| reply to Phorm Comms
Re: Do I understand this correctly? said by Phorm Comms :
Hope it's okay if I jump in here for a second?
Hi Comms Team - thought you'd pop up.
said by Phorm Comms :said by Tetchy :
every HTTP requests is countered with a redirect onto Phorms domain, then redirected back to the actual domain, before the request gets sent to the target website.
Nope - Roughly 99% of the stream is untouched, with no redirect at all. Thats interesting. So you only watch 1% of my browsing? Not what Virasb Vahidi said in the NY Times:
»www.nytimes.com/2008/03/20/busin···f=slogin
“As you browse, we’re able to categorize all of your Internet actions,” said Virasb Vahidi, the chief operating officer of Phorm. “We actually can see the entire Internet.”
said by Phorm Comms :said by Tetchy :
opt-out is by setting a cookie on your browser, but you still need to be redirected via Phorm's servers to read the value of the opt-out cookie! Also the cookie could be wiped if you have a monthly clean-out like I do. Then you'd be opted back in.
second part is true, but concerned people who delete cookies can simply set webwise.net as a blocked cookie in their browser, and they will never be opted back in or seen by any Phorm server. First part is definitely not true - if you're opted out, either by Opt Out cookie or by blocking the cookie, the ISP-located (not Phorm in any case) server ignores the computer altogether. No data is ever analyzed or passed to Phorm if you're opted out. But the redirects to the Phorm server just to read the cookie take a finite time. So even if you opt out, you've still got the system messing with your connection.
said by Phorm Comms :said by Tetchy :
what if a rogue employee or a hacker got in? Clearly, somebody's not reading up on the product and just reading the misinformation out there, or is worried that Phorm is like all the search companies out there storing your search history for years. Anyone who hacked in and stole the entire database would get random numbers associated with Advertising Categories and timestamps. Nothing personal, no IP addresses, nothing to identify the user or sensitive product categories (that's right, you can't actually have a category for adult or gambling or medical, etc.). Here's an answer from the CEO himself: » www.phorm.com/videos/Is_the_data···ked.html You just don't get it, do you? What you say is true, but what I as a software security professional am concerned with is what if someone ALTERS the phorm software? The Phorm system is so invasive, it sits there at the heart of the ISP and is a basic security risk. In the UK it's illegal under RIPA, according to respected academic think tank FIPR. Did someone at their ISP fail in their due dilligence? I can't speak for the states but you're not wanted in the UK.
|
