Quote:
Originally Posted by kakariko81280 Perhaps a dumb question, but I'm not sure how the method of operation squares with the scope of cookies.
First of all, as I understand cookies, when you visit a site you send all of the cookies associated with that domain. That site in turn can only set cookies for its own domain. That scope can be limited further, but not increased.
How can anyone set a unique cookie on my computer that gets sent with *every* request? Or do we end up with a per-site tracking cookie and, if so, how are they aggregated into a complete browsing picture?
Of course, my understanding of cookies might be wrong, they aren't exactly my speciality.
Chris... |
Hi there, CookingFat suggested I join up and chip in (excuse the pun).
Cookies would normally be private to a specific domain or host. There's no such thing as a 'global' cookie, for good reason (privacy and security).
What Phorm do is this; suppose you request a web page. Phorm intercept your request. If a user ID cookie has not been set for the given domain they intercept your page request, and respond with a redirect to their Webwise domain, the Webwise domain responds with a redirect back that includes the user ID, the request for the original site that now includes a user ID parameter is again used by Phorm to respond with a cookie setting instruction.
Finally your request is allowed to proceed to the target web site... and Phorm have implanted a cookie on your browser (one for each and every domain you visit) which allows them to uniquely identify you where ever you wander on the net.
That's why its being alleged a RIPA/Fraud/Computer Misuse offence... Phorm seriously interferes with the integrity of the communication between browsers and hosts, and in the process fakes host responses and cookies.
Now it gets really interesting when you look at their absurd cookie based opt out. They have to inspect your communications in the same way to determine whether you're opted out. So even if you're opted out, the same interference applies, and some have suggested Phorm still copy your traffic but (if you believe people who push spyware/adware and conducted illicit trials of this stuff twice) don't analyse it for profile data.
Its simply appalling.
It should be opt in for customers, where opt in means I do nothing and none of this affects me in any way, none of my traffic passes through their equipment.
It should be opt in for content creators and web site owners, where opt in means I do nothing and none of my content is ripped off, copied, processed and sold to create user profiles.
The only way to protect the privacy, security and integrity of your comms is a move to a Phorm free ISP.
Pete
PS. If you're with BT internet, you should be aware of
this warning. If you visit webwise.bt.com, BT reveal your BT.com username and a security credential to Phorm as cookies.
PPS. If you want to write to your MP, I've made it easy for you.
Click here - this page will find your MP's name, and write a brief letter for you. All you have to do is print it, and supply an envelope & stamp.
