A gentle warning about Phorm

Minkey

Registered User.
Local time
Today, 23:47
Joined
Jul 7, 2004
Messages
661
I've been tracking this story for a while now but we've only really found out now what it actually does (almost ! - no ones 100% certain).

What is Phorm ?

I quote - "It's a technology that can deliver targeted advertising based on a user's browsing habits using deep packet inspection."

The means it tracks your browsing habits and inspects all your web traffic to show you adds you might be interested in. It essentially a technology that knows what your browsing, without your consent :eek: Most people regard this as adware.

It also performs redirects and automatically sets cookies on your PC.

It's even regarded as illegal because it's opt out not opt in and you'll probable not even know about it.

More technical details can be found here in pdf.

Who does this effect ?

They are targeting major IPS's and at the moment BT, Virgin Media and Talk Talk are all signed up, more will follow. Also many web sites are using Phorm profile based advertising. Oh and BT trialed it in 2006 so if you with them you could have already been tracked.

If you not with these ISP's should you be concerned ? Well for now probably not but as I mentioned web sites use this profiling and your ISP, if they sign up, probably won't tell you they have. I don't use any of them but I've taken precautions (see below) it's better to be suspicious than not. ;)

How worried should I be ?

Personally I don't want anyone tracking what I do even if they claim not to be holding personal information. I also want to know exactly whats happening on my PC at anytime and my personal use of the internet is not 'altered' by third parties without my knowledge - do you ?

There's also the concern that a system like this can be hacked by using an exploit (either in the system itself or via another piece of software).

How can I stop them tracking me ?

This is a difficult question to answer but at the moment with no other protection I quote (from BadPhorm.co.uk) "you will require to disable the Phorm system by opting out on every browser that uses your network connection. There is no way to 'globaly opt out' of the Phorm system."

Steps you can do for all browsers:

Firstly you should delete all your cookies but (my disclaimer) you'll have re-accept ones that are required (this forum for example) and therefore you should know your log in and password, watch out for shopping sites also they usually must have a cookie to work but you can always (in Firefox) accept cookies only for this session for example.

Set your cookies more securely - in IE Tools > Internet Options > Advanced > Override automatic cookie handling and set First party to prompt and Third party to block

for Firefox Tools > Options, tick accept cookies but change the Accept cookies to ask me every time.

I know this may seem like a pain but I would rather spend 2 seconds clicking no than have unwanted cookies on my PC.

Apologies for those using other browsers I don't use them but I'm sure if someone does they can post if anyone needs to know.

The only problem with this is you obviously need to have cookies enabled for certain sites but hang on there is an other thing you can do. There is an add on for Firefox that can permanently set your browser to opt out - Dephormation it can also alert you to web sites that use Phorm profile advertising. They are working on a version for IE.

Want to know more ?

BadPhorm OK it's an anti-phorm web site but it does have information on FAQ's by Phorm themselves.
Dephormation FAQ's
The Registers Phorm articles
Phorm Wikipedia entry Which Phorm recently edited themselves and removed key factual entries :eek:clicky

Apologies for the length of the post but I do feel strongly about this and it's not intended to be rant more of a heads up :p
 
I don't think people really care Minkey.

It's really not the tracking cookies that bother me, but rather the flashplayer shit and video ads that you see on the screen.

I have turned my automatic imaging off in Firefox. :)
 
I don't think people really care Minkey.
Well you should do ;) the tech community is up in arms about this, why ? see the first post and below. In fact the ICO have stepped in and rightly told Phorm what they plan to do is illegal clicky in fact as BT trailed it already they have already broken the law clicky

It's really not the tracking cookies that bother me
That’s my point it not simply a tracking cookie Phorm can see all your personal information though they say it only anonymous information they store/ use * here is a basic summary of how it works (thanks to a member of PcPro's forum):

1 - When your browser requests a web site, the ISP system replies with an error
2 - The browser requests again, and is redirected by the network to a second system
3 - That system PRETENDS to be the web site you asked for
4 - A cookie is set on behalf of that web site, and can be read later
5 - At this point, your request has NOT left the ISP network
6 - The ISP machine then replies with another error
7 - The browser responds with a repeat request
8 - The ISP sends you to the URL you originally requested
9 - You see the page you requested

So, the ISP network and Phorm essentially masquerades as the web site you were going to to set the cookies. This has the potential to break web sites, and could also make web site owners appear to be responsible for cookies that they have never set.

Let's put this into a real life scenario, all the information you send/ receive from every site you visit they can 'see' but only use a portion of it. Apart from the fact that all your information is being collected by someone without your knowledge is not bad enough what's to stop an exploit or virus intercepting that data and sending it elsewhere? If you think this is unlikely believe me there are hackers who will try and do this in fact that is exactly what most (serious) viruses can be designed to do.

So you do your banking online and et voila, not to mention all the rest of your personal data is not going where you think it is.

OK they could do this without Phorm but you’re more likely to be tricked if you don't know what’s going on and Phorm will only make it more likely you could be.
 
Minkey,

I think, instead of reading your alerts, people will probably just shut down and stop using the internet.

As a matter of fact, I'm certain of this. I don't think people are going to stand for this kind of crap, and they're certainly not going to go crazy over it.

I can say one thing though...it's a darn good thing that there is a government in this country, and we can certainly count on them to be occupied by the motive to stop this kind of stuff going on. The bad thing is...it will never stop, but the good thing is...there is always the government to fight it.
 
Minkey, I appreciate the info. As to whether the greatest violators of personal privacy can be counted on to fight this for us...well, that's a political discussion best left for the Watercooler. ;)
 
I think, instead of reading your alerts, people will probably just shut down and stop using the internet.

As a matter of fact, I'm certain of this. I don't think people are going to stand for this kind of crap, and they're certainly not going to go crazy over it.

TBH I think the problem is that most erm.... 'normal' people i.e. non-techy don't know about this stuff, or as you said don't care, it's not common knowledge, this is why viruses, spam and malware exists.

There is always a way to stop this kind of stuff, as there is to circumvent many other restrictions, if it can be made it can be unmade. There are a hell of a lot of people just as, if not more clever, than the people that come up with this stuff. A great example running Linux on an Xbox without any kind of chip mod.

I was very surprised to find out a colleague at work was replying to spam by clicking on the unsubscribe me link :rolleyes: this is the oldest trick in the book unfortunately there's not a course you need to take before you can access the internet ;)

it's a darn good thing that there is a government in this country, and we can certainly count on them to be occupied by the motive to stop this kind of stuff going on.

I think I'll stick to my own methods - they don't even know how the internet works anyway, one recent example clicky
 
I agree with the sentiments expressed by minkey. I will give you an example of how utterly useless tracking cookies are:

I wanted a specific disc of a coupling of Richard Strass's Four Last Songs and the Alpine symphony so I put that into the catalogue reference into Amazon. As it happens, that disc is no longer available, so Amazon gave me an alternative. Sorry, Amazon I didn't want any disc but the disc I asked for otherwise I wouldn't have bothered its catalogue number. Having established that my first choice was NLA, I searched the record label for an alternative - which I did not find. At the end of the exercise I ended up with 12 tracking cookies. What use are these tracking cookies for an fruitless search - none.

Going back to phorn the simple way to eliminate phorn is blocking oix.net either on your browser or firewall. The Phorn system to users has no benefit whatsoever to users. I have seen PC with hundreds of tracking cookies and the owners of these PC complain of performance issues and anecdotally on enterprise sites there have been real performance gains of the broadband after gettting rid of these tracking cookies.

Simon
 

Users who are viewing this thread

Back
Top Bottom