If you do not know, three of the UK largest ISP have signed a deal with Phorm, previously known as 121Media who where responsible for putting rookits on users systems.

What is phorm, phorm use DPI Layer 7 to snoop on everything you do, then targets you with what they call "Relevant Advertising", they also have a website called "WebWise" which is an anti-philising system, this already happens in IE7 and Firefox, there is also free software that does the same thing.

Even if you opt-out of the ads(not sure whether it will be opt-in or out, by default)you data will still be profiled and sent to their servers in China and/or Russia, not doubt to be sold on for a profit.

More information can be viewed at the links below.
http://www.badphorm.co.uk/page.php?2
http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html
http://www.cableforum.co.uk/board/12/33632575-links-to-protest-possible-deployment-phorm.html
http://www.inphormationdesk.org/welcome.htm
http://www.theregister.co.uk/2008/02/29/phorm_roundup/
http://en.wikipedia.org/wiki/Deep_packet_inspection

In fact phorm went live as part of a trial with BT, they did not tell customers of BT, they were secret trials.

Virgin Media customers be aware that VM have altered the T&C to make it phorm friendly.
ISPReview.co.uk has pointed out that Virgin Media has recently altered its Terms and Conditions and it would appear that the company has made them rather Phorm friendly. Virgin Media is yet to declare whether it is to adopt to the usage of Phorm, a targeted ad service based on users browsing habits, or to abandon the agreement with Phorm altogether. The change in the Terms and Conditions certainly paves the way and gives the impression Virgin Media is about to launch into activity with Phorm http://www.cableforum.co.uk/article/400/virgin-media-make-their-terms-and-conditions-phorm-friendly. Phorm(formerly 121Media) installed the Apropos rootkit on users systems.
Apropos uses highly sophisticated stealth techniques to avoid detection. The spyware collects the browsing habits of users and system information and sends it back to ContextPlus servers. Targeted pop-up advertisements are displayed while browsing the Web. Apropos contains a kernel-mode rootkit that allows it to hide files, directories, registry keys, and processes. The rootkit is implemented by a kernel-mode driver which starts automatically early in the boot process. When the files and registry keys have been hidden, no user-mode process is allowed to access them. http://www.f-secure.com/sw-desc/apropos.shtml Before the FTC could investigate them, 121Media closed down.
In November 2005 the Center for Democracy and Technology in the US filed a complaint with the Federal Trade Commission over distribution of what it considered spyware, including ContextPlus. They stated that they had investigated and uncovered deceptive and unfair behaviour. This complaint was filed in concert with the Canadian Internet Policy and Public Internet Center, a group that was filing a similar complaint against Integrated Search Technologies with Canadian authorities.[14] In May 2006 ContextPlus shut down its operations and stated [Contextplus are] no longer able to ensure the highest standards of quality and customer care. The shutdown came after several major lawsuits against adware vendors has been launched.[15] Phorm has countered this with an admission of a company history in adware and the closing down of a multi-million dollar revenue stream as people confused adware with spyware Security firms are split about whether they will classify Phorm's targeting cookies as adware. Kaspersky Lab, whose anti-virus engine is licensed to many other security vendors, said it would detect the cookie as adware. Trend Micro said there was a "very high chance that it would add detection for the tracking cookies as adware. PC Tools echoed Trend's concerns about privacy and security, urging Phorm to apply an opt-in approach. Specialist anti-spyware firm Sunbelt Software also expressed concerns, saying Phorm's tracking cookies were candidates for detection by its anti-spyware software. Ross Anderson, professor of security engineering at Cambridge University, said:The message has to be this: if you care about your privacy, do not use BT, Virgin or Talk-Talk as your internet provider. He added that, historically, anonymising technology had never worked. Even if it did, he stressed, it still posed huge privacy issues The creator of the World Wide Web, Tim Berners-Lee, has criticized the idea of tracking his browsing history saying that. It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return.He also said that he would change ISP if they introduced the Phorm system http://en.wikipedia.org/wiki/Phorm Phorm can see the whole of the internet, including the unseen forums, those used by Mods.

Thanks for the info mate.

Heard about this a while back and not suprised to see its making an appearance so soon. As soon as my ISP even mentions this or tries to implement this i'll be telling them where to shove their services.

The Phorm system does some of its tracking magic by redirecting browser requests using HTTP 307 responses. When this was first explained to me at the meeting with Phorm there were two redirections (a scan of my notes is here), but having thought about this for a while, I asked for it to be explained to me again later on, and it turned out that I had previously been misled, and that there were in fact three redirections (here’s my notes of this part of the meeting). It now turns out, following my further emails with Phorm, that there are in fact FOUR redirections occurring! This is not because my notes are rubbish — but because Phorm have managed to recall more of the detail of their own system! http://www.lightbluetouchpaper.org/2008/05/18/twisty-little-passages-all-alike/
A source claiming to have spoken to a Virgin Media director has suggested to me that Virgin Media, one of the three ISPs (along with BT and TalkTalk) that were considering implementing Phorm's server-side adware system in the UK, has now decided not to go with it. http://blogs.guardian.co.uk/technology/2008/05/13/file_under_rumourunconfirmed_virgin_to_shun_phorm. html Not confirmed at this time. <ul>BT trial( as opposed to illegal trials)to start on or about the 26 May, do not take part. Everything you do, can and will be monitored by phorm, they can see the content of every web page unlike your ISP who only see the url(the police need a court order, before they can check which websites you have visited, phorm do not). All your data is stored by phorm for 14 days(at this time, expect this to be extended at a later data), not at the ISP, but at phorm`s servers located in Russia or China who have an excellent record regarding privacy. Your ISP has no access to phorm`s kit installed within the ISP, phorm can control their kit remotely, so if changes takes place, your ISP will not know. You can serve a Data Protection Notice on your ISP, they must comply with 40 calendar days, if they refuse, send a non-compliance notice to the Information Commissioner Office(ICO), they cannot harvest your data, if they do you can seek recourse through the courts.

DPA letters should be addressed to the data controller:



It costs £10 to send a DPA notice, here are some template letters you can send. http://www.inphormationdesk.org/sampleletters.htm



Do not be fobbed off, they Must comply

Not confirmed at this time.

BT trial( as opposed to illegal trials)to start on or about the 26 May, do not take part. Everything you do, can and will be monitored by phorm, they can see the content of every web page unlike your ISP who only see the url(the police need a court order, before they can check which websites you have visited, phorm do not). All your data is stored by phorm for 14 days(at this time, expect this to be extended at a later data), not at the ISP, but at phorm`s servers located in Russia or China who have an excellent record regarding privacy. Your ISP has no access to phorm`s kit installed within the ISP, phorm can control their kit remotely, so if changes takes place, your ISP will not know. You can serve a Data Protection Notice on your ISP, they must comply with 40 calendar days, if they refuse, send a non-compliance notice to the Information Commissioner Office(ICO), they cannot harvest your data, if they do you can seek recourse through the courts.


Is BT going to ask people to trial it or are they going to rip in and use it anyway?

Is BT going to ask people to trial it or are they going to rip in and use it anyway? Yes, you will be asked, most likely a pop up will appear while browsing. Even if you opt out, phorm will still profile your data, all you have opted out of, is the ads.

Yes, you will be asked, most likely a pop up will appear while browsing. Even if you opt out, phorm will still profile your data, all you have opted out of, is the ads.

Cheers paul. Actually quite shocking to think this is happening or going to happen. So every website I trawl with its contents are going to be recorded on this? I suppose the good thing is the polis cannae see it :greengrin

BT trial of Webwise(phorm)rumored to start tomorrow the 26, May.
Checklist - please add and adapt. This is just a starting point. I realise people might not be willing to answer all these questions, but please make a note of them anyway, even if you do not wish to pass the information on. 1) What page were you expecting when the invitation popped up? Was it your home-page, if so, could you give the URL of your home page? Did it pop up as soon as you opened your browser? 2) Did the invitation page have a URL? If so, what was it? You may be able to get a URL for a page by right clicking on it and selecting 'properties'. Make a note of it. 3) Please take a screen dump of the invitation page (CTL-Print Screen). Paste it into a word (or wordpad or ??? document) 4) Please follow any links to further information and paste screen dumps into the word document. If there is a URL, please note it. 5) Please follow any other links and do the same. 6) Please note your IP number and host by following this link http://www.cableforum.co.uk/board/mi...?do=connection Add this screen dump to your word document. 7) In windows, go to start menu and select Run. Enter cmd in the box. Click OK. You should have a black window pop up. Type in :- tracert bbc.co.uk and press enter. You will see rows of data appear. Highlight the rows with you mouse and press enter. Copy the contents of the clipboard into your word document. 8) Go back to the trial invitation and opt-in (if you are willing). 9) Repeat step (7). 10) Browse a few pages. Visit cable forum! 11) Repeat step (7). Save your word document. 12) Register on cable forum and PM one of the following users to let them know you are in the trial and have information about the sign-up process. http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-475.html For all those who will take part, if you can capture as much data as possible, this will help us understand how they are deploying(webwise/phorm) and how we can take counter-measures.
TalkTalk customers, phorm to be implemented shortly.The only true way to avoid phorm if your ISP has signed with them, is to go to a Non-Phorm ISP

http://www.dslzoneuk.net/isp_ratings.php



http://www.ispreview.co.uk/review/categories/1.html



To check what is available at your exchange, check this website> http://www.samknows.com/broadband/checker2.php

I am on BT and in the last week or so every time I click on a web site I get a pop up from a similar site:brickwall

Now I have not agreed to anything so is there anyway I can unsubscribe from this junk :confused:

I am on BT and in the last week or so every time I click on a web site I get a pop up from a similar site Which browser are you using, also what kind of pop ups to do you get, can you post a screenshot?
Now I have not agreed to anything so is there anyway I can unsubscribe from this junk Not heard anything to say the BT trial is live at present, it should be anytime soon, once you agree to join the trial you cannot leave it until it has finished. Please go to this site http://www.phishtank.com/phish_detail.php?phish_id=450882and label webwise.bt.com/webwise/contact.php as a phish site, the phorm server at this time is located in Houston,Texas, outside of BT control, also be aware that Homeland Security will have your details as well. This anti-phish site is run by OpenDNS.
The problem for newspapers is that a story headlined 'Two Dead in Baghdad' isn't very product-friendly, said Kent Ertugrul, chief executive of Phorm, a behavioral targeting company working with British newspapers.But if you know who is looking at the page, that's where the opportunity is. http://www.pittsburghlive.com/x/pittsburghtrib/news/s_569290.html What a complete tool.

I use IE as my browser

I do not know how to take a screen shot:boo hoo:


A lot of the pop up are cellarado and free phone sites

I use IE as my browser

I do not know how to take a screen shot:boo hoo:

Press the "print screen" button (often next to F12), open an image editing programme (paint, photoshop, etc.) and select paste (you may have to create a new document first). Your screenshot should appear as an image.

Press the "print screen" button (often next to F12), open an image editing programme (paint, photoshop, etc.) and select paste (you may have to create a new document first). Your screenshot should appear as an image.

"Woosh over the heed smiley" :greengrin

A lot of the pop up are cellarado and free phone sites This could be a sign of an infection, follow the steps outlined Here (http://www.techsupportforum.com/security-center/hijackthis-log-help/15968-updated-important-read-before-posting-log.html) , follow all the steps, then post the logs in Hijackthis Help Forum.

So you're a customer of BT or Carphone Warehouse and are being asked to Opt-In/Opt-Out of this new service called Webwise. An initial look makes it sound great, a free anti-phishing tool and a more relevant browsing experience. What I've learned is that if its for free then there's a catch, so where's the catch with Webwise? http://www.donottrustwebwise.org/

Much more info at this thread. http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html

Posted by AlexandarHanff at the CableForum:


I recently acquired an internal BT report regarding their covert trials of Phorm (then called PageSense) in September 2006. I read the 52 page document earlier today and the evidence it presents left me with a knot in my stomach and one part of the report concerned me so much I have fired off an email to Google’s legal department. I will try to summarise the report below without getting too technical, but if people need any clarification, please leave a comment and I will do my best to answer.


Now it is unclear at the moment which ad network these charity ads belonged to. My thoughts are (given my experience with advertising systems in the past) that these were likely to be AdSense ads by Google as they are the most common network on the internet and they do host charity ads. I have forwarded this information to Google’s Legal team and I am hoping they will be able to cross reference their logs to find out if all three charities were being advertised by their services during the time of the trial. http://nodpi.org/?p=10


An article summarising an internal report by BT regarding their covert trials of PageSense (Phorm) in September 2006. IP addresses were used (despite BT assuring the public and ICO that no personally identifiable data was used) and 130 000 charity ads were hijacked and replaced with Phorm's ads. http://digg.com/tech_news/BT_commited_113_million_allegedly_illegal_acts_in_ 8_days


So BT and Phorm caught lying again.

Who are phorm and why are the ISP's being so friendly to them??

Phorm are a spyware company, going by their previous history, as for why ISP`s are interested you`ll have to ask them that one, most likely greed.

Basically Phorm spies on your surfing habits and passes the information to the ISP, so that they can then sell targeted advertising according to people's habits. All about money.

No. your ISP has no control over Phorms kit installed at the ISP, Phorm can control their kit remotely, Phorm sell your data to advertisers, your ISP gets a cut of the whatever the advertiser paid Phorm. The greatest problem with Phorm is it profiles you using DPI layer7.

Dr Clayton said the leaked report clearly shows that back in 2006 BT illegally intercepted their customers' web traffic, and illegally processed their personal data. He continued:The BT author seems delighted that only 15-20 people noticed this was happening and looks forward to a new system that will be completely invisible. This isn't how we expect ISPs to treat their customers' private communications and since, not surprisingly, it's against the law of the land, we must now expect to see a prosecution.He said that the BT report also noted that communications regarding advertisement systems and information collection could lead to negative perception if not carefully handled.They seem to have failed in this aspect as well,he said.

http://news.bbc.co.uk/1/hi/technology/7438578.stm

Anti-Phorm Video/Protest (http://www.youtube.com/watch?v=u1Tui39qGm0)



Anti-Phorm Video (http://www.youtube.com/watch?v=3W8cZS-xLOM)



Steve Gibson(Shields up- http://www.grc.com ) Podcast on Phorm(pt1) (http://aolradio.podcast.aol.com/sn/SN-149.mp3)



WebWise Explained (http://www.phonecallsuk.co.uk/bt-webwise.html)





NoDPI (https://nodpi.org/)

If you are with BT,Virgin Media or TalkTalk then you need to call them and tell them what you thin about them deploying Phorm, Phorm can be used in the future to censor the internet and that means blocking certain websites that they see fit, the only way you can fully opt-out is by going to a non-phorm ISP, check at http://www.samknows.co.uk for what is available in your exchange.

Here is Steve Gibson podcast on how phorm works Here (http://media.grc.com/sn/sn-151-lq.mp3)



Once he gets through the security news items, he really gets stuck into phorm and its a real eye opener on how phorm intercepts your data, for example phorm would replace this website with a fake one served up from phorm`s servers, scary stuff.

If you are with BT,Virgin Media or TalkTalk then you need to call them and tell them what you thin about them deploying Phorm, Phorm can be used in the future to censor the internet and that means blocking certain websites that they see fit, the only way you can fully opt-out is by going to a non-phorm ISP, check at http://www.samknows.co.uk for what is available in your exchange.
[/LIST]


not quite paul, talktalk have an "opt-in" option and long may it continue http://blogs.guardian.co.uk/technology/2008/03/10/talktalk_to_make_phorm_use_optin_not_optout.html :agree:

not quite paul, talktalk have an &quot;opt-in&quot; option and long may it continue http://blogs.guardian.co.uk/technolo...ot_optout.html Yes we know that TalkTalk have stated that it will be opt in, how are they going to achieve this, when phorm says it cannot be done and it has to be out-out.
The link is dead.

Simple solution. Use Linux.

Simple solution. Use Linux. It does not matter which OS you use, phorm`s kit is installed in the ISP, they(phorm)intercept your data and then do a 307redirect,your antivirus, your antispyware, your firewall Cannot block or stop phorm, only by moving to a phorm free ISP will your data not be intercepted.

It does not matter which OS you use, phorm`s kit is installed in the ISP, they(phorm)intercept your data and then do a 307redirect,your antivirus, your antispyware, your firewall Cannot block or stop phorm, only by moving to a phorm free ISP will your data not be intercepted.

My mistake, I assumed it acted like a traditional rootkit. Very worrying, I think Virgin will be recieving the ultimate "opt-out" from me.

My mistake, I assumed it acted like a traditional rootkit. Very worrying, I think Virgin will be recieving the ultimate &quot;opt-out&quot; from me. No worries, your thinking of 121media, which is what phorm was before and yes they did install rootkits on users systems. If your ISP is one of the above, phone up customer services and tell them you will leave if they implement phorm, the more that leave the better.
I agree that Linux is the safest OS around(personal opinion).

Yes we know that TalkTalk have stated that it will be opt in, how are they going to achieve this, when phorm says it cannot be done and it has to be out-out.
The link is dead.



"as far as TalkTalk is concerned, the Phorm system is never enabled until a user explictly decides to 'opt in'."


i'l take charles dunstanes word on that(until proven otherwise):agree: some little script kiddie will come along and write a wee script to somehow disable it(hopefully) :greengrin it's all cowboys and indians out there in cyberspace.

excuse my ignorance but I'm with virgin and have no idea what you guys are talking about or why it should concern me, i'm not being cheeky i just don't understand all the terms being banded about??

i'l take charles dunstanes word on that(until proven otherwise):agree: some little script kiddie will come along and write a wee script to somehow disable it(hopefully) :greengrin it's all cowboys and indians out there in cyberspace.

It should be opt-in, it will interesting to see how TalkTalk deploy phorm, as we are still waiting for an announcement from them.
excuse my ignorance but I'm with virgin and have no idea what you guys are talking about or why it should concern me, i'm not being cheeky i just don't understand all the terms being banded about?? Basically, everytime you click on a link, phorm will intercept your data and replace the website your trying to visit with a fake one from phorm`s servers installed at Virgin, it does this three times, it also reads your screen, so it sees everything that you are looking at, it then sends ads to your computer depending on what you have been searching, there is much more info at this thread> http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html

They also build up a profile of you which they say they store for 14 days, we do not know what happens thereafter, most likely sold to the higgest bidder, this may include your name, address, phone number, birth date, credit card number, bank details ect...

The trials have been announced on BT Beta forums for 30th September. See post from moderator Mark W on Beta forums - text copied here. BT is commencing the technical trial of BT Webwise on Tuesday 30th September 2008. Full information regarding the trial has been posted on bt.com



https://nodpi.org/forum/index.php/topic,212.0.html



http://www.beta.bt.com/bta/forums/thread.jspa?threadID=6609