Detail Analysis of Phorm Modus Operandi (technical and business)

[Charles Lindsey]

On Wed, 19 Mar 2008 14:38:06 -0000, Ian Batten <igb@batten.eu.org> wrote:

> http://yro.slashdot.org/comments.pl?sid=489948&cid=22777122
>
The most interesting feature of that is that it seems that the cookies are  
going to be issued by some external Phorm site, and not by BT/VM/TT (which  
would seem the obvious way to have gone about it). To achieve this, your  
browser is to be redirected to some Phorm site, solely for the purpose of  
examining/setting cookies (or so they would claim - that external site  
could in fact do anything at will to your browser).

If that is so, then it is most certainly interception under RIPA (even it  
it wasn't before); and it is probably a breach of the CMA too. Moreover,  
it ties in well with the people who spotted their BT sessions accessing  
strange IP addresses a few months ago.

With regard to those servers in Russia and China, I see that Phorm have  
now denied that bit, and also they claim that their Russian employees are  
based in Moscow rather than St Petersburg.

But I am curious about this guy's claim to be a technical employee of some  
UK ISP that was receiving a Phorm presentation, and who had declined to  
sign the proferred NDA. Something not quite right there, and the technical  
information he claims to have gleaned is a bit more detailed that I would  
have expected at such a presentation.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5