“iPrism” and UK HMGCC in Referrers?
November 4, 2013Some of my friends already know, but for Halloween, instead of going trick-or-treating with my kids, I instead got to sit with police & bomb-squad folks from Ft. Belvoir to deal with a landmine fuze that somehow appeared in the woods of my back yard. If you want the entertaining story, it’s on Reddit. Long story short, I was taking my dog for a walk in the woods behind my house, found what looked like a landmine, posted a pic to the /r/military subreddit to verify it was something of concern, and then after seeing the first comment of “looks legit, call police asap” I got the authorities over. After a many-hour ordeal, bomb squad folks determined it was just a hollow shell put there to freak people out, and it was all over.
But, what I found curious was the referrers on my Flickr stats afterwards.
IPrism? Maybe it’s just someone in Her Majesty’s Government Communications Centre who has put together a nifty photo-sharing app called “iPrism”, but with all of the Edward Snowden talk these days, thought it at least worthy of a post to see if anyone else has seen this in their referral traffic. Curious, also, that with any internal site like that, that they wouldn’t be browsing in SSL to mask the http 1.1 referrer.
OK, maybe it’s not all Ed Snowden-like. http://www.edgewave.com/products/web_security/default.asp = iPrism
I’ve just had some hits on my website from the same place.
Not any image’s really. Intrigued as to what they were looking at. And who is it?
Well, at this point I’m pretty sure that’s just an egress router/proxy for the HMGCC – and (unfortunately for our intrigue) not some Orwellian data collection device. If it were a data slurper, it wouldn’t be referring a visitor to your site, it would be simply slurping the image like GoogleBot, leaving an access log entry not a referrer, as any intelligent intelligence service would want to persist the image locally as opposed to linking to it. Likely it’s a filter similar to WebSense or a Barracuda device where blocked images can be reviewed on the device, thus the referrer traffic. That’s my hypothesis anyhow.