# Digiweb using a Webwise / Phorm type system



## Username99 (2 Oct 2008)

I feel it's both interesting and very important for Digiweb customers to read the following post: 

After having numerous problems with my Digiweb broadband connection, very odd traceroutes and strange cookies and asking the right question, 

Digiweb wrote to me: With regard to your query: ' Does Digiweb use any Deep Packet Inspection, traffic management or monitoring systems on services provided under account number **REDACTED**' Please be advised, not specifically customer by customer, but there is this capability for the overall operation.' 

Straight from the horses mouth. I read that to mean network wide and I have evidence to demonstrate that it has been active for some time now. Digiweb customers should have a close look. I looked, I'm horrified.


----------



## ClubMan (2 Oct 2008)

Any chance you could explain the issue in plain _English _please?


----------



## forbes (2 Oct 2008)

I think he's trying to say that Digiweb monitor his internet activity. All isp's monitor internet traffic. I'd be more shocked if they didn't.


----------



## Dearg Doom (2 Oct 2008)

Phorm is a system used to genearate targeted marketing for web users, allegedly being trialled by BT in the UK. It's not gone down well with privacy advocates.


----------



## Username99 (2 Oct 2008)

Sorry ClubMan,

In a nutshell, Digiweb use a system much like Phorm or Webwise.

http://www.theregister.co.uk/2008/02/29/phorm_roundup/

If you use a Digiweb connection for any sensitive information, legal or medical work you should stop. The technology fakes cookies, intercepts your traffic and changes it and is a major, major breach of privacy. 

Some say that it is not as legal as it should be. The E.U. are investivaging a similar system in the U.K. and have objected strongly to it's use. 

I accept that you might need to be a geek to really understand what's going on and I suspect that you have more interesting ways to spend your time. Some geek might read the post and investigate this further.

I tried and failed to put line breaks and spaces into my original post but couldn't, if a Mod could it would be great.

The use of such a system has privacy implications but sadly not enough people value their privacy. I do though and I'm very unhappy with it.

The most interesting thing is the written admission from Digiweb that they use the system at all, a lot of people have suggested that it is illegal to use such a system without informing customers first,

M


----------



## Username99 (2 Oct 2008)

To be clear,

All ISPs are required by law to log all Internet activity and I expect and understand this. The system Digiweb use _*changes*_ a web page rather than simply monitoring activity. This has many serious privacy implications when done without consent.

I am all for lawful intercept systems and I strongly endorse their use but this is *not a lawful intercept system*.


----------



## forbes (2 Oct 2008)

Username99 said:


> To be clear,
> 
> All ISPs are required by law to log all Internet activity and I expect and understand this. The system Digiweb use _*changes*_ a web page rather than simply monitoring activity. This has many serious privacy implications when done without consent.
> 
> I am all for lawful intercept systems and I strongly endorse their use but this is *not a lawful intercept system*.



Apologies I thought you were referring to ISP's monitoring torrent or p2p traffic.
I can't believe any ISP would implement this. If my own provider did I would switch straight away!


----------



## Username99 (2 Oct 2008)

That's why I was shocked to get it in writing from a Digiweb customer service rep. 

I have a technical background and I was surprised to see cookies landing on my system from web servers that don't use cookies (one of my web servers).   I was in a position to use Ethernet analysis tools and different Internet connections to investigate what was going on.  

Digiweb was rewriting my web pages on the fly, but not doing it correctly.  That breaches my copyright for one thing.  

This thread is relevant: http://www.askaboutmoney.com/showthread.php?t=41209 

I was amazed to see what I saw so I asked them if they used such a system, they wrote that they had such a system.   

My trace routes are still dodgy and they were messing with cookies up to a few days ago, I haven't checked today.  


I haven't heard anyone say that this is legal or above board


----------



## jhegarty (2 Oct 2008)

I don't think you know what deep packet inspection is , and suggest you do a little reading before making strange claims like the ones above...


----------



## Username99 (2 Oct 2008)

Deep packet inspection technology is one normally used in legal intercept systems and traffic shaping systems such as those manufactured by Verint and Nortel.

I am very familiar with them thanks.

It isn't the DPI that bothers me, it's the content manipulation.  I accept that this is a niche topic and I am trying not to swamp readers with detail.  That's why I provided links, read as much as you find interesting.

I did point out that I can document this and have evidence of content manipulation.


----------



## jhegarty (2 Oct 2008)

Username99 said:


> I am very familiar with them thanks.


 

If you think systems like Phorm are the main use of deep packet inspection I think you will find you are not


----------



## blacknight (2 Oct 2008)

I'm a bit confused.

Digiweb say they may use deep packet inspection. They don't say that they are using phorm , yet you jump to the conclusion that they are?

Packet inspection is not the same thing as content manipulation

How did you manage to reach that conclusion?


----------



## Username99 (2 Oct 2008)

I am writing that Digiweb use content manipulation technologies and DPI is the technology that allows them to do this.  I  have heard no one say that content manipulation without prior consent is legal.

If anyone working for Digiweb  (and says so), can clarify this, it would be great.





More detail:

If you're interested, I can post a few traceroutes and show you Wireshark dumps of cookies being served from servers that don't serve cookies.  That sounds odd; the server doesn't serve a cookie but one gets delivered to the client.  I suggest that the 'man in the middle' content manipulation system is serving this cookie.  I can show you websites incorrectly reporting the subscriber IP address.  I suggest that the IP adress being reported is that of 'the man in the middle'.

D.P.I. is the underlying technology in a suite of systems.  Lawful intercept was the pioneer of DPI systems.  A DPI system is able to not just look at the raw TCP/IP traffic but is able to go deeper, it analyses the packet for content.  Specifically it analyses the packet regardless of port in use or TCP header and can determine that you're running HTTP, SIP, P2P stuff or whatever, based on an analysis of the real packet content.  Better ones will crack a VPN while the more available ones will just give you an audio feed of SIP calls as well as a breakdown on protocols etc.

If anyone would like to go into more detail or correct my detail, I'm always keen to learn.


----------



## jhegarty (2 Oct 2008)

Username99 said:


> I am writing that Digiweb use content manipulation technologies and DPI is the technology that allows them to do this.




It's not and your wrong .....


----------



## Username99 (2 Oct 2008)

Do you work for Digiweb?

How do you know that they are not?


----------



## jhegarty (2 Oct 2008)

Username99 said:


> Do you work for Digiweb?
> 
> How do you know that they are not?



No , but I spent 8 years working at tier 3 tech for an isp , so I know how these things work...

my only connection to digiweb is as a happy customer of their hosting service....


----------



## Username99 (2 Oct 2008)

I'm delighted to read that you're another happy customer of Digiweb, I hope your relationship is fruitful and long lasting.

I don't see how being a hosting customer can put you in a position of knowledge of their Internet access side of business, perhaps you could elaborate.

Edit: Unless you were recently an employee of Digiweb, were you?


----------



## bankrupt (2 Oct 2008)

Username99, I suggest you post your suspicions on boards.ie in the broadband forum.  The forum is read by some senior Digiweb technical staff.

(EDIT: I see that you already have already posted there: http://boards.ie/vbulletin/showthread.php?t=2055390568)

Can you post some more detail here?  I'm interested to see how you determined this.


----------



## jhegarty (2 Oct 2008)

Username99 said:


> Edit: Unless you were recently an employee of Digiweb, were you?




I have never been an employee, contractor or supplier to digiweb.... 


good enough ?


----------



## Username99 (2 Oct 2008)

JHegarty, I was trying to determine how you are so confident in this matter.  If you were recently a Digiweb employee I could understand your confidence.

What you write here doesn't have to be good enough for me, if you're happy with it it's good enough.

Perhaps you could elaborate on the source of your confidence.


----------



## jhegarty (2 Oct 2008)

You registered on two different sites to make the same unfounded accusations about digiweb , I think the source of your gripe might be of a lot more interest to everyone...


Anyway, you are getting exactly the same answer from everyone on both sites, I presume you don't (or maybe you do) think they all work for digiweb...


----------



## bankrupt (2 Oct 2008)

Some load balancers insert cookies to correlate users with the correct server.  What are the contents of the cookie?  It may be possible to tell what device is generating it.  Perhaps you could check with your hosting provider to see if they have deployed a load balancer in front of your web server?


----------



## Username99 (3 Oct 2008)

Bankrupt,

  Thanks for your tip.  I have a communication which suggests something along the same lines and this is something that I must check.  I will check.

If someone who works for Digiweb states that what ever happened was nothing to do with them, I have to either accept that and get on with my life or dispute that and back up my suspicions.  I have outlined my suspicions though and I consider myself to be better informed as a result of doing so. 

I note that I'm the only poster here reporting unusual Internet behaviour with Digiweb (recently).  Some people have helpfully pointed out how the issue could arrise in a benign way.

Does anyone know if Digiweb used a mis-configured cache over the Summer?



JHegarty, the reason that I asked if you worked for Digiweb is not because I'm interested in your career choice but as outlined, only to determine if you are in a position of knowledge.  Since you don't work for Digiweb, a contractor or supplier, I am not interested in if you work or where you work though I value your contribution to this forum.  With respect, you don't know how well founded or otherwise my statements and questions are.


----------

