Nebuad opt-out
I had a look at Nebuad (a rival service to Phorm's) the other day.
Apparently much like Phorm, Nebuad uses a cookie based opt-out. Opting out or back-in is achieved just by requesting a URL, in response to which Nebuad's server sends your browser its opt-out / opt-in cookies...
Surprisingly, the opt-in /opt-out pages are indexed by google:
http://www.google.co.uk/search?num=100&hl=en&q=site:nebuad.com+optin&meta=
WARNING: if your ISP uses Nebuad and you've already opted-out, then opening the second search result shown in google (optin_done.php) will almost certainly opt you back in.
Opting in creates 2 sets of 5 cookies, "o","u","c","h","w", one set in "a.faireagle.com", and the other in the "b.faireagle.com" subdomain. Opting out sets "o"="9".
o = 0 appears to indicate opted in.
o = 9 indicates opted out.
My guess is "o" might be a set of binary flags eg
bit #0 = 1 - don't track
bit #3 = 1 - don't show targetted adverts.
'c' is the name of an adserver.
'h' and 'u' are set to matching 14 digit numbers.
'w' is another 14 digit number.
Different sets of numbers are generated for the a and b subdomains.
If you look at the bottom of the opt-in page you'll see the actual opt-in urls passed using a couple of <script> tags right at the very bottom, the browser will request these urls and the server will set the cookies in the response.
<script language="JavaScript" src="http://a.faireagle.com/a?t=o&track=yes&noads=none"></script>
<script language="JavaScript" src="http://b.faireagle.com/a?t=o&track=yes&noads=none"></script>
And for the opt-out page.
<script language="JavaScript" src="http://a.faireagle.com/a?t=o&track=no&noads=all"></script>
<script language="JavaScript" src="http://b.faireagle.com/a?t=o&track=no&noads=all"></script>
There doesn't appear to be any measures in place to prevent an "evil" website from opting you back-in using the same method. :crap: