Covert BT Phorm Trial Report Leaked

stavros-59 writes "An internal BT report on the BT secret trials of Phorm (aka 121Media) Deep Packet Inspection has been revealed on Wikileaks today. The leaked document shows that during the covert trial a possible 18 million page requests were intercepted and injected with JavaScript and about 128 thousand charity ads were substituted with the Phorm Ad Network advertisements purchased by advertisers specifically for the covert trial period. Several ISPs are known to be using, or planning to use, DPI as a means of serving advertising directly through Layer 7 interception at ISP level in the USA and Europe. NebuAd claim they are using DPI to enable their advertising to reach 10% of USA internet users." CT: nodpi has updated their page with a note that says that the charity ads were "purchased and not hijacked"- read there to see what the latest is.

Re:Ouch

[KnightMB]

That's a big leak and a big privacy breach, but can this realistically lead to legal action against BT? Whether it does or not, someone has already taken the initiative to setup a page to generate fake web pages (or real ones) to pollute the data they collect. So if you can't get them out legally, you can make the data they collect useless, which hits them in the pocketbook and might be more effective than legal countermeasures. You'll find the site here: http://wanip.org/anti-nebuad/ in which every browser becomes a data-mining polluter when it's run. Get enough those on a suspect ISP and watch the CEO's have a heart attack from the "pollution attack".

Re:Ouch

[Janos421]

The browsed pages do not exist, so you never download pictures or js files. It's very easy for an ISP to filter these requests, they can filter the HTTP response code.
Two FF exntensions generate fake queries on search segines to pollute the collected data (at search engine level, but it also pollute ISP data). SquiggleSR and TrackMeNot. Notice that the former also clicks on non-sponsored results and may deceive cookie tracking.

Re:Loss of Common Carrier Exemption?

[Red+Flayer]

It occurs to me that, at least in the US, an ISP that does ad injection *may* be losing its common-carrier status by changing the information that they convey from a Web site to the subscriber.

Newsflash: ISPs do not have common carrier status.

This means that whatever safeguards you associate with common carriers, are not enforceable wrt ISPs. A lot of the big ISPs are very happy with the current situation, since they basically get the benefits of common carriers, without the drawbacks (such as not be allowed to throttle certain users).