The users were not informed they were being made guinea pigs for a new revenue system for BT and had no way to opt out of the system, according to the report. The JavaScript caused flickering problems for some users as the script reported back information about the content of the web page to a Phorm server. The script also crashed browsers that loaded a website that relied excessively on anchor tags. Additionally, the rogue JavaScript showed up unexpectedly in user's posts to some web forums.Link (Thanks, Robbo!)
/
/
12:49 am Fri
Jun 6, 2008
British Telecom's eavesdropping software crashed browsers
A leaked report on British Telecom's spyware "Phorm" project -- eavesdropping software that the ISP secretly infected its customers' PCs with, in order to insert ads into their browsing sessions -- caused browser crashes, slowdowns and system instability.
White SC cops pull black passenger out of car, take turns publicly cavity-searching him
White cops from Aiken, SC improperly stopped a car driven by a black woman (they claimed the stop was motivated by temporary tags, but driving with current temporary tags is not grounds for a stop), then improperly questioned her passenger, who voluntarily gave them his ID, then induced a drug dog to “alert” on the […]
READ THE REST
French Parliament votes to imprison tech execs for refusal to decrypt
Amendment 90 to France’s penal reform bill provides for five year prison sentences and €350,000 fines for companies that refuse to accede to law enforcement demands to decrypt devices.
READ THE REST
Celebrating the 20th anniversary of the Declaration of Independence of Cyberspace
In 1996, in the midst of the Clinton administration’s attack on the Internet and cryptography, Grateful Dead lyricist and EFF co-founder John Perry Barlow sat down in Davos, Switzerland, where he’d been addressing world leaders on the subject of the Internet and human rights, and wrote one of net-culture’s formative documents: The Declaration of Independence […]
READ THE REST
Two smartphone accessories for snapping pro-quality photos
When carrying around a bulky DSLR camera isn’t ideal, we use these impressive add-ons to help turn our smartphones into quality cameras. Flexible Tripod for Smartphones and CamerasThe Flexible Tripod for Smartphones and Cameras ($8.99) is perfect for capturing a group shot or leveling out your phone on an uneven surface. Its flexible legs can wrap around anything, even a tree branch, […]
READ THE REST
Here's how Big Data could change your career
With all of the digital information out there—from credit card numbers to Instagram posts to consumer behavior—there’s so much data that businesses struggle with the task of storing, managing, and analyzing the information. That’s why Big Data is one of the fastest growing career paths in the world. Big Data is a giant, intimidating subject, which is why […]
READ THE REST
Stop borrowing your friend's phone charger and grab this 3-pack of Lightning cables
We’re always searching for, borrowing, and losing Lightning cables, and that’s why we are loading up with the Apple MFi-Certified Lightning Cable: 3-Pack.These Apple-certified USB cables let you charge your iPhone, iPad, or iPod via any USB port—whether you prefer your computer or the Apple USB Power Adapter. And since there’s three of them, you never […]
READ THE REST
16
Comments are closed.
i can not imagine that content owners will let this slide. modifying their content in such a way has to be legally problematic.
Surely this is illegal under the Computer Misuse Act?
You’d think.
If the post-office started steaming open letters and putting adverts inside the envelopes they delivered, I’d be f****d off with them, too.
I actually have my webserver set up to include the
Content-MD5:
header on some pages. Does this mean BT just screws with the text of the webpages on the fly and breaks the hashes / filters them out?
Just subscribed for BT’s ’employee broadband’ for a nominal £1 a year.
I wonder if I can get my money back…
Far be it from me to defend BT or this plainly illegal activity, but there’s really no need to exaggerate the case and call it “eavesdropping” – that suggests someone sitting there watching your HTTP data. AFAIK Phorm is “just” about tracking URLs you visit, not the content of data going either way (so things you type into forms like the BoingBoing comment form weren’t getting intercepted.)
Incidentally it’s looking quite likely that the Information Commissioner will get them prosecuted for this – if they don’t, THAT will be the real scandal. Huge corporate bends or ignores the law for pecuniary advantage? Old news. Independent Crown Prosecution Service refuses to prosecute an open and shut case? That’s serious.
@4: What’s the point of putting an MD5 hash in a page as proof it hasn’t been intercepted and modified? An attacker who doesn’t want to be detected will just rewrite the hashes.
In the long run these sort of shenanigans probably have a positive effect, as it highlights the need for encryption.
Processor time is cheap. Is there any real reason not to encrypt all http traffic?
They named the project “Phorm”… Really? Reads a bit like “Pr0n.”
Cory,What happened with you showdown with Virgin?
Some help would be good ‘cos I have MAJOR issues with their service it the moment.
#6 IMPAK: So you’re cool with the phone company keeping track of what you look up in the phonebook? Or you’re fine with the government keeping track of what books you buy? It’s all the same principle, and it’s an invasion of privacy.
As has been pointed out, this seems like a rather open and shut case. I’m not familiar with the british laws, but in both Canada and the US, there are laws specifically against installing software on somebody’s computer without their knowledge. It’s not surprising to see a random website doing this, but for an ISP to do this, and for such selfish reasons, calls for swift action. Let’s hope this goes to court swiftly and decisively.
@ #6, I think you’re missing part of the picture. Sure, they don’t know the exact contents of the page, but just know where you’ve been says a lot. In fact, it is worse in many ways, because without the context of why you were visiting those sites and what was on them, it’s easy to misinterpret your actions.
As an analogy, consider having a private investigator follow you around. He doesn’t have a big microphone or camera recording every conversation you have, he just follows you and make notes about where you’ve been. Say you happen to visit the unemployment office, a prison, a hospital, then spend the night at a halfway home. At first glance, I’d say you were some poor junkie on parole. However, you’re actually a counselor for battered women.
If you think that was an unreasonable example, consider what your search terms on Google look like. When AOL had that list of millions of customers’ searches leaked, there were some rather bizarre correlations. One woman looked like she was either at the end of her rope or in desperate need of medical attention. In reality, she had tried to help many friends all with various ailments.
The common belief that there’s nothing to fear if you have nothing to hide is false because the interpretation of one’s actions can be quite negative even if they are done with good intentions.
Besides, what business do they have keeping track of where you go? Other than making them money, what are they providing you in return?
Danegeld – more like the post office sticking post-its on the pages of your magazines. If there’s an ‘envelope’ (SSL) then Phorm can’t mess with it.
Still, magazines don’t phone home when you turn the pages, but the might fall apart when you start stuffing them full of flyers.
Messing with anything inline is a bad idea…
Everyone go watch the movie “One Point Oh” / “Paranoia 1.0” now.
IMIPAK: “there’s really no need to exaggerate the case and call it “eavesdropping” – that suggests someone sitting there watching your HTTP data.”
Well, I’m quite sure there’s no one looking at *every* request. Yet they *did* manage to count the number of customers’ bulletin board posts reporting problems. But hey, I guess they just googled it. Didn’t they?