Comments on: Web monitoring for ads? It may be illegal

NebuAd and other companies have been offering broadband providers a way to monitor customers and display relevant ads. But the legality of it is anything but settled.

[R.Jefferson]

We have no rights only privledges. We dont own nor can we control our personal information, it is content that corporations and industry regulate and own and have sole exculsive use thereof.

Comon now, I know I want spam emails and ads for things I might buy, not just suspect pharmaceuticals or FREE* iPods.

[pgp_protector]

What about the fact that they are also modifying other pages, not giving the client what was sent from the server.

Site "A" has deal with company "B" to display ads.
Site "A" puts company "B"'s ads on the web page
Site "A" sends page with company "B"'s ads to Visitor.
Visitor sees company "C"'s ads that neither Site "A" or Company "B" approved.

[declan00]

pgp_protector: That is _not_ what they're doing, according to our Q&A with Charter:
http://www.news.com/8301-13578_3-9945309-38.html

Q: Let's say NebuAd has a relationship with DoubleClick, and let's say CNN.com uses DoubleClick for advertising. If you visit car Web sites and then visit CNN.com, you're more likely to see a car ad as a result, right?
A: Yes. If you look at the transaction flow, if CNN has a relationship with DoubleClick, we, through this anonymous model, have provided information to NebuAd. The ads that are already being served are being served on an informed basis. We're informing the model to an additional degree. There is a level of misinformation about how that works.

[popper99]

it might _not_ what they're doing right now but if their Patent is anything like Phorms Deep Pack Inspection kit capability, then they can do this at any time, Phorm did exactly this in the old unlawful BT trials in the past for instance.

you need to be asking the right questions, and push for the right answers apparently.

in the referenced NebuAd Q&A for instance, he states its not DPI , thats a clear lie, as it IS Deep Packet Inspection ,infact it appears NebuAD kit works in virtually the same mannor as Phorm in all respects.

you and the other new outlets really need to read and understand the Phorm model and so be in a far better position to challenge the lies by NebuAD executives.

see the webs longest Phorm and the Phormettes thread on the UK cable forum were many tech and conserned end users are giving and getting real informed information.

READ AND UNDERSTAND this report from Richard Clayton :
#6801
http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-454.html#post34555106

"http://www.lightbluetouchpaper.org/2...ges-all-alike/
"
Twisty little passages, all alike

May 18th, 2008 at 19:29 UTC by Richard Clayton
Last month, on the 4th April, I published a document describing how the Phorm system worked and blogged about what I thought of the scheme.

The document had been run past Phorm?s technical people to ensure it was correct, but ? it turns out ? there were still a handful of errors in it.

A number of helpful people pointed out that I?d misdescribed third-party cookies (which didn?t matter much because Phorm specifically uses first-party cookies), and I?d managed to reference RFC2695 rather than RFC2965 !
....
The Phorm system does some of its tracking magic by redirecting browser requests using HTTP 307 responses.

When this was first explained to me at the meeting with Phorm there were two redirections (a scan of my notes is here), but having thought about this for a while, I asked for it to be explained to me again later on, and it turned out that I had previously been misled, and that there were in fact three redirections (here?s my notes of this part of the meeting).

It now turns out, following my further emails with Phorm, that there are in fact FOUR redirections occurring! This is not because my notes are rubbish ? but because Phorm have managed to recall more of the detail of their own system!
...
"
"

[Renegade Knight]

When I pay directly for a service there is no need for ads. Some pay services like to throw in ads anyway (Cable for example) but they are nothing more than an optional plan to try and make more money on the same service you are already buying. In other words, Corporate Double Dipping.

[steelhoof]

Declan, once again I think you are striking at the heart of the issue. What is, in reality, the difference between deep monitoring of packets used by a computer vs the packets used by voice communication systems? The easy difference is Voice monitoring is on a one to one basis between to endpoints, in a serial fashion. Computer connections, ie "surfing" is parallel, but not all we do on the net is performed by a browser. Also, when we go to sites with "secure" connections, the idea is to keep data secret from others, and sniffing each packet defeats that.

We talk about the lack of trust when it comes to electronic voting. Can we really trust the software or the vendor? What of this deep packet hardware? Who vets the vendor, the software or the firmware used? I use gmail, and I know it is all "sniffed" by google, but if I need to keep it secure, i will use a different resource. What is to keep someone sniffing packets with the blessing of the ISP from sorting and the selling the information like Lawanda Jackson did with the medical records of celebrities at UCLA Medical Center?

The risk of sniffing online communications for discrete data is too high, and the potential damage too great to allow.

Would you like others to know that your kids are checking out porn? Or that you are seeing a secret lover in a chatroom,? And that you have $10,238.67 in a bank account your husband knows nothing about?

The reading of packets to develop a profile is totally wrong. What if you surf porn at night, and your kids go to sesamestreet during the day? Will you trust the computer delivering content not to get confused if you 6 year old goes online at 2 am because she woke up and wanted to play?

[The_Decider]

If you are talking about traditional phone service there is a huge technical difference. Packet switching vs circuit switching.

[higginsoft]

I contacted Charter and asked them about the monitoring. This is what they sent back:

We are monitoring the site that you go to in order to have the advertising you see on website become customized to the website's you are looking at. if you wish to not take part in this you can got to www.charter.com/onlineprivacy to stop it. We are currently only doing this in 4 cities, so this may not affect you. the cities are Newtown, CT, Fort Worth, Texas, San Luis Obisop, CA, and Oxford, Massachusetts. If you wish to discuss this as it regards your particular account, you can chat in at charter.com or call us a 888-438-2427. Due to FCC regulations, we can not discuss individual accounts by email.
Thanks,
Don

When you go there, you enter you name and address. They return the following:

Opt-Out is Complete
Your opt-out request has been received and processed.
Please note that the opt-out cookie is specific to the browser and computer you are using right now. Your opt-out choice cannot be honored if you access this site using a different browser on this computer or from a different computer. Additionally, your opt-out choice cannot be honored if the cookies on your computer(s) are deleted. As a result, you should repeat this process with each browser and computer you use to access this site and whenever cookies are deleted from your computer(s).

[zeroplane]

Although currently the service is a joke, I am finding the freenet service idea more and more desirable. http://freenetproject.org/

From my observation is can easily be as lame as the normal internet, and from what I have seen it is like stepping back into the early 90es. But the advantage is providing a backbone that can not be tracked and is a virtual private network between computer on the internet.

[zeroplane]

So what is stopping someone from releasing a proxy that works with Seek and Destroy to make it permanent. http://www.safer-networking.org/en/index.html

[royc]

All the ISP really needs to do is amend the terms of use and say to use (or continue to use) our service you must agree to the new terms of use. If you do not agree your service will be terminated.

I tried to check on a new service provider based on billing trouble and there are none in my area so I'm stuck with a monthly battle over my bill or going backwards to 1998 and 33Kb/sec.

[mraardvark]

So they give a special opt out cookie. Considering I have at least three different programs deleting cookies (firefox, ccleaner, and my antivirus) keeping something like that around would end up being a royal pain in the backside. Most people wouldn't even notice it was gone let alone know all the random cache cleaners running around will delete it. Of course I'm sure these guys are counting on it .

[CookieBarrel]

With billion$ at stake, there is no doubt that this will all go ahead regardless of the opt-in opt-out argument. In the UK they are tackling the same issues head-on with a very different approach judging by this story: http://news.zdnet.co.uk/internet/0,1000000097,39419839,00.htm

[Wookiee-1138]

Thank St. Isidore for Firefox's Adblock Plus.

[kayoub]

I use Adblock as well, and blocked anything from NebuAd, etc. However, that only stops me from seeing the ad. It doesn't stop Charter and its partners in crime from seeing me.

[JadedGamer]

"All the ISP really needs to do is amend the terms of use and say to use (or continue to use) our service you must agree to the new terms of use. If you do not agree your service will be terminated."

What, you mean unilaterally change a contract after it has been signed? They would be crushed in court if they tried that kind of trick.

[popper99]

discused in the UK CableForum Phorm thread and my post from /.

"Would, say, injecting a layer over the site (and placed above the site, much like Google does when you are searching for Images) really be copyright infringement though? Stealing advertising, maybe."

the point your all missing or Obfuscate on purpose! so far, is that the advert placements or even viewing/blocking them,
is secondary to all this real 'copyright infringement' and 'unauthorised derivative work' for commercual profit.

a commercial 'unauthorised derivative work' for profit IS a criminal offence in the UK/EU and i assume the US! , canada? and Oz

it is blatant "COMMERCIAL PIRACY FOR PROFIT", end of story.

even without considering any copyright notice on a website, or all the 'not for commercial use' type notices, as is found on a LOT of sites today, not to mention the newest trend of forbiding Phorm or the Phormettes/other DPI dirivatives we (cableforum)in the UK have been advocating for all non signed up sites to include.

they the (ISP's)2nd party ARE making this 'unauthorised derivative work' from BOTH the auto copyrighted consumers (1st partys)datastream AND the Auto copyrighted website content owners original work.

from this 'unauthorised derivative work' they (the 2nd party ISP's or the 3rd partys Phorm/NebuAd etc) are selling this unauthorised data for profit to the 4th party ad network or ad customer in this case, well outside any 'mere conduit' in UK/EU legal terms, or 'common carrier' i think you call it in the US legal terms, and so not covered by any legal protections in that regard.

if as Irish_Samurai states, he's putting the case of the ISPs that they will try to use 'an agent for the users', then they better find a far better defence as it cant possibly be defended against with this in effect 'comercial piracy for profit' 'unauthorised derivative work' .

as far as im concerned, even the crazy US courts dont allow any 'unlawful clause' inside a consumer T&C Contract to become 'enforcable' when its clearly not legal as in forcing one of the partys to break other clear cut laws.

any unlawful clause IS UNENFORCABLE, even if the rest of a contract is still deemed valid by a court, and while it might be the case in the US that you dont have stronger laws that the courts always favour the consumer position when ruling in explicit T&C consumer contracts, even the US courts must uphold unreasonable T&C consumer contract clauses as invalid and unenforceable in so called "good faith" legal terms.... do they?

[popper99]

NebuAd is virtually the same Phorm in its operation and deplyment so read this and understand all his points and the pdf report, then go as your informed questions and point out the lie
"Q: If you're conducting deep packet inspection, that means you know what data your customers are transferring. Are you going to look for evidence of copyright infringement, child pornography, and so on as well?

The enhanced advertising solution [http://_does_ _not_ utilize deep packet inspection.|http://_does_ _not_ utilize deep packet inspection.] It looks at URL level information only. That's another point of misinformation on the Net.

"


http://www.lightbluetouchpaper.org/2...ges-all-alike/
"
Twisty little passages, all alike

May 18th, 2008 at 19:29 UTC by Richard Clayton
Last month, on the 4th April, I published a document describing how the Phorm system worked and blogged about what I thought of the scheme.


The document had been run past Phorm?s technical people to ensure it was correct, but ? it turns out ? there were still a handful of errors in it.


A number of helpful people pointed out that I?d misdescribed third-party cookies (which didn?t matter much because Phorm specifically uses first-party cookies), and I?d managed to reference RFC2695 rather than RFC2965 !

....

The Phorm system does some of its tracking magic by redirecting browser requests using HTTP 307 responses.


When this was first explained to me at the meeting with Phorm there were two redirections (a scan of my notes is here), but having thought about this for a while, I asked for it to be explained to me again later on, and it turned out that I had previously been misled, and that there were in fact three redirections (here?s my notes of this part of the meeting).


It now turns out, following my further emails with Phorm, that there are in fact FOUR redirections occurring! This is not because my notes are rubbish ? but because Phorm have managed to recall more of the detail of their own system!
...

"
"

[popper99]

it appears the url messed up trying again
http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/

if that doesnt work, just go to to http://www.lightbluetouchpaper.org/ and its the first story

and for the cable forum thread
http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html

[popper99]

you might find this Deep Packet Inspection Procera Networks? advert enlightening as to what your DPI installed ISP/Phorm/NebuAd kit can see as just one single example.

not exactly private or hidden as they keep telling you, if you have access to that DPI kit locally or remotely as is the case with Phorm/NebuAd etc.

http://www.proceranetworks.com/products/packetlogic-demo.html

thanks to Phormic Acid on the http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-460.html thread

[popper99]

http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-465.html#post34557239
?Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

???????????????????????????

X-posted from Badphorm

Hello all,

pleased to announce a new prerelease version of Dephormation is available to download.

It includes a significant new feature, developed by Narcosis, that records evidence of redirects by Phorm (or Nebuad) to a log file. This data could be used to support Fraud/Computer Misuse/RIPA complaints, or simply for technical analysis of DPI systems like Phorm and Nebuad. (I?ve checked every contributed line of code, and found only pure genius).

I?ve tested this on Windows XP/FF2, and Linux/FF1.5. Narcosis has tried it on a Mac.

http://www.dephormation.org.uk/prere?phormation.xpi

Please feel free to give it a try (and revert back to the current public v1.6 if you encounter problems).

Please note, with logging enabled, there is a trivial but discernable performance hit. The code probably needs some file handling optimisation. I?d suggest keeping the feature off, unless you suspect you are being redirected and want to capture a log.

On Windows, the log file is best viewed in Wordpad, not Notepad (due to carriage return/line feed layout issues).

PS? forgot to mention, the options can be accessed from the new Tools/Dephormation? menu item.

regards
Pete
__________________
BT/Virgin/TalkTalk customers - you don?t need Webwise and Phorm, pure and simple.
Find a Phorm Free ISP. Phorm must be stopped.
Download Dephormation for Firefox
?