Re: Meet the iMarker, Russian targeted ad service which analyze your traffic on ISP side

10 Jan 2015

      Some logs posted in comments here http://habrahabr.ru/post/247465/, also
http://www.sql.ru/forum/1124841/bot-webindex,
http://sporaw.livejournal.com/347832.html?thread=8737208#t8737208 and
http://www.cyberforum.ru/blogs/223974/blog2542.html

Not sure about redirects, you can try it with Russian Tor exit nodes
probably.

Virilha:
...
Can someone using this Russians ISPs being monitored / DPI'd, paste some
traffic logs?
Or install the firefox plugin and say if it detects the redirect URLs
correctly?
--Virilha
----- Message from Anton Nesterov <komachi@openmailbox.org> ---------
   Date: Fri, 09 Jan 2015 11:07:32 +0000
   From: Anton Nesterov <komachi@openmailbox.org>
Subject: Re: Meet the iMarker, Russian targeted ad service which analyze
your traffic on ISP side
     To: cypherpunks@cpunks.org
...
Actually, it seems like *it is* Phorm. They mention yourself as Phorm's
representatives in Russia here:
https://www.facebook.com/imarker.ru/photos/a.340885905946086.85421.332865510...
Seems like Phorm bought them at the some stage, and that tweet from
iMarker founder says they fired him
https://twitter.com/mberlizev/status/501487701124972544, also some info
about replaced software inside ISP networks without their knowledge
https://twitter.com/mberlizev/status/497329705163710464, another posts
in Mikhail Berzliev's company ADEx FB mention takeover by Phorm
https://facebook.com/adex.provider/posts/630807190348314
https://facebook.com/adex.provider/posts/630182937077406
Virilha:
...
It remembers me about Phorm at UK, BR, some other countries also.
There is a firefox addon to detect / scramble / block this kind of
redirects URLs, generating random unique IDs to throw garbage on the
data the ISP collects.
https://www.dephormation.org.uk/?page=2
But seems its not open source.
--Virilha
----- Message from Anton Nesterov <komachi@openmailbox.org> ---------
   Date: Thu, 08 Jan 2015 20:45:13 +0000
   From: Anton Nesterov <komachi@openmailbox.org>
Subject: Meet the iMarker, Russian targeted ad service which analyze
your traffic on ISP side
     To: cypherpunks@cpunks.org
...
How it works?
ISPs install the iMarker equipment and mirror all user's traffic on it
(Russian surveillance system, SORM, works the same way). Software takes
time, URL and HTTP Headers from HTTP requests. Then scraper with IP
92.242.35.54 and User-Agent WebIndex follow every visited URL and
analyze its content. All this information used to build a profile for
user. They says that information is removed right after analysis, and
software saves only result of that analysis. Their website lists that
they categorize users by search queries, online shopping activity, time
of visits, activity on social networks, keywords on visited pages,
visited websites, social-demographic info, such as sex, age, marital
status, and education level, and then they use that data to distribute
users for consumers groups. Every user has some kind of pseudonymous ID
with linked profile.
It's also has an opt-out option http://www.imrk.net/status
How many users affected?
They says it's 38 million people all over Russia. Minister of
Communication Nikolay Nikiforov said in 2014 there was 62 million
people
in Russia using Internet, 56m of them do it every day, so it's 61% of
Russian Internet users. iMarker's website list Akado, Rostelecom,
ER-Telecom, NetByNet, Qwerty, and TTK as ISPs that installed iMarker's
equipment.
How to check if this affects you?
If you are a client of Russian ISP, you can check it here
http://imarker.valdikss.org.ru If you own a webserver, grep the logs
for
connections from 92.242.35.54.
How do check script works?
It generate a random link and wait for 3 seconds for connection from
iMarker's IP address.
How long iMarker works?
Company start work on January 2010, commercial sells started on August
2011.
http://imarker.valdikss.org.ru/ — script that checks if your ISP use
iMarker
http://www.vedomosti.ru/tech/news/15669231/bolshoj-reklamnyj-brat —
report on iMarker from 2013, says they are ready to provide free DPI to
ISPs in exchange of user's data (Russian)
http://sporaw.livejournal.com/347832.html — blog post quoting private
mails from iMarker's crew (Russian)
http://www.imrk.net/privacy — TOS (Russian)
http://habrahabr.ru/post/247465/ — blog post about iMarker (Russian)
http://www.imarker.ru/ — iMarker website (Russian)
http://www.imrk.net/status — opt-out page (Russian)
http://minsvyaz.ru/ru/news/index.php?id_4=44571 — Nikiforov's statement
on number of Russian Internet users (Russian)
-- 
https://nesterov.pw
GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
https://keybase.io/komachi/key.asc
----- End message from Anton Nesterov <komachi@openmailbox.org> -----
-- 
https://nesterov.pw
GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
https://keybase.io/komachi/key.asc
----- End message from Anton Nesterov <komachi@openmailbox.org> -----
-- 
https://nesterov.pw
GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
https://keybase.io/komachi/key.asc