Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phorm, the Deep Packet Inspection Ad-Injector Company, Ceases Trading

Posted by msmash on from the good-riddance dept.

Reader mccalli writes: Phorm, a controversial UK deep-packet inspection/ad-injection company discussed on Slashdot many times before, has ceased trading today. Phorm was controversial for, among other things, editing and approving UK government advice on privacy, offering hospitality to the police prior to a decision over prosecution, and being the subject of an EU investigation for its practices and close relationship with the then UK government. The Register has a more editorialized version of the news, but it is fair to say that Phorm will not be mourned by fans of internet privacy.

31 comments

  1. Question to the Network Guys by Anonymous Coward · · Score: 0

    As a sysadmin, my networking skills are largely theory. Does deep packet inspection render https/ssl/ssh transparent to those with this technology or are my packets still keep private. I understand they can see src/dst, but can they see payload as well?

    Thank you...

    1. Re:Question to the Network Guys by Archangel+Michael · · Score: 3, Insightful

      You can always see the payload. Packets are not private.

      The payload is either encrypted or not. If it isn't encrypted, it is nothing more than a postcard in the mail; anyone can read it, but rarely is it interesting enough to even care.

      Encrypted packets like https are not normally visible. Man in the middle attacks can make them just as visible as a postcard. And with other techniques it might be possible to crack open the encryption (weak).

      Once viewable, you can break apart a packet, insert whatever you want into them, and send them on the way. In this case, they inserted ads into web requests (via html) so that the ads appeared to be served by the website, but were instead served by their own server.

      Editorial, there is no reason to run HTTP and not HTTPS for your website traffic. If you can't buy a cert, then you can't really afford to have a website.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:Question to the Network Guys by Anonymous Coward · · Score: 0

      Google ssh key convolution. It's how they can replace certain strings without necessarily being able to read the whole packet. Another method used is the finite response window method, which essentially does the same thing through systemic analysis of the packet.

    3. Re:Question to the Network Guys by U2xhc2hkb3QgU3Vja3M · · Score: 4, Informative

      There is no reason to run HTTP and not HTTPS for your website traffic. If you can't buy a cert, then you can't really afford to have a website.

      Let’s Encrypt is a new Certificate Authority:
      It’s free, automated, and open.

    4. Re:Question to the Network Guys by Forgefather · · Score: 2

      Anyone can see the src and des fields in a packet, they are publicly available. They have to be other wise the router would have no idea how to route the packet. Deep packet inspection by definition means that they are inspecting the actual payload of the packet. This can also imply that the company is also doing ssl stripping or other means of defeating in transit encryption (apart from encryption done to the packets contents).

      --
      "There are lies, there are damn lies, and there are statistics"
    5. Re:Question to the Network Guys by Qzukk · · Score: 2

      If they have the private key, then maybe (assuming Diffie-Hellman was not used to create a session key without transmitting it).

      There are a number of proxies that support creating SSL certs on the fly in order to MITM SSL traffic, though this is obvious unless you have installed the device's certificate as a trusted CA on the users' computers.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    6. Re:Question to the Network Guys by Grishnakh · · Score: 2

      If HTTPS is easily broken into, then why exactly should everyone bother using it? Not everyone is running an e-commerce site; if you're just running a small informational site, why should you care about HTTPS?

      This is something that I've never seen explained. The whole HTTPS-anywhere trend these days just seems like a dumb bandwagon that people are jumping on to make them look like they're clued-in and knowledgeable.

    7. Re:Question to the Network Guys by Anonymous Coward · · Score: 3, Informative

      If HTTPS is easily broken into, then why exactly should everyone bother using it? Not everyone is running an e-commerce site; if you're just running a small informational site, why should you care about HTTPS?

      This is something that I've never seen explained. The whole HTTPS-anywhere trend these days just seems like a dumb bandwagon that people are jumping on to make them look like they're clued-in and knowledgeable.

      Multiple reasons:
      (1) To stop intermediaries messing with your streams (e.g. adding ads, malware or "super-cookies" like Verizon did).
      (2) It in general helps to minimize the useful information that intermediaries (like ISPs) can get from your data streams.
      (3) It makes HTTPS for important data more secure in general because your important HTTPS stuff is obscured by all the other unimportant stuff which is also encrypted.

    8. Re: Question to the Network Guys by Anonymous Coward · · Score: 0

      Good post, mod up please

    9. Re:Question to the Network Guys by Archangel+Michael · · Score: 1

      HTTPS isn't easily broken into. That is the point of it. Under the right circumstances, a man in the middle MIGHT be able to decrypt the steam. However, those cases are usually easy to identify with some additional tools.

      With HTTPS, the packets appear to contain noise, and it requires keys to unlock to see what is going on, and that usually triggers alarms built in.

      HTTP is like a post card, anyone, anywhere can read it. HTTPS is like a sealed envelope, which remains sealed until delivery, and attempts to unseal it are difficult to pull off without seeing the envelope has been tampered with. The better the encryption, the harder it is to open.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    10. Re:Question to the Network Guys by Grishnakh · · Score: 1

      Ok, but like every discussion of HTTPS-everywhere, you have failed to explain why this is important.

      Why do I care if people can see what I read on a site? To give you an example, suppose you go to someinformationalsite.org, a completely static HTML site. Someone intercepting your traffic, HTTPS or not, will see that you've gone to someinformationalsite.org. With HTTPS, they can't easily read the actual content, with HTTP they can. But with HTTPS, they can just go to someinformationalsite.org by themselves, and see exactly why you're seeing. So why is it important for someinformationalsite.org to bother using HTTPS? They don't have anything to hide, in fact they cannot hide anything, because they're using plain ol' static HTML.

    11. Re: Question to the Network Guys by Anonymous Coward · · Score: 0

      > There are a number of proxies that support creating SSL certs on the fly in order to MITM SSL traffic, though this is obvious unless you have installed the device's certificate as a trusted CA on the users' computers.

      Sophos UTM is capable of doing this with about 15 minutes of effort. Plus it can push the certs by merely logging in via MS group policy. It and similar products can essentially perform a seemingly transparent MITM on https etc traffic on local hosts that would go unnoticed by users who don't inspect their browser certs. Particularly if the domain accounts have restrictions on what software they can run... ie your typical corporate network.

      There are serious privacy/legal implications here if the network doesn't include excessive filtering to prevent things like medical and financial data from getting inspected should the proxy be compromised or misused in general, regardless of network use policy.

  2. Oh what a shame by Anonymous Coward · · Score: 0

    Bye, bye...

  3. And nothing of value was lost. by Anonymous Coward · · Score: 2, Funny

    Phorm tried to screw with the Internet, and the net screwed back. Die, you gravy-sucking pigs.

  4. Phorm fitting by Virtucon · · Score: 1

    Sorry I had to.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  5. Funny by GeekWithAKnife · · Score: 3, Interesting


    No one could figure out how they are making money and by that I mean turning a profit.

    Turns out neither did they.

    --
    A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
    1. Re:Funny by Anonymous Coward · · Score: 0

      Gotta laugh about their announcement, blaming it all on a failure to attract more investment.
      Nooo, nothing at all to do with having a product /service that can't generate a profit !

  6. Aftermath by Anonymous Coward · · Score: 0

    Shoot them publicly.

  7. Term of art by Ungrounded+Lightning · · Score: 3, Informative

    Does deep packet inspection render https/ssl/ssh transparent to those with this technology or are my packets still keep private. I understand they can see src/dst, but can they see payload as well?

    "Deep Packet Inspection" is a term of art in the design, manufacture, and sales of networking equipment. It refers to the ability of a networking device to parse, and make decisions on, more of the packet than the I.P. header.

    The shallowest of "Deep Packet Inspection" would be to identify the protocol and/or service used (benignly: to adjust routing priorities: Fast but quick discard for streams, up to a limit, slower and lower priority but with more bandwidth available for file transfers, etc. Malevolently: to break file sharing protocols, especially when used by a customer who is consuming substantial capacity.)

    But it can go as farther in from there as the capacity of the box allows. One use might be to recognize and filter out known spam or malware from email streams, as a service to the customer.

    Routers are seas of risc processors with acceleration hardware, and Moore's law has applied to them as much as to silicon elsewhere in the computing infrastructure. Some of that has been applied to handling more packets. But much of it has been applied to being able to throw more general-purpose processor instructions at each packet.

    You've seen what decades of following Moore's law has done for computing capability. Imagine what it has done for making routers - especially "edge routers", where are customer's packets come together and something useful can be done with them - smarter than the "dumb as rocks" hot-potato throwers of the backbone (and the original conception of the whole net).

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  8. don't be to happy about this. by Anonymous Coward · · Score: 1

    It is not as if there is no demand for products and services like theirs. On the contrary. Likely this just means that someone else is doing a better job at it.

  9. why? by Anonymous Coward · · Score: 0

    See subject.

    Why do you always do the "see subject" thing instead of just saying what you have to say in the body of the message? Serious question.

  10. Re:I'm glad to help kill "their kind" via by 110010001000 · · Score: 1

    That looks like malware. Where is the source code? Looks suspiciously like a Delphi virus?

  11. Re: I'm glad to help kill "their kind" via by Anonymous Coward · · Score: 0

    Mvps.org is where I get my plaintext HOSTS file.

    -notAPK

  12. in other news by zlives · · Score: 1

    Ph0rm, the Deep Packet Inspection Ad-Injector Company, strats Trading

  13. Eat your words #2/2 110010001000... apk by Anonymous Coward · · Score: 0

    Safe by 57++ antivirus' https://www.virustotal.com/en/...

    10 Antivirus companies listed below HAD to rescind false positives on it in 2012:

    1.) McAfee/Intel
    2.) ESET/NOD32
    3.) Symantec/Norton
    4.) Sophos
    5.) Comodo
    6.) ArcaVir
    7.) ClamAV
    8.) EmsiSoft
    9.) Qihoo360
    10.) Computer Associates

    * Which Mr. Burn of Malwarebytes (per my previous post's evidences https://yro.slashdot.org/comme... )can substantiate as well if you need more, scumbag!

    APK

    P.S.=> See subject & so much for 'experts' (especially wannabe nobodies like YOU) ... apk

  14. My program imports MVPS data... apk by Anonymous Coward · · Score: 0

    See subject: However, they don't get a lot of threats & update slowly vs. other sources too so I also import 9 more from reputable security community sources too!

    (All are optionally chooseable or omittable, allowing you the user to choose which to get since they also many update FAR MORE than MVPS does... & CURRENT DATA is the most important vs. threats out there!)

    APK

    P.S.=> That information SHOULD prove useful to you - you're not getting as full or current information vs. threats online hosts protect vs. as you should be... & my program corrects that! apk

  15. Eat your words #1/2 110010001000... apk by Anonymous Coward · · Score: 0

    My code went thru verification by Mr. Steven Burn of Malwarebytes' hpHosts quoted: "I've been asked to further clarify so for the record yes I've seen the code, and yes, it is safe" FROM http://forum.hosts-file.net/vi...

    * That's in addition to my other proofs of my ware's safety here https://yro.slashdot.org/comme...

    APK

    P.S.=> See subject scumbag - considering you tried vainly to "hide" this via a downmod here last time I posted it https://yro.slashdot.org/comme... ... apk

  16. Glad to help kill "their kind" via by Anonymous Coward · · Score: 0

    APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...

    Less power/cpu/ram + IO use + complexity vs. local DNS servers, routers & antivirus w/ less security issues. Compliments firewalls (no layered filtering drivers firewalls use blocking less used IP addys, hosts block more used hostnames). Antivirus = reactive. Hosts = proactive, blocking infection BEFORE you get it. Gets data via 10 security sites.

    (Works vs. HTTP PUSH servers in Chrome w/ firewalls)

    Ads steal speed/security/privacy.

    * Proven safe https://www.virustotal.com/en/...

    (Verified by Mr. S. Burn of Malwarebytes: "I've seen the code, and yes, it is safe" http://forum.hosts-file.net/vi... )

    APK

    P.S. - Hosts gain speed (hardcodes + adblocks), security (vs. bad sites/dns security issues), reliability (vs. downed/poisoned dns), & anonymity (dns requestlogs/trackers) vs. other solutions w/ what you natively have. Hosts != blockable by ClarityRay/BlockIQ like Adblock/UBlock/Ghostery