There’s a lot of debate going on in the UK at the moment about Phorm being introduced by three of the biggest ISP’s - British Telecom, Virgin Media & The Carphone Warehouse. The main concern raised by users is about the potential breach of individual privacy by Phorm being allowed to target ads in websites to users based on specific information provided to Phorm by the ISP’s which will enable tracking of an individual’s browsing habits and the websites they have visited etc. (:AGY)
Phorm claim that no personally identifiable information can be attributed to an individual, and that users will be able to “opt out” if they so desire. Also ,there is a legal debate as well, in terms of whether or not the ISP’s would be in contravention of the Data Protection Act by allowing Phorm to have access to this information about individual browsing activity.
Can anyone advise as to whether CFP3 or any anti-malware software can actually prevent Phorm from doing this? Or would something like the Tor project be the only way to ensure that Phorm/ISP’s are not able to unilaterally impose this intrusive system on users?
I’m not sure why so many people on so many forums are asking if something they do locally can stop the ISP tracking them. Nothing you do locally can affect the ISP tracking you if they really want to, and Phorm et al are the first to really do it “right”. The only bypasses possible are:
Use different ISP that doesn’t do this. Get it in your contract and TOS. (Good luck with that)
Use a VPN to an ISP that doesn’t do this (see above, but maybe relakks or secureIX will refrain?!?)
Use something like TOR, Freenet or I2P to obfuscate where you are from/who you are. This still isn’t perfect, you have to worry about leaking DNS requests, various cookies etc (which can be dealt with locally but a PITA)…
Latter 2 choices involve a pretty noticable hit to speed on the net…
Good point, but the reason I believe why many people are so concerned is about the principle of Privacy and how individual rights to privacy can unilaterally be breached by large organisations purely for commercial gain.
I use Virgin as my ISP, and their Terms & Conditions could (and probably will) be changed to suit whatever changes Virgin feel suits their needs best. As they are the only cable broadband supplier in my area, I’m unlikely to change ISP. Therefore, really I’m being given no choice. Virgin and all other ISP’s have always had the right to pass on information about online activities to law enforcement agencies if required - I’m not concerned about that, and I don’t believe others are either. It’s about individual rights to privacy and freedom of choice. I want to be able to choose not to have my browsing habits monitored and passed on to a third party organisation with whom I have no legal contract, purely so they can deliver ads to me which I don’t want to see anyway.
This creates a potential breach of trust between me and my ISP - and as I can’t realistically change ISP, I and others have to look around to see what local action they as individuals can take to protect their rights of privacy and freedom to choose - otherwise we just get trodden on.
Sorry if this sounds like a bit of a rant ;), but if we roll over on things like this, where does it end?
This creates a potential breach of trust between me and my ISP - and as I can't realistically change ISP, I and others have to look around to see what local action they as individuals can take to protect their rights of privacy and freedom to choose - otherwise we just get trodden on.
Sorry if this sounds like a bit of a rant ;), but if we roll over on things like this, where does it end?
I wouldn’t be a bit surprise if the Phorm idea was scrapped as I’m sure someone will bring it to the attention of the Data Protection people sooner or later.
I agree that it’s a violation of our privacy laws; and if it is adopted, who knows, every ISP may decide to go along with it just to increase their profits. So in the end changing ISPs may not be an option.
The other scenario is that only the three ISPs named go along with Phorm and that they loose a lot of customers to ISPs that don’t adopt Phorm, and eventually would have to drop them like a hot brick.
Phorm is the equivalent of having someone following you down the high street, following you into every shop and jotting down all the items you look at. Then selling this info on to Direct Marketing companies. I cannot think of many people who would tolerate this, can you?
No, I agree it’s annoying what they are doing… What I don’t get is why a user would think they could do something on their computer to affect sniffing etc done upstream . . .
Then I think that pretty much answers my initial question about whether or not anything can be done on a local machine to prevent this. I just wanted to confirm if there were any settings or exclusion rules which could be set up in CFP3, or any other locally installed software which would prevent whatever information Phorm uses to track my browsing being transmitted to them without my consent.
So it looks like the answer is no, other than looking at the VPN or Tor routes - neither of which I fully understand or have the technical knowledge to implement myself.
You got it. For a tortured car analogy:
If someone wanted to track your car, there are several methods available. In the web browsing equivelent, people got used to the trackers using cookies or spyware - equivelent to the police putting a tracking device on your car. So in this case, you could faraday cage your car, or just remove anything you found that didn’t belong, and that defeated their tracking. You could even find the device and change it’s output so it lied to them, again messing up their information gathering.
The Phorm method is like an FBI tail team. Nothing you do to your car is going to prevent people just watching and following you where you go. Your choices are change cars in some way. And, just like IRL, you still have to do so in a way that doesn’t let the watchers just say “Oh, he’s now in a blue ford focus, so watch that car”.
Now, VPNs are like driving to Grand Central Station during rush hour. Suddenly, they have to work a lot harder to track you past there, and if GCS won’t let them in they also have to do a lot more work still to find you when you exit by foot or train or even a different car. But it doesn’t make you untraceable. All that said, as long as the end ISP doesn’t do Phorm (and I’m guessing FindNot, Relakks, SecureIX etc are not going to be interested in that) or you switch endpoints enough like TOR - it will be more trouble than Phorm is interested in dealing with I think.
I tried putting www.phorm.com as blocked address in firewall and all connection to internet ceased, no email, tracert or web was possible.
Deleted phorm from blocked address and all returned to normal.
Tried blocking various other addresses and had no problems, and blocked addresses were blocked.
Any explanations why this would occur, and only with phorm.com.
Leon,
Rather worrying.
Logically that would indicate that your ISP is using Phorm, but perhaps there is another reason.
You don’t say where you are and who your ISP is though.
Mike.
I think it’s to do with the phorm.com hostname resolving to multiple IPs :-
88.208.250.66
88.208.250.85 and
207.44.186.90
I suspect Comodo isn’t blocking the individual IPs, it’s blocking the whole range from 88.208.250.66 to 207.44.186.90 - which encompasses the VM DNS servers (were your alternate DNS servers outside this range ?) and also the modem config page (192.168.100.1).