Covert BT Phorm Trial Report Leaked 292
stavros-59 writes "An internal BT report on the BT secret trials of Phorm (aka 121Media) Deep Packet Inspection has been revealed on Wikileaks today. The leaked document shows that during the covert trial a possible 18 million page requests were intercepted and injected with JavaScript and about 128 thousand charity ads were substituted with the Phorm Ad Network advertisements purchased by advertisers specifically for the covert trial period. Several ISPs are known to be using, or planning to use, DPI as a means of serving advertising directly through Layer 7 interception at ISP level in the USA and Europe.
NebuAd claim they are using DPI to enable their advertising to reach 10% of USA internet users." CT: nodpi has updated their page with a note that says that the charity ads were "purchased and not hijacked"- read there to see what the latest is.
For the uninitiated (Score:4, Informative)
I hate it when people use too many arbitrary abbrivations. Let's start actually typing out names to set a context, then let people abbrivate in comments...
Re:Is that legal? (Score:1, Informative)
http://news.bbc.co.uk/1/hi/technology/7339263.stm
Re:Ouch (Score:5, Informative)
I like how it's charity ads that were intercepted (Score:3, Informative)
What's next, Nike tests shoes (leaked codename: "rental") that deteriorate in 30 days -- on retarded children. Through a charity donation. That they write off their taxes the full value of.
Seriously: these are the times I'm glad to procrastinate about being an internet activist[1], because YOU CAN'T MAKE THIS STUFF UP. I couldn't have warned of this if I had tried.
[1] CHILL, guy with the sig 'whenever I hear the word activist I reach for my revolver' It's going to be all right.
Re:For the uninitiated (Score:3, Informative)
Over here in the UK, nobody needs to expand BT. Everyone knows what it means. (I assume you are not from the UK).
I'm sure stavros-59 just used it out of habit.
Brief Overview (Score:3, Informative)
Re:Ouch (Score:5, Informative)
Two FF exntensions generate fake queries on search segines to pollute the collected data (at search engine level, but it also pollute ISP data). SquiggleSR [mozilla.org] and TrackMeNot [mozilla.org]. Notice that the former also clicks on non-sponsored results and may deceive cookie tracking.
Re:Um, Replacing Charity Ads? (Score:3, Informative)
Re:Ouch (Score:2, Informative)
IPv6 is supposed to have IPSec as a required element. I don't know how much this means; whether it'll actually be *used*, and resist MITM attacks.
Re:Loss of Common Carrier Exemption? (Score:5, Informative)
This means that whatever safeguards you associate with common carriers, are not enforceable wrt ISPs. A lot of the big ISPs are very happy with the current situation, since they basically get the benefits of common carriers, without the drawbacks (such as not be allowed to throttle certain users).
Re:Advertisement Injection (Score:3, Informative)
Re:For the uninitiated (Score:3, Informative)
Re:Advertisement Injection (Score:5, Informative)
Let's say you're sending index.html. Take a hash of the page, put the hash early on the page.
In the bottom of the page, insert javascript code that removes the hash value, hashes the page, and compares it to the removed hash. If they mismatch, do an alert("warning: the page has been tampered with since it left Foocorp.com's servers."). The hash function doesn't have to be overly secure; here is actually a good time to write your own bad crypto.
The ISP would then have a hard time modifying the page, because they would have to generate the hash value of the modified page before seeing the page they want to modify only slightly.
They could, of course, buffer the whole page (if the server sends it out, or it could spoof your ACKs) and run the javascript on their modified version to compute the hash function. But how are they to know which functions to call? Include an infinite loop and some exploits that you never call yourself if you want to be really disruptive.
Re:Misrepresentation (Score:3, Informative)
This sounded awfully familiar to me and now I remember where I've heard all this before. Spyware. There are certain spyware programs that, when installed on your computer, would replace the ads that a site displayed with its own ads. Website owners were outraged by this. At least with the spyware, though, the user had to have the application installed on the computer and could remove it (sometimes with much difficulty). With Phorm, the "spyware" is installed on the ISP's systems. You, as a user, aren't aware that it is there and have no say as to whether it replaces ads or not. (Yes, they give you a chance to opt-out, but I can guarantee they'll hide the page for doing so as much as possible.)
I think we need to call Phorm what it is: Spyware on a massive scale.
Re:Is that legal? (Score:3, Informative)
No, they most certainly are not. Certain derivative works are protected under fair use, but they must fall into one of a few narrow categories such as parody or commentary (they vary from country to country). There is no blanket derivative work fair use protection.
Re:And created a copyright violation (Score:5, Informative)
Phorm in the UK [digitalspy.co.uk]
One business user was updating the website for his home business. He used his home network connection to inspect the appearance of his website. To his surprise, he could not understand why the format of his website was consistently different from what he had intended. Disturbed by this, he reinstalled the OS on all his servers in fear of being rootkitted, rechecked all his security settings, reconfigured his firewall, and performed a packet trace on every connection made. In the end he noticed that various links on his webpages were being changed and that in particular some were coming from dns.sysip.net. Basically, this system redirected any links to adverts back to Phorm servers.
Customer who was Phormed [adslguide.org.uk]