4 posts • joined 9 Jul 2009
Why a webbug?
I got the second letter from play.com today. I didn't get the first letter a day or so ago, and I didn't get notified at the time of the breach; but then, I didn't get the spam emails either.
So I assume that play.com have written to everybody who *might* have been compromised, because they and Silverpop-goes-your-confidentiality don't actually know whose addresses were lost and whose weren't.
But ooh lookee, lookee, what's this at the bottom of the latest email?
Well, well, it's a 1x1 blank gif that you wouldn't see if you weren't using a text-only email reader.
Now, what exactly is a company that said in its first letter (quote) "We take privacy and security very seriously" up to, in employing covert webbugs in its customer correspondence?
SSDs for the hard of thinking
If I delete a file on a hard disc, in the ordinary course of using it with Windows, say, the file system just sets a bit in the header to say the space can be reused, but the file is still there - that's how 'undelete' programs work - unless and until something comes along and reuses the space for a new file.
On an SSD, though, the space may get reused by the drive for its own purposes, without me necessarily writing a new file at all.
It's not *very* different, though, is it? The same rules apply to deleted files that *are* still present, as to whether they can be ascribed to the supposed user, or some other person who may have had access to the drive, but the presumption is that deleted pron belonged to someone, and wasn't written by the drive itself. Unless, of course, SSDs are able to provide a modern take on the 'monkeys writing Shakespeare', and generate coherent data and/or images at random....
But of the deleted files that *aren't* present, or not wholly present, there will only be the possibly minuscule differences caused by the SSD carrying out housekeeping, when reconnected, that it couldn't carry out earlier.
It will hardly be the 'death of forensics' forecast above; what an SSD does in firmware when connected is (or should be) detectably different from any 'tampering' that might follow...
Pour encourager les autres....
Chris Maples doesn’t get it, does he? Or at least, in how he’s been reported here...
I’ve always said there were two sides to serving relevant advertising; the actual serving of *advertising*, and the determination of *relevant*. The ‘industry’ that Phorm have ‘taken one for’ doesn’t always seem to make the distinction, as evidenced above.
What’s wrong with advertising, as perceived by the viewer, is generally wrong with it whether it’s relevant or random. It does sound attractive, and logical, that the viewer should see less wrong with relevant advertising than the general scatter-gun stuff; but how much less wrong? Penny points, or more than that? We don’t even know yet.
And even if an ad is relevant to me, is it relevant everywhere? If I’m in the market both for football memorabilia and a laptop, say – so both are relevant to me – then will I welcome a football memorabilia ad when surfing Laptops’R’Us, or find it an annoyance?
In effect, that’s what the delivery side of Phorm and its ilk were selling – and it was never demonstrated, AFAIK, that it was at all effective, let alone that it wasn’t merely neutral, or even counter-productive.
Going back to the determination of relevant – I’d be amazed if the industry had to sell the pitch that advertising football memorabilia in a football magazine needed any sort of permission, let alone regulation (though if I had a pitch to sell, I guess a football magazine might be as good a place as any to advertise it).
As that’s how the ad industry has worked for paper magazines for years. Chris Maples could save himself a lot of time and grief right now by getting the box set of Mad Men, watching it, and then working forward.
But what of Phorm? The one they took for the team was to make crystal clear that there are unacceptable ways of determining relevance.
On the continuum from football ads in football magazines, through Tesco Club Card spotting that I bought ‘Football Monthly’ and printing me a discount ticket for ‘Soccer Saturdays’, to Amazon recommending Peter Crouch’s memoirs because I bought ‘The Damned United’, to full-blown overt DPI surveillance by Phorm, we all have a (possibly different) bailing out point. But we all bail out before we get to where Phorm positioned themselves
Let’s hope that the industry sees the corpse of Phorm impaled on the barbed-wire of public opinion as a stern warning not to ever try the same thing again, rather than just a handy stepping-stone over that wire for the next wave of DPI wannabees. Our guns are reloaded, and the ammo will never run out.
You forget the plight of the non-OIX website owner under Phorm - whose website, and hard work in creating it, is plundered willy-nilly for the benefit of OIX advertisers, to the great detriment of the website plundered.
Even if the user who is browsing opts in, Phorm would only ever be equitable if the website owner was asked if he/she wanted to opt in also, and would be left alone, unprofiled, if not.
Something that Phorm could never pheasibly do.
I really couldn't be happier that now they are going to have to phuck off and die. Hooray!
- Apple stuns world with rare SEVEN-way split: What does that mean?
- Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
- RIP net neutrality? FCC boss mulls 'two-speed internet'
- Special report Reg probe bombshell: How we HACKED mobile voicemail without a PIN
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call