Sponsored Links

Possible trivial Phorm opt-in "Exploit" discovered

yes and to add insult to injury BT phorums are censoring posts that mention phorm or webwise so trying to kill of any opposition to it.
 
in which case this system should immediately be struck off the agenda, totally disgusting that they are removing information and censoring since it shows that they know they are in the wrong, they are just relying on the fact that users have no idea and dont want more advanced ones explaining to them in order for them to make an informed decision to leave the ISP.
 
Thats the impression I got, so opted out users still have intercepted web pages but just no tracking?

Yes, according to the information published by Richard Clayton (which was reviewed by Phorm before publication) you'll still get redirected 3 times to set one forged cookie for every domain you visit. Once the forged webwise cookie is set for a website, subsequent requests will have the cookie stripped and be passed through without redirection until the site's forged webwise cookie expires (after 3 days).

If you've opted out, the webwise cookie forged for each site you visit will have the value "OPTED_OUT" instead of the user identity number (Ie "OPTED_OUT" instead of "2173" in my diagram below) and the profiler won't process the request or response.


phorming.png


Incidently I'd be very surprised if my opt-out flaw still works as they've had plenty of time to fix it, what with all the delays.
 
Last edited:
Nebuad opt-out

I had a look at Nebuad (a rival service to Phorm's) the other day.

Apparently much like Phorm, Nebuad uses a cookie based opt-out. Opting out or back-in is achieved just by requesting a URL, in response to which Nebuad's server sends your browser its opt-out / opt-in cookies...

Surprisingly, the opt-in /opt-out pages are indexed by google: http://www.google.co.uk/search?num=100&hl=en&q=site:nebuad.com+optin&meta=

WARNING: if your ISP uses Nebuad and you've already opted-out, then opening the second search result shown in google (optin_done.php) will almost certainly opt you back in.

Opting in creates 2 sets of 5 cookies, "o","u","c","h","w", one set in "a.faireagle.com", and the other in the "b.faireagle.com" subdomain. Opting out sets "o"="9".

o = 0 appears to indicate opted in.
o = 9 indicates opted out.

My guess is "o" might be a set of binary flags eg

bit #0 = 1 - don't track
bit #3 = 1 - don't show targetted adverts.

'c' is the name of an adserver.
'h' and 'u' are set to matching 14 digit numbers.
'w' is another 14 digit number.

Different sets of numbers are generated for the a and b subdomains.

If you look at the bottom of the opt-in page you'll see the actual opt-in urls passed using a couple of <script> tags right at the very bottom, the browser will request these urls and the server will set the cookies in the response.

<script language="JavaScript" src="http://a.faireagle.com/a?t=o&track=yes&noads=none"></script>
<script language="JavaScript" src="http://b.faireagle.com/a?t=o&track=yes&noads=none"></script>


And for the opt-out page.

<script language="JavaScript" src="http://a.faireagle.com/a?t=o&track=no&noads=all"></script>
<script language="JavaScript" src="http://b.faireagle.com/a?t=o&track=no&noads=all"></script>

There doesn't appear to be any measures in place to prevent an "evil" website from opting you back-in using the same method. :crap:
 
Last edited:
looks like theres another domain to ban using my routers settings, hopefully it will work for the time being.
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £24.00
132Mbps
Gift: None
Shell Energy UK ISP Logo
Shell Energy £26.99
109Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
145Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £15.00
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £21.00
150Mbps
Gift: £25 Love2Shop Card
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All

Helpful ISP Guides and Tips

Sponsored Links
The Top 15 Category Tags
  1. FTTP (5473)
  2. BT (3505)
  3. Politics (2525)
  4. Openreach (2291)
  5. Business (2251)
  6. Building Digital UK (2234)
  7. FTTC (2041)
  8. Mobile Broadband (1961)
  9. Statistics (1780)
  10. 4G (1654)
  11. Virgin Media (1608)
  12. Ofcom Regulation (1451)
  13. Fibre Optic (1392)
  14. Wireless Internet (1386)
  15. FTTH (1381)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules