URLs, IPs and interception

Roland Perry ukcrypto at chiark.greenend.org.uk
Sat, 1 Mar 2008 17:45:41 +0000 

In article <47C98FCE.6040407@zen.co.uk>, Peter Fairbrother 
<zenadsl6186@zen.co.uk> writes

>>> Consensual interception is only lawful if _both_ parties agree to 
>>>the  interception, which is generally impossible (as, for instance, I 
>>>don't  agree to anyone intercepting my websites, and Phorm don't 
>>>check  whether I have given permission, as they are required to do 
>>>under RIPA).
>>  RIPA is all about "intended recipients".
>>  I don't see a problem with the subscriber[1] agreeing through the 
>>T&C  that the intended recipient of his browsing requests is a black 
>>box at  the ISP.
>
>I think that would fly like a lead pig.

That's a matter of opinion. It might well be dressed up as a way to get 
protection from phishing or other malicious web content.

>That box will them request pages from the website returning
>> them to their intended recipient, the black box. Which sends 
>>something  similar (maybe with ads inserted in the blank spaces 
>>provided by  participating websites) back to the subscriber.
>>  [1] Although that leaves the issue of other users on the same 
>>connection
>
>And Phorm looking at the webpages sent in reply.

Are we sure about that. What if BT is some sort of "Phorm franchisee" 
and doesn't actually send anything at all to Phorm itself? All it might 
have is a server running to Phorm's formula (sorry) and being paid for 
every advert it directs at a BT customer.

>My web replies aren't sent to a black box, they are sent to a person 
>(or occasionally a webcrawler).

The web reply would be sent back to BT's black box (the thing which 
asked for the page). It would then send a [possible slightly modified 
page] back to who- what-ever had made the request (to the black box) at 
the end of your connection.

>And they do, else why do they claim to filter out numbers with more 
>than 3 digits (to prevent credit card umbers being collected), or 
>anything with an @ in it (to avoid collecting email addresses?

I'm not familiar with whatever it is you are quoting from.
-- 
Roland Perry