Comments on: The Phorm storm http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/ Protecting your rights in the digital age Fri, 09 May 2008 23:39:39 +0000 http://wordpress.org/?v=2.5.1 By: David S http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163541 David S Fri, 11 Apr 2008 23:02:32 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163541 Gee, why don't they just install a key logger... seriously we know where the UK government stands don't we, can you really imagine this government batting an eyelid stopping them, may be even using Phorm as a proxy to catch the 'bad guys'. If this does contravene the Data Protection Act 1998 howcome the ISPs are getting away with it and not been sued to date, no one bothered? Hope I'm wrong.... maybe this is the way that Internet is going, note how it alway's starts with the big guys, BT and Virgin I mean. Gee, why don’t they just install a key logger… seriously we know where the UK government stands don’t we, can you really imagine this government batting an eyelid stopping them, may be even using Phorm as a proxy to catch the ‘bad guys’.

If this does contravene the Data Protection Act 1998 howcome the ISPs are getting away with it and not been sued to date, no one bothered?

Hope I’m wrong…. maybe this is the way that Internet is going, note how it alway’s starts with the big guys, BT and Virgin I mean.

]]> By: The Open Rights Group : Blog Archive » ORG and FIPR meet with Phorm http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163422 The Open Rights Group : Blog Archive » ORG and FIPR meet with Phorm Fri, 28 Mar 2008 11:07:15 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163422 [...] that they are selling to BT, Virgin and TalkTalk actually work. Over the last few weeks, the story that three of the UK’s major ISPs are signed up to trial Phorm, which tracks users’ online surfing habits in order to serve them targeted ads, has been met with [...] [...] that they are selling to BT, Virgin and TalkTalk actually work. Over the last few weeks, the story that three of the UK’s major ISPs are signed up to trial Phorm, which tracks users’ online surfing habits in order to serve them targeted ads, has been met with [...]

]]> By: Phorm..... - The Consumer Forums http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163386 Phorm..... - The Consumer Forums Sat, 22 Mar 2008 01:31:03 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163386 [...] Phorm..... The Open Rights Group : Blog Archive The Phorm storm stop the press: care of the US NY times and LadyMinion at [...] [...] Phorm….. The Open Rights Group : Blog Archive The Phorm storm stop the press: care of the US NY times and LadyMinion at [...]

]]> By: Privacy what Privacy http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163385 Privacy what Privacy Fri, 21 Mar 2008 15:50:18 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163385 Privacy what Privacy, I now have noted two Entities trying to track me through the Web System using Data that BT /Phorm say they are "NOT" collecting???? I may as well tell them they are at the moment going up a blind alley, but if they find me beware my "BITE" is far worse than my "BARK"! Privacy what Privacy, I now have noted two Entities trying to track me through the Web System using Data that BT /Phorm say they are “NOT” collecting????

I may as well tell them they are at the moment going up a blind alley, but if they find me beware my “BITE” is far worse than my “BARK”!

]]> By: pip http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163384 pip Fri, 21 Mar 2008 15:44:23 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163384 stop the press: care of the US NY times and LadyMinion at http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-102.html#post34510801 for first spoting it. http://www.nytimes.com/2008/03/20/business/media/20adcoside.html?ref=business ""Quote: " As you browse, we're able to categorize all of your Internet actions ," said Virasb Vahidi, the chief operating officer of Phorm. " We actually can see the entire Internet ." The company, called Phorm, has created a tool that can track every single online action of a given consumer, based on data from that person's Internet service provider." what do you make of that then, puts a while new meaning to official statments such as "Phorm technology is groundbreaking because it serves relevant advertising (we can have a separate debate about that, but I suspect you're a realist and believe that without advertising support, lots of sites wouldn't exist) without storing data: no PII no IP address no browsing histories." and all the rest, dont you think?. i wonder what the UK and EU data commissioners and the courts will make of it,to name but three, comments.... remember people, we have this: tell your friends, use it. "UK consumers wake up to privacy" link: http://www.ico.gov.uk/upload/documents/pressreleases/2008/information_rights_press_release_final1.pdf For a copy of the ‘Data Protection Guide for Dummies’ please go to www.ico.gov.uk Our data protection rights • An organisation should tell you what it is going to do with your information before you provide any details unless this is obvious • Your information should only be used for the reason it was collected in the first place (unless you give your consent to your information being used in other ways) • An organisation should not collect any information which is unnecessary. You only need to provide the basic information which is required to deliver the service required • Your information should be kept accurate and up to date – if you ask any organisation to make changes to your details, it should do this • An organisation should not keep your details if they are no longer needed • An organisation must provide you with copies of all information held on you - if you ask. You can also ask an organisation to stop using your personal information if it is causing you damage or distress or if you wish to stop it being used for marketing purposes. • An organisation must keep your personal information secure at all times • An organisation should not transfer your personal details to another country unless adequate data protection arrangements are in place. and then it goes on to say.... David Smith said: “For any of us to have trust in an organisation we must be confident that our information is held securely and processed in line with data protection rules. If we all regularly start to ask the right questions then organisations will respond to public demand and take the protection of our personal information more seriously. If organisations fail to recognise the importance of data protection they not only risk losing business. They could also face action from the ICO.” stop the press:

care of the US NY times and LadyMinion at
http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-102.html#post34510801 for first spoting it.

http://www.nytimes.com/2008/03/20/business/media/20adcoside.html?ref=business
“”Quote:
” As you browse, we’re able to categorize all of your Internet actions ,” said Virasb Vahidi, the chief operating officer of Phorm. ” We actually can see the entire Internet .”

The company, called Phorm, has created a tool that can track every single online action of a given consumer, based on data from that person’s Internet service provider.”

what do you make of that then, puts a while new meaning to
official statments such as
“Phorm technology is groundbreaking because it serves relevant advertising (we can have a separate debate about that, but I suspect you’re a realist and believe that without advertising support, lots of sites wouldn’t exist) without storing data: no PII no IP address no browsing histories.”

and all the rest, dont you think?.

i wonder what the UK and EU data commissioners and the courts will make of it,to name but three, comments….

remember people, we have this: tell your friends, use it.

“UK consumers wake up to privacy”

link: http://www.ico.gov.uk/upload/documents/pressreleases/2008/information_rights_press_release_final1.pdf

For a copy of the ‘Data Protection Guide for Dummies’ please go to http://www.ico.gov.uk

Our data protection rights

• An organisation should tell you what it is going to do with your information before you provide any details unless this is obvious

• Your information should only be used for the reason it was collected in the first place (unless you give your consent to your information being used in other ways)

• An organisation should not collect any information which is unnecessary. You only need to provide the basic information which is required to deliver the service required

• Your information should be kept accurate and up to date – if you ask any organisation to make changes to your details, it should do this

• An organisation should not keep your details if they are no longer needed

• An organisation must provide you with copies of all information held on you - if you ask. You can also ask an organisation to stop using your personal information if it is causing you damage or distress or if you wish to stop it being used for marketing purposes.

• An organisation must keep your personal information secure at all times

• An organisation should not transfer your personal details to another country unless adequate data protection arrangements are in place.

and then it goes on to say….

David Smith said: “For any of us to have trust in an organisation we must be confident that our information is held securely and processed in line with data protection rules. If we all regularly start to ask the right questions then organisations will respond to public demand and take the protection of our personal information more seriously. If organisations fail to recognise the importance of data protection they not only risk losing business. They could also face action from the ICO.”

]]> By: Vic Z http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163382 Vic Z Fri, 21 Mar 2008 12:54:17 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163382 Let's be clear, it is the ISPs who are responsible here, it is they who are potentially breaking the law, Phorm is only (one of several) tools that are available for them to use. Yet they are keeping their heads down while everyone hurls abuse at Phorm - an easy target for sure given their past and their sleazy PR machine - and will no doubt move quickly on to yet another intrusive technology if this one doesn't work out. Let’s be clear, it is the ISPs who are responsible here, it is they who are potentially breaking the law, Phorm is only (one of several) tools that are available for them to use. Yet they are keeping their heads down while everyone hurls abuse at Phorm - an easy target for sure given their past and their sleazy PR machine - and will no doubt move quickly on to yet another intrusive technology if this one doesn’t work out.

]]> By: Tim http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163377 Tim Thu, 20 Mar 2008 17:21:50 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163377 UK ISPs using Phorm and other such intercept/profiling technologies without the explicit consent of their customers are acting immorally and more than likely illegally. It is almost inevitable that countries like Burma, Iran, China & others will seek to acquire Phorm or similar technologies to assist in profiling and targeting legitimate dissenters. There needs to be a blanket ban on the export of Phorm & similar intercept/profiling technologies to repressive regimes. UK ISPs using Phorm and other such intercept/profiling technologies without the explicit consent of their customers are acting immorally and more than likely illegally.

It is almost inevitable that countries like Burma, Iran, China & others will seek to acquire Phorm or similar technologies to assist in profiling and targeting legitimate dissenters.

There needs to be a blanket ban on the export of Phorm & similar intercept/profiling technologies to repressive regimes.

]]> By: ethority blog » Phrom- ein britischer Trageting Anbieter unter Beschuss http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163372 ethority blog » Phrom- ein britischer Trageting Anbieter unter Beschuss Wed, 19 Mar 2008 16:25:16 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163372 [...] Telecom ein, ohne dass der User dieses bemerken kann. Exemplarisch sollte hier ein Blogbeitrag auf openrightsgroup.org [...] [...] Telecom ein, ohne dass der User dieses bemerken kann. Exemplarisch sollte hier ein Blogbeitrag auf openrightsgroup.org [...]

]]> By: ISP Intercepting & Redirecting DNS http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163364 ISP Intercepting & Redirecting DNS Tue, 18 Mar 2008 16:23:37 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163364 This is part & parcel of the same problem we have with Phorm but the ISP DNS Service needs closer monitoring. See below for some details of what can be done with DNS some legitimate, but some really dodgy trends which are becoming more & more prevalent! C:\>nslookup www.google.com 208.67.222.222 Server: resolver1.opendns.com Address: 208.67.222.222 Non-authoritative answer: Name: www.l.google.com Addresses: 216.239.59.103, 216.239.59.99, 216.239.59.104, 216.239.59.147 Aliases: www.google.com C:\>nslookup www.goggogllle.com 208.67.222.222 Server: resolver1.opendns.com Address: 208.67.222.222 Non-authoritative answer: Name: www.goggogllle.com Address: 208.69.32.130 ***Relocated 404 Error to Serve Ads etc!**** ******** $$$$This should be a 404 error returned to Browser as below to report not found!!!$$$ *** resolver1.opendns.com can't find www.goggogllle.com: Non-existent domain ********* C:\>nslookup www.google.com 4.2.2.2 Server: vnsc-bak.sys.gtei.net Address: 4.2.2.2 Non-authoritative answer: Name: www.l.google.com Addresses: 66.249.91.103, 66.249.91.147, 66.249.91.104, 66.249.91.99 Aliases: www.google.com C:\>nslookup www.goggogllle.com 4.2.2.2 Server: vnsc-bak.sys.gtei.net Address: 4.2.2.2 *** vnsc-bak.sys.gtei.net can't find www.goggogllle.com: Non-existent domain C:\>nslookup www.google.com 194.74.65.69 Server: ns7.bt.net Address: 194.74.65.69 Non-authoritative answer: Name: www.l.google.com Addresses: 66.249.91.147, 66.249.91.103, 66.249.91.99, 66.249.91.104 Aliases: www.google.com C:\>nslookup www.goggogllle.com 194.74.65.69 Server: ns7.bt.net Address: 194.74.65.69 *** ns7.bt.net can't find www.goggogllle.com: Non-existent domain C:\>nslookup www.google.com 217.146.139.5 Server: ns1.de.eu.orsn.net Address: 217.146.139.5 Non-authoritative answer: Name: www.l.google.com Addresses: 209.85.129.104, 209.85.129.99, 209.85.129.147 Aliases: www.google.com C:\>nslookup www.goggogllle.com 217.146.139.5 Server: ns1.de.eu.orsn.net Address: 217.146.139.5 *** ns1.de.eu.orsn.net can't find www.goggogllle.com: Non-existent domain C:\>nslookup www.google.com 67.138.54.100 Server: 067-138-054-100.nsi-communications.com Address: 67.138.54.100 Non-authoritative answer: Name: www.l.google.com Addresses: 64.233.167.99, 64.233.167.147, 64.233.167.104 Aliases: www.google.com C:\>nslookup www.goggogllle.com 67.138.54.100 Server: 067-138-054-100.nsi-communications.com Address: 67.138.54.100 Name: www.goggogllle.com Address: 67.138.54.98 ***Relocated 404 Error to Serve Ads etc!**** ******** $$$$This should be a 404 error returned to Browser as below to report not found!!!$$$ *** 067-138-054-100.nsi-communications.com can't find www.goggogllle.com: Non-existent domain ********* Notice all the Different Aliases for www.google.com depending on the ISP DNS Server, this of course "could be" entirely genuine in order to handle the router traffic, or it "could be" a redirect through one of their own router's for another purpose? ***************************** **dns.sysip.net was logged as a BT DNS Server by MY ROUTER last year for example!** If I had known why at the time I would have kept the log! **************************** The worrying trend is that some ISP's have started to redirect the user to a custom page when a webpage is misspelt etc. *See Above* Even more worrying is that some sites are reporting detections of some rogue ISPs intercepting DNS calls & replacing the call with their own DNS aliases!! Redirection of DNS is like redirection of your mail, legitimate if done properly by your Service, but redirection or interception is illegal unless due process of law is followed! ****Therefore DNS Servers/ISP DNS Servers need closer monitoring to comply with safe use on the Internet!**** ************************************** BT J'Accuse of redirecting/intercepting my legitimate communications with others, without due consent of Law & I insist you remove all such monitoring devices forthwith, which may still be doing so at present! ************************************** This is part & parcel of the same problem we have with Phorm but the ISP DNS Service needs closer monitoring.

See below for some details of what can be done with DNS some legitimate, but some really dodgy trends which are becoming more & more prevalent!

C:\>nslookup http://www.google.com 208.67.222.222
Server: resolver1.opendns.com
Address: 208.67.222.222
Non-authoritative answer:
Name: http://www.l.google.com
Addresses: 216.239.59.103, 216.239.59.99, 216.239.59.104, 216.239.59.147
Aliases: http://www.google.com

C:\>nslookup http://www.goggogllle.com 208.67.222.222
Server: resolver1.opendns.com
Address: 208.67.222.222
Non-authoritative answer:
Name: http://www.goggogllle.com
Address: 208.69.32.130 ***Relocated 404 Error to Serve Ads etc!****
********
$$$$This should be a 404 error returned to Browser as below to report not found!!!$$$
*** resolver1.opendns.com can’t find http://www.goggogllle.com: Non-existent domain
*********

C:\>nslookup http://www.google.com 4.2.2.2
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
Non-authoritative answer:
Name: http://www.l.google.com
Addresses: 66.249.91.103, 66.249.91.147, 66.249.91.104, 66.249.91.99
Aliases: http://www.google.com

C:\>nslookup http://www.goggogllle.com 4.2.2.2
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
*** vnsc-bak.sys.gtei.net can’t find http://www.goggogllle.com: Non-existent domain

C:\>nslookup http://www.google.com 194.74.65.69
Server: ns7.bt.net
Address: 194.74.65.69
Non-authoritative answer:
Name: http://www.l.google.com
Addresses: 66.249.91.147, 66.249.91.103, 66.249.91.99, 66.249.91.104
Aliases: http://www.google.com
C:\>nslookup http://www.goggogllle.com 194.74.65.69
Server: ns7.bt.net
Address: 194.74.65.69
*** ns7.bt.net can’t find http://www.goggogllle.com: Non-existent domain

C:\>nslookup http://www.google.com 217.146.139.5
Server: ns1.de.eu.orsn.net
Address: 217.146.139.5
Non-authoritative answer:
Name: http://www.l.google.com
Addresses: 209.85.129.104, 209.85.129.99, 209.85.129.147
Aliases: http://www.google.com

C:\>nslookup http://www.goggogllle.com 217.146.139.5
Server: ns1.de.eu.orsn.net
Address: 217.146.139.5
*** ns1.de.eu.orsn.net can’t find http://www.goggogllle.com: Non-existent domain

C:\>nslookup http://www.google.com 67.138.54.100
Server: 067-138-054-100.nsi-communications.com
Address: 67.138.54.100
Non-authoritative answer:
Name: http://www.l.google.com
Addresses: 64.233.167.99, 64.233.167.147, 64.233.167.104
Aliases: http://www.google.com

C:\>nslookup http://www.goggogllle.com 67.138.54.100
Server: 067-138-054-100.nsi-communications.com
Address: 67.138.54.100
Name: http://www.goggogllle.com
Address: 67.138.54.98 ***Relocated 404 Error to Serve Ads etc!****
********
$$$$This should be a 404 error returned to Browser as below to report not found!!!$$$
*** 067-138-054-100.nsi-communications.com can’t find http://www.goggogllle.com: Non-existent domain
*********

Notice all the Different Aliases for http://www.google.com depending on the ISP DNS Server, this of course “could be” entirely genuine in order to handle the router traffic, or it “could be” a redirect through one of their own router’s for another purpose?
*****************************
**dns.sysip.net was logged as a BT DNS Server by MY ROUTER last year for example!**
If I had known why at the time I would have kept the log!
****************************
The worrying trend is that some ISP’s have started to redirect the user to a custom page when a webpage is misspelt etc. *See Above*

Even more worrying is that some sites are reporting detections of some rogue ISPs intercepting DNS calls & replacing the call with their own DNS aliases!!

Redirection of DNS is like redirection of your mail, legitimate if done properly by your Service, but redirection or interception is illegal unless due process of law is followed!

****Therefore DNS Servers/ISP DNS Servers need closer monitoring to comply with safe use on the Internet!****

**************************************
BT J’Accuse of redirecting/intercepting my legitimate communications with others, without due consent of Law & I insist you remove all such monitoring devices forthwith, which may still be doing so at present!
**************************************

]]> By: M http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163363 M Tue, 18 Mar 2008 13:10:27 +0000 http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/#comment-163363 I pretty much sure that is dodgy business making by dodgy people audited by dodgy auditing company. I afraid that there are some secret services behind who will have a simple ability to gather web-profiles on citizens in addition to dna, fingerprints, cctv records etc. I think that the only way to win over this - to spread truth in mass. To educate public and make this kind of business feel dirty. Then BT, Virgin and other gridy businesses will abandon partnership being afraid to lose money on bad publicity. I personally see those people same as Soho brothel owners who can do anything to get rich. I despise them. I pretty much sure that is dodgy business making by dodgy people audited by dodgy auditing company.

I afraid that there are some secret services behind who will have a simple ability to gather web-profiles on citizens in addition to dna, fingerprints, cctv records etc.

I think that the only way to win over this - to spread truth in mass. To educate public and make this kind of business feel dirty. Then BT, Virgin and other gridy businesses will abandon partnership being afraid to lose money on bad publicity.

I personally see those people same as Soho brothel owners who can do anything to get rich. I despise them.

]]>