Broadband ISP TalkTalk UK could be about to incur the wrath of privacy campaigners after some of its customers spotted that their online website browsing activity was being monitored and recorded without consent. The situation has caused a significant amount of concern with many end-users worried about the impact upon their personal privacy.TalkTalk has since confirmed that the monitoring, which was first discovered on the ISPs discussion forum during the middle of July (here), is part of a future Malware/Security/Parental Guidance tool to be provided by Chinese vendor Huawei. This is due to launch before the end of 2010.
The system, which is not yet fully in place, aims to help block dangerous websites (e.g. those designed to spread malware) by comparing the URL that a person visits against a list of good and bad/dangerous sites. Bad sites will then be restricted.
TalkTalk's Official Statement
We are developing some really exciting new security and parental control services, which will be based deep within our network infrastructure, to provide our customers with greater protection for all the devices they connect to their broadband line with. We’ve had considerable feedback from customers that PC-based software only deals with part of the wider security problem facing today's internet users, so we’ve developed these new services to help improve our customers online experience with us.
In preparation for the launch of these services, as our users surf the internet, details of websites visited are put into a list. Scanning engines then compare this list to a blacklist (sites that have been found to contain recent threats) and whitelist (sites that have been recently scanned with no threats found); if the site is not on either of these, it will visit the site and scan it for malicious code. Sites that are already on either list are not scanned again until the following day.
Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers. We are not interested in who has visited which site - we are simply scanning a list of sites which our customers, as a whole internet community, have visited. What we are interested in is making the web a safer place for all our customers.
In due course we will be trialing and launching these services. We hope to be able to share more info on all of this soon.
We are developing some really exciting new security and parental control services, which will be based deep within our network infrastructure, to provide our customers with greater protection for all the devices they connect to their broadband line with. We’ve had considerable feedback from customers that PC-based software only deals with part of the wider security problem facing today's internet users, so we’ve developed these new services to help improve our customers online experience with us.
In preparation for the launch of these services, as our users surf the internet, details of websites visited are put into a list. Scanning engines then compare this list to a blacklist (sites that have been found to contain recent threats) and whitelist (sites that have been recently scanned with no threats found); if the site is not on either of these, it will visit the site and scan it for malicious code. Sites that are already on either list are not scanned again until the following day.
Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers. We are not interested in who has visited which site - we are simply scanning a list of sites which our customers, as a whole internet community, have visited. What we are interested in is making the web a safer place for all our customers.
In due course we will be trialing and launching these services. We hope to be able to share more info on all of this soon.
At present the affected customers cannot opt-out of TalkTalk's data collection exercise, while the actual malware/block tool itself has yet to be enabled and will also be subjected to optional customer testing before it is. The resulting system will apparently only be available if you opt-in to use it.
As a result the systems first stage is currently just monitoring and recording URLs, which TalkTalk says is an anonymous process; no end-user IP address or personal details are revealed. However some customer posts have suggested that the TalkTalk system also reads the code for sites, at least the ones it cannot identify, which could in theory pose a security risk if the URL you visited was for a private admin page. Some of these would be pages that even Google cannot find.
It's worth pointing out that ISPs are already required to record website and email accesses (but not content), including dates and times, as part of the previous governments Data Retention Directive. However this is a closed process for use by specific public/security services and should not be confused with what TalkTalk is doing.
TalkTalk claims that its new system does not require prior customer consent because it is effectively just gathering an anonymous list of public website addresses (retained for 24 hours). The data itself will also be stored in a network device and at the moment only Huawei has visibility of this information. That last bit doesn't inspire confidence.
A TalkTalk spokesperson told The Register :
"Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers."
"Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers."
Given the absence of any technical data that could explain precisely how this system works it would be very difficult to assess the reality of their words. The situation also harks back to BT's secret trials of Phorm technology, which pledged to offer a similar website filtering system alongside its controversial behavioural advertising "service".
Many likened Phorm's Deep Packet Inspection (DPI) system to spyware and it was eventually hounded out of the UK and lost its major UK ISP support, which at the time also included TalkTalk. In fairness the ISP is not proposing to do exactly what Phorm did, although the similarities are there.
TalkTalk are intercepting their customers communications data (protected by the law) and passing it to a profiling system, which a third party firm appears to have visibility of, for the purpose of launching a commercially advantageous system. There are some legally grey areas here. It might also clash with what TalkTalk's boss recently said as part of its opposition to the Digital Economy Act 2010 (DEA).
Charles Dunstone, Chairman of the TalkTalk Group, said:
"The Digital Economy Act's measures will cost the UK hundreds of millions and many people believe they are unfair, unwarranted and won't work. So it’s no surprise that in Nick Clegg’s call for laws to repeal, this Act is top of the public’s ‘wish list’. Innocent broadband customers will suffer and citizens will have their privacy invaded."
"The Digital Economy Act's measures will cost the UK hundreds of millions and many people believe they are unfair, unwarranted and won't work. So it’s no surprise that in Nick Clegg’s call for laws to repeal, this Act is top of the public’s ‘wish list’. Innocent broadband customers will suffer and citizens will have their privacy invaded."
At least one of TalkTalk's forum administrators agrees that the ISP could have told people that the URL collecting had started, in fact they should have informed them BEFORE it started. Such a system was always going to be contentious and clearly needed prior discussion. On the upside at least TalkTalk are owning up to it instead of trying to disguise their activity.
Furthermore we have to ask whether this kind of service is even needed. TalkTalk claims that it is but similar systems already exist through Google searches, anti-virus software and most modern website browsers. Do we really need a fourth level of protection that is trying to perform almost exactly the same task?
UPDATE 2:40pm
We've also seen some reports that the new system confuses login sessions for certain websites and web-based games that require a degree of IP authentication, although at this stage it's difficult to know if the problem is directly related.
Tweet
Comments: 19
ParentAndCustomerPosted: 26 July, 2010 - 3:32 PM
Link to comment
Furthermore we have to ask whether this kind of service is even needed. TalkTalk claims that it is but similar systems already exist through Google searches, anti-virus software and most modern website browsers. Do we really need a fourth level of protection that is trying to perform almost exactly the same task?
Isn't the purpose to provide protection for non-pc network enabled devices such as mobile phones, game devices, STB's, TVs etc etc which DON'T usually have any protection. As a parent, central "parental control" also seems like a handy feature to have across all of these devices don't you think?
MarkJPosted: 26 July, 2010 - 3:39 PM
Link to comment
That's an interesting point. Of course many of those platforms would use non-standard or mobile OS solutions that are not commonly targeted by such threats and may be unable to infect the software. Very few people have anti-virus on their mobile phones for precisely that reason. It's not generally needed.
This is particularly true of closed platforms like game devices. More to the point, TalkTalk already has technology that can restrict websites through parental controls that would not need such extensive monitoring tech. Basic blocklist technology would surely be cheaper and also quite effective, without needing to track customers online activity.
Big PPosted: 26 July, 2010 - 3:55 PM
Link to comment
Even The Manager on TTMF posted
Monday 19th Jul 2010, 10:31 PM
Hi
Not sure who this persons source is but they are so far from the truth they wouldn't know it if it hit them on the head.
I can assure you we don't monitor peoples online activity!!!!! Hope this put some of your minds at rest
__________________
Stephen Fell
Then after accused people of wanting an argument
Hi all,
Not going to comment any further as some people just want an argument, official statement to follow!!
Regards
__________________
Stephen Fell
TalkTalk`s Online Community
LIMK to thread Here posts 5 & 15
http://www.talktalkmembers.com/forums/showthread.php?t=46565
Big PPosted: 26 July, 2010 - 4:01 PM
Link to comment
Ialso have the record of the test Done on Phoenix broadband this morning with the owner Hatari . if people would like to see it i will post .
There is a big thread about this aswell on Phoenix
Link if you are interested .
http://www.the-phoenix-broadband-advice-community.co.uk/index.php/topic,1828.0.html
ParentAndCustomerPosted: 26 July, 2010 - 4:06 PM
Link to comment
That's an interesting point. Of course many of those platforms would use non-standard or mobile OS solutions that are not commonly targeted by such threats and may be unable to infect the software.
Isn't that what people said for PCs originally?
With the increase in network enabled devices now coming into homes, many with cross platform OS's, isn't there becomming a need?The URL monitoring aspect is something I don't really agree with, I guess they thought it was the best way to generate lists that represent their customers? They possibly listened too much to Huawei, their technology provider rather than thinking of customers privacy concerns.
HatariPosted: 26 July, 2010 - 4:29 PM
Link to comment
This has been going on, I believe, since pre May. I discovered the accesses to my websites in May. After some testing the monitoring and following by TT were confirmed and I emailed TT originally on the 30 June and it took two weeks to get comfirmation. Copies of the emails etc on the topic http://www.the-phoenix-broadband-advice-community.co.uk/index.php/topic,1828.0.html
PetePosted: 26 July, 2010 - 4:37 PM
Link to comment
This is illegal interception of communications, exactly like Phorm.
TalkTalk are not obliged to intercept URLs (which are the content of communications), in fact the Data Retention Directive specifically prohibits the retention of content data: "No data revealing the content of the communication may be retained pursuant to this Directive".
TalkTalk are not entitled to access traffic data (which is the IP addresses) without the *explicit* and *informed* consent of their customers. So collecting this data for two months in secret is also an offence.
But what's utterly astounding... Like Phorm and their oft cited links to Moscow and the Russian Military.... Is that TT also claim this data is only accessible to Huawei, the Chinese manufacturer of their equipment. Huawei are linked to the Chinese PLA. Mi5 have been warning about Russian and Chinese industrial espionage for the last 12 months.
TalkTalk are in some serious trouble, or dangerously mad, or quite likely both.
bobppPosted: 27 July, 2010 - 1:42 AM
Link to comment
Shame on talktalk. Phorm by another name.
I will be looking for another isp and recommending 100's of others to do the same.
Talktalk has made a lot of money out of me by me recommending their services to other people but now I will rescind that recommendation and advise them to use another isp.
Carrot63Posted: 27 July, 2010 - 10:06 AM
Link to comment
What's the betting that somewhere down the line a magical ad pimping bolt on will materialise?
Expect this to be long, drawn out, laden with rhetoric, and ultimately painful if you're TalkTalk.
happycitizenPosted: 27 July, 2010 - 11:18 AM
Link to comment
I am glad our data is being sent anonymously to the Chinese. I have every confidence this is not being used by their secret services. I have every confidence in the technical ability of Talk Talk and the Murdoch family in general.
I am confident that I can never be identified from google searches including my house name, visits to what is my IP and my toolbar cookies and my bank codes.
Barnes TaggPosted: 27 July, 2010 - 12:44 PM
Link to comment
Shouldn't the parents be monitoring what their kids are doing and not leaving it to the ISP?
As it is these days parents seem to consider a PC to be the same as a TV - a device for keeping the kids quiet in the corner of the room rather than the connection to the rest of the world that it is.
MelPosted: 27 July, 2010 - 12:48 PM
Link to comment
So, has anyone checked if this system obtains the destination IP address by performing its own DNS lookup of the user's original http request's Host: string, or if it also stores and uses the IP address from the user's request?
Only, if it does its own DNS lookup, then by fiddling with his Host: string, an evil user could exploit this system into performing SQL exploits, dos attacks and the like which would show up to the targeted server as originating from the scanning system's IP address, allowing the attacker to conceal his own IP address from his target.
MelPosted: 27 July, 2010 - 1:07 PM
Link to comment
Well that rules me out of ever becoming a Stalk Stalk customer again (I was temporarily one when they bought AOL
).You can get consumer adsl routers with parental control & security software built into the firmware, which will "protect" all devices connected to your home network including non-PC devices. I had one that had this as an option - paid for after the first year (not that I'd ever use it) - it uses an external server to check the URL's requested, much like the similar feature in most modern browsers. Another option is to configure your router to use openDNS - which I would also not wish to use for privacy reasons.
Data rapePosted: 27 July, 2010 - 2:16 PM
Link to comment
TalkTalk are a joke of an ISP, and clearly the monitoring starts under the guise of "security", but give it a few months, or a change of CEO, and that system's data will soon be used for other stuff.
It will start with providing data for money about consumers to market research companies. It will creep more and more until the marketers know exactly what individuals are looking at, and when.
Add in a change of law, lobbied for by those with data (eg Tesco, ISPs) and those seeking data (eg spammers (all advertisers are spammers)), and we enter further into a privacy nightmare.
To be honest, with the government now tracking everyone's web use, I think I will change my TOR node from just an entry node to an exit node. I recommend others do too. It will make the law useless, and maybe lead to being repealed (hahaha, yeah, I know!)
WolfyPosted: 28 July, 2010 - 9:39 AM
Link to comment
What are you all so afraid of? what have you got to hide? They are tracking anon usage to create a blacklist of harmful websites, they don't want to know the xxx sites you visit, they don't want to know if you have secret government files, they just want to create a list of good/bad websites and see how many people visit them.
again, what have you got to hide?
Previous News Stories
2 September, 2010
1 September, 2010
28 August, 2010
26 August, 2010
1 September, 2010
12:10 PM - Top 9 Fastest UK Broadband ISPs Ranked by Speed for August 2010 - (0)
31 August, 201028 August, 2010
1:00 AM - YouTube UK Launch FREE Broadband Movie Streaming Service - (0)
27 August, 201026 August, 2010
7:19 AM - T-Mobile UK Slashes Pay Per Day Mobile Broadband Price - (0)
1:44 AM - UK ISP TalkTalk Launches 2010 Digital Heroes Awards - (0)
25 August, 201012:35 PM - UK ISP PlusNet CEO Departs and is Replaced by Jamie Ford - (2)
9:38 AM - Virgin Media UK Extends 2 MONTHS FREE Broadband Service Bundles - (0)
9:12 AM - WARNING New Phone SCAM Targeting UK Broadband ISP Customers - (1)
24 August, 201012:41 PM - Channel Five Rejoins UK Open Broadband TV Standard Project Canvas - (0)
9:01 AM - PCCW Backed UK Broadband Group Gives Hope to WiMAX Wireless - (7)
8:48 AM - BSkyB Mulling the Closure of Broadband ISP Sibling UK Online - (0)
Generated in 0.6808 seconds.
DB queries: 8
Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Live Chat & Website Rules).