Urban75 Home About Offline BrixtonBuzz Contact

IMPORTANT! BT, Virgin Media & Carphone Warehouse to sell your browsing habits

Mogden said:
if anyone has any suggestions of ISPs that won't try this sort of spying without consent.
Click to expand...

You mean does anyone know an ISP that considers users as customers instead of profit centres and weak-minded spendatrons forever clawing over each other to win some inhuman batshit insane race to out-consume every other drooling peurile fuckwit out there to buy, buy, buy now? That's it, look at the ads, see pretty things, pretty things to make you happy. It looks nice, doesn't it? Think how much you want me. How much you need me. How much I'd make your life complete, better than friends, better than exuding a single inch of humanitarian spirit, people say you can't buy happiness like this but they're wrong, you'll prove them wrong, won't you? Do it to show them how clever you are, they're the gullible ones for not believing. Operators are standing by.
 
stdPikachu said:
You mean does anyone know an ISP that considers users as customers instead of profit centres and weak-minded spendatrons forever clawing over each other to win some inhuman batshit insane race to out-consume every other drooling peurile fuckwit out there to buy, buy, buy now? That's it, look at the ads, see pretty things, pretty things to make you happy. It looks nice, doesn't it? Think how much you want me. How much you need me. How much I'd make your life complete, better than friends, better than exuding a single inch of humanitarian spirit, people say you can't buy happiness like this but they're wrong, you'll prove them wrong, won't you? Do it to show them how clever you are, they're the gullible ones for not believing. Operators are standing by.
Click to expand...

did you nick that from charlie brooker?
 
tommers said:
did you nick that from charlie brooker?
Click to expand...

Only metaphorically speaking, nothing is created in a vacuum. 'cept for the people at BT et al who are already creating imaginary profits based on selling your fucking soul for you. The devil is now in middleman-management instead of the details. You don't need to know the details. Just trust us.
 
Phorm. Another step towards sleepwalking into a surveillance society.

gnoriac said:
Interview with Phorm's Kent Ertegrul in the Reg
in which he makes it sound less sinister and pushes the blame towards the ISP:
which is fair IMO, Phorm are just supplying the advertising from what it looks like to me. Their claim that it'll reduce the amount of advertising hitting your screens is obviously bollocks.
Doesn't negate any of the real issues though, strongly advise ploughing through the readers comments at the end. The one that particularly interested me:
Click to expand...
As gnoriac quite rightly said, Last Friday the register managed to bag an interview with Kent 'I am not the Prince of Darkness' Ertegrul (the CEO of Phorm) and Marc Burgess (senior 'boffin' at Phorm), in which he explains how this phorm bs works:
Marc Burgess: What the profiler does is it first cleans the data. It's looking at two sets of information: the information in the request that's sent to the website and then information in the page that comes back.
From the request it pulls out the URL, and if that URL is a well known search engine such as Google or Yahoo! it'll also look for the search terms that are in the request.
And then from the information returned by the website, the profiler looks at the content. The first thing it does is it ignores several classes of information that could potentially be sensitive. So there's no form fields, no numbers, no email addresses (that is something containing an "@") and anything containing a title like Mr or Mrs.

Aren't you collecting the first three characters?

MB: Because of a peculiarity of the tokenisation, numbers three digits or shorter aren't collected anyway, they're too short so there's no numbers at all. If you have a mixture of letters and numbers - a compound - that would be potentially collected.

Say, for example, the start of postcode?

MB: Yes...

KE: But as you'll see it's irrelevant anyway.

MB: So we do this basic cleaning process and then we take a look at the key words that have come from the page and we eliminate "noise words" that have a low intrinsic meaning. So what we're left with is a clean version of the key words in the page which we then basically do a chart of the ten most commonly occurring words.

This process has the effect of largely eliminating personally identifiable information [PII] from the web page because it would have to contain PII that didn't match any of our criteria and also appeared repeatedly in the page.

The profiler takes this "data digest" and it passes it through the box we call the anonymiser and into the box we call the channel server. The channel server has got a database of advertising categories that we call channels - things like sport, health and beauty, travel, luxury cars, etc. The channels are global to the whole system [across ISP networks]. Via the Open Internet Exchange advertisers are able to specify the channels they want to target.

The channels are controlled in the content they can have. We don't have adult advertising, no medical channel, no tobacco, no gambling. The channels are also designed so they always match a minimum number of unique users - 5,000. A channel has to be sufficiently broad so that it doesn't just reduce to one or two users.

As soon as that match has been made the data digest, which has only ever been in memory, is immediately deleted. It never goes to disk.
Click to expand...
You can read the full version of this and the other three pages here: http://www.theregister.co.uk/2008/03/07/phorm_interview_burgess_ertegrul/

skunkboy69 said:
Never fear.A Firefox plugin to combat this little beastie has already been released.

http://www.dephormation.org.uk/

That'll teach em
Click to expand...
Cheers for posting that! its nice to see someone is one the case and to know that we are not completely helpless against these fuckers.

Anyone know if the BT wholesale resellers (which account for the vast majority of adsl providers in the UK) have a say regarding Phorm?? because if they do we may still be able to get broadband that isn't spied on........
 
i've just e-mailed bt.com to complain. Although i'm not a customer, everybody used to be so i'm presuming they could have historical data on me.

If they didn't, that's probably now put me on a Phorm (or their sister company Phish) list somewhere.
 
Nicely acerbic comments page from the Reg today.

http://www.theregister.co.uk/2008/03/10/isps_phorm_comment_target_market/

Shamelessly pilfered from the same thread at Ars:

bigbadcol said:
"As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc."

Oh Phorm, have you been telling us some MASSIVE porkies or what ?
Click to expand...

Pre-fucking-cisely. How long until that mysterious extra metadata starts to include your name and address from when you fill in online phorms? The name and address of your friends on facebook? Your email address? The contents of your webmail? There's no fucking way your "anonymiser" is capable of knowing what every page is and isn't supposed to be, so I don't see how you plan to scrub personal data (otehr than the most trivial) without actally gathering the personal information in the first place.

Sorry, I need more guarantees than some dodgy ex-spyware company telling me "it's safe, honest". Your PR has so far scared the crap out of me more than BT's did - they didn't answer because they didn't know the answers. When you don't answer, you keep evading the question. I can only assume you're doing this to avoid giving me answers I don't want to hear.

This is like a FAIL meteorite the size of Texas flattening a FAIL factory that's been making FAIL for the past fifty years. BT are already taking flak in the mainstream press but, thanks to making everyone sign new contracts with their recent "we're giving you free weekend calls at the expense of 2000% higher rates during the week!" campaign everyone is being coerced into signing a new contract which, oddly enough, waives the right for them to not sell your personal data http://www.theregister.co.uk/2008/02/28/bt_price_hike/

Sorry if you're the sort of person who finds this particular combination of four letters offensive, but BT are being cunts about this.

Edit: just found this FF extension which gets halfway to getting to what I was after. Wouldn't be keen on keeping FF open just for this though http://mrl.nyu.edu/~dhowe/trackmenot/
 
FYI any use of VPN tunneling to bypass ISP checking for Bittorrent traffic will have the pleasant side affect of screwing up any Phorm-based stream scanning completely.
 
I still think that flooding their servers with useless, random data is a better idea though. They can't filter or throttle HTTP requests, and they end up with a colossal dataset that's far, far lower in value than they thought it would be (at least for any individual person).

If you're one of those users who doesn't seed illegal torrents day and night but do think you should have a right to use the bandwidth you've paid for, it'd also work :)
 
stdPikachu said:
If you're one of those users who doesn't seed illegal torrents day and night but do think you should have a right to use the bandwidth you've paid for, it'd also work :)
Click to expand...

That's me :) I don't tend to download much at all, but I object to a) being snooped on and treated like a criminal when I'm doing nothing wrong on the net and b) used as extra advertising money by an ISP I already pay over the odds for.
 
stdPikachu said:
Pre-fucking-cisely. How long until that mysterious extra metadata starts to include your name and address from when you fill in online phorms? The name and address of your friends on facebook? Your email address? The contents of your webmail? There's no fucking way your "anonymiser" is capable of knowing what every page is and isn't supposed to be, so I don't see how you plan to scrub personal data (otehr than the most trivial) without actally gathering the personal information in the first place.
Click to expand...

Well.... The URl spec is pretty detailed, so what is and what isn't a page is fully standardised. Though there will be problems with things like URL re-writing.

They could be just keeping domain names visited (probably more likely), but even then one could work out personal detail. (eg, I hit a particular domain name quite hard as it's my personal homepage).

Boy, am I glad I moved over from BT... :D
 
chio said:
I object to being snooped on and treated like a criminal when I'm doing nothing wrong on the net
Click to expand...

Whoah there cowboy! How do you expect us to believe you don't act like a criminal on the net if you don't actually let us monitor you?

chio said:
...and used as extra advertising money by an ISP I already pay over the odds for.
Click to expand...

They're entitled to that money - look, it's already factored in to next years profits! So it's real. You wouldn't steal a car from them, would you? Not viewing ads is and buying things is like killing a policeman and shitting in his helmet.

jæd said:
Well.... The URl spec is pretty detailed, so what is and what isn't a page is fully standardised. Though there will be problems with things like URL re-writing.
Click to expand...

How does it deign to tell the difference between, say, things on http://mydomain.org and things on http://mydomain.org/webmail? Or http://stdpikachu.networkingsite.com or http://networkingsite.com/stdpikachu? I realise that, technically, it's possible to filter out anything and everything that could be personally identifiable... I'm just saying that, from a technical perspective, it's be far, far easier to conveniently let in that stuff in if we can just block http://webmailforlotsofpeople.com and tell people we're protecting privacy, honest. Lip service to BT's ringpiece.

jæd said:
They could be just keeping domain names visited (probably more likely), but even then one could work out personal detail. (eg, I hit a particular domain name quite hard as it's my personal homepage).
Click to expand...

Of course, they're also going to obscure and rewrite URL's that contain usernames, UID's, sessions ID's and any other number of cruft. Again, my main problem is not what data they're going to throw away, it's about the user not getting a choice to tell them whether to send it to them in the first place. The fact that their patents and such pretty much say this is planned to be a multi-protocol things says, to my overly paranoid brain, that they're going to scan every single piece of code that comes out of your computer if they think they can get away with it.

Don't let them get that far.
 
stdPikachu said:
How does it deign to tell the difference between, say, things on http://mydomain.org and things on http://mydomain.org/webmail? Or http://stdpikachu.networkingsite.com or http://networkingsite.com/stdpikachu?
Click to expand...

Removing URL paths just needs the appropriate regex... Tres easy...

stdPikachu said:
I realise that, technically, it's possible to filter out anything and everything that could be personally identifiable... I'm just saying that, from a technical perspective, it's be far, far easier to conveniently let in that stuff in if we can just block http://webmailforlotsofpeople.com and tell people we're protecting privacy, honest. Lip service to BT's ringpiece.
Click to expand...

I don't think its so easy... How does one tell the difference between stdpikachu.org.uk and my-big-anime-sight.com...? Ie, unless you can work out the difference between a personal home-page site and public web-site its going to be a privacy problem.

The scheme should've been opt-in from the start. That it isn't makes it stink from high heaven. And who know's what BT, Virgin etc, have that they aren't telling us...?
 
"Auditors found the firm "provides reasonable assurance" that it conforms to privacy standards.

That reasonable assurance is good enough for BT. "The simple answer is 'yes'," a spokesman replied when asked today if it is aware of Phorm's provenance and is happy to sell data to it."
Click to expand...

Any ISP who sells data to this firm can fuck right off.

In fact that's it - with the three businesses I oversee I can pull roughly £10,000 worth of business away, so I shall be writing to BT asking them for my code to switch provider and explaining why I don't want data sent to Kunt Ertugrul.
ertugrul.jpg
 
When I phoned BT to ask for the MAC code earlier, it took over 45 minutes and the operator sounded rather fed-up. Are lots of people asking for cancellation codes?
 
jæd said:
Removing URL paths just needs the appropriate regex... Tres easy...
Click to expand...

What's the right regex? For this and a million other possible links? There's no one regex that'll get it right because there's too many possible combinations.

jæd said:
The scheme should've been opt-in from the start. That it isn't makes it stink from high heaven. And who know's what BT, Virgin etc, have that they aren't telling us...?
Click to expand...

Too fucking right. The way BT have handled this whole thing reeks of corruption and back-room deals.
 
stdPikachu said:
What's the right regex? For this and a million other possible links? There's no one regex that'll get it right because there's too many possible combinations.
Click to expand...

See the relevent RFC that governs how URLs are constructed... It will explain how they are generated and working backwards will give you a regex for extracting paths are returning domain names...

Alternately, try Google...
 
perplexis said:
That should be easy enough to achieve, no? Just some kind of semi-advanced crawler script...
Click to expand...

skunkboy69 said:
Never fear.A Firefox plugin to combat this little beastie has already been released.

http://www.dephormation.org.uk/

That'll teach em
Click to expand...

Another Firefox Extension is available...

http://www.trackmenot.org/

"TrackMeNot Protects users against search data profiling by issuing randomized queries to popular search engines."

When I heard the news about Phorm I contacted Talk Talk (my broadband supplier) and logged an official complaint stating that I did not give my consent to the proposals. I guess others did the same too... it's funny how they changed from "no-choice" to "opt-out" over the course of a few days.

I've also added my name to this online petition...
http://petitions.pm.gov.uk/ispphorm/

The reg has just commented that Trend Micro will be tagging Phorm in its adware warning database. Phorm is now official deemed to be spyware!
 
The advertising bit is not really the issue - the problem is the recording and sharing logs of sites that you have visited. The increasing decemination of this information is an invasion of privacy.
 
jæd said:
See the relevent RFC that governs how URLs are constructed... It will explain how they are generated and working backwards will give you a regex for extracting paths are returning domain names...
Click to expand...

That's all well and good, but what regex are they going to use to strip all the names and any other personally identifiable information from page XYZ? How will they know which bit of a URL is a username or a UID or a SID, unless they're planning to write a regex for every site on the net? And do you really think Phorm will go to the effort?

Edit: after reading RFC 1738 and 2616, I don't see anything recommending where the user portion of a URL should live, therefore I'm going to surmise that BT/Phorm are talking utter fucking bollocks when they say their magical anonymiser is anything but a "we delete the stuff we know is about you, everything else goes through" proxy rewrite.
 
stdPikachu said:
That's all well and good, but what regex are they going to use to strip all the names and any other personally identifiable information from page XYZ? How will they know which bit of a URL is a username or a UID or a SID, unless they're planning to write a regex for every site on the net? And do you really think Phorm will go to the effort?
Click to expand...

Quickest way is to strip everything to the right of "?" in an url... (ie, the query string). This won't strip out personal info if there's url re-writing being performed though. so to avoid this then strip out the query path. (Everything to the right of the "/" after the domain name.

You still have the problem noted earlier with personalised domain names, so you can't 100% guarantee that a url has been made anonymous, so Phorm are telling porkies.. :D
 
Just checked with Be, they say "Be* is not doing this and there are no plans to do it in the near future."

Boldy bit suggests they may need keeping an eye on :hmm:
 
Radar said:
Just checked with Be, they say "Be* is not doing this and there are no plans to do it in the near future."

Boldy bit suggests they may need keeping an eye on :hmm:
Click to expand...

I phoned a local ISP the other day and asked about this, the techie there said he thought it was creepy and they'd never dream of running such a system. I'm switching over to them at some point next week (they did send an email with a date, but I've forgotten) :)
 
Trouble is, when the millions start to flow, other ISPs won't be able to resist the loot or, even, those who are signed up will use the cash to cut their prices (unfair competition IMO) and put a serious squeeze on the rest.
 
gnoriac said:
Trouble is, when the millions start to flow, other ISPs won't be able to resist the loot or, even, those who are signed up will use the cash to cut their prices (unfair competition IMO) and put a serious squeeze on the rest.
Click to expand...

Not if enough people vote with their feet. From how busy their phone line to ask for a MAC code was the other day, I'm pretty sure BT for one are losing a reasonable amount of business. It's had negative coverage in the national press and on TV and radio this week. Could the revenue lost from long-term customers on high-end packages clearing off to other ISPs be more than what Phorm is giving to them? The provider I'm moving to is probably too small to be bothered about this sort of thing anyway; I'm guessing the likes of Phorm would only be worthwhile if you're one of the ones with millions of customers, not a few thousand.
 
gnoriac said:
Trouble is, when the millions start to flow, other ISPs won't be able to resist the loot or, even, those who are signed up will use the cash to cut their prices (unfair competition IMO) and put a serious squeeze on the rest.
Click to expand...

Isn't gang-raping your customers without consent still illegal though?

As the El Reg stories keep saying, there's serious doubt whether this system is actually legal WRT to RIPA and other data privacy laws. But as you say, it's a slippery slope that almost every consumer ISP will follow if Phorm get a toehold now. It's easy to spin this to non-techy customers as candy-flavoured rainbows ("No more annoying ads about stuff you don't want! Built-in fission protection! A kitten will come out of your computer every seven minutes to wuv you!") so it's very likely that even if it's made opt-in only that enough people could sign up for it it'd bring in enough moolah to drastically effect the bottom line.

Even if BT and co. backpedal on this and do make it opt-in, expect them to plug it hard - they're clearly in this up to their nutsack if the continuing stream of lies, guile and deceit are anythign to go by. Wonder if any BT directors are tangentially involved with Phorm...? Has Private Eye picked up on this yet?
 
You must log in or register to reply here.

Similar threads

Cloo
Question Can you sell code you have developed onto someone else to take forward?
Replies
13
Views
624
Cloo
Cloo
editor
Help Software to let me select videos to be displayed on projector via HDMI
Replies
14
Views
668
elbows
elbows
ATOMIC SUPLEX
Help My Sony 2TB drive does not appear to be working anymore. . . What can I do?
2
Replies
33
Views
707
editor
editor
neonwilderness
Easiest way to set up a live video stream?
Replies
8
Views
395
neonwilderness
neonwilderness
two sheds
Windows 10 support ends October 14 unless you do something before then
Replies
9
Views
179
gentlegreen
gentlegreen
Back
Top Bottom