Amazon To Block Phorm Scans 140
clickclickdrone writes "The BBC are reporting that Amazon has said it will not allow online advertising system Phorm to scan its web pages to produce targeted ads. For most people this is a welcome step, especially after the European Commission said it was starting legal action against the UK earlier this week over its data protection laws in relation to Phorm's technology. Anyone who values their privacy should applaud this move by Amazon."
How do I opt my website out? (Score:5, Interesting)
It doesn't say anywhere how you opt your own website out of this.
I suggest everyone does this, no-matter how small or insignificant your site it.
Phraudsters (Score:5, Interesting)
Phorm are liars when it comes to robots.txt.
They say they respect robots.txt but their scraper will only respect it if it also blocks google and yahoo. If it allows Google and Yahoo, they say it's fair game for Phorm. That's not respecting it at all.
But what do you expect from the sort of people who would conduct illegal surveillance on people to test their spyware system and claim that letting opt opt out would have been impossible because it would have been too difficult for them to understand the complicated computery stuff they were doing.
Phraudsters.
Re:How do I opt my website out? (Score:5, Interesting)
Re:How do I opt my website out? (Score:4, Interesting)
They've given us an 'all or nothing' ultimatum
Block all Search Robots (and effectivly remove yourself from Google/Yahoo etc) or e-mail them and hope they put you on their no-go list (and as with many hidden services, there will be no easy way of telling if they have)
We will obey the "*" from the robots.txt but we will disregard everything else.
Just keep a look out on http://www.botsvsbrowsers.com/ [botsvsbrowsers.com] and if you really want to block them do a user-agent Server-side script test and send them "FUCK YOU" Pages
The scary part (Score:4, Interesting)
As explained on the Customer Choice Process page, when a user opts into the BT Webwise service, a Webwise UID cookie, containing a unique random number is placed on the userâ(TM)s computer. This master cookie is held is the Webwise.net domain. When the user then visits other websites, the Webwise system stores a copy of the Webwise UID cookie within the browser in each the website domains visited by the user. The cookies are clearly labelled as belonging to Webwise as noted above and as a result can be easily identified as different to those cookies which may be placed by the website itself.
Since it claims to need no client software, I must assume they do this by injecting extra cookie headers into all the HTTP responses sent to my browser....
Re:How do I opt my website out? (Score:4, Interesting)
I guess we only need volunteers and we can intercept the right IPs and add them to the blocklist.
Re:How do I opt my website out? (Score:3, Interesting)
How would that work? BT might be a top-level CA but if I have an HTTPS-only site (say, https://www.example.com/ [example.com] they still don't have my private key. Without that private key, they can't do anything to the data flowing between the web server and the end-user's browser without raising some flag or another.
They could create their own certificate for www.example.com in order to fool the end-user's browser, but that would involve a very intelligent proxy and would be incredibly (almost painfully) illegal, even in Britain I'm sure.