Oi/velox, rasteamento de navegação! [RESOLVIDO]

px
(usa Debian)

Enviado em 30/04/2013 - 09:45h

Fala ae galera blz?, bom por aqui nem tanto, tenho percebido que a Oi esta a oferecer um "navegador" ligado a empresa* inglesa PHORM, com objetivo de coletar dados sobre a navegação dos usuários, gostaria de saber se alguém passou por este problema e sabe com resolver ou "evitá-lo", pois não posso trocar infelizmente de provedor em minha cidade :@.

* nome ligado a organização fraudulenta, no exterior apos tentarem impor aos ingleses o mesmo golpe que querem aplicar nos usuários oi/velox no Brasil.

whois do ip:

Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
Domain Name: OIX.NET
Created on: 22-Feb-01
Expires on: 22-Feb-14
Last Updated on: 09-Dec-12

Registrant:
Phorm, Inc
27 Mortimer Street
2nd Floor
London, W1T 3JF
United Kingdom

Administrative Contact:
Cote, Chris chris.cote@phorm.com
Phorm, Inc
27 Mortimer Street
2nd Floor
London, W1T 3JF
United Kingdom
+44.02072972067

Technical Contact:
NOC, Phorm noc@phorm.com
Phorm, Inc
27 Mortimer Street
2nd Floor
London, W1T 3JF
United Kingdom
+44.02072972067

Domain servers in listed order:
NS1.PHORM.COM
NS2.PHORM.COM
NS3.PHORM.COM

----//
---
Domain Name: OIX.NET
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.PHORM.COM
Name Server: NS2.PHORM.COM
Name Server: NS3.PHORM.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 09-dec-2012
Creation Date: 22-feb-2001
Expiration Date: 22-feb-2014
---

Obs: o cliente não pode interagir com o site:
"Erro 105 (net::ERR_NAME_NOT_RESOLVED): Não foi possível determinar o endereço DNS do servidor."

pra que serve um site assim em????, da vontade de meter um processo, mas como o país é uma piada, tenho que tentar resolver por mim mesmo.
----//

será que bloquear os domínios dessas P#$@# resolve ou ameniza o problema? espero respostas t+

MorbidFractal
(usa Ubuntu)

Enviado em 02/05/2013 - 03:34h

Ola Px,

Excuse my English I am English. There may/will be another thread on the board that will help you but I cannot remember where it is.

Since you run Linux perhaps your browser is Firefox. If so you might try,

https://www.dephormation.org.uk/index.php?page=2

There is also a list of host names on that page if you wished to use your hosts file.

You might also consider using a firewall. Either via the command line or with FireStarter to block Phorms netblock,

91.205.220.0/22

Also

http://idgnow.uol.com.br/blog/circuito/2013/04/26/idec-intensifica-campanha-mega-sim-pedindo-a-aprov...

http://www.idec.org.br/mobilize-se/campanhas/marcocivil

Shout if you need further help.

Abracos

Keith

MorbidFractal
(usa Ubuntu)

Enviado em 02/05/2013 - 03:52h

The page here,

http://www.vivaolinux.com.br/topico/provedores/Phorm-oix-em-provedores-brasileiros-Estao-coletando-n...

shows how to use iptables. Be careful. It had to be changed slightly to work properly.

Keith

px
(usa Debian)

Enviado em 02/05/2013 - 04:24h

Keith hello, I use chromium as a browser, go try the blocking by iptables, giving all right I notice, and I apologize for my bad english :)

Buckminster
(usa Debian)

Enviado em 02/05/2013 - 05:26h

Não entendi. Se é um navegador é só não instalar ele e não utilizá-lo.
E se é um serviço que vem configurado de fábrica no modem/roteador fornecido pela Oi é só colocar outro modem/roteador.
E quanto ao provedor você está se referindo àquele email e senha que chamam de provedor ou ao ISP?
Se for aquele email e senha que chamam de provedor que é configurado no modem/roteador é só colocar outro.
Como é Oi você pode utilizar o número do teu telefone com DDD seguido de @oi.com.br e a senha é o número do telefone com DDD.
Exemplo:
Login: 5512344321@oi.com.br
Senha: 5512344321

Ou você pode colocar um desses abaixo:

Login: qualquercoisa@senado.gov.br
Senha: qualquer senha de 8 dígitos

Login: qualquercoisa@caixa.goc.br
Senha: qualquer senha de 8 dígitos

Login: qualquercoisa@serpro.gov.br
Senha: qualquer senha de 8 dígitos

A função disso aí de cima é somente logar o modem à DSLAM uma vez que a verdadeira autenticação é feita no ISP pelo número do telefone.

Existem outros. A escolha de um deles vai influir um pouco no desempenho da navegação, mas aí você testa qual o melhor para você. Basicamente é uma questão geográfica. O que estiver mais perto de você vai procurar DNSs mais perto e vai navegar melhor.

E quanto ao rastreamento, isso é uma prática comum pela maioria dos sites. Quando você acessa um site, automaticamente instala um monte de porcarias (cookies, arquivos de logs, etc). Coloque seu navegador com segurança máxima e você verá o tanto de coisas que instala ao simples clicar de acesso a um site.
Se você quer navegar sem que sejam instalados alguns cookies na máquina, o que é quase impossível, mas ajuda, é só utilizar a navegação "in private".
ctrl+shift+p no IE e no Firefox;
ctrl+shift+n no Google Chrome.

MorbidFractal
(usa Ubuntu)

Enviado em 02/05/2013 - 06:02h

Phorm's equipment is installed in the ISP network, nothing to do with your browser, computer or router. People have wasted time looking for viruses or using a different DNS. Unfortunately you cannot avoid having your communications intercepted by them but you can prevent your computer from visiting their sites/domains.

You can also give your support to Marco Civil. The text specifically includes clauses that would make Phorms operations illegal in Brasil.

Buckminster
(usa Debian)

Enviado em 02/05/2013 - 06:07h

This is in the contract at the time of purchase of broadband service?
If not, this is illegal.
I use GVT here, didn't know that the Oi.

http://navegador.oi.com.br/o_que_e_naodisp.html#faq10

http://adrenaline.uol.com.br/forum/internet-redes/306469-oi-adota-servico-de-rastreamento-da-phorm.h...

MorbidFractal
(usa Ubuntu)

Enviado em 02/05/2013 - 06:26h

Phorm are only working with Oi/TNL-PCS and Telefonica. GVT and others are 'safe'. They have recently suggested they will be concentrating on markets in Turkey and China. Hopefully it means they will leave Brasil but for the moment they still seem to be trying.

You might think/hope it would be illegal but unfortunately Brasilian data protection and electronic communication laws were weak. It is one of the reasons why Phorm chose Brasil as a target and why they are now trying the same in Turkey.

Marco Civil if implemented according to the original text should give you protection against this. Unfortunatly the Telecoms companies have lobbied against some of the wording,

http://telesintese.com.br/index.php/plantao/22738-teles-apresentam-proposta-de-alteracao-do-marco-ci...

which has caused delays in the implementation.

Buckminster
(usa Debian)

Enviado em 02/05/2013 - 06:30h

Segundo o site do tal "Navegador" você pode desabilitar isso.
According to the website of the "Navegador" you can disable it.

http://navegador.oi.com.br/o_que_e_naodisp.html#faq10

Another solution would be DoS attack by such site. But this is also illegal and I don't know how to do this.

Oi is the leading provider of telecommunications services in government here in Brasil.

MorbidFractal
(usa Ubuntu)

Enviado em 02/05/2013 - 06:52h

This is what they claim. You can 'disable' it at the browser level, by installing their 'opt-out' cookie or you can 'disable' it at the network level. These functions are only available to me if I visit using a proxy on the Oi or Telefonica networks. Otherwise I am told that the 'service is not available'.

Either way your communications are still subjected to interception by Phorm, both methods of opting out are incomplete or 'fake'. They perform 307 redirects on TLDs and other page content, in particular images, in order to gain sight of cookies they may have set. This is visible. Here is an example from the Turkish version,

http://haber365.com/img/LogoHaber365.png">http://haber365.com/img/LogoHaber365.png

GET /img/LogoHaber365.png HTTP/1.1
Host: haber365.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:20.0) Gecko/20100101 Firefox/20.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://haber365.com/
Cookie: PHPSESSID=18563540d8b8dc75ce9e17fb16c92e1c
Connection: keep-alive

HTTP/1.1 307 Temporary Redirect
Server: PxS
Date: Fri, 26 Apr 2013 13:56:03 GMT
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain
Location: http://gezinti.com/services/obind?eorig=KAB4AcsoKSmw0tfPSExKLTI2M9VLzs_Vz8xN1_fJT8_3gAkW5KUDABbLDYU....
Content-Length: 1 

I request an image from Haber365 but my browsing is hi-jacked and I am sent via Phorms servers at gezinti.com where that request is logged before my browser is returned to collect the original image. Try it,

http://gezinti.com/services/obind?eorig=KAB4AcsoKSmw0tfPSExKLTI2M9VLzs_Vz8xN1_fJT8_3gAkW5KUDABbLDYU....

Your browser might complain about the redirect but you will see that this has been recorded and logged by Phorm....

Yes DDOS is illegal.



Some 'Trophies'..

https://www.dephormation.org.uk/?page=82

Perhaps your authorities receive a special dispensation by Oi/Phorm such that their communications are not intercepted in this manner. I am sure that if they were and it was noticed then they would complain and do so vociferously. Otherwise we have seen this being imposed on Schools and Businesses.

Buckminster
(usa Debian)

Enviado em 02/05/2013 - 07:01h

This appeared:

Redirect Warning Page

Redirect Warning The previous page is trying to redirect you to http://haber365.com/img/LogoHaber365.png. If you do not want to go to http://haber365.com/img/LogoHaber365.png, you can use "go back" button of your browser or click here to return to the previous page.

And if you click the link, appears the logo of Haber365.

MorbidFractal
(usa Ubuntu)

Enviado em 02/05/2013 - 07:10h

Good, isn't it...? Phorm claim not to store browsing history but, in one way or another, that is exactly what they have done. I should mention that at this time their service was not enabled by me and I did not carry any of their cookies. They just did it without a 'by your leave'.

In the case of Brasil gezinti.com would be replaced with a.oix.net

They got into some trouble in Turkey over this because they were originally using a.oix.net which meant that this data was being transferred outside of the country. a.oix.net is hosted on Phorms netblock in the United Kingdom.

As a result customers of Oi and Telefonica are repeatedly being redirected to servers in the UK before being returned to Brasil. I might imagine that this has some impact on their browsing speed.

Oh... It is also possible to be 'opted_in' and told that the service is not available..

https://twitter.com/KeithMallen/status/326448441075044352