Some logs posted in comments here http://habrahabr.ru/post/247465/, also http://www.sql.ru/forum/1124841/bot-webindex, http://sporaw.livejournal.com/347832.html?thread=8737208#t8737208 and http://www.cyberforum.ru/blogs/223974/blog2542.html
Not sure about redirects, you can try it with Russian Tor exit nodes probably. Virilha: > > Can someone using this Russians ISPs being monitored / DPI'd, paste some > traffic logs? > > Or install the firefox plugin and say if it detects the redirect URLs > correctly? > > --Virilha > > ----- Message from Anton Nesterov <[email protected]> --------- > Date: Fri, 09 Jan 2015 11:07:32 +0000 > From: Anton Nesterov <[email protected]> > Subject: Re: Meet the iMarker, Russian targeted ad service which analyze > your traffic on ISP side > To: [email protected] > > >> Actually, it seems like *it is* Phorm. They mention yourself as Phorm's >> representatives in Russia here: >> https://www.facebook.com/imarker.ru/photos/a.340885905946086.85421.332865510081459/905366306164707/ >> >> Seems like Phorm bought them at the some stage, and that tweet from >> iMarker founder says they fired him >> https://twitter.com/mberlizev/status/501487701124972544, also some info >> about replaced software inside ISP networks without their knowledge >> https://twitter.com/mberlizev/status/497329705163710464, another posts >> in Mikhail Berzliev's company ADEx FB mention takeover by Phorm >> https://facebook.com/adex.provider/posts/630807190348314 >> https://facebook.com/adex.provider/posts/630182937077406 >> >> Virilha: >>> It remembers me about Phorm at UK, BR, some other countries also. >>> >>> There is a firefox addon to detect / scramble / block this kind of >>> redirects URLs, generating random unique IDs to throw garbage on the >>> data the ISP collects. >>> >>> https://www.dephormation.org.uk/?page=2 >>> >>> But seems its not open source. >>> >>> --Virilha >>> >>> ----- Message from Anton Nesterov <[email protected]> --------- >>> Date: Thu, 08 Jan 2015 20:45:13 +0000 >>> From: Anton Nesterov <[email protected]> >>> Subject: Meet the iMarker, Russian targeted ad service which analyze >>> your traffic on ISP side >>> To: [email protected] >>> >>> >>>> How it works? >>>> >>>> ISPs install the iMarker equipment and mirror all user's traffic on it >>>> (Russian surveillance system, SORM, works the same way). Software takes >>>> time, URL and HTTP Headers from HTTP requests. Then scraper with IP >>>> 92.242.35.54 and User-Agent WebIndex follow every visited URL and >>>> analyze its content. All this information used to build a profile for >>>> user. They says that information is removed right after analysis, and >>>> software saves only result of that analysis. Their website lists that >>>> they categorize users by search queries, online shopping activity, time >>>> of visits, activity on social networks, keywords on visited pages, >>>> visited websites, social-demographic info, such as sex, age, marital >>>> status, and education level, and then they use that data to distribute >>>> users for consumers groups. Every user has some kind of pseudonymous ID >>>> with linked profile. >>>> >>>> It's also has an opt-out option http://www.imrk.net/status >>>> >>>> >>>> How many users affected? >>>> >>>> They says it's 38 million people all over Russia. Minister of >>>> Communication Nikolay Nikiforov said in 2014 there was 62 million >>>> people >>>> in Russia using Internet, 56m of them do it every day, so it's 61% of >>>> Russian Internet users. iMarker's website list Akado, Rostelecom, >>>> ER-Telecom, NetByNet, Qwerty, and TTK as ISPs that installed iMarker's >>>> equipment. >>>> >>>> >>>> How to check if this affects you? >>>> >>>> If you are a client of Russian ISP, you can check it here >>>> http://imarker.valdikss.org.ru If you own a webserver, grep the logs >>>> for >>>> connections from 92.242.35.54. >>>> >>>> >>>> How do check script works? >>>> >>>> It generate a random link and wait for 3 seconds for connection from >>>> iMarker's IP address. >>>> >>>> >>>> How long iMarker works? >>>> >>>> Company start work on January 2010, commercial sells started on August >>>> 2011. >>>> >>>> >>>> >>>> http://imarker.valdikss.org.ru/ — script that checks if your ISP use >>>> iMarker >>>> http://www.vedomosti.ru/tech/news/15669231/bolshoj-reklamnyj-brat — >>>> report on iMarker from 2013, says they are ready to provide free DPI to >>>> ISPs in exchange of user's data (Russian) >>>> http://sporaw.livejournal.com/347832.html — blog post quoting private >>>> mails from iMarker's crew (Russian) >>>> http://www.imrk.net/privacy — TOS (Russian) >>>> http://habrahabr.ru/post/247465/ — blog post about iMarker (Russian) >>>> http://www.imarker.ru/ — iMarker website (Russian) >>>> http://www.imrk.net/status — opt-out page (Russian) >>>> http://minsvyaz.ru/ru/news/index.php?id_4=44571 — Nikiforov's statement >>>> on number of Russian Internet users (Russian) >>>> >>>> -- >>>> https://nesterov.pw >>>> GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 >>>> https://keybase.io/komachi/key.asc >>> >>> >>> ----- End message from Anton Nesterov <[email protected]> ----- >>> >>> >>> >>> >>> >> >> >> -- >> https://nesterov.pw >> GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 >> https://keybase.io/komachi/key.asc > > > ----- End message from Anton Nesterov <[email protected]> ----- > > > > > -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc
