
site does not behave for them.

Just a thought...

--
Ben.

"Ben Bacarisse" <ben.usenet@bsb.me.uk> wrote in message news:87lk3li854.fsf@bsb.me.uk...

> Maybe the idea can be (somewhat) discredited using a technical ruse...

> What happens if I choose to require a with webwise in its name?

> Will it too be removed by Phorm-using ISPs?

I suspect some people will be experimenting with that and other sorts
of things once they have the opportunity to challenge a Phorm system
that is up and running.

> If so, I can tell my
> "customers" that Phorm has broken their "browsing experience" when my
> site does not behave for them.

If use of the system can be detected, one could also redirect users to
some educational material and refuse them service on the grounds that
the website objects to forging and content being intercepted and
processed by Phorm. Arguably, that is exactly what should be done for
many password protected areas where people post content.

I for one would like to see the IETF and/or W3C issue a public
statement condoning the forging if not such systems in general.
I'm sure some of the players are aware of the issues by now. I don't
know any of them though.

Thu, 10 Apr 2008 21:34:31 -0400 from WiW <wiw@invalid.invalid>:
> I for one would like to see the IETF and/or W3C issue a public
> statement condoning the forging if not such systems in general.

Condoning???

Do you mean, perhaps, "condemning"?

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/
HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2.1 spec: http://www.w3.org/TR/CSS21/
validator: http://jigsaw.w3.org/css-validator/
Why We Won't You:
http://diveintomark.org/archives/200..._wont__you

"Stan Brown" <the_stan_brown@fastmail.fm> wrote in message news:MPG.226bfc53bc15a2bc98b5d1@news.individual.ne t...
> Thu, 10 Apr 2008 21:34:31 -0400 from WiW <wiw@invalid.invalid>:
>> I for one would like to see the IETF and/or W3C issue a public
>> statement condoning the forging if not such systems in general.
>
> Condoning???
>
> Do you mean, perhaps, "condemning"?

What the... ! YES, that is what should have been there. Great,
now they've added NNTP support too ;-) Thanks for catching
the wrong word.