HEDP
join:2008-04-27
Miami, FL | ...
"A former rootkit developer secretly buying your browsing history under the guise of an anti-phishing solution? What could go wrong?"
This isn't the first time it has happened or is happening currently. You shouldn't be surprised. |
|
Karl Bode
News Guy
join:2000-03-02
Host:
Road Runner
PC gaming GAMES
PC gaming Tech
| This isn't the first time that a British rootkit developer changed their name, became a behavioral advertising developer, conned all of Britain into thinking they had changed their stripes and were selling anti-phishing software, and then triggered a global privacy firestorm?
Or do you mean it's not the first time a sleazy group has continued to show sleazy tendencies? Because if the latter, yes I agree. |
|
sbrook
Premium,Mod
join:2001-12-14
H0H 0H0 | So, I visit a page with an Ad, and phorm replaces it?
If I was the original advertiser, I would be SO PISSED OFF. Again, it's all a matter of the sanctity of the content of packets being violated. Even if it's an ad! |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| they are still at it - 121Media
Amazing, legally BT under its Terms and Conditions, could not drop the cookie to enable tracking so instead they let 121Media to do it stealthily
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008 |
|
HEDP
join:2008-04-27
Miami, FL
| reply to Karl Bode
Re: ...
Pretty much a little bit of both. I am on a Charter line as I write this to you. Coming from the underground there are many ways to keep track of consumer information, and this is simply doing it on a large scale.
You can start with any basic home network and simply expand from that little branch into many sections where data can travel without a user knowing other than some behavior patterns done by packet inspections.
If these companies are so out of shape that they need to enforce caps and have network capacity issues, one month of consumers not paying their bills or simply cancel their service will bring a major blow to a companies financial table. If these issues where so important, someone would of started another ISP.
The problem is that how the internet works, if one person has it, it does not really matter who else get's it. Any traffic between peering points will be logged, and copied. So the moment AT&T did what they where doing, everyone who traveled through AT&T's backbone has been affected and with such a massive backbone they have, I am sure just getting to this website I have traveled through their network.
Someone with a small understanding of basic TCP/IP will know that there is always a trace. Since data can be intercepted or seen so easily traveling through the network, a basic tool such as a lan sniffer is all you really need to do in order to see.
The man is no mastermind, but he can cause a lot of damage. Why bother attacking the OS after all, that's becoming hard now with Vista and Mac. Just attack the network directly by selling a product that is useful to ISPs but at the same time useful information for identity thieves.
By the way Karl, I just hope that you let nobody change your mind and speak in what you believe in. I speak what I believe in even though nobody really agrees with me, but that's the nature of being true to yourself and others.
The internet is the biggest P2P network their is, anyone who tells you something different is a liar, and should be buried alive. Don't let AT&T and Verizon control the internet gates to the rest of the world, that's all I really ask of you. |
|
Do Not Trust
@co.uk | Don't Pimp Me Bro
When your ISP starts pimping your own browsing habits, maybe its time to change your ISP.
»www.DoNotTrustWebwise.org |
|
Corydon
Cultivant son jardin
Premium
join:2008-02-18
Denver, CO
clubs:
 ·Comcast
1 edit | So let's suppose that Qwest (another company in financial straits) decides to do something like this.
And let's further suppose that you live in a community serviced by Qwest and Charter.
Who, precisely, do you propose changing your ISP to? AOL?
--
My opinions are my own. No-one else would want them! |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| The other evil
The selling of customers' browsing data (or access to it) is widely recognized as offensive and objectionable to the customers. The other evil in this situation is less recognized, but ultimately even worse: ISPs could gain a licence to falsify data on its way from one person to another.
This pdf is notes of a presentation that Phorm marketers gave for prospective customers. It has lots of technical detail beyond what has been known to most "netizens" so far.
And among other things, the phorm system installed at an ISP redirects requests (there's a request when you click a link or bookmark, or type in a URL) invisibly to a user, and "impersonates" the destination site long enough to contaminate the request/response with Phorm code.
If this somehow becomes accepted as legitimate, it will become hard to trust anything received over the wires, or to be sure that what one transmits is received unaltered at the other end, unless it's encrypted. Once given this power, ISPs or companies they contract with will sooner or later escalate to "filtering" pages deemed undesirable, and eventually rewriting content.
We shouldn't have to accept this any tampering at all in order to obtain internet access.
If you feel the same, please write to your Congress-people and demand laws that require *Separate* consent for data-interception (so they can't require you to consent in order to get internet service). |
|
EPS
join:2008-02-13
Hingham, MA | reply to Corydon
Re: Don't Pimp Me Bro
AOL isn't doing so hot either, and don't they basically use the same thing with their software client, except that they don't have to alter the content of pages to serve their ads? (Alright, that's a big difference, but data is still being examined) |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
2 edits | reply to Corydon
said by Corydon  :So let's suppose that Qwest (another company in financial straits) decides to do something like this. And let's further suppose that you live in a community serviced by Qwest and Charter. Who, precisely, do you propose changing your ISP to? AOL? You can always use a VPN based proxy service. Then the ISP can't see your web pages to modify them since they are encrypted. The only thing they will see is that you are going to the VPN proxy web site - nothing more. Assuming, of course, your VPN proxy service isn't also being modified somewhere by their ISP or host provider.
Here is only 1 example. There are many others:
»www.banana-vpn.net/supportfaq.htm
And it will cost you $20/mo.
--
My BLOG .. .. Internet News .. .. My Web Page |
|
knightmb
Everybody Lies
join:2003-12-01
Franklin, TN
 ·AT&T DSL Service
| reply to Karl Bode
Fight Back
See my signature for a link to generate data to pollute their product. As was pointed out on Slashdot, I'm sure they can ignore the invalid domains, so that's why I recommend using the "mix with fake sites" option.
Due to this, I may end up tweaking the anti site a little to include an option of "just use all real sites" and put a little link on the page to "suggest a site" to add into the random rotation.
All the suggested links will have to be checked first (in case someone gets a funny idea to use a phishing/hack site or a site with their own personal referral number). But since it's all client accessed, they won't be able to stop the pollution attack short of just banning your IP from the list to watch (would that be so terrible of a ban list that they quit watching you?  )
--
Fight NebuAD and the like:
Click Here to pollute their data |
|
Anti Rootkit
@co.uk | reply to Karl Bode
Re: ...Nationality
phorm is a US company registered in Delaware. The principal officers and developers are Russian. |
|
openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| reply to swhx7
Re: The other evil
said by swhx7 :And among other things, the phorm system installed at an ISP redirects requests (there's a request when you click a link or bookmark, or type in a URL) invisibly to a user, and "impersonates" the destination site long enough to contaminate the request/response with Phorm code. You mean like a proxy server? |
|
MarkH
reserved for later use
Premium
join:2002-12-19
| »www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf
That link is a report done on the system phorm want to employ, it was authored by Dr Richard Clayton of the University of Cambridge.
Phorm have not disputed any of the claims made in Dr Clayton's report, as you will see, it is far more reaching than any simple proxy.
The system actually forges cookies, even for sites that don't use them, it employs multiple redirects to achieve their forgery, and is generally very intrusive.
»www.lightbluetouchpaper.org/about/ Dr Clayton has also made several postings to that blog with regard to the phorm situation. |
|
GlobalMind
Domino Dude, POWER Systems Guy
Premium
join:2001-10-29
Hollywood, FL
| So hold on...
I haven't looked into this all that much admittedly, but am I to understand that this system would inject ads onto websites which normally do not have ads on them?
Seems to me that any ISP does not have the legal right to modify the website code of a site they do not own, even if it's just on the delivery via this bodged up proxy type sytsem. After all, my site's content belongs to me regardless of the ISPs network it may travel over.
I still say it's all BS and that my browsing history belongs to me, not the ISP, regardless of whether it runs on their network. I generated the data after all.
--
TheGlobalMind.com | Speed costs money. How fast do you want to go? | Trust the instinct to the end, though you can render no reason. Ralph Waldo Emerson
|
|
Jason Levine
Premium
join:2001-07-13
USA
| reply to sbrook
Re: So, I visit a page with an Ad, and phorm replaces it?
And I would be extremely pissed off if I were the website operator. When I put ads on my website, it means one or two things:
1 - I, or the charity the ad is for, am making money off of the ad in question.
2 - I approve of this company's service.
By replacing those ads with other ads, they are depriving me of income, depriving charities of income, and using my name to insinuate that I approve of a product or service that I might actually be opposed to.
In fact, I would call this fraud since they are fraudulently using my (hopefully good) name and reputation to sell something. I could be defamation of character too. After all, if the product/service is bad, then my name/reputation might be damaged as a result.
--
-Jason Levine
Support a children's charity. Buy a calendar. Shooting For A Cause
Jason's Toolbox | PCQandA.com |
|
Jason Levine
Premium
join:2001-07-13
USA
| reply to GlobalMind
Re: So hold on...
I'm not sure if it will inject ads into an otherwise ad-free page, but it does take pages with ads, take out those ads, and insert ads from its own system in its place. The end result is that the webmaster (and possibly charity) doesn't get the ad revenue and the webmaster's good name and reputation is used without their consent for Phorm's profit (possibly damaging the webmaster's name/reputation in the process).
--
-Jason Levine
Support a children's charity. Buy a calendar. Shooting For A Cause
Jason's Toolbox | PCQandA.com |
|
Jason Levine
Premium
join:2001-07-13
USA
| Phorm is Spyware
In the past, we've seen applications that replaced ads on webpages with their own ads. We, rightfully, called these applications ad-ware or spyware. However, to do this a spyware purveyor needed to install a rogue application on your computer.
Phorm, however, just waved some cash under the noses of some ISPs and got their program installed on the ISP level. You can run all the anti-spyware applications ever developed and it won't help you one bit on this one. The ads on the pages you are viewing *will* be replaced if your ISP is running Phorm and Phorm decides to replace the ad. Let's call Phorm what it is: Spyware on a massive scale. (Now, in line with how other spyware vendors reacted, I wonder if Phorm will try to sue me for calling them spyware.)
--
-Jason Levine
Support a children's charity. Buy a calendar. Shooting For A Cause
Jason's Toolbox | PCQandA.com |
|
MarkH
reserved for later use
Premium
join:2002-12-19
| said by Jason Levine :Let's call Phorm what it is: Spyware on a massive scale.
To quote a phrase that has been used on a few forums: Intra-ISP-Spyware
There's no need for the target consumer to download a thing, the ISP sells them out for a few extra pieces of silver.
|
|
