* Posts by dephormation.org.uk

524 publicly visible posts • joined 10 Mar 2008


RIP Sir Clive Sinclair: British home computer trailblazer dies aged 81



I started on a ZX81s, an astounding machine, even in retrospect.

The products this man developed created & shaped my career.

So sorry to hear of his passing.

US hands UK 'dossier' on Huawei: Really! Still using their kit? That's just... one... step... beyond


Huawei, Phorm

A Chinese spyware company (Huawei) that partnered with a US spyware company (Phorm).

You take your pick, you get spyware...

The UK needs a trusted domestic infrastructure provider.


UK data watchdog kicks £280m British Airways and Marriott GDPR fines into legal long grass


A long list of excuses.

Just another one to concatenate to a very long list of ICO excuses...

"We lost your complaint".

"We are not adequately funded".

"We don't have any enforcement powers".

"We are not IT experts".

"It was only a technical offence".

"There was implied consent for this processing (the processing no one was informed about)".

"It was a small scale trial".

"The solicitor with the Rolls Royce and Surrey mansion house told us he has no money to pay a fine, so we let him off with a £1 fine".

"The GPRS doesn't apply so 5p per offence is the best we can do"


"We are going to fine the crooks! Unlimited cash! (but lets not rush into it eh? we have agreed to an extension so they can suggest a better excuse we can use)".

Firefox to feature sponsored content as of next week


Re: Kiss FF goodbye.

Always bemused by arguments like this.

Its not the end-user's fault if a developer can't find a sustainable, legal, business model.

If the developer can't or won't charge for a product, and people don't value it enough to buy it, the product will fail... and no one will care.

If the developer can & will charge for a product, and people value it enough to pay, they they succeed.

That model of commerce served IT for decades, without secretly screwing over users, and without betraying them to adtech and organised crime.

UK.gov mass data slurping ruled illegal – AGAIN


An endless charade

I have come to understand the Home Office and UK Judiciary (for they are not independent, whatever they might claim) strategy is a 'long game' of endless delay & obstruction.

Any contrary opinion with which they disagree is deemed "unclear".

While the current law is being challenged, a new law that is different is enacted... and the cycle starts again. RIPA > DRIPA > IPA >..

And Brexit? That neatly eliminate the risk of EU enforcement action.

In effect, unlawful UK mass surveillance carries on regardless.

Equifax UK admits: 400,000 Brits caught up in mega-breach


Re: Start complaining now....

Applying the ICO going rate for "fines per person affected" ... 0.2p/person... the total fine for Equifax would be 400,000x0.2p = £800.

And even that figure is assuming the ICO opt to issue a fine.

They are more likely to

- blame the victims for not opting out of something they didn't know about,

- claim 'the ICO are not IT experts' and unable to understand the technology,

- claim the leak was 'small scale and technical in nature',

- suggest it was 'too difficult to obtain consent from theory customers for the processing',

or some other utter nonsense.

The ICO are, absolutely, as useless as an ashtray on a space rocket (.. never mind a motorbike).

Last year's ICO fines would be 79 times higher under GDPR


Excuse me if I'm not cheering...

That would mean BT's fine for covertly using Phorm would be 79x nothing at all.

See, unfortunately, the ICO staff still get to choose which bunch of criminals get fined, and which don't.

And the ICO staff "are not technical experts", we are only "theory customers", and Phorm was only "a small trial [on thousands of people and thousands of businesses that served them over three years by a bunch of foreign spyware developers]".

Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules


Re: Phorm is the new norm in Trump's America.

When Nebuad attempted to do the same as Phorm in the US, it did result in an outcry and congressional hearings.

You might recall this;-


"Just because I belong to an ISP, doesn't give you the right to track me. If I want to be tracked it should be affirmative... it really should be opt in. Why do I have to opt out. Why should the burden be on the American consumer?" said Bart Stupak.

Now, as I understand it, you have no option at all.

Quite apart from the personal intrusion, it also affects the other party to the communication. It is automated industrial espionage / intellectual property theft that will strip hard working law abiding content creators of their business.

The current vacuum of political opposition in the US (and the UK) is truly terrifying.

UK Parliament's back for Snoopers' Charter. Former head of GCHQ talks to El Reg


The role of mass surveillance in fighting cybercrime cannot be understated

... except where BT/Phorm is concerned.

Then it is completely ineffective. There is no evidence. And nobody is ever prosecuted.

Head of UK oversight body to join GCHQ 'tech help desk'*


Spinning Doors

In short... the woman who was supposed to regulate the Intelligence Services is rewarded for her service to the Intelligence Services with a job at the Intelligence Services.

After the Phorm affair, the Regulation of Investigatory Powers (Monetary Penality Notices and Consents for Interceptions) Regulations 2011 were introducted, with the IoCCO given explicit responsibility for investigating instances of 'unintentional interception' by ISPs.

Yet Jo Cavan stifled every single complaint. No investigation was conducted. No penalties were imposed. No statistics have ever been published (transparency? we've heard of it).

In short, she isn't a "champion" I recognise. If you work for telcos or the Intelligence Services, YMMV.

Ad slinger Phorm ceases trading


Re: "What exactly did they spend it all on and how do you get away with such things?"

Phorm was an industrial espionage scam... designed to extract economic intelligence from private/confidential communications.

It really was genuine spyware, GCHQ should have killed it with fire, and the people responsible for installing it should have been tried for treason.

Thumb Up

Thank you

Just briefly wanted to say thank you, to the Reg and its readers for all your support.

I'm delighted Phorm have ceased trading. I look forward to seeing Phorm finally struck off & dissolved.

BT hires cyber-security


Cybersecurity? BT? Phorm?

BT perhaps jumping the gun on the spying opportunities offered by the IP Bill?

UK Home Office seeks secret settlements over unlawful DNA retention


Rematerialised, or never vanished?



Found via https://www.gov.uk/government/groups/national-dna-database-strategy-board#minutes

Phorm suspends its shares from trading amid funding scrabble



Hopefully, Phorm stays suspended.

Big Brother is born. And we find out 15 years too late to stop him


Re: EU?

DPA Subject Access request?

IOCCO: Police 'reckless' for using terrorism powers on journo sources


Re: What is the point of the IoCCO?

>Think of IOCCO as the police. They do the investigation, and then pass on the prosecution to the court system.

Except they don't. IoCCO claim they do not have the power to refer an offence to the IPT.

So after a finding of fault, or even "recklessness" in this case, IoCCO simpy dump the responsibilty for redress back on the victim, and tell them go forth and multiply.

There is no consequence unless the victim then complains *again* to the IPT and they find in the complainant's favour.

But the IPT reject 99.7% of all complaints they receive. So buena suerte amigo.


What is the point of the IoCCO?

What value does the IoCCO add if a policeman can act "recklessly" with surveillance powers, and the very worst sanction the "regulator" can offer is lobbing scornful words in his general direction.


Re: And what is being done...

"a detailed action plan was put in place as soon as the issue was highlighted".

A detailed action plan document written by the same force that "recklessly" ignored the detailed Code of Practice document.

I can't see that plan being very successful unless it includes reading lessons, and/or a note that the IoCCO are not to be invited for dinner again.

Mozilla annual report shows risky Google dependency now risky Yahoo! dependency


Re: Not surprised they are losing market share

Mozilla could, for example, ask before taking that information. Rather than simply taking it.

And they could offer a user facing preference, rather than expecting the user to navigate past warnings to set the unintuitive option "extensions.getAddons.cache.enabled" to "false" to suppress it.

It is symptomatic of the disregard Mozilla have for their users.


Not surprised they are losing market share

The thing that once differentiated Firefox was the freedom & control offered to users & developers.

Mozilla seem to have abandomed much of that ethos in favour of restrictions and features that favour the interests of the marketing industry & government.

Undoing all of that on a new installation takes time. Lots of preferences to disable, features to restrict, back channels to knock out.

Meawhile, from an extension dev's perspective, to create an extension for FF now requires dev's to register details with Mozilla and have code approved before it can be distributed. In addition, the browser quietly reports back to Mozilla a list of the add-on installations chosen by users. I resent that, it is intrusive and unnecessary. So I've dropped support for FF.

Given alternatives like SeaMonkey, Iceweasel, PaleMoon, continue to respect the freedom of user's & extension developers' I can't see Mozilla recovering that market niche without a dramatic change of focus.

At present, there is little to differentiate Firefox from the default browser installed by OS makers, and little to motivate most users to replace the default with Firefox.

UK citizens will have to pay government to spy on them

Thumb Down


If this is about legitimizing the illegal things that the UK security services have already been doing, why is there a need to impose more cost on internet users?

'We can handle politicos, OUR ISSUE IS JUDGES', shout GCHQ docs


The IPT?

Now there's a hollow sham of a regulator if ever I saw one.


Re: You Can't Rely on Politicians

You're hoping Labour might reform surveillance? Good luck with that; Phorm, Communications Data Bill, Jacqui Smith, Lord West, Gordon Brown, DRIPA, UKCCIS etc.

Not forgetting that most of the programmes revealed by Snowden manifested themselves under a Labour government.

Sadly, the only reform you are likely to get from Labour is yet more surveillance, not less.

Did GCHQ illegally spy on you? Now you can find out – from this page


Privacy International

If it helps you decide whether or not to post your personal information, keep in mind the current director of Privacy International (Gus Hosein) was a consultant to BT/Phorm.

Don't want Windows 10 FILTH on the company network? Step this way


Re: Has anyone read

I can't comprehend why any sane corporate IT user would install Windows 10.

It opens your internal security and data for Microsoft to exploit at will.

Never mind using it as a home computing platform.

With Windows 10, the operating system is no longer the product... you are.

Wikipedia to go all HTTPS, all the time



Ecryption is essential to negate the effects of mass surveillance, and scams like Phorm.

NSA slapdown prompts Privacy Int'l to file new lawsuit against GCHQ


Not sure who I trust less...

... GCHQ or Privacy International... while PI's director remain silent about his involvement in Phorm.

So far the net effect of the PI action against GCHQ has been to make "lawful" anything that GCHQ do. (Great, thanks for that PI, with friends like you...).

NB... Lawful in quotes because mass surveillance by GCHQ is clearly illegal under the ECHR article 8.

UK data watchdog: Massive fines won't keep data safe


What does it take to get the ICO to do actual work?

The excuses...

"We are not IT experts"

Then... "ICO are not IT experts and we lack the power to fine"

Then... "ICO are not IT experts and have the power to fine, but the fines are not big enough to make it worth bothering"

Then... "ICO are not IT experts and have the power to fine, and the fines are now big enough to hurt offenders, but we are still not going to do it because it might hurt offenders"

And now they wonder why, despite 97% public awareness of data protection, only 1% of respondents would bother complaining to the ICO when a data protection offence occurs.

The ICO are absolutely pointless. The truth is there is effectively no data protection in the UK at all. It doesn't matter what the law says any more. Doesn't matter what you think your rights are. No regulator will protect you. No law will be enforced.

Do not trust the ICO to defend your privacy rights against crooks. It never happens.

Microsoft drops Do Not Track default from Internet Explorer


DNT is a mirage.

Begging the crooked frauds running the advertising industry not to track you is just micturating in the direction of the prevailing wind.

Even the ICO don't comply with DNT requests. So who are you going to complain to if the ad industry laugh in your face when you discover you've been taken for a fool?

Like the ludicrous cookie law.

There is a much simpler solution that the ad industry don't want... Outlaw the creation of surveillance databases of personal data & communications data without the explicit consent of data subjects.

Nothing illegal to see here: Tribunal says TEMPORA spying is OK


Re: "Anyone" != "Everyone"

" there is little evidence, or none, that the data retained has been or is being [[misused]"


There is plenty of evidence that this data is being misused with impunity. Vodafone + Bluecoat replay attacks. TalkTalk + Huawei surveillance + replay attacks. UK Parliament + Bluecoat.

The intrusion begins the moment a third party obtains a copy of a private/confidential message with the intention of retaining some or all of the content. Subjecting the whole population to intrusive surveillance is simply undemocratic, offensive, and illegal.



"likely to cause annoyance, inconvenience or anxiety".

The only thing "likely to cause annoyance, inconvenience or anxiety" to the ICO data protection racket is the fear that they might actually have to do some proper work for a change.

Instead of photocopying boilerplate rejection letters fobbing off complainants, and always refusing to enforce the law.

Watch as they do nothing with their new powers, and find a new excuse for inaction.

O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge



The telco that allowed the Californian company Bluecoat to covertly monitor their UK network, engaged in replay attacks launched from Bluecoat's offices in California, and all done without knowledge or content from either party to the communications... that one?


Vodastalk; Vodafone and Bluecoat Stalking Subscribers


Naughty NSA was so drunk on data it forgot collection rules

Big Brother

URLs are Content

They are the content of an HTTP GET request.

They are not addressing data. They also reveal the content of the likely response to the request.

Addressing data is the IP address (clue in the name) and nothing else.

That is, co-incidentally, how it was specified in the 'invalid' EC Data Retention mass surveillence regulations too.

BT: Whew, we've been cleared of major privacy breach. Oh SNAP, another webmail blunder


BT: immune from ICO enforcement..

Some examples...

BT/Phorm - no ICO enforcement despite covert trials of Russian supplied spyware monitoring the content of customers' private/confidential web browsing, without consent from sender and recipient.

BT/ACS law - no ICO enforcement action despite BT sending an unencrypted email full of sensitive customer data, and despite a court order requiring that data to be encrypted and sent on physical media.

BT/email - again... no ICO enforcement action despite months of security failures that put customers at risk of identity theft.

I'm not sure what it would take to cause the ICO to enforce the Data Protection Act against BT.

BT caught in data gaffe drama: Whistleblower squeals over alleged email fail


Recalling that

... the ICO blamed BT's own customers for the Phorm affair (claiming there was a measure of "implied consent" for private/confidential telecommunications to be covertly intercepted & secretly sold to Phorm).

And also the same ICO that blamed ACS:Law for *receiving* unencrypted emails from a lawyer in BT (whereas BT were supposed to comply with a court order instructing them to encrypt the data *before sending* it via CD/media). Not that ACS:Law were blameless, but if the data had been encrypted as instructed by the judge, it would probably never have been hacked. BT escaped any penality in that instance too.

So sadly... I expect the ICO's conclusions to be that BT customers were somehow to blame... and BT Directors to be completely exhonerated :(

I call it Muffins Law (cf Tea & Muffins at the ICO).

Microsoft: NSA snooping? Code backdoors? Our hands are clean!


Backdoors like WPAD?

For starters,

WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users


DNS poisoning slams web traffic from millions in China into the wrong hole


Ultrasurf? -> Sophidea -> Ultrasurf

"a product of Ultrareach Internet Corporation, originally created to help internet users in China find security and freedom online"

Google: The Man RUMMAGED all your data (and a load MORE that's SECRET)

Big Brother

Would also be interested to know...

if Google have attempted to estimate how many Tbytes of data were pilfered by NSA/GCHQ without any legal authorisation at all.

"Fuck these guys" is apparently the proposed solution... Personally, I would opt for encryption.

These statistics are meaningless.

Snowden leaks latest: BT, Vodafone, Verizon jack GCHQ into undersea fiber

Big Brother

Undersea cables?

Vodafone: use Bluecoat to covertly tap UK telecoms and divert to California USA for analysis & replay attacks.

BT: used Phorm to covertly intercept, copy, and analyse the content of UK telecoms.

ISPs set to install network-level smut filters despite Lib Dem opposition


Nothing wrong with that in principle

There *is*. And there is something wrong with that in law.

TalkTalk are non entitled to divulge the content of a lawful private/confidential communication (a url) to a third party without explicit consent from sender & recipient (or a warrant for surveillance). (UK RIPA).

TalkTalk are not entitled to retain the content of a communication or anything revealing the content of a communication (EC Data Retention directive).

TalkTalk are not entitled to commercially exploit the content of communication without a licence from the author (UK CDPA).

TalkTalk are not entitled to interfere with the operation of a computer without consent from the operator (UK CMA).

Brazilian TV show accuses NSA of spying on oil firm based on leaked docs


Looking for confirmation of US/UK economic espionage?


The clue is in the name. The .br bit stands for Brazil.

Does that help?

Reports: NSA has compromised most internet encryption

Thumb Down

GCHQ are doing their job

When did it become GCHQ job to spy on *law abiding* citizens unencrypted, let alone encrypted, private/confidential communications?

Or rather, 'adversaries', to use the new colloquialism?

These revelations, or rather the fact of the corrupt co-operation between IT industry leaders and these fascists, will do huge damage to public trust in IT people & products.

New BT chief gets keys to copper-encrusted door next month

Thumb Down


Don't think we've forgotten.

Both Livingston and Patterson oversaw the covert trials of Phorm in 2006, 2007, and 2008.

Mobe-slurping Wi-Fi SPY BINS banned from London's streets


Re: Rah Rah Rah

As a personal identifier, the MAC address of your phone is more globally unique than your name.

BT's not at home to Mr Profit, but its lordly boss probably isn't too fussed


Ian Livingston & BT

The people who imposed Phorm mass surveillance on their subscribers, and the web sites that served them.

I don't trust either of them.

WAR ON PORN: UK flicks switch on 'I am a pervert' web filters


Re: I like how they state .....

Already been done;


It would appears MP's communications are being filtered and monitored by an unnamed 'third party', thought to be Bluecoat in California, with URLs being categorised, analysed, and censored (even if legal).

See also;-


Sadly. the pres (including the Register) won't report it.

Admen's suggested tweaks to Do Not Track filed straight into the bin


DNT is a mirage

We need to outlaw the unauthorized creation of personal profile databases/communications databases... or in the alternative.... face the unpleasant truth that evil people will create these databases regardless of any signal sent by a web browser if they think they can get away with it.

PM writes ISPs' web filter ads for them - and it must say 'default on'

Thumb Down

Why is regulation a bad thing?

Versus the alternative; unaccountable ISPs imposing opaque censorship restrictions on wholly lawful communications.

Forget Snowden: What have we learned about the NSA?


Re: Civil servants can't be trusted to stay in their remit and will always try to widen their remit.

"It is grossly disproportionate to the crime it allegedly counters"

Approximately the same number of people are killed in the UK after falling out of trees.

On average 5x as many people die every year in UK police custody (~30) as die from acts of terrorism (6).

Meanwhile, 100,000 people die from the effects of smoking every year. Around 2,000 die in road traffic accidents. And 800 from murder. To offer a few popular preventable terminal scenarios.