Security Now! Reminder

July 4, 2008 at 12:55 | Posted in Privacy/Security | Comments Off on Security Now! Reminder
Tags: , , , , , , , ,

This is just a reminder that the second half of Steve Gibson’s coverage of Phorm/Nebuad/Frontporch/etc (Episode #151) is now available here.

I haven’t had a chance to listen to it yet.. but I’m sure it will be a good listen, not just for Techie’s like me but for anyone that is concerned about their privacy and the fact that ISP’s are selling yours out.


Part 1 is Episode #149 for those that missed it.

Leo and Steve Slide a bit heavily into reminiscing about the good old days and other geekspeak. If you want just the Phorm, etc, stuff skip to 1:00:00. The reminiscing is fun for a techie like me but may be a bit drawn out for people just wanting the skinny on what their ISP is doing to their privacy.

Oh Yuck

June 25, 2008 at 19:16 | Posted in Life, Privacy/Security | Comments Off on Oh Yuck
Tags: , , , , , , ,

After listening to Steve Gibson on Security Now! this week (episode 149) I started doing some digging on some of the other companies that Steve mentioned that are trying to get ISPs to engage in DPI (Deep Packet Inspection) Tracking of their clients (you, me, almost everyone on the net).

The sudden and rapid proliferation of these companies (Phorm, Nebuad, Adzilla, Frontporch, etc) seems to indicate that there is some interest in this business model and that is frightening to a privacy advocate like myself.

Why you ask would I be concerned about “anonymous” tracking of “non-personally identifiable information”. Well, firstly the anonymous part is a blatant lie. The whole reason these companies are doing this is to be able to put better targeted advertisements in front of you. To do that. they MUST know who you are.. perhaps not you in the person of “Joe blow” but the definitely know you when you are surfing a site that their advertising partners use. This means it is completely trivial to strip away your supposed anonymity.

Only a few people worried about the anonymity of information collected by search engines until the United States government tried (and succeeded) in going on a fishing expedition in that data. What is to stop similar abuses of this technology.

Unless they are completely transparent on how they collect the data, what data they collect and how long they retain it we have to assume the worst. DPI lets these companies collect any data that is unencrypted from any online source, e-mail, chat, web browsing, unencrypted VNC sessions (well those are a terrible idea over the open net anyways, but people persist in using them), etc.

Add to this that ISPs are installing this without clear declaration of the fact to their users (no having it hidden in paragraph 39 of page 18 of the TOS (that you know 99% of users never read) does not constitute CLEAR disclosure. But really what ISP is going to say “oh, yes, before I give you this cable modem would you please sign this waver giving us total permission to monitor, scan, store, and sell (yes, they are selling your info and your privacy to these companies) everything you do.. unless you encrypt it.”

IMHO this is a privacy nightmare waiting to happen. Am I a bit alarmist? Perhaps. Were the people that were alarmist about search engines and privacy correct? yes.. 100% so.

The bottom line is that our privacy is our right and we all individually need to take steps to protect it. By writing the privacy commissioner about your concerns, by writing your ISP about your concerns, by doing everything possible on you home network and PC’s to ensure that these schemes fall flat on their collective faces.

(I hope to write a blog entry on hardening you computer and Internet activities against these threats soon. I wrote one related to Phorm earlier but as this threat is growing I think a more in-depth Blog entry is necessary)

Steve Gibbson Covers Phorm/Nebuad/AdZilla/etc

June 24, 2008 at 19:51 | Posted in Privacy/Security, Tech | 1 Comment
Tags: , , , , ,

episode #149 and the upcoming episode #151 of Security Now! cover Phorm and others. Probably most people that read my blog will already know of this controversy as I have covered it before. I am VERY happy to see Steve Gibson using his reach to get the word out about this growing trend, and to alert people to the threat to their privacy. Way to go Mr. Gibson.

I’ve only heard the first part #149, but given Steve Gibson’s skill at bringing technical issues to the masses I’m sure both Episodes will be worth listening to and directing others to.

Phorm, NebuAd, and Privacy

April 14, 2008 at 16:37 | Posted in Privacy/Security | 3 Comments
Tags: , , , , , ,

Well it seems NebuAd is coming to Canada soon, and is already in place in several US ISP’s.

So Considering all this I spent much of the day mulling ways that users can protect their privacy. I have so far come up with the following suggestions:

Flush Cookies on each browser close:

Although it won’t stop them watching what you click it will help to prevent them from getting a good picture as they will not have month or years of you browsing tied to a single UUID.

Use as much SSL as possible:

They can’t use their DPI (deep packet inspection) on encrypted connections, so find ways to be as encrypted as possible. If you use web mail make sure the entire session is encrypted (not just the log on). Better yet, use an email client that supports secure connections and a email provider that supports them Google, Yahoo Canada, fastmail, etc. Using an e-mail client with TLS/SSL not only encrypts the connection it takes cookies out of the picture.

Use things like Scroogle’s SSL page, for searching to keep them from sniffing your searches.

Use an Encrypting Proxy:

Set up and use a VPN or SSL encrypted proxy. This will make your entire session unreadable. There it the problem of trust. Encrypting systems like TOR, and I2P may just expose you to even more tracking from evil exit nodes. JAP may be backdoored (but according to Wikipedia this is not/no longer the case). Similarly “Open” proxies on the net may not be trustworth.

The best solution I can think of for this problem is to have a trusted friend in another counrty set up a VPN, private SSL proxy or Psiphon node for you, and you could do the same for them. Even if his ISP was sniffed by NebuAd and your’s by Phorm it would muddy the waters. Which bring us to


Find ways to hide your traffic. You could run a TOR or I2P exit node (lots of HTTP traffic for them to sniff none of it yours).

Find alternate ways to get webpages you don’t want sniffed like web2mail.

So those are some of my thoughts on the matter. I’ll post more as I come up with them. If any readers know of good HTTPS services on the web like secure Wikipedia or Secure WikiBooks, etc Please post them in the comments

Thoughts and comments always welcome


April 11, 2008 at 16:20 | Posted in Privacy/Security | Comments Off on Re-Phorm
Tags: , , , , , ,

Well, Today we seem to be seeing some good news on the Phorm front. The Information Commissioner’s Office (ICO) has released a statement that says Phorm should be opt-in only. Short articles on the decision here and here.

Also, if you pull up a graph pf Phorm Stock their stock is in the middle of a nose dive (since about the beginning of March) and with the announcement of 32.8m in losses and the above decision poking a large hole the their plans I could see that trend continuing.

I’ll definitely bee keeping an eye on this to see what happens

Phorm (Yuck)

April 8, 2008 at 16:13 | Posted in Blogging, Privacy/Security, Revver Stuff, Tech | 1 Comment
Tags: , , , , , ,

It seems that there is a lot of noise about Phorm in the Blogosphere and that it is just catching my attention recently. (odd really since I spend a lot of time reading on Security and Privacy matters).

There are a couple of anti-Phorm web sites most of which you can get to by starting at BadPhorm. Of particular interest is a counter measure (tho limited) available here

So far it seems to be mainly ISP’s in the UK that have gone ahead with this very bad idea. That in no sense means it is a UK only problem as I am sure that Phorm will try to sign up as many ISP’s as they can globally. I would urge anyone who is interested in preserving their privacy to write to their respective ISP and let them know you don’t want them to implement Phorm webwise technology. It would definitely be worth noting in any letter that you send the history of “Phorm” which was formerly 121media which even just minor googling of, brings up their association with spyware.

If anyone has examples of Phorm mangled cookies, (paired with their un-mangled versions) I’d appreciate getting my hand on them to see if it is possible to write a Firefox add-on or proxy software that can strip the phorm tags back off the cookies thus rendering Phorm moot.

Another idea until there is a better solution to this might be for those of us in un-affected countries to run SSL proxies like Psiphon for people in the UK to tunnel through as that would (by my current understanding) encrypt the cookies (via the ssl tunnel) and thus make them invisible to the Phorm boxen.

addemdum — it seems (from the technical writeup mentioned in the Blue light Touchpaper Blog below) that even a simple proxy would work to bypass Phorm/WebWise as long as the proxy was not on port 80. For example, an open proxy on port 12000 or 443 or anything other then 80 would totally be ignored by Phorm/WebWise. Provided, of course, that the proxy was not on an infected (errrr, pardon me affected) ISP.

Thoughts and comments appreciated

addendum.. people in th UK on effected ISP’s may wish to consider using TOR and configure it to use non-UK exit nodes. not the best option and a little technical to set up (be sure to use torbutton and Privoxy). But possibly better then being tracked every step of the way. There is also I2P (I’ll provide a link when I can be sure I’m looking at the correct site.. their old URL seems defunct) but I that to be a bit bandwidth heavy. YMMV

Addendum 2 – I just downloaded technical documentation from the Blue Light Touchpaper Blog on Phorm. I’ll give it a read over and see if there are any new insights.

What a night

April 7, 2008 at 23:24 | Posted in Privacy/Security, Tech | Comments Off on What a night
Tags: , , , , , , , , , ,

Fist there is news of a bot-net bigger then storm dubbed Kraken which you can read more about here, here and here

And Then, there is info filtering out. albeit a little after the fact about Phorm, which if it work as described here would be a major threat to the average users privacy and even to those that used cookie blockers as it hijacks white listed cookies.

Guess it is time for someone to start working on a Phorm stripper add-on for Firefox that would identify the hijacked cookies and strip the Phorm tag off of them.

It is late so I have not had a chance to look into to this as deeply as I’d like to. I’ll write more on it in the coming days.

Create a free website or blog at
Entries and comments feeds.

%d bloggers like this: