Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phorm, the Deep Packet Inspection Ad-Injector Company, Ceases Trading

Posted by msmash on from the good-riddance dept.

Reader mccalli writes: Phorm, a controversial UK deep-packet inspection/ad-injection company discussed on Slashdot many times before, has ceased trading today. Phorm was controversial for, among other things, editing and approving UK government advice on privacy, offering hospitality to the police prior to a decision over prosecution, and being the subject of an EU investigation for its practices and close relationship with the then UK government. The Register has a more editorialized version of the news, but it is fair to say that Phorm will not be mourned by fans of internet privacy.

5 of 31 comments (clear)

  1. Re:Question to the Network Guys by Archangel+Michael · · Score: 3, Insightful

    You can always see the payload. Packets are not private.

    The payload is either encrypted or not. If it isn't encrypted, it is nothing more than a postcard in the mail; anyone can read it, but rarely is it interesting enough to even care.

    Encrypted packets like https are not normally visible. Man in the middle attacks can make them just as visible as a postcard. And with other techniques it might be possible to crack open the encryption (weak).

    Once viewable, you can break apart a packet, insert whatever you want into them, and send them on the way. In this case, they inserted ads into web requests (via html) so that the ads appeared to be served by the website, but were instead served by their own server.

    Editorial, there is no reason to run HTTP and not HTTPS for your website traffic. If you can't buy a cert, then you can't really afford to have a website.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  2. Re:Question to the Network Guys by U2xhc2hkb3QgU3Vja3M · · Score: 4, Informative

    There is no reason to run HTTP and not HTTPS for your website traffic. If you can't buy a cert, then you can't really afford to have a website.

    Let’s Encrypt is a new Certificate Authority:
    It’s free, automated, and open.

  3. Funny by GeekWithAKnife · · Score: 3, Interesting


    No one could figure out how they are making money and by that I mean turning a profit.

    Turns out neither did they.

    --
    A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
  4. Term of art by Ungrounded+Lightning · · Score: 3, Informative

    Does deep packet inspection render https/ssl/ssh transparent to those with this technology or are my packets still keep private. I understand they can see src/dst, but can they see payload as well?

    "Deep Packet Inspection" is a term of art in the design, manufacture, and sales of networking equipment. It refers to the ability of a networking device to parse, and make decisions on, more of the packet than the I.P. header.

    The shallowest of "Deep Packet Inspection" would be to identify the protocol and/or service used (benignly: to adjust routing priorities: Fast but quick discard for streams, up to a limit, slower and lower priority but with more bandwidth available for file transfers, etc. Malevolently: to break file sharing protocols, especially when used by a customer who is consuming substantial capacity.)

    But it can go as farther in from there as the capacity of the box allows. One use might be to recognize and filter out known spam or malware from email streams, as a service to the customer.

    Routers are seas of risc processors with acceleration hardware, and Moore's law has applied to them as much as to silicon elsewhere in the computing infrastructure. Some of that has been applied to handling more packets. But much of it has been applied to being able to throw more general-purpose processor instructions at each packet.

    You've seen what decades of following Moore's law has done for computing capability. Imagine what it has done for making routers - especially "edge routers", where are customer's packets come together and something useful can be done with them - smarter than the "dumb as rocks" hot-potato throwers of the backbone (and the original conception of the whole net).

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  5. Re:Question to the Network Guys by Anonymous Coward · · Score: 3, Informative

    If HTTPS is easily broken into, then why exactly should everyone bother using it? Not everyone is running an e-commerce site; if you're just running a small informational site, why should you care about HTTPS?

    This is something that I've never seen explained. The whole HTTPS-anywhere trend these days just seems like a dumb bandwagon that people are jumping on to make them look like they're clued-in and knowledgeable.

    Multiple reasons:
    (1) To stop intermediaries messing with your streams (e.g. adding ads, malware or "super-cookies" like Verizon did).
    (2) It in general helps to minimize the useful information that intermediaries (like ISPs) can get from your data streams.
    (3) It makes HTTPS for important data more secure in general because your important HTTPS stuff is obscured by all the other unimportant stuff which is also encrypted.