UK ISP TalkTalk Caught Monitoring Its Customers

An anonymous reader writes "The UK ISP TalkTalk has been caught using a form of Deep Packet Inspection technology to monitor and record the websites that its customers visit, without getting their explicit consent. The system, which is not yet fully in place, ultimately aims to help block malware websites by comparing the URL that a person visits against a list of good and bad sites. Bad sites will then be restricted. TalkTalk claims that its method is totally anonymous and that the only people with visibility of the URL database itself are Chinese firm Huawei, which will no doubt help everybody to feel a lot better (apply sarc mark here) about potentially having their privacy invaded."

Re:Twas ever thus

[zaax]

In the UK it is illegal to monitor a person priate converstaion on the phone, unless you have a judges authority. Also it's against Human Rights. Maybe Talk-Talk customsers should report them to the police.

Ironic

Ironic this, seeing as how TalkTalk have been pushing back against almost the same things in the Digital Economy Act. Shame really the did look like they might be good guys.

Re:Ironic

[asdf7890]

Ironic this, seeing as how TalkTalk have been pushing back against almost the same things in the Digital Economy Act.

They are against the act because as itis currently written it favours smaller operators, as some of its rules such as the automatic disconnection for copyright violation only apply to ISPs with at least 40,000 customers. They are not fighting the act to protect anyone's privacy, they are fighting the act because it could make their services look less competitive.

Shame really the did look like they might be good guys.

No they didn't, not if you look into their (recent) past. They were one of the big three ISPs connected to the "ex-" spyware outfit Phorm in 2008/2009 and their past sales techniques including line-slamming (using people's details gleaned from other sales activity to switch their landline provision to them without permission) and apparetnyl deliberate ignorance of the Telephone Preference List have left a lot to be desired. See http://en.wikipedia.org/wiki/TalkTalk#Data_pimping and http://en.wikipedia.org/wiki/The_Carphone_Warehouse#Data_protection respectively for links to more info.

Re:Twas ever thus

[mistralol]

Actually in UK law the digital economy act practically requires by law that isp's are to monitor their users and notify certain bodies of any possible illegal activity. TalkTalk and BT are the only people attempting to stand up to this. I guess TalkTalk are a little more two faced than we thought.

Re:End-to-end encryption

[AHuxley]

Yes like in Australia the "URL database" will grow and grow.
http://zfoneproject.com/ for all :)

Re:The difference should be obvious

[MoonBuggy]

One thing to add, which you may not have realised if you're not a UK user, is that it is absolutely possible for people to vote with their wallets in this case. Unlike the situation as I understand it in the US, we have a fairly good choice of DSL ISPs.

If a person is using TalkTalk, it means they have a BT (physical) phone line, although it may not be currently connected to BT equipment at the exchange. Since BT has long been required to open up their government-provided-monopoly infrastructure to others, it means that there will be a wide choice of ISPs and switching is relatively straightforward.

Also, on a purely personal note, this allows me a brilliant concrete example of why I advise people to pay a little more for a straightforward, unadulterated connection from Be or UKFSN's LLU service (no affiliation with either other than as a satisfied customer) and support those ISPs who don't pull crap like this.

Huawei has been mentioned before.

[dalmor]

The company has been mentioned previously here on /. for its questionable relationship with the Chinese government.

http://tech.slashdot.org/story/10/05/28/1228224/Chinese-Networking-Vendor-Huaweis-Murky-Ownership

Re:Twas ever thus

[MoonBuggy]

Firstly, in the UK, the data protection act comes into play, especially considering the level of insight that browsing info can give about many of the items listed on the "Sensitive personal data" list.

Secondly, wiretapping legislation specifically forbids monitoring of telephone communications except in specific circumstances, whether they are encrypted or not. It's hardly a stretch to apply the same logic to internet communication.

Re:Twas ever thus

[somersault]

How is them trying to warn users they area about to visit a malicious site anything like recording activity for the purposes of relaying to the government? There is nothing two faced about this, it is good for the customer.

This is just the usual BS sensationalism. According to TFA, the data being recorded is anonymous:

Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers. We are not interested in who has visited which site - we are simply scanning a list of sites which our customers, as a whole internet community, have visited. What we are interested in is making the web a safer place for all our customers.

This is the type of thing we should be encouraging rather than discouraging, if it reduces the number of idiots infecting their machines, which it will slightly. I think the ISP should enable this type of warning by default, with the option to opt out for those who actually want the very slight improvement in latency.

Re:Twas ever thus

Major difference: Google is not providing details of everything its users do directly to a foreign government with a well-known interest in hacking and industrial espionage.