Phorm, the Deep Packet Inspection Ad-Injector Company, Ceases Trading

Reader mccalli writes: Phorm, a controversial UK deep-packet inspection/ad-injection company discussed on Slashdot many times before, has ceased trading today. Phorm was controversial for, among other things, editing and approving UK government advice on privacy, offering hospitality to the police prior to a decision over prosecution, and being the subject of an EU investigation for its practices and close relationship with the then UK government. The Register has a more editorialized version of the news, but it is fair to say that Phorm will not be mourned by fans of internet privacy.

Re:Question to the Network Guys

[Archangel+Michael]

You can always see the payload. Packets are not private.

The payload is either encrypted or not. If it isn't encrypted, it is nothing more than a postcard in the mail; anyone can read it, but rarely is it interesting enough to even care.

Encrypted packets like https are not normally visible. Man in the middle attacks can make them just as visible as a postcard. And with other techniques it might be possible to crack open the encryption (weak).

Once viewable, you can break apart a packet, insert whatever you want into them, and send them on the way. In this case, they inserted ads into web requests (via html) so that the ads appeared to be served by the website, but were instead served by their own server.

Editorial, there is no reason to run HTTP and not HTTPS for your website traffic. If you can't buy a cert, then you can't really afford to have a website.