FAQ

Who are you, why should I trust your software?
Why are you doing this for free?
Why aren't the Dephormation and Secret Agent add ons published on Addons.mozilla.org?
Why isn't the Dephormation and Secret Agent code GPL?
Why isn't the Dephormation and Secret Agent code signed?
Why no Internet Explorer/Chrome/Opera equivalent to Dephormation?
If I block/delete Phorm cookies, will that protect me?
Can Dephormation protect me from cross site request forgery?
I think I've found a bug in your code
Should I close my account with BT/VirginMedia/TalkTalk?
How do I uninstall Dephormation or Secret Agent?
Can you recommend a Phorm free ISP?
Who funds this site?

 

Who are you, why should I trust your software?

I'm Peter John. I'm a professional software engineer.
I'm a former Virgin Media subscriber (left April 2008).
And a Chartered Engineer.
And a Member of the British Computer Society. And now a UK expat.

If you want to inspect the add-on code, its plain text. Unzip the XPI file and open the Javascript code in any text editor.

If you want a character reference, ask in the UK cable discussion forums for a character reference from a badphorm or nodpi member.

If having done the above, you still trust Phorm more than you trust me, I don't mind.

 

Why are you doing this for free?

Because people fought and died to give me the human right to freedom and privacy.

Sadly, if you don't fight to protect your rights, you will lose them.

Phorm is an illegal mass surveillance & industrial espionage scam run by organised criminals.

 

Why aren't the Dephormation and Secret Agent add ons published on Addons.mozilla.org?

Several reasons.

I don't subcribe to the view that there can only be one marketplace for computer software. Regardless of the source of your software, you need to make a careful and critical case-by-case assessment of the software products you install on your computer, and the software developers who create them. AMO does not guarantee that hosted add-ons are safe to use, nor free from spyware. I don't need (or trust) a US company to host my software for me.

Secondly, I don't want to allow Mozilla to learn who has installed my software. It is none of their business! So my add ons are also configured to prevent your Firefox browser reporting the installation back to Mozilla. (Did you know, Firefox periodically reports a list of your installed add ons to AMO?).

Finally, I'm not seeking a mass audience for these add ons. They are not aimed at novice internet users. I don't need my ego massaged.

I'm in good company; other add ons which you won't find on AMO include HTTPS Everywhere (from EFF) and the HTTPS Finder.

 

Why isn't the Dephormation and Secret Agent code GPL?

Its free, its open source. But its not GPL.

That means you don't have to pay for it, you can view the source code, but you may not redistribute it, and some organisations are explicitly not licenced to use it.

If you want to inspect the add-on code, its plain text. Download the XPI file, rename it as a ZIP, unzip the ZIP file, and open the Javascript code in any text editor.

The code is not licenced using GPL because I do not want ISPs to present or redistribute Dephormation or Secret Agent as the crutch to prop up criminal mass surveillance scams like Phorm.

 

Why isn't the Dephormation and Secret Agent code signed?

It doesn't need to be.

Think about it this way. Phorm code isn't signed, and you and your ISP will never see the code Phorm have written. Yet all your web traffic will pass through their network systems.

Signing doesn't guarantee that code is safe. It guarantees that code, signed by someone who's identity may or may not have been verified by a certificate authority for a fee, hasn't been changed.

Here's how you can positively validate the code. Calculate an MD5 sum. If it matches the code on the download page, the code is probably untampered.

If you still don't want to trust my code, I don't mind.

 

Why no Internet Explorer/Chrome/Opera equivalent for Dephormation?

An Internet Explorer "Browser Helper Object" equivalent to Dephormation for Firefox/SeaMonkey has been developed. I'm hesitant to release it because it is more likely to destabilise your PC, and I'm unwilling to accept the burden of maintenance and support.

But you should also ask yourself where this absurd process would stop.

Every single web browser, every single web application using http, would need an add on like Dephormation to keep you opted out of Phorm.

Imagine how complex software installation will become if you have to do this for email clients like Outlook, media software like iTunes, instant messenging, feed readers, word processors like Word, Open Office, and other office productivity tools... Its ludicrous.

I've offered to write add ons for Virgin Media (at a bargain price of 0.25M each). But they haven't accepted.

The only effective way to avoid Phorm's spyware completely is moving to a trustworthy Phorm free ISP (see here for UK recommendations).

 

If I block/delete Phorm cookies, will that protect me?

Probably not. In some circumstances, if your ISP has deployed Phorm's spyware products, blocking Phorm domains using DNS may even make it impossible to browse the internet.

Without the opt out cookie being present with each and every request from your web browser or other desktop application, you're opted in.

Delete the cookies, block the cookies, you're opting in.

Blocking cookies will make it more difficult to make use of the data gathered if Phorm do indeed profile your page requests.

To reiterate, the only effective way to avoid Phorm's spyware completely is moving to a trustworthy Phorm free ISP  (see here for UK recommendations).

  

Can Dephormation protect me from cross site request forgery?

Dephormation seems to be capable of resisting the published  cross site request forgery (CSRF) exploit which might otherwise cause you to be unwillingly opted back into Phorm.

Any subsequent page request would cause the opt in to be undone, and your opted out status restored.

Don't rely on Dephormation for long term protection; find a Phorm free ISP (see here for UK recommendations).

 

I think I've found a bug in your code

If so, sorry. You'll need to contact me via this contact form. Or get in touch via nodpi or badphorm forums (or ask one of the regulars to relay the details).

 

Should I close my account with my ISP?

Its your decision to take, your choice to make. I switched without hesitation.

Phorm partners clearly don't recognise or respect your right to privacy, security, and data integrity when they provide a communication service.

So I closed all my accounts with with Virgin Media and BT, and won't do business with TalkTalk.

I expect my suppliers to respect client confidentiality. I expect them to keep confidential the sender, recipient, content, and location of all my communications.

In the UK, I can recommend Aquiss.net (and I'm delighted with them). I can also firmly recommend UKFSN (the owner is a fellow campaigner) and  Orpheus. See here for recommendations.

 

How do I uninstall Dephormation or Secret Agent?

Use the Tools/Add-Ons dialog. Select Dephormation or Secret Agent and click remove. This removes the add on from your current Firefox profile.

Your opt out cookie/Phorm UID cookies will be unaffected. Assuming default settings, you will remain opted out (unless your cookies are deleted) but your UID will become static (because it is not being randomised by Dephormation).

If you choose not to use Dephormation, you should opt out using your ISPs mechanism, or switch to a Phorm free ISP for long term protection. See here for recommendations.

 

Can you recommend a Phorm free ISP?

If you value the privacy, security, and data integrity of your internet connection... you need to find a Phorm free ISP.

In the UK you should not use BT, Virgin Media or TalkTalk as your internet service provider.

There are many other internet service providers who will not compromise privacy or quality of your data communications. I can confidently recommend Aquiss, UKFSN,  Orpheus, but there are many others that have been recommended to me. Andrews and Arnold,  Bethere, and The Phone Coop are often cited by people I trust.

I'd recommend you AVOID buying your broadband, phone, mobile, and television service from a single provider. Spread your service contracts around, and use DPA section 11 notices to require that your data is not used for marketing.

I'd also recommend you AVOID at all costs mobile broadband provided by 3, O2, Orange, T-Mobile and Vodafone for reasons obvious from this Guardian article. Mobile operators are able to combine your profile with your location data too. Vodafone and 3 in particular are relaying communications data to Bluecoat in California (with or without your knowledge).

 

Who funds this site?

Me, and me alone. No fees. No sponsorship. No advertising. No ISP.

I do accept donations of ideas, and software. But haven't been offered anything else, yet.

Hosting is provided by Cyberprog New Media.