UK ISP TalkTalk Caught Monitoring Its Customers

← Back to Stories (view on slashdot.org)

UK ISP TalkTalk Caught Monitoring Its Customers

Posted by kdawson on Monday July 26, 2010 @09:21PM from the shades-of-phorm dept.

An anonymous reader writes "The UK ISP TalkTalk has been caught using a form of Deep Packet Inspection technology to monitor and record the websites that its customers visit, without getting their explicit consent. The system, which is not yet fully in place, ultimately aims to help block malware websites by comparing the URL that a person visits against a list of good and bad sites. Bad sites will then be restricted. TalkTalk claims that its method is totally anonymous and that the only people with visibility of the URL database itself are Chinese firm Huawei, which will no doubt help everybody to feel a lot better (apply sarc mark here) about potentially having their privacy invaded."

139 comments

Min score:

Reason:

Sort:

Twas ever thus by benbean · 2010-07-26 21:28 · Score: 5, Insightful

Doesn't really sound any different to what the search companies store. Sans encryption, nothing you do on the Internet is private. Caveat Browsor. Or, erm, something.

--
It's a Unix system - I know this.
1. Re:Twas ever thus by zaax · 2010-07-26 21:35 · Score: 3, Informative
  
  In the UK it is illegal to monitor a person priate converstaion on the phone, unless you have a judges authority. Also it's against Human Rights. Maybe Talk-Talk customsers should report them to the police.
2. Re:Twas ever thus by bersl2 · 2010-07-26 21:40 · Score: 1
  
  Probably better (and more general) to go with caveat usor, "let the user beware".
3. Re:Twas ever thus by mistralol · 2010-07-26 21:41 · Score: 4, Informative
  
  Actually in UK law the digital economy act practically requires by law that isp's are to monitor their users and notify certain bodies of any possible illegal activity. TalkTalk and BT are the only people attempting to stand up to this. I guess TalkTalk are a little more two faced than we thought.
4. Re:Twas ever thus by benbean · 2010-07-26 21:42 · Score: 1
  
  Yeah, that works. :-)
  
  --
  It's a Unix system - I know this.
5. Re:Twas ever thus by Chrisq · 2010-07-26 21:49 · Score: 1
  
  Actually in UK law the digital economy act practically requires by law that isp's are to monitor their users and notify certain bodies of any possible illegal activity. TalkTalk and BT are the only people attempting to stand up to this. I guess TalkTalk are a little more two faced than we thought.
  No they won't report it to the UK government. Only the Chinese!
6. Re:Twas ever thus by smallfries · 2010-07-26 21:54 · Score: 2, Insightful
  
  Sans encryption, nothing you do on the Internet is private
  Very true, and yet within ten minutes there will still be several hundred posts in this story decrying the evil wiretappers of the man and how this is breach of basic civil liberties.
  So here is a question (and it's only half devil's advocate) :
  If you send your data to a private company who has not signed any kind of contract to say that they will keep the data private: why wouldn't they look at it?
  
  --
  Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
7. Re:Twas ever thus by Anonymous Coward · 2010-07-26 22:02 · Score: 0
  
  Eh? Not really, nowhere even near it.
  I'm not defending this at all because if i wanted restricted access to the web, i'd opt-in, but this is nowhere near spying on users for the sake of spying.
  As for monitoring users for illegal activity, well, that is entirely fine.
  If people are DDoSing, sending viruses, uploading illegal material and so on, then they should be watched and caught.
  Every single phone call everyone makes is monitored to some extent in most places, so why the hell should it be different here? The processes are automated.
  This is basically the same sort of idiotic crowd who cried over things like Gmails Ad system, "OH NOES, IT READS MY PERSONAL PRIVATE E-MAILS, THAT MUST MEAN THAT EVERYONE KNOWS ABOUT MY FETISH FOR FURRY BEAR TEDDIES"
  However, i will admit that it was a bit dickish of them to do it without permission.
8. Re:Twas ever thus by noidentity · 2010-07-26 22:05 · Score: 2, Insightful
  
  How about just using English in the first place?
9. Re:Twas ever thus by fuzzyfuzzyfungus · 2010-07-26 22:11 · Score: 1
  
  Doublethink is all the rage on airstrip one, I hear...
10. Re:Twas ever thus by Anonymous Coward · 2010-07-26 22:33 · Score: 3, Funny
  
  Because Latin keeps the proles out
11. Re:Twas ever thus by h4rm0ny · 2010-07-26 22:56 · Score: 4, Insightful
  
  They should indeed report them. It was not "ever thus" and quite demonstrably so because we've only had mass electronic communication relatively recently and in a form that is easy for third-parties to record en masse for substantially less time than that.
  
  Each time a new frontier opens in the eternal war between the rulers and the ruled, a land-grab ensues where governments and corporations try to make the public accept something as inevitable or right whilst at the same time the public realizes just because they've allowed the government to make them do something in other areas, that doesn't mean it was right.
  
  It's vitally important at times like this to defend our rights as forcefully as possible. We did a lot of damage to Phorm when this was tried previously. In fact, Phorm turned into a ugly business black hole that no-one wanted to touch, with a reputation as down the toilet as SCO and I pity the people associated with it (except I don't). Clearly someone hasn't learned their lesson and we need to burn down a few more companies before we finally establish our right to privacy.
  
  So let's make them regret this.
  
  --
  
  Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
12. Re:Twas ever thus by MoonBuggy · 2010-07-26 23:01 · Score: 5, Informative
  
  Firstly, in the UK, the data protection act comes into play, especially considering the level of insight that browsing info can give about many of the items listed on the "Sensitive personal data" list.
  Secondly, wiretapping legislation specifically forbids monitoring of telephone communications except in specific circumstances, whether they are encrypted or not. It's hardly a stretch to apply the same logic to internet communication.
13. Re:Twas ever thus by tolan-b · 2010-07-26 23:05 · Score: 3, Insightful
  
  It is English.
  http://www.oxforddictionaries.com/view/entry/m_en_gb0131000#m_en_gb0131000
  As well as being Latin of course.
14. Re:Twas ever thus by Anonymous Coward · 2010-07-26 23:16 · Score: 1, Insightful
  
  As for monitoring users for illegal activity, well, that is entirely fine.
  No it's not. What is illegal and what is not, is more and more defined by corrupt politicians and lobby groups.
15. Re:Twas ever thus by smallfries · 2010-07-26 23:19 · Score: 2, Interesting
  
  That's a very cool site, best description of the data protection act that I've read. It still leaves me wondering how the DPI that TalkTalk performed would breach it though. If they pass URLs to a third party without anyway to lookup who requested each URL then it doesn't count as personal data under the act. I also see that any personal data they did pass on would have been legal as long as it was correct and TalkTalk actually told people what they were doing (not that they did).
  Why would wiretapping legislation be relevant? It wouldn't be a great stretch if this were some third-party breaking into the line between TalkTalk and its customers, but it is not. This is the ISP looking at the data that it has been sent - that is a huge stretch of wiretapping legislation and it is not clear that it would apply at all.
  
  --
  Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
16. Re:Twas ever thus by Jah-Wren+Ryel · 2010-07-26 23:25 · Score: 1
  
  If you send your data to a private company who has not signed any kind of contract to say that they will keep the data private: why wouldn't they look at it?
  Did your phone company sign a contract that says they won't listen to your phone calls?
  
  --
  When information is power, privacy is freedom.
17. Re:Twas ever thus by somersault · 2010-07-26 23:31 · Score: 3, Informative
  
  How is them trying to warn users they area about to visit a malicious site anything like recording activity for the purposes of relaying to the government? There is nothing two faced about this, it is good for the customer.
  This is just the usual BS sensationalism. According to TFA, the data being recorded is anonymous:
  
  Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers. We are not interested in who has visited which site - we are simply scanning a list of sites which our customers, as a whole internet community, have visited. What we are interested in is making the web a safer place for all our customers.
  This is the type of thing we should be encouraging rather than discouraging, if it reduces the number of idiots infecting their machines, which it will slightly. I think the ISP should enable this type of warning by default, with the option to opt out for those who actually want the very slight improvement in latency.
  
  --
  which is totally what she said
18. Re:Twas ever thus by renoX · 2010-07-26 23:40 · Score: 2, Insightful
  
  > Sans encryption, nothing you do on the Internet is private.
  Even with encryption, your ISP can log every IP address you access, I would hardly call this a private activity!
  So I would correct: nothing you do on the Internet is private, only semi-private with encryption, except if you are using either
  1) encryption + TOR or
  2) steganography.
  And (1) is quite easy to detect for your ISP, so you would be "noticed": in some country this could be dangerous..
  So the only really private communication you can have on the Internet is (2)..
19. Re:Twas ever thus by somersault · 2010-07-26 23:41 · Score: 0, Troll
  
  How about reading TFA? This is not an invasion of privacy at all. It doesn't record any personal data. It is in fact a great thing to do when 99.9% your customers are complete noobs.
  
  --
  which is totally what she said
20. Re:Twas ever thus by IBBoard · 2010-07-26 23:54 · Score: 1
  
  I agree that it is good in the way that TalkTalk present it, but I'd always be dubious about a) a company's real intentions and b) how they could change it in future so that what it does now isn't quite what it will do then.
  Overall, most of the population probably need this kind of help, since they're not familiar enough with what can happen and assume that the web is fairly safe. In reality, there are a good number of things that could go wrong depending on how anonymised, automated and separate their system is and remains from everything else.
21. Re:Twas ever thus by Anonymous Coward · 2010-07-27 00:00 · Score: 0
  
  So am I evil for collecting Netflow statistics?
  -zomg I know what IPs your IP went too! better run, scream, and hide!-
22. Re:Twas ever thus by smallfries · 2010-07-27 00:12 · Score: 1
  
  A more appropriate comparison would be "did your phone company sign a contract not to look at the numbers that you call" given that we are talking about URLs here.
  
  --
  Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
23. Re:Twas ever thus by makomk · 2010-07-27 00:12 · Score: 1
  
  This actually has some nasty security implications, as it happens. If you visit a non-public part of a website that has a hard-to-guess URL, normally there's no easy way for potential attackers to know. However, if you do it from a Talk Talk broadband connection, now both TalkTalk and Huawei (which is owned by the Chinese government) know it's there, and anyone with access to this information can try and find security vulnerabilities in it which they'd otherwise have difficulty exploiting.
  Also, I can confirm from my own website logs that TalkTalk have indeed been doing this. There's accesses from the IPs in question 62.24.222.131 and 62.24.222.132 to pages on my website immediately after I accessed them myself, including to the Wordpress admin panel URL.
24. Re:Twas ever thus by MoonBuggy · 2010-07-27 00:16 · Score: 1
  
  For the data protection part, I was working on the assumption that they were treating it in a similar manner to that search data that AOL released a few years back (i.e. clustered by user but without a name attached), from which it was straightforward in many cases to extrapolate personal details. The act applies to "data which relate to a living individual who can be identified from those data". Anyway, it seems that I may have been mistaken there, so perhaps it doesn't apply.
  In terms of wiretapping, I was considering the ISP to be an intermediate link between the user and the server. In the same way that I can reasonably expect the phone company not to eavesdrop on my calls to other businesses or individuals (at least without my consent), I expect my ISP not to eavesdrop on the contents of my packets while routing them to their destination.
25. Re:Twas ever thus by Anonymous Coward · 2010-07-27 00:22 · Score: 1, Informative
  
  Major difference: Google is not providing details of everything its users do directly to a foreign government with a well-known interest in hacking and industrial espionage.
26. Re:Twas ever thus by smallfries · 2010-07-27 00:22 · Score: 1
  
  In the UK it is illegal to monitor a person priate converstaion on the phone ... Talk-Talk customsers should report them to the police.
  Is that because TalkTalk are recording telephone calls as well? Or perhaps you are suggesting that TalkTalk should be reported for this because there are lots of other unrelated things that they are not doing? Murder would be pretty high up the list I guess, drug running, terrorism....
  
  --
  Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
27. Re:Twas ever thus by Yer+Mom · 2010-07-27 00:22 · Score: 2, Insightful
  
  If they pass URLs to a third party without anyway to lookup who requested each URL then it doesn't count as personal data under the act.
  http://www.example.com/account.php?e=myaddress@example.net. Bang. Personal data right there.
  Unless they have a way that can guarantee email addresses, account numbers etc are stripped out of the URL, of course...
  
  --
  Never mind Spamassassin. When's Spammerassassin coming out?
28. Re:Twas ever thus by makomk · 2010-07-27 00:27 · Score: 2, Interesting
  
  Actually, thinking a bit more, it's worse than that. If you know the URL of a Facebook image, even a private one, you can view the image (there's no access protection on static content like image files) and you can link it back to the Facebook account of the person who posted it. Unless someone's taken special care, this information is very likely to be in TalkTalk's logs.
29. Re:Twas ever thus by smallfries · 2010-07-27 00:30 · Score: 1
  
  I only actually read the article after I replied to you but from the description it does look like just a list of URLs that is being passed over so it probably wouldn't be personal data. There are some corner cases though and TalkTalk have just opened up a huge can of worms as URLs can and do include things like user names.
  Expectations of privacy seem to differ wildy. I don't consider myself to be paranoid but I assume that any data being routed across a network can (and will be) freely inspected by any intermediate point. I've always thought of privacy as something that the user has to supply on-top (ie SSL or VPN depending on what should be private).
  In this case the information being extracted by "DPI" is the URL of http connections. Hardly an invasion of privacy - it's something that transparant proxies have been doing for years without provoking this kind of reaction. When you expect your ISP not to eavesdrop on your packets, would you really include URLs in your private data?
  
  --
  Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
30. Re:Twas ever thus by IBBoard · 2010-07-27 00:51 · Score: 1
  
  Except that most phone numbers can't be looked up in slow-time to find out the content that the caller probably saw. It'd be more like "did your phone company sign a contract not to look at the new replacement they have for phone numbers where you dial a number followed by a descriptive string that may or may not give them access to a perfect transcript of what was told to you" (since they'll only get the fetches, not the posts).
31. Re:Twas ever thus by sgbett · 2010-07-27 00:52 · Score: 1
  
  (there's no access protection on static content like image files)
  I never knew this. How is this not huge news? I don't know why I am surprised/dismayed/appalled.
  
  --
  Invaders must die
32. Re:Twas ever thus by IBBoard · 2010-07-27 00:54 · Score: 1
  
  a) I'd be concerned about that site and avoid using it anyway, b) that site would be making it a lot easier for you to hack it and c) who is to say that the email address (or thing that looks like an email address) in a URL is related to the URL fetcher? Who's to say it is even real?
33. Re:Twas ever thus by XSpud · 2010-07-27 01:24 · Score: 1
  
  How about reading TFA? This is not an invasion of privacy at all. It doesn't record any personal data.
  If they have access to URLs they have access to anything sent via a GET HTTP request. Are you suggesting that there aren't any websites that collect personal data via GET requests?
34. Re:Twas ever thus by Anonymous Coward · 2010-07-27 01:48 · Score: 1, Insightful
  
  How about reading TFA? This is not an invasion of privacy at all.
  Whether something is an invasion of privacy is the decision of the person potentially having their privacy invaded, not your decision, and most definitely not someone who will profit from invading privacy.
  If I publicise my web browsing habits, people looking at the data are not invading my privacy. If I want to keep that info private, then those looking at that data are invading my privacy.
  Given that most customers will never know about this monitoring, or will take TalkTalk's (marketing department's) representation of how it works as the truth, it is definitely a privacy invasion.
  
  It doesn't record any personal data.
  Yeah, they claim. Do you have access to the systems doing the monitoring and so actually know that?
  I would wager that the difference between not recording and recording is one bit.
  There is also a discussion linked from the comments on TFA where someone's private test site was being crawled by TalkTalk. The guy hadn't publicised the address, just visited it over his TalkTalk connection. So for them to do the crawling, they must be recording what URLs are being visited by users, and feeding that into their crawling system.
  Do you work for TalkTalk or something? Why are you bullshitting so much?
  
  It is in fact a great thing to do when 99.9% your customers are complete noobs.
  That's probably the case for most ISPs, and even more so for the cheap ones like TalkTalk. But at the end of the day, TT are just exploiting those people, just like AV vendors do. They promise the world, will not deliver it, then hide behind terms and conditions, EULAs and the like. And all along, the customers do not learn anything at all about safe or sensible internet use because their ISP has told them they are safe.
35. Re:Twas ever thus by TheLink · 2010-07-27 02:02 · Score: 1
  
  Because the ones who know of it consider it a feature? ;)
  
  If you're relying on Facebook for decent security you're going to be disappointed.
  
  What would be news is if a facebook image url can be derived given known public parameters.
  --
  
  Too many replies beneath your current threshold
36. Re:Twas ever thus by somersault · 2010-07-27 02:43 · Score: 1
  
  Oh noes! Wait a second, your ISP already has access to everything you do online, as well as your real life name, address, bank account number, etc. Why would you suddenly start caring about them having access to that which they already have access to? If they really wanted to do something nefarious with this information, they could.
  If you are actually submitting "personal data" that you don't want other people to see or record outside of an encrypted connection, you're an idiot.
  
  --
  which is totally what she said
37. Re:Twas ever thus by HungryHobo · 2010-07-27 02:48 · Score: 1
  
  "by comparing the URL that a person visits against a list of good and bad sites"
  If their aim is to just block bad sites why would they have to log anything at all?
  Just re-direct all traffic to bad IP's to /dev/null.
38. Re:Twas ever thus by somersault · 2010-07-27 02:51 · Score: 1
  
  Do you work for TalkTalk or something? Why are you bullshitting so much?
  Actually if you look at my comment history you'll see that I do this kind of thing regularly on Slashdot, because people are always sensationalising and bullshitting themselves without actually reading TFA or thinking.
  As you point out they probably are already recording sites that have been visited etc. But when they want to do something that could actually be beneficial to the world, you complain.
  Yes, I don't think this will make things 100% secure, but it will help make them more secure. It would be similar to AV if they'd given the option to opt in or out.
  
  Yeah, they claim. Do you have access to the systems doing the monitoring and so actually know that?
  All we have is their claims, dumbass. All we ever have from any company is claims, unless they're audited. They could be recording everything already without your knowledge. This is a system that clearly will be known about by the public though, they're not trying to hide it if it's actually displaying messages to people that the site they are visiting is "potentially harmful" type thing. Gah, it's so frustrating how retarded you guys are sometimes.
  
  --
  which is totally what she said
39. Re:Twas ever thus by Chrisq · 2010-07-27 02:58 · Score: 1
  
  "by comparing the URL that a person visits against a list of good and bad sites"
  If their aim is to just block bad sites why would they have to log anything at all? Just re-direct all traffic to bad IP's to /dev/null.
  Playing the devil's advocate, if you found that someone visited known "bad" sites then looking at other sites they visited would probably be a good way to discover other "bad" sites.
40. Re:Twas ever thus by HungryHobo · 2010-07-27 03:06 · Score: 2, Interesting
  
  If it's malware they're trying to stop and not anything else then they gain little.
  Foolish people who click "OK" to popups asking them to install anything and everything constitute an almost perfectly random search.
  Better to just get a list of sites which serve malware from one of the companies which track such things and re-direct traffic for them into a hole.
  this seems less innocent the more I think about it.
41. Re:Twas ever thus by tehcyder · 2010-07-27 03:21 · Score: 1
  
  If you're that fucking paranoid, how about just not using the internet?
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
42. Re:Twas ever thus by Anonymous Coward · 2010-07-27 03:30 · Score: 1, Insightful
  
  This is a system that clearly will be known about by the public though, they're not trying to hide it if it's actually displaying messages to people that the site they are visiting is "potentially harmful" type thing. Gah, it's so frustrating how retarded you guys are sometimes.
  The public will clearly know about it? Well, they've not been very open about it so far. It has been discovered by Talk Talk subscribers, and the management started with denial. That doesn't jive well for future transparency.
  And TalkTalk were one of the ISPs trialling Phorm.
  Ignoring the attempted personal attack, your naivete about what companies will do in the quest for profits is stunning. And it isn't appreciated that you are obviously willing to give away other people's privacy when you give up yours.
43. Re:Twas ever thus by AmiMoJo · 2010-07-27 03:37 · Score: 1
  
  Okay but can I opt out?
  I'm one of those people who can't get ADSL because of my phone line, so I have to use Virgin. If they started doing what TalkTalk are doing I would have no way out of it other than using Tor or a VPN service for everything. I'm sure Tor would have problems if thousands of users suddenly started using it and VPNs are not free.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
44. Re:Twas ever thus by RobertM1968 · 2010-07-27 03:40 · Score: 2, Insightful
  
  No, a LOT more two faced. Anyone with even the slightest networking knowledge knows that any ISP such as this, who runs their own DNS server can simply drop the bad domains into the DNS servers and have them point to one of their own servers which will present a "This site has been blocked for... " page.
  A simple example of something similar (in implementation) are the "not found" redirects that many ISPs are doing now, that bring you to one of their customized search pages.
  They dont need to monitor what users are doing since they are not building a list of bad sites - they are (supposedly) comparing users' surfing to an already existing list.
  I call massive bullshit on the part of TalkTalk.
  
  --
  StarTrekPhase2 - The Five Year Mission Continues!
45. Re:Twas ever thus by somersault · 2010-07-27 03:52 · Score: 1
  
  I'm not saying that companies won't do these things, but I have seen a lot of Slashdot discussions where people get things completely wrong, working themselves into a frenzy over nothing. I'm just trying to point out how this might not be as bad as the sensationalists are trying to make out.
  The Phorm thing does make it more likely that they were trying to screw people over here, I wasn't aware of that until someone else mentioned it.
  The personal attack was an emotional response to you saying I'm just bullshitting. I despise liars, and there would have to be some amazingly good reason to get me to lie. I can't think of many situations where it's worth it. Thankyou for your reasonable response, I guess I was just getting into defensive mode with all the crazies attacking me for suggesting that this whole thing may not be an evil plot to try to sell people things.
  
  --
  which is totally what she said
46. Re:Twas ever thus by chrb · 2010-07-27 03:52 · Score: 1
  
  wiretapping legislation specifically forbids monitoring of telephone communications except in specific circumstances
  The circumstances are more specific than most people think. Basically, unless you are a police force carrying out a criminal investigation, then you are on very shaky legal ground when intercepting communications. From The laws relating to monitoring your employees:
  An employer who controls the system will be open to a civil action from either party to the communication if it intercepts communications without either:
  * reasonable belief that both parties to the communication consent to the interception; or
  * lawful authority
  The point that a lot of companies miss is that, although an employee may have signed a contract, both parties to the communication must consent to the interception. For general web browsing - given that the visited web site (Google etc.) has not consented to the intercept, then the intercept is illegal. This can not be overridden by a contract of employment, except in the situation where both communicating parties are employees of the company and have signed such a contract. What makes this even more interesting is that filtering companies like Bluecoat and Smoothwall sell products that do SSL based interception. With SSL, there is a clear expectation from both communicating parties that the communication is going to be private, and yet the intercept is carried out when only one party has even potentially been notified that it may occur. This is a lawsuit waiting to happen, and I'm surprised that nobody has brought the issue to court yet.
47. Re:Twas ever thus by somersault · 2010-07-27 03:54 · Score: 1
  
  Forgot to mention, this isn't about privacy, this is about collecting anonymous data. They already have the capability to invade peoples' privacy silently if they really wanted, this is about a public system that they purport to only collect anonymous usage statistics. If they're lying, then it's fine with me to hang them from the rafters, but if they're telling the truth then everyone needs to chill the fuck out.
  
  --
  which is totally what she said
48. Re:Twas ever thus by bersl2 · 2010-07-27 05:33 · Score: 1
  
  quare? malo Latine loqui, tu gleba stolide!
49. Re:Twas ever thus by h4rm0ny · 2010-07-27 08:06 · Score: 1
  
  An ISP does not need to record and store for long periods of time your history. Nor do they need to then transfer this history on to companies in China. Nor do we necessarily want to allow the precedent of ISPs deciding what sites we may or may not visit to establish any more of a foothold than it already does. What's going on here relates to all of these.
  
  --
  
  Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
50. Re:Twas ever thus by renoX · 2010-07-27 08:38 · Score: 1
  
  Well, *I*'m not paranoid, but I think that Chinese's users should be, and if you quit using Internet then censorship has won..
51. Re:Twas ever thus by cffrost · 2010-07-27 08:40 · Score: 1
  
  I guess TalkTalk are a little more two faced than we thought.
  Ah, now their name makes sense.
  
  --
  Thank you, Edward Snowden.
  
  "Arguments from authority are worthless." —Carl Sagan
52. Re:Twas ever thus by duguk · 2010-07-27 14:03 · Score: 1
  
  Actually in UK law the digital economy act practically requires by law that isp's are to monitor their users and notify certain bodies of any possible illegal activity.
  As you've said, it's ironic for a company that have said this:
  
  "we are concerned that obligations imposed by the Act may not be compatible with important European rules that are designed to ensure that national laws protect users’ privacy, restrict the role of ISPs in policing the internet and maintain a single market." - TalkTalk Blog
  
  Also, maybe I'm being dumb, but can someone explain to me how knowing the number of people visiting a website is going to help identify malware?
53. Re:Twas ever thus by Grumbleduke · 2010-07-27 17:33 · Score: 1
  
  No!
  At no point does anything in the Digital Economy Act require ISPs to monitor their users. In fact, if not done anonymously that could well be illegal under European Law (see the Phorm case). The only people that ISPs are obliged to notify of anything under the DEA are subscribers when the ISP has received a Copyright Infringement Report about it.
  If you're going to bring up the DEA, I suggest you read up on it first. As it happens, I've spent most of the last few days writing up a guide to the relevant parts of the DEA; the first couple of parts are in my journal and everything written so far is on the PPUK website.
  There is a lot of misinformation going around about the DEA, and it is hard to effectively fight it when the people you are fighting alongside keep getting things wrong.
54. Re:Twas ever thus by Anonymous Coward · 2010-07-27 23:57 · Score: 0
  
  Don't forget about stripping web searches out of the URLs as well. If a user isn't careful they can be identified by their searches as evidenced by the journalist who tracked down a user from their searches after AOL released anonymized logs of user's web searches.
Ironic by Anonymous Coward · 2010-07-26 21:39 · Score: 1, Informative

Ironic this, seeing as how TalkTalk have been pushing back against almost the same things in the Digital Economy Act. Shame really the did look like they might be good guys.
1. Re:Ironic by asdf7890 · 2010-07-26 22:03 · Score: 5, Informative
  
  Ironic this, seeing as how TalkTalk have been pushing back against almost the same things in the Digital Economy Act.
  They are against the act because as itis currently written it favours smaller operators, as some of its rules such as the automatic disconnection for copyright violation only apply to ISPs with at least 40,000 customers. They are not fighting the act to protect anyone's privacy, they are fighting the act because it could make their services look less competitive.
  
  Shame really the did look like they might be good guys.
  No they didn't, not if you look into their (recent) past. They were one of the big three ISPs connected to the "ex-" spyware outfit Phorm in 2008/2009 and their past sales techniques including line-slamming (using people's details gleaned from other sales activity to switch their landline provision to them without permission) and apparetnyl deliberate ignorance of the Telephone Preference List have left a lot to be desired. See http://en.wikipedia.org/wiki/TalkTalk#Data_pimping and http://en.wikipedia.org/wiki/The_Carphone_Warehouse#Data_protection respectively for links to more info.
2. Re:Ironic by nukenerd · 2010-07-27 00:00 · Score: 1
  
  Talk Talk good guys??!! The first time I ever heard of them was several years ago when one of their salesmen phoned me to get me to switch my phone service to Talk Talk from BT.
  I told him he was breaking the law by cold-calling me because I was registered with the Telephone Preference Service. He then had the nerve to lie that Talk Talk was a subsiduary of BT, and as I was a BT customer he was therefore entitled to ring me.
  I did not know at the time whether his claim was true or not, but I told him to f#%k off anyway.
End-to-end encryption by Anonymous Coward · 2010-07-26 21:41 · Score: 5, Insightful

It's the only way to be sure. I know of at least one German university which also filters all external web traffic through a proxy which blocks URLs, also supposedly to reduce malware infections. The road to hell is paved with good intentions. The same technology which is installed to fight malware is also ideally suited to work as censorship infrastructure. Once it's in place, the operators will undoubtedly be confronted with the question why they only filter malware and not other "illegal" content. Once they've succumbed to that, the list of URLs to block will grow to include "unruly" opinions, videos of police, etc.
End-to-end encryption. Now.
1. Re:End-to-end encryption by AHuxley · 2010-07-26 21:46 · Score: 4, Informative
  
  Yes like in Australia the "URL database" will grow and grow.
  http://zfoneproject.com/ for all :)
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re:End-to-end encryption by Dexter+Herbivore · 2010-07-26 22:26 · Score: 2, Funny
  
  It's the only way to be sure.
  No, nuke it from orbit.. THAT'S the only way to be sure.
3. Re:End-to-end encryption by TheVelvetFlamebait · 2010-07-26 23:19 · Score: 1
  
  Once they've succumbed to that, the list of URLs to block will grow to include "unruly" opinions, videos of police, etc.
  Why? What kind of evidence do you have for such a ludicrous assumption?
  
  --
  You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
4. Re:End-to-end encryption by Anonymous Coward · 2010-07-26 23:29 · Score: 0
  
  Historic continuity. There's no reason to suspect it will be different this time than the many times before.
5. Re:End-to-end encryption by somersault · 2010-07-26 23:53 · Score: 1
  
  Evidence matters not when living inside a tinfoil fort you are.
  
  --
  which is totally what she said
6. Re:End-to-end encryption by TheVelvetFlamebait · 2010-07-27 00:13 · Score: 1
  
  So, do you have any examples of universities, operating in a democracy, on their own initiative, deciding to block "'unruly' opinions, videos of police, etc."?
  Oh, and do we get some kind of motive, or is it just the restless spirit of history deciding to possess the living from time to time?
  
  --
  You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
7. Re:End-to-end encryption by Haeleth · 2010-07-27 00:26 · Score: 1
  
  There's no reason to suspect it will be different this time than the many times before.
  What many times before? Please provide evidence, not assertions.
  I can provide a counter-example. Many ISPs in the UK already block access to sites known to host child pornography -- remember the controversy a while back when they blocked Wikipedia? So they've been blocking one type of illegal content for a long time now, and yet somehow they have managed not to slip one single step further down the alleged slippery slope to universal censorship that the tinfoil hat brigade believes in so strongly.
8. Re:End-to-end encryption by Anonymous Coward · 2010-07-27 02:52 · Score: 1, Insightful
  
  No, some ISPs claim to block access to CP, but the group that publishes that list is not publicly accountable. Many ISPs block the content by creating fake 404 messages, rather than telling you straight up that the content has been blocked, presumably to reduce support costs, and scrutiny of the list.
  So if your ISP uses the IWF list, and you see a 404 error when surfing, it could be a missing file on the server, or it could be a private entity censoring. You have no way of knowing, and if you contact your ISP they will tell you they can't check. This is a lie, because a member of BE's tech support did confirm Wikipedia was on the list with the Virgin Killer's incident.
  It always makes me laugh when people attack the messenger too, "tinfoil hat brigade" indeed. And trying to dismiss the message with bitching that the slippery slope isn't steep enough. Your ignorance of history is showing. There are people who are overly paranoid, but there are far too many who are trusting of any perceived authority.
9. Re:End-to-end encryption by TheVelvetFlamebait · 2010-07-27 10:41 · Score: 1
  
  It always makes me laugh when people attack the messenger too, "tinfoil hat brigade" indeed. And trying to dismiss the message with bitching that the slippery slope isn't steep enough. Your ignorance of history is showing. There are people who are overly paranoid, but there are far too many who are trusting of any perceived authority.
  I suppose the biggest reason why we "shoot the messenger" (Ha! As if it's not just created in the messenger's mind!) is that there's typically no evidence presented by the Tinfoil Hat Brigade for the mythical slippery slope, or the so called "history" of free societies losing their freedom to an authority figure (it's mostly just a collage of one actual incident, Nazi Germany, and a whole bunch of self-reinforcing propagandist fiction, like V for Vendetta, culminating in a convincing illusion of legitimacy), or even the elusive motives for authority figures to screw with you (which, when brought into the light, rarely hold up to light scrutiny).
  It's true that you can't trust authority, but without a specific motive for screwing you over, you're just as well off not trusting anybody. Like now, when I didn't just take the word "history" on trust, because I know happen to know you have a motive for sucking the rest of the world into your paranoid fantasies.
  Oh, and one more thing. These people who are "trusting of any perceived authority" are another myth, propagated by the Tinfoil Hat Brigade. They're so often talked about, but nobody can seem to point to a single person who has this property. Stranger danger is an instinct from birth. Trust needs to be earned. It's not just granted automatically.
  
  --
  You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
The difference should be obvious by SmallFurryCreature · 2010-07-26 21:50 · Score: 3, Insightful

My ISP is often a matter of little choice, if I want to access the internet, I MUST go through an ISP.
I never ever have to go to google or any other domain. It is trivial to avoid any domain I wish, just put it in hosts file with local ip.
Especially since Google doesn't know my personal details. My ISP does.

--

MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
1. Re:The difference should be obvious by MoonBuggy · 2010-07-26 22:23 · Score: 5, Informative
  
  One thing to add, which you may not have realised if you're not a UK user, is that it is absolutely possible for people to vote with their wallets in this case. Unlike the situation as I understand it in the US, we have a fairly good choice of DSL ISPs.
  If a person is using TalkTalk, it means they have a BT (physical) phone line, although it may not be currently connected to BT equipment at the exchange. Since BT has long been required to open up their government-provided-monopoly infrastructure to others, it means that there will be a wide choice of ISPs and switching is relatively straightforward.
  Also, on a purely personal note, this allows me a brilliant concrete example of why I advise people to pay a little more for a straightforward, unadulterated connection from Be or UKFSN's LLU service (no affiliation with either other than as a satisfied customer) and support those ISPs who don't pull crap like this.
2. Re:The difference should be obvious by somersault · 2010-07-26 23:47 · Score: 1
  
  That's fine for geeks who actually take care of their computer, but I welcome moves like this by ISPs to actually make an attempt to stop the proliferation of malware and botnets on machines where the user is clueless. This service is like the "immunise" option in Spybot: S&D, but you don't need to clog up your hosts file or update it every few weeks.
  For users that want a direct connection for whatever reason then yes I think voting with the wallet is a good option. I have been saying above that TalkTalk should let users opt out, but if they do I hope they really don't make it a big button that's easy for people to click on, otherwise everyone will disable it and we'll be back to square one.
  
  --
  which is totally what she said
3. Re:The difference should be obvious by Xest · 2010-07-27 00:21 · Score: 1
  
  "Especially since Google doesn't know my personal details."
  That's what you think ;)
4. Re:The difference should be obvious by Shakrai · 2010-07-27 01:48 · Score: 1
  
  but I welcome moves like this by ISPs to actually make an attempt to stop the proliferation of malware and botnets on machines where the user is clueless
  Why do they have to log the websites you visit to block malware? It seems to me that they could just allow or deny the websites based on their database without keeping a record of them.
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
5. Re:The difference should be obvious by mcgrew · 2010-07-27 02:47 · Score: 1
  
  if I want to access the internet, I MUST go through an ISP.
  That's true, but it shouldn't be. When are we going to start growing a mesh network that doesn't depend on ISPs? Almost everywhere I go there are several wifi hotspots, and they're almost always private and protected. We should be able to give access to the internet without giving access to our whole computer or data we are transferring ourselves.
  Sometimes I miss the old BBSes.
  
  --
  Free Martian Whores!
6. Re:The difference should be obvious by somersault · 2010-07-27 02:53 · Score: 1
  
  Yeah I think that's a bit silly, though they might just want usage statistics like how many dodgy/valid/unknown sites people try to visit per month to be able to judge whether it's worth having the filter in place at all.
  
  --
  which is totally what she said
7. Re:The difference should be obvious by Shakrai · 2010-07-27 03:02 · Score: 1
  
  So increment a counter. Still no need to log the URLs themselves.....
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
8. Re:The difference should be obvious by somersault · 2010-07-27 03:40 · Score: 1
  
  Well, you need to at least collect the unknown URLs to put into the good or bad database after they scan them, that might be where the "recording URLs" bit comes in.
  Seriously, there have been so many stories like this where the comments are murderous and insane, then you find out after RTFA or someone posts a more informed comment that things weren't so bad after all. Then again there have been other comments that mention scummy things TalkTalk have done before so maybe they do have nefarious plans for this system, I don't know.
  It's a possibility that they have actually designed the system similar to how you described it though, it would still match up to what TFA says. Without details then all this story serves to do is drive the privacy nuts apoplectic and get their frothy spit in everybody's eyes.
  
  --
  which is totally what she said
9. Re:The difference should be obvious by the_womble · 2010-07-27 04:12 · Score: 1
  
  It is fine to offer it as a service, but to opt people in without consent, or even notice is not fine.
10. Re:The difference should be obvious by somersault · 2010-07-27 07:58 · Score: 1
  
  Even when it's not recording any personal information? I think it's vastly preferable to opt the clueless in and let those who care opt out. Leaving the ignorant to secure themselves against things they don't even know exist is really unhelpful. It would be like an email client that comes with no spam filter. Spam filters in Hotmail and Gmail technically have to sift through the contents of your personal emails, but nobody complains about that. To me this seems like a very similar situation.
  It would have been much better of them to provide an opt-in option or give notice to existing customers, but for new customers I really think it should be an opt-out situation. If there was an ISP that did virus scanning of all files you download etc then I would probably recommend it to some of my more clueless family members and friends.
  
  --
  which is totally what she said
11. Re:The difference should be obvious by Anonymous Coward · 2010-07-27 12:12 · Score: 0
  
  Be are no longer an unadulterated connection, when the wiki block due to the Scorpions album cover happened, it became apparent that they had lied about not signing up to the IWF blocklist. I cancelled my service with them immediately and switched to Andrew & Arnolds.
12. Re:The difference should be obvious by Anonymous Coward · 2010-07-28 03:48 · Score: 0
  
  Yeah but you have to wait 12 or 18 months as that is the usual stupid British contract period terms.
  Backward country.
Data protection by rainmouse · 2010-07-26 21:51 · Score: 3, Insightful

Isn't passing personal information out for Europe without expressed permission a breach of the Data Protection Act? Though lets face it, peoples biggest privacy concerns here are their porn viewing habits. Perhaps some porn sites should set up shop that show up in the URL history as stocks and shares or Technology News.
Anna.Techsupport032a2.jpg, Anna.Techsupport032a3.jpg
1. Re:Data protection by Anonymous Coward · 2010-07-26 21:55 · Score: 0
  
  Please leave your fetish out of this.
2. Re:Data protection by Tapewolf · 2010-07-26 21:57 · Score: 2, Funny
  
  Isn't passing personal information out for Europe without expressed permission a breach of the Data Protection Act? Though lets face it, peoples biggest privacy concerns here are their porn viewing habits. Perhaps some porn sites should set up shop that show up in the URL history as stocks and shares or Technology News.
  Anna.Techsupport032a2.jpg, Anna.Techsupport032a3.jpg
  There was once a porn site that had a very similar URL to an ADSL comparison site, presumably for that reason. It was particularly annoying when I was trying to find the ADSL site at work...
3. Re:Data protection by mistralol · 2010-07-26 22:24 · Score: 1
  
  What just like the valid uk computer hardware store http://www.overclockers.co.uk/ vs the gay porn site. http://www.overcockers.co.uk/ Or at least it used to be years ago when i made an accidental typo infront of my boss at the time :/ At least he did see the honest mistake and saw the funny side of it
4. Re:Data protection by Tapewolf · 2010-07-26 22:34 · Score: 1
  
  What just like the valid uk computer hardware store http://www.overclockers.co.uk/ vs the gay porn site. http://www.overcockers.co.uk/ Or at least it used to be years ago when i made an accidental typo infront of my boss at the time :/ At least he did see the honest mistake and saw the funny side of it
  Heh. I think the site in question was adslguide.org.uk or something. The porn site was the same but with co.uk or .com or something more usual. This was about ten years ago, the site seems to have adslguide.com now, no idea if the porn site is still around.
5. Re:Data protection by Thanshin · 2010-07-26 23:45 · Score: 1
  
  There was once a porn site that had a very similar URL to an ADSL comparison site
  One of the following was NSFW.
  alternate.com
  alternate.es
  No, I won't check which one's which nor whether they're still up. :)
6. Re:Data protection by smallfries · 2010-07-27 00:17 · Score: 1
  
  They both resolve to hardware comparison / shopping sites. If you see either of them as something different then you need to check your machine for trojans.
  
  --
  Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
7. Re:Data protection by tehcyder · 2010-07-27 03:27 · Score: 1
  
  Isn't passing personal information out for Europe without expressed permission a breach of the Data Protection Act?
  
  Yes, that's probably why Talk Talk aren't, in fact, passing personal information out.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
8. Re:Data protection by psithurism · 2010-07-27 07:38 · Score: 1
  
  There was once a porn site that had a very similar URL...presumably for that reason
  No, I think, the reason they they set up shop one letter apart from a legit site, one letter particularly close on a qwerty keyboard to your intended letter, often mistyped, is to grab users looking for something else, and hoping you'll decide that boobs are more important than say, boring ADSL details.
  The number of times I have or have seen people accidentally type into porn sites, makes me feel that it can't be a coincidence. Also, some guy going through your web history is not going to know obscure non-porn sites from porn without checking; he won't even know you are trying to fool him.
I don't see what the fuss is about... by Anonymous Coward · 2010-07-26 21:54 · Score: 1, Insightful

.. Huawei are usually the ones *buying* the stolen corporate data.
Just another reason for normal people to use encryption on everything and look suspicious for not wanting to be spied on.
Deep deep packets by Wowsers · 2010-07-26 21:54 · Score: 1

The current UK government, despite borrowing £900bn ($1.4Trillion) and climbing, is not cutting the £10bn+ black-ops DPI upgrade of the UK telephone network, which is in conjunction with BT (who just announced increased charges to their customers and all ISP's to cover the cost). Why do you think there is such an interest in phones having IP addresses in stead of an ADC?

--
Take Nobody's Word For It.
1. Re:Deep deep packets by MoonBuggy · 2010-07-26 23:04 · Score: 1
  
  Any chance of a link? I've heard nothing about this, but I'd be interested to read more.
2. Re:Deep deep packets by somersault · 2010-07-27 00:02 · Score: 1
  
  Why do you think there is such an interest in phones having IP addresses in stead of an ADC?
  Why do you think giving phones IP addresses makes them any easier to monitor than they are already?
  
  --
  which is totally what she said
3. Re:Deep deep packets by Anonymous Coward · 2010-07-27 00:07 · Score: 0
  
  found this link: https://nodpi.org/
4. Re:Deep deep packets by ledow · 2010-07-27 00:33 · Score: 1
  
  Link to anything, ANYTHING that actually backs up any of these wild assertions, please. I'm British, £10bn is a lot of money, and I think you're talking bullshit.
  There are upgrades to the BT network. About f***ing time. We're only about 40 years behind the rest of the world in terms of telephone infrastructure.
  These upgrades have led to a rise in cost (but only for BT at the moment - other places aren't passing them on, e.g. completely independent phone companies that you are utterly free to use, or set up yourself, oh, and my old ISP is part of BT and actually just LOWERED all my prices for the same package - strange that given that BT infrastructure is used to connect *most* ADSL/phone line customers). Everything BT does leads to a rise in cost. Stupidity costs money, BT is full of that (ex-government monopolies tend to suffer from that), and telephone networks are getting more and more expensive to build and run (ADSL, ADSL2, fibre to the home, fibre to the cabinet, loss of virtually all payphone income, an unpopular mobile arm used only by traffic-heavy users due to exclusive iPhone deals, 12% of houses having NO LANDLINES AT ALL any more etc.etc.etc.).
  And £10bn is £357 for every phone line that BT manages in the UK - again, I call crap. BT already has the capability to intercept any phone line at will, on demand, with due legal process, and it costs NOTHING more than they already pay, whether they are analog, VoIP or anything else. IP phones are no easier or harder to intercept than traditional ones. Not since the days of gold-plated contacts, rotary pulse diallers and line-powered telephones has there NOT been an ADC or several dozen of them along the way, or the phone calls not passing straight through BT-owned hardware capable of sniffing anything it likes - BT's infrastructure from the cabinet to the exchange and to the receiving cabinet is virtually all digital and tappable and has been for decades - how do you think they know what number you dialled - all you did was put a DTMF tone down a copper line and it read it, interpreted it, formed paths, connected both ends, etc.
  Then you have the question of the sheer amount of traffic such capabilities would generate, whether it's possible to analyse the traffic for any purpose whatsoever, useful or not, (given that 3 out of 10 times the best voice recognition algorithms, straight out of PhD's papers, on the planet can't work out what I'm saying from a very limited vocabulary and I don't even have a strong accent and/or am trying to obscure my communications), whether it's possible to analyse THAT amount of traffic, etc.
  Stop spouting hyperbole. If you've spotted something on a budget, if you work at an ISP and have seen what the alleged "blackboxes" can do, if you work for BT and have had to install lines that you're completely under the Official Secrets Act for and therefore can't tell anyone about, etc. THEN you might have something worth listening to. And then I'd probably say "Oh?" and ignore you. So what? I'm a privacy nut but I already assume that anything the government wants to listen to, it can do so completely legally anyway. Telephone conversations, especially international ones, have absolutely no guarantee that you will NEVER be listened to. I don't expect them to monitor it routinely but then if they did, they have to have a damn good reason or you just go to the press (or Wikileaks if you believe the local press are compromised) and instantly everyone knows about it - you're going down because of an illegal act anyway, so might as well broadcast it to get attention off your "crimes" and onto those people who are monitoring phonecalls illegally. I mean, Wikileaks is just FULL of people who have done that, isn't it?
  It's crap. Conspiracy hyperbole of the highest order. Absence of evidence is not proof of the negative. And when 90,000 classified US army logs can slip out the door, someone, somewhere would leak this stuff too. And the biggest question: to what purpose? Liste
5. Re:Deep deep packets by Anonymous Coward · 2010-07-27 03:07 · Score: 1, Insightful
  
  Are you fucking stupid? You've been shitting all over this discussion with your privacy-violation apologies.
  There is legal precedent about getting access to telephone records, or being able to listen in, etc.. There is mandated logging of internet activity. Make phones look superficially the same, but in reality have them work over an IP network, and bang, the old protections are gone. Those who didn't like the old barriers are now happy: businesses get another source of data to make their adverts more convincing, and the state gets to catch people who talk about certain things over the "phone" network. They will parade them as terrorists and how they have protected us all. Please vote again.
  At this point you need to trot out some insult to do with tinfoil, because there aren't examples of those offered a power or profit grab and not taking it.
6. Re:Deep deep packets by somersault · 2010-07-27 03:22 · Score: 1
  
  At least in America all of those pretences went out the window with the PATRIOT act.
  The Data Protection Act covers collection of personal data just fine whether digitally or on paper.
  It's you [insert tinfoil insult here] people that are fucking stupid when you start bleating about issues like this. It's like the boy who cried wolf. Even when there are serious breaches of privacy going on (and this doesn't count - it is recording anonymised data and therefore isn't even covered under the data protection act, because there is no fucking privacy violation happening) I just can't take you seriously any more.
  
  --
  which is totally what she said
7. Re:Deep deep packets by Anonymous Coward · 2010-07-27 03:42 · Score: 0
  
  Well, at least you took me seriously for a while. That's more credit than I gave you!
8. Re:Deep deep packets by somersault · 2010-07-27 04:09 · Score: 1
  
  I don't think I need to worry about the opinion of someone who thinks that encrypted digital communications are easier to snoop than analog telephone lines.
  
  --
  which is totally what she said
9. Re:Deep deep packets by Anonymous Coward · 2010-07-27 04:30 · Score: 0
  
  I don't think that. I also don't assume that VOIP will be encrypted, or encrypted with a standard that is uncrackable (in real time), or unbackdoored. For example India or Germany or somewhere are placing pressure on Skype to do with their encryption, and the NSA was able to backdoor a Swiss manufacturer of encryption machines used by various country's embassies.
  But the point is that there are safeguards against bureaucrats snooping on who we communicate with on the phone, by making phones IP phones those safeguards are bypassed. There may well be technical barriers to stopping people eavesdropping on the content of calls, but there aren't necessarily the same legal safeguards.
  But you carry on thinking you have a grasp of the situation.
10. Re:Deep deep packets by somersault · 2010-07-27 07:50 · Score: 1
  
  I don't pretend to have a good grasp of the situation, but you thinking that such things as laws are going to stop naughty people from doing naughty things isn't exactly well thought out either. And with all the "terror" excuses recently both the US and UK governments have taken liberty with the law in the name of security. Laws alone are a poor safeguard against this kind of stuff. It's like putting up a sign on your frontdoor saying "my door is unlocked, but if you open it and steal anything, I shall be very, very cross indeed!".
  There are several encrypted VoIP services available, or you could always roll your own if you really wanted to guarantee security.
  
  --
  which is totally what she said
tsk tsk by frenchbedroom · 2010-07-26 22:01 · Score: 1, Interesting

Such A Shame, Talk Talk. It's My Life, you Dum Dum Girl !
Name change by Rik+Sweeney · 2010-07-26 22:02 · Score: 2, Funny

(You may want to sit down before reading on, or at least steady yourself against something)
(Ready?)
Maybe they should change their name to Watch Watch instead.

--
Summation 2
1. Re:Name change by Dexter+Herbivore · 2010-07-26 22:28 · Score: 5, Funny
  
  Maybe they should change their name to Watch Watch instead.
  Actually, I thought StalkStalk was a better option.
2. Re:Name change by Anonymous Coward · 2010-07-27 00:48 · Score: 0
  
  Abd their customers should Walk Walk
Monitoring traffic, not customers by myxiplx · 2010-07-26 22:04 · Score: 4, Interesting

The thing is, if you ignore the sensationalist headline and look at what there doing, it's just a list of websites that are accessed over their network, which they're using to create an opt in filtering system.
Oh no, an ISP actually doing something useful for it's customers, whatever will we do!
Stories like this are what annoy me about the press (slashdot included).
1. Re:Monitoring traffic, not customers by Anonymous Coward · 2010-07-26 22:18 · Score: 0
  
  I'll take my internet pure and unfilted, thank you very much.
  I like my stuff uncut.
2. Re:Monitoring traffic, not customers by Leperous · 2010-07-26 22:50 · Score: 1
  
  If you read other people's comments you will quickly see why, although this is a Good Thing prima facie, it does have worrying implications that need to be addressed (e.g. the storing of "secret" URLs).
3. Re:Monitoring traffic, not customers by Anonymous Coward · 2010-07-26 22:58 · Score: 0
  
  The thing is, if you ignore the sensationalist headline and look at what there doing, it's just a list of websites that are accessed over their network,
  
  That's exactly what TFS says, and it's exactly what is worrying (not to mention wrong).
4. Re:Monitoring traffic, not customers by Anonymous Coward · 2010-07-26 22:58 · Score: 0
  
  Oh really? So you wouldn't mind at all if you happened to stumble upon a known child porn website that tricked you in to announcing to everyone you know that you masturbated to baby-fuck?
  Sorry, but even _I_ wouldn't want to end up on something like that and i'm all for "pure and unfiltered".
  Some degree of protection is better than none. *
  But considering how this already happens in most browsers, it is less likely to happen.
  Of course, now it is a question of who do you trust more, the 3rd parties making these lists for the web browsers, or an ISP?
  * As long as the list was reviewed regularly, unlike the shit that IWF pulls. (and pulled with Wikipedia article just because they were a no-profit organization)
5. Re:Monitoring traffic, not customers by Anonymous Coward · 2010-07-26 23:52 · Score: 0
  
  I would mind happening stumbling onto such a site.
  But not as much as I mind my Internet traffic and my right to communicate with whoever I choose abridged.
  In my country, there is a simple DNS-level filter whose purpose ostensibly is to block known child porn sites. It's completely voluntary on the part of the ISP, and the filter is trivially bypassed just by using a different DNS server.
  This filter has practically no judicial oversight whatsoever and there are many documented cases of sites "accidentally" turning up on these sites - The Pirate Bay was on this list for a while. This is apparently "okay", since apparently the filter is "voluntary" on terms of the ISP, and the big players would rather play ball with the police on this one than risk it being made law.
  If I really want my computer to nanny me not to visit sites that somebody else has judged harmful or potentially illegal (innocent until proven guilty etc) - I can install software to do that for me myself, thank you very much. I don't need my ISP second guessing who I choose to send packets to or receive packets from, without my explicit instruction.
6. Re:Monitoring traffic, not customers by petes_PoV · 2010-07-26 23:52 · Score: 1
  
  if you ignore the sensationalist headline
  what you actually have is an organisation in a position of trust clandestinely checking up on the websites its users visit.
  Whatever their intentions might be, they did this without asking and attempted (though not very effectively) to conceal their actions by passing the information to another part of the operation which did the follow-up accesses. If they were convinced their actions were on the side of right, they would have announced their programme and made their customers aware of what they were doind - and the reasons why it was a good thing.
  As it is, it wouldn't surprise me in the slightest to discover that other organisations were doing the same sort of thing, either en-masse or as part of a surveillance operation against individuals "under suspicion". The problem with this sort of trawling is that you never can tell when the records from your innocent surfing can / will be used against you.
  
  --
  politicians are like babies' nappies: they should both be changed regularly and for the same reasons
7. Re:Monitoring traffic, not customers by BandoMcHando · 2010-07-26 23:58 · Score: 1
  
  I agree absolutely - from reading the article (I know - a completely unfashionable and unforgivable thing to do here on /.) I take this to be very specifically a malware checker, that checks a given site/URL for malware, either directly or uses the cached result of the last check if it was checked within the last 24 hours.
  Is this not very similar to the google safe site service that's built into Firefox and other browsers?
  Oh, and I love the justification for claiming that it records what customers do... "They said it doesn't record anything at all conencted to the user, but they might be lying, so sod it, lets just claim that they record absolutely everything." (That's high quality Daily Mail level journalism there...)
8. Re:Monitoring traffic, not customers by Haeleth · 2010-07-27 00:31 · Score: 1
  
  How, exactly, does deep packet inspection help ISPs to block access to known child porn websites?
  If they know about the website, all they have to do is block access to it. There's no need whatsoever for them to examine the content of my communications, if all they're trying to do is block access to certain IP addresses.
9. Re:Monitoring traffic, not customers by Monkeedude1212 · 2010-07-27 02:59 · Score: 1
  
  The thing is, if you ignore the sensationalist headline and look at what there doing, it's just a list of websites that are accessed over their network, which they're using to create an opt in filtering system.
  While possibly selling that info to advertisers as well? I mean who is to say what they're doing with it. Of course they'll make some concession and tell you that its good for you.
  Shut one's eyes tight or open one's arms wide, either way, one's a fool!
Huawei has been mentioned before. by dalmor · 2010-07-26 22:27 · Score: 4, Informative

The company has been mentioned previously here on /. for its questionable relationship with the Chinese government.
http://tech.slashdot.org/story/10/05/28/1228224/Chinese-Networking-Vendor-Huaweis-Murky-Ownership
1. Re:Huawei has been mentioned before. by stupid_is · 2010-07-26 23:00 · Score: 1
  
  Very old, all that. H// has a chequered history:
  Sued by Cisco for nicking their IOS software (settled out of court, but H// withdrew all routing gear and made software changes).
  Sued by Motorola (last week) for passing on trade secrets (no idea how valid, but it appears to be a follow on from a case last year, also involving another company called Lemko)
  Anecdotally, I've heard of their engineers opening up competitor equipment to take pics while onsite at a customer premises.
  Internally, I know they have very strict data protection policies as it is commonplace for workers to leave the company with a pile of docs, walk into a position at a competing company and hand them over - basically no computers allowed out of the buildings, USB ports and CD/DVD writers disabled. Mobile phones have to be very basic - no cameras on them...
  On the other hand, it's not just Huawei that does it - it seems to be the culture in China to behave this way.
  
  --
  -- Intelligence is soluble in alcohol
2. Re:Huawei has been mentioned before. by Anonymous Coward · 2010-07-26 23:44 · Score: 0
  
  they ripped off Marconi multiplex designs too (now Ericsson), they used to be a licensed manufacturer, now they have their own (inferior) product which is almost identical
3. Re:Huawei has been mentioned before. by wvmarle · 2010-07-27 00:03 · Score: 1
  
  Remarkable that only at the end of the comments (as now, reading +3) I see a comment like this.
  Personally I don't see too much problem with the ISP keeping these logs - your traffic passes through them after all, and there may be reasons (legal, technical, whatever) for them to keep such logs.
  That a third party, a foreign third party in a jurisdiction not known for its great human rights record nonetheless, has access to this databases is far more worrying. If it is as anonymous as the ISP says it is no idea what Huawei can actually do with it - still it's not something that would make me happy if my ISP were to do something like it.
Makes me feel comfortable by Arancaytar · 2010-07-26 22:29 · Score: 1

There's nobody I'd rather have looking at my internet history than a Chinese company.
Except maybe the North Korean government.
1. Re:Makes me feel comfortable by silentcoder · 2010-07-26 22:43 · Score: 1
  
  Well then, good news, they already are. At least - every time you mention them on /.
  
  --
  Unicode killed the ASCII-art *
2. Re:Makes me feel comfortable by Anonymous Coward · 2010-07-26 23:01 · Score: 0
  
  Well then, good news, they [North Korea] already are. At least - every time you mention them on /.
  OH HAI KOREA! Y YOU HATING? :'(((
If it were in his power by ThatsNotPudding · 2010-07-26 23:27 · Score: 0, Offtopic

I'm sure Obama would give Talk Talk a free pass - just like he did for AT&T.
Hey TalkTalk! It's My Life! by imac.usr · 2010-07-26 23:32 · Score: 2, Funny

Don't you forget!
Really, this story is Such A Shame.

--
I use Macs for work, Linux for education, and Windows for cardplaying.
1. Re:Hey TalkTalk! It's My Life! by BancBoy · 2010-07-27 04:59 · Score: 1
  
  That's Talk Talk, from the album Talk Talk, the band is Talk Talk.
  
  --
  [UID-HeinzIntel]
Everyone is doing it by xda · 2010-07-26 23:39 · Score: 1

More drama over deep packet inspection... All major ISP are using some form of deep packet inspection for many different reasons and they have been doing it for a while now. This isn't new.
How Much of the URL? by s7uar7 · 2010-07-27 00:10 · Score: 2, Insightful

Presumably they need to capture at least the page that the user is visiting, as checking for malware on just the root of a site is a waste of time. As most sites these days are dynamic they'll also have to capture the parameters in a GET (and possibly POST), so there is every chance they *will* be capturing personally identifiable data.
OpenDNS by emkyooess · 2010-07-27 00:54 · Score: 1

I opted in to a similar tracking that OpenDNS has (even part of its free service) that informs me when my network has been accessing known malware sites. I do wish they could do it without having to activate tracking/logging though -- "look at each one at a time, evaluate, discard" should be the norm.
Malware? Whats that? by Anonymous Coward · 2010-07-27 02:21 · Score: 0

I use linux. Immune to malware. So I should not be blocked. But I am.
See what Microsoft technology does? It retards entire industries.
1. Re:Malware? Whats that? by tehcyder · 2010-07-27 03:32 · Score: 1
  
  I use linux. Immune to malware.
  
  Really? Then why not post your details on 4chan or somewhere and offer a small reward for time spent to the first person to gain control of your network/box?
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
2. Re:Malware? Whats that? by Anonymous Coward · 2010-07-27 21:18 · Score: 0
  
  That is not malware you silly tool. You have been spending to much time on 4chan yourself I see.
And that makes it *good* how? by Anonymous Coward · 2010-07-27 02:58 · Score: 0

And that makes it *good* how? Really, I'd like to know. People have been mutilating people they don't like for ages. So that makes it OK!
1. Re:And that makes it *good* how? by xda · 2010-07-27 17:01 · Score: 1
  
  The gist of the story is that an ISP has been "caught" doing something. The reality is that all they have been caught doing is something that is normal day to day activity of a large ISP.
  
  Deep packet inspection is used by an ISP to see how their customers are using their services. What sites are people visiting, are they uploading, downloading content. What kind of content? audio/video/text? How can we improve our services to meet these needs. How can we market ourselves better to our customers.WHO DO WE NEED TO PEER WITH to satisfy our customers needs?
  
  When you've got millions of dollars invested in a business you need to be able to collect more data that simply having a bandwidth graph. and the data is reasonably anonymous. If you are that worried about the security of your data then use a VPN for sensitive material. Checking your Facebook page is not a classified national security issue get over yourself. Of coarse there is a dark side, for example when Comcast uses DPI to interfere with BT traffic. But guns don't kill people, people kill people right?
"Chinese firm Huawei" by kheldan · 2010-07-27 04:22 · Score: 1

..because everybody knows that our good friends and allies in the far east always have our best interests at heart and would never, never, ever do anything bad.

--
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
HEY UK by kuei12 · 2010-07-27 07:17 · Score: 1

Welcome to America!
Everything's all right by cprincipe · 2010-07-27 09:24 · Score: 1

Life's what you make it.

--
bun-fhuinneog agam!
The UK can have it both ways by Anonymous Coward · 2010-07-27 11:06 · Score: 0

How about Parliament compromise: it will be a criminal offense to use the Internet unless you're being monitored, AND it will also be a criminal offense to use the Internet while you're being monitored. Sounds about right, doesn't it?
Can't wait for the HoSecPo goons at the Dept. of Homeland Stupidity to push for equivalently moronic laws in the US.