By: MarkJ - 26 July, 2010 (1:16 PM)
talktalk uk dpi internet isp privacy concernBroadband ISP TalkTalk UK could be about to incur the wrath of privacy campaigners after some of its customers spotted that their online website browsing activity was being monitored and recorded without consent. The situation has caused a significant amount of concern with many end-users worried about the impact upon their personal privacy.

TalkTalk has since confirmed that the monitoring, which was first discovered on the ISPs discussion forum during the middle of July (here), is part of a future Malware/Security/Parental Guidance tool to be provided by Chinese vendor Huawei. This is due to launch before the end of 2010.

The system, which is not yet fully in place, aims to help block dangerous websites (e.g. those designed to spread malware) by comparing the URL that a person visits against a list of good and bad/dangerous sites. Bad sites will then be restricted.

TalkTalk's Official Statement

We are developing some really exciting new security and parental control services, which will be based deep within our network infrastructure, to provide our customers with greater protection for all the devices they connect to their broadband line with. We’ve had considerable feedback from customers that PC-based software only deals with part of the wider security problem facing today's internet users, so we’ve developed these new services to help improve our customers online experience with us.

In preparation for the launch of these services, as our users surf the internet, details of websites visited are put into a list. Scanning engines then compare this list to a blacklist (sites that have been found to contain recent threats) and whitelist (sites that have been recently scanned with no threats found); if the site is not on either of these, it will visit the site and scan it for malicious code. Sites that are already on either list are not scanned again until the following day.

Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers. We are not interested in who has visited which site - we are simply scanning a list of sites which our customers, as a whole internet community, have visited. What we are interested in is making the web a safer place for all our customers.

In due course we will be trialing and launching these services. We hope to be able to share more info on all of this soon.

At present the affected customers cannot opt-out of TalkTalk's data collection exercise, while the actual malware/block tool itself has yet to be enabled and will also be subjected to optional customer testing before it is. The resulting system will apparently only be available if you opt-in to use it.

As a result the systems first stage is currently just monitoring and recording URLs, which TalkTalk says is an anonymous process; no end-user IP address or personal details are revealed. However some customer posts have suggested that the TalkTalk system also reads the code for sites, at least the ones it cannot identify, which could in theory pose a security risk if the URL you visited was for a private admin page. Some of these would be pages that even Google cannot find.

It's worth pointing out that ISPs are already required to record website and email accesses (but not content), including dates and times, as part of the previous governments Data Retention Directive. However this is a closed process for use by specific public/security services and should not be confused with what TalkTalk is doing.

TalkTalk claims that its new system does not require prior customer consent because it is effectively just gathering an anonymous list of public website addresses (retained for 24 hours). The data itself will also be stored in a network device and at the moment only Huawei has visibility of this information. That last bit doesn't inspire confidence.

A TalkTalk spokesperson told The Register :

"Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers."

Given the absence of any technical data that could explain precisely how this system works it would be very difficult to assess the reality of their words. The situation also harks back to BT's secret trials of Phorm technology, which pledged to offer a similar website filtering system alongside its controversial behavioural advertising "service".

Many likened Phorm's Deep Packet Inspection (DPI) system to spyware and it was eventually hounded out of the UK and lost its major UK ISP support, which at the time also included TalkTalk. In fairness the ISP is not proposing to do exactly what Phorm did, although the similarities are there.

TalkTalk are intercepting their customers communications data (protected by the law) and passing it to a profiling system, which a third party firm appears to have visibility of, for the purpose of launching a commercially advantageous system. There are some legally grey areas here. It might also clash with what TalkTalk's boss recently said as part of its opposition to the Digital Economy Act 2010 (DEA).

Charles Dunstone, Chairman of the TalkTalk Group, said:

"The Digital Economy Act's measures will cost the UK hundreds of millions and many people believe they are unfair, unwarranted and won't work. So it’s no surprise that in Nick Clegg’s call for laws to repeal, this Act is top of the public’s ‘wish list’. Innocent broadband customers will suffer and citizens will have their privacy invaded."

At least one of TalkTalk's forum administrators agrees that the ISP could have told people that the URL collecting had started, in fact they should have informed them BEFORE it started. Such a system was always going to be contentious and clearly needed prior discussion. On the upside at least TalkTalk are owning up to it instead of trying to disguise their activity.

Furthermore we have to ask whether this kind of service is even needed. TalkTalk claims that it is but similar systems already exist through Google searches, anti-virus software and most modern website browsers. Do we really need a fourth level of protection that is trying to perform almost exactly the same task?

UPDATE 2:40pm

We've also seen some reports that the new system confuses login sessions for certain websites and web-based games that require a degree of IP authentication, although at this stage it's difficult to know if the problem is directly related.
Share: Slash., Stumble, Facebook, Digg, Reddit, Delicious
Option: Link | Search

Comments: 23

asa logoParentAndCustomer
Posted: 26 July, 2010 - 2:32 PM
Link to comment

Furthermore we have to ask whether this kind of service is even needed. TalkTalk claims that it is but similar systems already exist through Google searches, anti-virus software and most modern website browsers. Do we really need a fourth level of protection that is trying to perform almost exactly the same task?

Isn't the purpose to provide protection for non-pc network enabled devices such as mobile phones, game devices, STB's, TVs etc etc which DON'T usually have any protection. As a parent, central "parental control" also seems like a handy feature to have across all of these devices don't you think?
asa logoMarkJ
Posted: 26 July, 2010 - 2:39 PM
Link to comment

That's an interesting point. Of course many of those platforms would use non-standard or mobile OS solutions that are not commonly targeted by such threats and may be unable to infect the software. Very few people have anti-virus on their mobile phones for precisely that reason. It's not generally needed.

This is particularly true of closed platforms like game devices. More to the point, TalkTalk already has technology that can restrict websites through parental controls that would not need such extensive monitoring tech. Basic blocklist technology would surely be cheaper and also quite effective, without needing to track customers online activity.
asa logoBig P
Posted: 26 July, 2010 - 2:55 PM
Link to comment

Even The Manager on TTMF posted
Monday 19th Jul 2010, 10:31 PM


Not sure who this persons source is but they are so far from the truth they wouldn't know it if it hit them on the head.

I can assure you we don't monitor peoples online activity!!!!! Hope this put some of your minds at rest
Stephen Fell

Then after accused people of wanting an argument
Hi all,

Not going to comment any further as some people just want an argument, official statement to follow!!

Stephen Fell
TalkTalk`s Online Community
LIMK to thread Here posts 5 & 15
asa logoBig P
Posted: 26 July, 2010 - 3:01 PM
Link to comment

Ialso have the record of the test Done on Phoenix broadband this morning with the owner Hatari . if people would like to see it i will post .
There is a big thread about this aswell on Phoenix
Link if you are interested .,1828.0.html
asa logoParentAndCustomer
Posted: 26 July, 2010 - 3:06 PM
Link to comment

That's an interesting point. Of course many of those platforms would use non-standard or mobile OS solutions that are not commonly targeted by such threats and may be unable to infect the software.

Isn't that what people said for PCs originally? wink With the increase in network enabled devices now coming into homes, many with cross platform OS's, isn't there becomming a need?

The URL monitoring aspect is something I don't really agree with, I guess they thought it was the best way to generate lists that represent their customers? They possibly listened too much to Huawei, their technology provider rather than thinking of customers privacy concerns.
asa logoHatari
Posted: 26 July, 2010 - 3:29 PM
Link to comment

This has been going on, I believe, since pre May. I discovered the accesses to my websites in May. After some testing the monitoring and following by TT were confirmed and I emailed TT originally on the 30 June and it took two weeks to get comfirmation. Copies of the emails etc on the topic,1828.0.html
asa logoPete
Posted: 26 July, 2010 - 3:37 PM
Link to comment

This is illegal interception of communications, exactly like Phorm.

TalkTalk are not obliged to intercept URLs (which are the content of communications), in fact the Data Retention Directive specifically prohibits the retention of content data: "No data revealing the content of the communication may be retained pursuant to this Directive".

TalkTalk are not entitled to access traffic data (which is the IP addresses) without the *explicit* and *informed* consent of their customers. So collecting this data for two months in secret is also an offence.

But what's utterly astounding... Like Phorm and their oft cited links to Moscow and the Russian Military.... Is that TT also claim this data is only accessible to Huawei, the Chinese manufacturer of their equipment. Huawei are linked to the Chinese PLA. Mi5 have been warning about Russian and Chinese industrial espionage for the last 12 months.

TalkTalk are in some serious trouble, or dangerously mad, or quite likely both.
asa logobobpp
Posted: 27 July, 2010 - 12:42 AM
Link to comment

Shame on talktalk. Phorm by another name.
I will be looking for another isp and recommending 100's of others to do the same.
Talktalk has made a lot of money out of me by me recommending their services to other people but now I will rescind that recommendation and advise them to use another isp.
asa logoCarrot63
Posted: 27 July, 2010 - 9:06 AM
Link to comment

What's the betting that somewhere down the line a magical ad pimping bolt on will materialise?

Expect this to be long, drawn out, laden with rhetoric, and ultimately painful if you're TalkTalk.
asa logohappycitizen
Posted: 27 July, 2010 - 10:18 AM
Link to comment

I am glad our data is being sent anonymously to the Chinese. I have every confidence this is not being used by their secret services. I have every confidence in the technical ability of Talk Talk and the Murdoch family in general.
I am confident that I can never be identified from google searches including my house name, visits to what is my IP and my toolbar cookies and my bank codes.
asa logoBarnes Tagg
Posted: 27 July, 2010 - 11:44 AM
Link to comment

Shouldn't the parents be monitoring what their kids are doing and not leaving it to the ISP?

As it is these days parents seem to consider a PC to be the same as a TV - a device for keeping the kids quiet in the corner of the room rather than the connection to the rest of the world that it is.
asa logoMel
Posted: 27 July, 2010 - 11:48 AM
Link to comment

So, has anyone checked if this system obtains the destination IP address by performing its own DNS lookup of the user's original http request's Host: string, or if it also stores and uses the IP address from the user's request?

Only, if it does its own DNS lookup, then by fiddling with his Host: string, an evil user could exploit this system into performing SQL exploits, dos attacks and the like which would show up to the targeted server as originating from the scanning system's IP address, allowing the attacker to conceal his own IP address from his target.
asa logoMel
Posted: 27 July, 2010 - 12:07 PM
Link to comment

Well that rules me out of ever becoming a Stalk Stalk customer again (I was temporarily one when they bought AOL sadder).

You can get consumer adsl routers with parental control & security software built into the firmware, which will "protect" all devices connected to your home network including non-PC devices. I had one that had this as an option - paid for after the first year (not that I'd ever use it) - it uses an external server to check the URL's requested, much like the similar feature in most modern browsers. Another option is to configure your router to use openDNS - which I would also not wish to use for privacy reasons.
asa logoData rape
Posted: 27 July, 2010 - 1:16 PM
Link to comment

TalkTalk are a joke of an ISP, and clearly the monitoring starts under the guise of "security", but give it a few months, or a change of CEO, and that system's data will soon be used for other stuff.

It will start with providing data for money about consumers to market research companies. It will creep more and more until the marketers know exactly what individuals are looking at, and when.

Add in a change of law, lobbied for by those with data (eg Tesco, ISPs) and those seeking data (eg spammers (all advertisers are spammers)), and we enter further into a privacy nightmare.

To be honest, with the government now tracking everyone's web use, I think I will change my TOR node from just an entry node to an exit node. I recommend others do too. It will make the law useless, and maybe lead to being repealed (hahaha, yeah, I know!)
asa logoWolfy
Posted: 28 July, 2010 - 8:39 AM
Link to comment

What are you all so afraid of? what have you got to hide? They are tracking anon usage to create a blacklist of harmful websites, they don't want to know the xxx sites you visit, they don't want to know if you have secret government files, they just want to create a list of good/bad websites and see how many people visit them.

again, what have you got to hide?
asa logoSuperDooper
Posted: 28 July, 2010 - 9:10 AM
Link to comment

Wolfy: So, you'd be okay to have a live webcam feed to your bedroom / bathroom and toilet then because you have nothing to hide right?
asa logoMarkJ
Posted: 28 July, 2010 - 9:36 AM
Link to comment

Hehe the "if you have nothing to hide.." style remark is easily one of the weakest arguments to not protect a person's right to privacy. So, what have people got to hide? Our privacy, the private admin webpages we visit, the games we play, the porn somebody might view. Data like this can be profiled and lead to abuses.

Privacy is supposed to be private, nobody should be interfering with that unless they have a lawful reason to do so and then it should be via an appropriate security service. The price of freedom is eternal vigilance.

Most people have enough trouble trusting what the government does with our personal data, the last place many would want to see such information is in the hands of commercial businesses. Phorm claimed that it was anonymous too but, if you remember, many technical experts investigated the system and debunked that.
asa logovirgin CEO
Posted: 29 July, 2010 - 11:34 PM
Link to comment

the talk talk system is completely untraceable as your ip address dosent travel through the tt radius server that is logging the info and most other isp do the same virgen have been record url`s for years just that they are doing it more sneaky
asa logoHatari
Posted: 1 August, 2010 - 9:15 AM
Link to comment

The Stalkstalk system is using URLs with session IDs left in and thus the receiving website be is lead to believe the access attempt is authorised. This could lead to problems as the website is getting the same command twice from the same, as far as it knows, user.
asa logostevey
Posted: 11 January, 2011 - 9:31 AM
Link to comment

Drat! Does this mean I can't masturbate over my webcam anymore to all those lucky, lushious girlies out there?
asa logoE Richards
Posted: 12 May, 2011 - 8:05 AM
Link to comment

I loathe ,detest and hate everything about Talk Talk. They are the worst ISP in the known universe. I would NOT stay with Talk Talk, after my contract expires next May, if they PAID me. If anyone is stupid enough to subscribe to Talk Talk after reading this then they deserve all the crap from Talk Talk that will DEFINITELY be coming their way. Boy do I hate Talk Talk
asa logomyhubporn
Posted: 30 September, 2011 - 12:33 AM
Link to comment

Best mobile sex videos and iphone sexy pornstars and you hottest [url=]porn[/url] and hot Pornostars making sex Anal [url=]Sexy Girls[/url] Shemale HD streaming sex is a best porn site like:,, for perfect free porn videos.
If you like Gay XXX videos [url=]Free Porn [/url] the best free sex tube videos and gay porn sex movies
asa logoTamber
Posted: 15 January, 2012 - 5:12 AM
Link to comment

Shoot, so that's that one supsopes.

Generated in 0.15859 seconds.
DB queries: 8

Copyright © 1999 to Present - - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules