[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Neil Williams wrote: > On Wed, 12 Mar 2008 00:21:17 +0000 > Simon Waters <simon@xxxxxxxxxxxxxx> wrote: > >> Andy Smith wrote: >>> A lot of people objecting to Phorm already have suppliers that do >>> similar. A good example would be Google. I assume all those who >>> object to Phorm do not use Google Mail, Google Checkout and if they >>> use Google Search they delete all cookies etc. afterwards. >> I'm with Clare and Eion, I delete cookie every time the browser closes, >> the only sensible way unless you want to spend eternity deciding whose >> cookies are doing something useful for you. > > Deleting cookies does not protect you from Phorm - in fact, deleting > cookies *prevents you using the opt-out* that Phorm 'offers'. We appreciate this - just Andy was asking if we were that paranoid that we delete cookies - and the answer seems to be "yes". > The Phorm attack happens outside your own browser, it is a routing > issue, not a cookie issue. > > The only safe method is to block or redirect to localhost all traffic > to and from any Phorm machine via DNS and/or iptables. The data collection is done by intercepting the HTTP request, so the only by pass is to tunnel out to a place that doesn't intercept your HTTP requests (for which - switch ISP is easier). I don't think the end user can route or block this at all. Throwing the cookies out might reduce their ability to track - if the details I've seen are right, but my ISP isn't interested from what I can gather.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html