By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,400 Members | 1,335 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,400 IT Pros & Developers. It's quick & easy.

Phorm setting its own persistent cookie for most websites...

P: n/a
WiW
FYI: It appears that Phorm (a targeted advertising system which taps into
ISP networks) will be setting its own persistent cookie for most every
website the user visits. It appears as though the cookie may be named
"webwise". One technical description of the system and this aspect can
be found via:

http://www.lightbluetouchpaper.org/2...ebwise-system/

or if you want to go straight to the report:

http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf

For those unfamiliar with Phorm:

http://news.google.com/news?hl=en&ne...h+News&q=Phorm
http://www.badphorm.co.uk

*sigh*
Apr 6 '08 #1
Share this Question
Share on Google+
8 Replies


P: n/a
On 04/06/08 09:38 am, WiW wrote:
FYI: It appears that Phorm (a targeted advertising system which taps into
ISP networks) will be setting its own persistent cookie for most every
website the user visits. It appears as though the cookie may be named
"webwise". One technical description of the system and this aspect can
be found via:
Firefox (and Seamonkey) allows you considerable control over how cookies
are managed. From accepting none at all, a whitelist or a blacklist of
sites, retained for the session or forever. Your choice.

--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
Apr 6 '08 #2

P: n/a
WiW

"Jim Moe" <jm***************@sohnen-moe.comwrote in message news:Ru******************************@giganews.com ...
On 04/06/08 09:38 am, WiW wrote:
>FYI: It appears that Phorm (a targeted advertising system which taps into
ISP networks) will be setting its own persistent cookie for most every
website the user visits. It appears as though the cookie may be named
"webwise". One technical description of the system and this aspect can
be found via:
Firefox (and Seamonkey) allows you considerable control over how cookies
are managed. From accepting none at all, a whitelist or a blacklist of
sites, retained for the session or forever. Your choice.
Your comment seems geared towards helping me, as a user, cope with the
system. While I appreciate that, I posted this here because there is a
potential issue for those of us who have websites. Namely, that this system
(and potentially others like it) will be setting cookies for our domains. Read
the report: http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf for the details.
Apr 6 '08 #3

P: n/a
"WiW" <wi*@invalid.invalidwrites:
FYI: It appears that Phorm (a targeted advertising system which taps into
ISP networks) will be setting its own persistent cookie for most every
website the user visits. It appears as though the cookie may be named
"webwise". One technical description of the system and this aspect can
be found via:

http://www.lightbluetouchpaper.org/2...ebwise-system/

or if you want to go straight to the report:

http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf
Very interesting. Thanks for the pointer.

It might be worth having a site that uses cookies in exactly the same
format as Phorm's cookies, so that it breaks if/when they strip them
out. At the very least this mechanism might provide a way for sites
to display a: "your connection is being monitored by Phorm with the
approval of your ISP" banner as part of an "opt out" campaign.

Of course, site owners (i.e. many readers here) may think this is the
way to go to get revenue, but the whole thing unsettles me deeply.

--
Ben.
Apr 6 '08 #4

P: n/a
WiW wrote:
>
"Jim Moe" <jm***************@sohnen-moe.comwrote in message
news:Ru******************************@giganews.com ...
>On 04/06/08 09:38 am, WiW wrote:
>>FYI: It appears that Phorm (a targeted advertising system which taps
into
ISP networks) will be setting its own persistent cookie for most every
website the user visits. It appears as though the cookie may be named
"webwise". One technical description of the system and this aspect can
be found via:
Firefox (and Seamonkey) allows you considerable control over how cookies
are managed. From accepting none at all, a whitelist or a blacklist of
sites, retained for the session or forever. Your choice.

Your comment seems geared towards helping me, as a user, cope with the
system. While I appreciate that, I posted this here because there is a
potential issue for those of us who have websites. Namely, that this
system
(and potentially others like it) will be setting cookies for our
domains. Read
the report: http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf for the details.
I'm stunned.

I also wondered whether maybe browsers don't set cookies from responses
with status codes not in the 200 series, but I ran a test and Firefox does.

I just finished e-mailing my congressman and both senators.
Apr 7 '08 #5

P: n/a
On 6 Apr, 20:26, Jim Moe <jmm-list.AXSPA...@sohnen-moe.comwrote:
Firefox (and Seamonkey) allows you considerable control over how cookies
are managed.
Not over Phorm's though, because of the spoofing that Phorm inserts
(Phorm isn't the host site, but it pretends to be). Making Firefox
Phorm-resistant will surely happen, but it isn't there yet.

Phorm should be resisted strongly, including by lobbying your
congresscritter, as appears to be so far working succesfully in the
UK. Searching "The Register" (http://theregister.co.uk) for Phorm
stories may be interesting to you.
Apr 7 '08 #6

P: n/a
WiW schreef:
FYI: It appears that Phorm (a targeted advertising system which taps into
ISP networks) will be setting its own persistent cookie for most every
website the user visits. It appears as though the cookie may be named
"webwise". One technical description of the system and this aspect can
be found via:

http://www.lightbluetouchpaper.org/2...ebwise-system/

or if you want to go straight to the report:

http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf

For those unfamiliar with Phorm:

http://news.google.com/news?hl=en&ne...h+News&q=Phorm
http://www.badphorm.co.uk

*sigh*

Hi WiW,

Thanks for the link.
And thanks to Richard Clayton for writing the comprehensive article.

In my opinion, this kind of fooling around at the ISP is completely
criminal.
Temporarely changing targetserver (with some DNS-trick, or something) to
get some freaking criminal cookie set. Pfft...

I know my ISP (XS4ALL, the Netherlands) never cooperates with such
criminals, but you get what you pay for: Other pricefighter ISP might
cooperate, selling out their customers.
Bah.

Erwin Moller
Apr 7 '08 #7

P: n/a
Thu, 10 Apr 2008 21:34:31 -0400 from WiW <wi*@invalid.invalid>:
I for one would like to see the IETF and/or W3C issue a public
statement condoning the cookie forging if not such systems in general.
Condoning???

Do you mean, perhaps, "condemning"?

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/
HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2.1 spec: http://www.w3.org/TR/CSS21/
validator: http://jigsaw.w3.org/css-validator/
Why We Won't Help You:
http://diveintomark.org/archives/200..._wont_help_you
Jun 27 '08 #8

P: n/a
WiW

"Stan Brown" <th************@fastmail.fmwrote in message news:MP************************@news.individual.ne t...
Thu, 10 Apr 2008 21:34:31 -0400 from WiW <wi*@invalid.invalid>:
>I for one would like to see the IETF and/or W3C issue a public
statement condoning the cookie forging if not such systems in general.

Condoning???

Do you mean, perhaps, "condemning"?
What the... ! YES, that is what should have been there. Great,
now they've added NNTP support too ;-) Thanks for catching
the wrong word.

Jun 27 '08 #9

This discussion thread is closed

Replies have been disabled for this discussion.