Phorm, the Deep Packet Inspection Ad-Injector Company, Ceases Trading 31
Reader mccalli writes: Phorm, a controversial UK deep-packet inspection/ad-injection company discussed on Slashdot many times before, has ceased trading today. Phorm was controversial for, among other things, editing and approving UK government advice on privacy, offering hospitality to the police prior to a decision over prosecution, and being the subject of an EU investigation for its practices and close relationship with the then UK government. The Register has a more editorialized version of the news, but it is fair to say that Phorm will not be mourned by fans of internet privacy.
Re:Question to the Network Guys (Score:4, Insightful)
You can always see the payload. Packets are not private.
The payload is either encrypted or not. If it isn't encrypted, it is nothing more than a postcard in the mail; anyone can read it, but rarely is it interesting enough to even care.
Encrypted packets like https are not normally visible. Man in the middle attacks can make them just as visible as a postcard. And with other techniques it might be possible to crack open the encryption (weak).
Once viewable, you can break apart a packet, insert whatever you want into them, and send them on the way. In this case, they inserted ads into web requests (via html) so that the ads appeared to be served by the website, but were instead served by their own server.
Editorial, there is no reason to run HTTP and not HTTPS for your website traffic. If you can't buy a cert, then you can't really afford to have a website.
Re:Question to the Network Guys (Score:5, Informative)
Let’s Encrypt [letsencrypt.org] is a new Certificate Authority:
It’s free, automated, and open.
Re: (Score:3)
If HTTPS is easily broken into, then why exactly should everyone bother using it? Not everyone is running an e-commerce site; if you're just running a small informational site, why should you care about HTTPS?
This is something that I've never seen explained. The whole HTTPS-anywhere trend these days just seems like a dumb bandwagon that people are jumping on to make them look like they're clued-in and knowledgeable.
Re: (Score:3, Informative)
If HTTPS is easily broken into, then why exactly should everyone bother using it? Not everyone is running an e-commerce site; if you're just running a small informational site, why should you care about HTTPS?
This is something that I've never seen explained. The whole HTTPS-anywhere trend these days just seems like a dumb bandwagon that people are jumping on to make them look like they're clued-in and knowledgeable.
Multiple reasons:
(1) To stop intermediaries messing with your streams (e.g. adding ads, malware or "super-cookies" like Verizon did).
(2) It in general helps to minimize the useful information that intermediaries (like ISPs) can get from your data streams.
(3) It makes HTTPS for important data more secure in general because your important HTTPS stuff is obscured by all the other unimportant stuff which is also encrypted.
Re: (Score:2)
HTTPS isn't easily broken into. That is the point of it. Under the right circumstances, a man in the middle MIGHT be able to decrypt the steam. However, those cases are usually easy to identify with some additional tools.
With HTTPS, the packets appear to contain noise, and it requires keys to unlock to see what is going on, and that usually triggers alarms built in.
HTTP is like a post card, anyone, anywhere can read it. HTTPS is like a sealed envelope, which remains sealed until delivery, and attempts to un
Re: (Score:2)
Ok, but like every discussion of HTTPS-everywhere, you have failed to explain why this is important.
Why do I care if people can see what I read on a site? To give you an example, suppose you go to someinformationalsite.org, a completely static HTML site. Someone intercepting your traffic, HTTPS or not, will see that you've gone to someinformationalsite.org. With HTTPS, they can't easily read the actual content, with HTTP they can. But with HTTPS, they can just go to someinformationalsite.org by themselv
Re: (Score:3)
Anyone can see the src and des fields in a packet, they are publicly available. They have to be other wise the router would have no idea how to route the packet. Deep packet inspection by definition means that they are inspecting the actual payload of the packet. This can also imply that the company is also doing ssl stripping or other means of defeating in transit encryption (apart from encryption done to the packets contents).
Re: (Score:3)
If they have the private key, then maybe [wireshark.org] (assuming Diffie-Hellman was not used to create a session key without transmitting it).
There are a number of proxies that support creating SSL certs on the fly in order to MITM SSL traffic, though this is obvious unless you have installed the device's certificate as a trusted CA on the users' computers.
Term of art (Score:4, Informative)
Does deep packet inspection render https/ssl/ssh transparent to those with this technology or are my packets still keep private. I understand they can see src/dst, but can they see payload as well?
"Deep Packet Inspection" is a term of art in the design, manufacture, and sales of networking equipment. It refers to the ability of a networking device to parse, and make decisions on, more of the packet than the I.P. header.
The shallowest of "Deep Packet Inspection" would be to identify the protocol and/or service used (benignly: to adjust routing priorities: Fast but quick discard for streams, up to a limit, slower and lower priority but with more bandwidth available for file transfers, etc. Malevolently: to break file sharing protocols, especially when used by a customer who is consuming substantial capacity.)
But it can go as farther in from there as the capacity of the box allows. One use might be to recognize and filter out known spam or malware from email streams, as a service to the customer.
Routers are seas of risc processors with acceleration hardware, and Moore's law has applied to them as much as to silicon elsewhere in the computing infrastructure. Some of that has been applied to handling more packets. But much of it has been applied to being able to throw more general-purpose processor instructions at each packet.
You've seen what decades of following Moore's law has done for computing capability. Imagine what it has done for making routers - especially "edge routers", where are customer's packets come together and something useful can be done with them - smarter than the "dumb as rocks" hot-potato throwers of the backbone (and the original conception of the whole net).
And nothing of value was lost. (Score:2, Funny)
Phorm tried to screw with the Internet, and the net screwed back. Die, you gravy-sucking pigs.
Phorm fitting (Score:2)
Sorry I had to.
Funny (Score:4, Interesting)
No one could figure out how they are making money and by that I mean turning a profit.
Turns out neither did they.
Re: (Score:2)
don't be to happy about this. (Score:1)
It is not as if there is no demand for products and services like theirs. On the contrary. Likely this just means that someone else is doing a better job at it.
in other news (Score:2)
Ph0rm, the Deep Packet Inspection Ad-Injector Company, strats Trading