Home » 

UK ISP News Archives

Sponsored Links

UK ISP TalkTalk Defends Customer Website Snooping System

Posted: 30th Jul, 2010 By: MarkJ
talktalk uk dpi internet isp privacy concernBroadband ISP TalkTalk UK has issued another statement in defence of its controversial new security system, which aims to block sites that contain malicious software by "anonymously" recording the URL addresses visited by its customers and comparing them against a list of good and bad websites. Sites that are not on one of its lists will also be "scanned for threats".

The news emerged earlier this week (here) after it was revealed that TalkTalk had begun recording customers website (URLs) visits without their consent. Many end-users felt that this should have been an optional opt-in trial and were angered at having not been informed. Some also feared that TalkTalk could be breaking the law by recording their web browsing activity.

TalkTalk's Chief Networks Officer, Clive Dorsman, clarified:

"To provide some context, we’re doing this trial in advance of offering a free opt-in product that will warn customers if their computer or device connected to their home broadband is viewing a page that contains viruses or threats.

We see this as important as online security experts estimate that at least 70% of malware is caught from an infected webpage – with most of these web pages having been hacked. So if we scan these pages we can make the web safer without our customers having to install or update anything.

How do we do this? The scanning engines are given an anonymised list of webpage URLs that have been visited by our customers (so no personal data such as a telephone number, account number or IP address will be included). They then check to see if each individual webpage is on a whitelist or blacklist of scanned sites. If not, the webpage is scanned for threats.

Many customers tell us that they still see the web as being a bit like the ‘wild west’ and in just a few weeks the scanning engines have found tens of thousands of websites which are deemed threatening. While on the face of it that’s quite a worrying statistic it’s reassuring that the technology exists to identify these potentially dangerous sites.

As our trial progresses we will be inviting customers to test this new technology, ensuring that it meets the high standards that both TalkTalk and our customers demand."

The new statement is unlikely to allay all customer fears about how their data could be used or potentially abused, especially since the tracked URL's will apparently still be visible to Chinese firm Huawei; a firm that has suffered due to some high-profile allegations of state sponsored spying. We can certainly see some potential problems that TalkTalk has yet to fully address.

Firstly they claim that "no personal data such as a telephone number, account number or IP address will be included". It is difficult to see how that can be guaranteed, especially since dynamic website addresses themselves can at times contain exactly that sort of highly sensitive information (usernames, emails.. sometimes even passwords).

There are other problems too. Some webpage's contain copyright notices and other methods that prohibit automated processing of content, which TalkTalk's system could potentially just ignore. Re-requesting URLs that help web applications to function could also unintentionally result in a specific individuals remote website service or feature being accidentally enable or disabled. In some situations this could even disrupt private login routines.

The system will also add to the load of remote websites and could skew their statistical data. Some are also concerned about having the webpage's they visit scanned, typically private admin pages should not appear in either list and would thus be most susceptible. The fact that the URL logging will occur whether a customer chooses to use the resulting security service or not must also be of concern.

Despite such obvious objections, which TalkTalk has yet to fully address (explaining how the system works a second time does not address any of these), they still plan to launch the network security service later in the year. It will be available to all TalkTalk customers for free if they opt in. What they are doing may not be as worrying as Phorm's system but it is not devoid of problems.
Search ISP News
Search ISP Listings
Search ISP Reviews
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
Gift: None
Sky Broadband UK ISP Logo
Gift: None
Virgin Media UK ISP Logo
Virgin Media £27.00
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
Gift: None
Community Fibre UK ISP Logo
Gift: None
BeFibre UK ISP Logo
BeFibre £19.00
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
Gift: None
Hey! Broadband UK ISP Logo
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (5628)
  2. BT (3541)
  3. Politics (2570)
  4. Openreach (2320)
  5. Business (2297)
  6. Building Digital UK (2261)
  7. FTTC (2051)
  8. Mobile Broadband (2006)
  9. Statistics (1807)
  10. 4G (1694)
  11. Virgin Media (1649)
  12. Ofcom Regulation (1481)
  13. Fibre Optic (1413)
  14. Wireless Internet (1407)
  15. FTTH (1382)

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules