Meet the iMarker, Russian targeted ad service which analyze your traffic on ISP side
Anton Nesterov
komachi at openmailbox.org
Sat Jan 10 05:10:10 PST 2015
Some logs posted in comments here http://habrahabr.ru/post/247465/, also
http://www.sql.ru/forum/1124841/bot-webindex,
http://sporaw.livejournal.com/347832.html?thread=8737208#t8737208 and
http://www.cyberforum.ru/blogs/223974/blog2542.html
Not sure about redirects, you can try it with Russian Tor exit nodes
probably.
Virilha:
>
> Can someone using this Russians ISPs being monitored / DPI'd, paste some
> traffic logs?
>
> Or install the firefox plugin and say if it detects the redirect URLs
> correctly?
>
> --Virilha
>
> ----- Message from Anton Nesterov <komachi at openmailbox.org> ---------
> Date: Fri, 09 Jan 2015 11:07:32 +0000
> From: Anton Nesterov <komachi at openmailbox.org>
> Subject: Re: Meet the iMarker, Russian targeted ad service which analyze
> your traffic on ISP side
> To: cypherpunks at cpunks.org
>
>
>> Actually, it seems like *it is* Phorm. They mention yourself as Phorm's
>> representatives in Russia here:
>> https://www.facebook.com/imarker.ru/photos/a.340885905946086.85421.332865510081459/905366306164707/
>>
>> Seems like Phorm bought them at the some stage, and that tweet from
>> iMarker founder says they fired him
>> https://twitter.com/mberlizev/status/501487701124972544, also some info
>> about replaced software inside ISP networks without their knowledge
>> https://twitter.com/mberlizev/status/497329705163710464, another posts
>> in Mikhail Berzliev's company ADEx FB mention takeover by Phorm
>> https://facebook.com/adex.provider/posts/630807190348314
>> https://facebook.com/adex.provider/posts/630182937077406
>>
>> Virilha:
>>> It remembers me about Phorm at UK, BR, some other countries also.
>>>
>>> There is a firefox addon to detect / scramble / block this kind of
>>> redirects URLs, generating random unique IDs to throw garbage on the
>>> data the ISP collects.
>>>
>>> https://www.dephormation.org.uk/?page=2
>>>
>>> But seems its not open source.
>>>
>>> --Virilha
>>>
>>> ----- Message from Anton Nesterov <komachi at openmailbox.org> ---------
>>> Date: Thu, 08 Jan 2015 20:45:13 +0000
>>> From: Anton Nesterov <komachi at openmailbox.org>
>>> Subject: Meet the iMarker, Russian targeted ad service which analyze
>>> your traffic on ISP side
>>> To: cypherpunks at cpunks.org
>>>
>>>
>>>> How it works?
>>>>
>>>> ISPs install the iMarker equipment and mirror all user's traffic on it
>>>> (Russian surveillance system, SORM, works the same way). Software takes
>>>> time, URL and HTTP Headers from HTTP requests. Then scraper with IP
>>>> 92.242.35.54 and User-Agent WebIndex follow every visited URL and
>>>> analyze its content. All this information used to build a profile for
>>>> user. They says that information is removed right after analysis, and
>>>> software saves only result of that analysis. Their website lists that
>>>> they categorize users by search queries, online shopping activity, time
>>>> of visits, activity on social networks, keywords on visited pages,
>>>> visited websites, social-demographic info, such as sex, age, marital
>>>> status, and education level, and then they use that data to distribute
>>>> users for consumers groups. Every user has some kind of pseudonymous ID
>>>> with linked profile.
>>>>
>>>> It's also has an opt-out option http://www.imrk.net/status
>>>>
>>>>
>>>> How many users affected?
>>>>
>>>> They says it's 38 million people all over Russia. Minister of
>>>> Communication Nikolay Nikiforov said in 2014 there was 62 million
>>>> people
>>>> in Russia using Internet, 56m of them do it every day, so it's 61% of
>>>> Russian Internet users. iMarker's website list Akado, Rostelecom,
>>>> ER-Telecom, NetByNet, Qwerty, and TTK as ISPs that installed iMarker's
>>>> equipment.
>>>>
>>>>
>>>> How to check if this affects you?
>>>>
>>>> If you are a client of Russian ISP, you can check it here
>>>> http://imarker.valdikss.org.ru If you own a webserver, grep the logs
>>>> for
>>>> connections from 92.242.35.54.
>>>>
>>>>
>>>> How do check script works?
>>>>
>>>> It generate a random link and wait for 3 seconds for connection from
>>>> iMarker's IP address.
>>>>
>>>>
>>>> How long iMarker works?
>>>>
>>>> Company start work on January 2010, commercial sells started on August
>>>> 2011.
>>>>
>>>>
>>>>
>>>> http://imarker.valdikss.org.ru/ — script that checks if your ISP use
>>>> iMarker
>>>> http://www.vedomosti.ru/tech/news/15669231/bolshoj-reklamnyj-brat —
>>>> report on iMarker from 2013, says they are ready to provide free DPI to
>>>> ISPs in exchange of user's data (Russian)
>>>> http://sporaw.livejournal.com/347832.html — blog post quoting private
>>>> mails from iMarker's crew (Russian)
>>>> http://www.imrk.net/privacy — TOS (Russian)
>>>> http://habrahabr.ru/post/247465/ — blog post about iMarker (Russian)
>>>> http://www.imarker.ru/ — iMarker website (Russian)
>>>> http://www.imrk.net/status — opt-out page (Russian)
>>>> http://minsvyaz.ru/ru/news/index.php?id_4=44571 — Nikiforov's statement
>>>> on number of Russian Internet users (Russian)
>>>>
>>>> --
>>>> https://nesterov.pw
>>>> GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
>>>> https://keybase.io/komachi/key.asc
>>>
>>>
>>> ----- End message from Anton Nesterov <komachi at openmailbox.org> -----
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> https://nesterov.pw
>> GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
>> https://keybase.io/komachi/key.asc
>
>
> ----- End message from Anton Nesterov <komachi at openmailbox.org> -----
>
>
>
>
>
--
https://nesterov.pw
GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
https://keybase.io/komachi/key.asc
More information about the cypherpunks
mailing list