Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK ISP TalkTalk Caught Monitoring Its Customers

Posted by kdawson on from the shades-of-phorm dept.

An anonymous reader writes "The UK ISP TalkTalk has been caught using a form of Deep Packet Inspection technology to monitor and record the websites that its customers visit, without getting their explicit consent. The system, which is not yet fully in place, ultimately aims to help block malware websites by comparing the URL that a person visits against a list of good and bad sites. Bad sites will then be restricted. TalkTalk claims that its method is totally anonymous and that the only people with visibility of the URL database itself are Chinese firm Huawei, which will no doubt help everybody to feel a lot better (apply sarc mark here) about potentially having their privacy invaded."

12 of 139 comments (clear)

  1. Twas ever thus by benbean · · Score: 5, Insightful

    Doesn't really sound any different to what the search companies store. Sans encryption, nothing you do on the Internet is private. Caveat Browsor. Or, erm, something.

    --
    It's a Unix system - I know this.
    1. Re:Twas ever thus by smallfries · · Score: 2, Insightful

      Sans encryption, nothing you do on the Internet is private

      Very true, and yet within ten minutes there will still be several hundred posts in this story decrying the evil wiretappers of the man and how this is breach of basic civil liberties.

      So here is a question (and it's only half devil's advocate) :
      If you send your data to a private company who has not signed any kind of contract to say that they will keep the data private: why wouldn't they look at it?

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    2. Re:Twas ever thus by noidentity · · Score: 2, Insightful

      How about just using English in the first place?

    3. Re:Twas ever thus by h4rm0ny · · Score: 4, Insightful


      They should indeed report them. It was not "ever thus" and quite demonstrably so because we've only had mass electronic communication relatively recently and in a form that is easy for third-parties to record en masse for substantially less time than that.

      Each time a new frontier opens in the eternal war between the rulers and the ruled, a land-grab ensues where governments and corporations try to make the public accept something as inevitable or right whilst at the same time the public realizes just because they've allowed the government to make them do something in other areas, that doesn't mean it was right.

      It's vitally important at times like this to defend our rights as forcefully as possible. We did a lot of damage to Phorm when this was tried previously. In fact, Phorm turned into a ugly business black hole that no-one wanted to touch, with a reputation as down the toilet as SCO and I pity the people associated with it (except I don't). Clearly someone hasn't learned their lesson and we need to burn down a few more companies before we finally establish our right to privacy.

      So let's make them regret this.

      --

      Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
    4. Re:Twas ever thus by tolan-b · · Score: 3, Insightful

      It is English.

      http://www.oxforddictionaries.com/view/entry/m_en_gb0131000#m_en_gb0131000

      As well as being Latin of course.

    5. Re:Twas ever thus by renoX · · Score: 2, Insightful

      > Sans encryption, nothing you do on the Internet is private.

      Even with encryption, your ISP can log every IP address you access, I would hardly call this a private activity!

      So I would correct: nothing you do on the Internet is private, only semi-private with encryption, except if you are using either
        1) encryption + TOR or
        2) steganography.
      And (1) is quite easy to detect for your ISP, so you would be "noticed": in some country this could be dangerous..
      So the only really private communication you can have on the Internet is (2)..

    6. Re:Twas ever thus by Yer+Mom · · Score: 2, Insightful

      If they pass URLs to a third party without anyway to lookup who requested each URL then it doesn't count as personal data under the act.

      http://www.example.com/account.php?e=myaddress@example.net. Bang. Personal data right there.

      Unless they have a way that can guarantee email addresses, account numbers etc are stripped out of the URL, of course...

      --
      Never mind Spamassassin. When's Spammerassassin coming out?
    7. Re:Twas ever thus by RobertM1968 · · Score: 2, Insightful

      No, a LOT more two faced. Anyone with even the slightest networking knowledge knows that any ISP such as this, who runs their own DNS server can simply drop the bad domains into the DNS servers and have them point to one of their own servers which will present a "This site has been blocked for... " page.

      A simple example of something similar (in implementation) are the "not found" redirects that many ISPs are doing now, that bring you to one of their customized search pages.

      They dont need to monitor what users are doing since they are not building a list of bad sites - they are (supposedly) comparing users' surfing to an already existing list.

      I call massive bullshit on the part of TalkTalk.

      --
      StarTrekPhase2 - The Five Year Mission Continues!
  2. End-to-end encryption by Anonymous Coward · · Score: 5, Insightful

    It's the only way to be sure. I know of at least one German university which also filters all external web traffic through a proxy which blocks URLs, also supposedly to reduce malware infections. The road to hell is paved with good intentions. The same technology which is installed to fight malware is also ideally suited to work as censorship infrastructure. Once it's in place, the operators will undoubtedly be confronted with the question why they only filter malware and not other "illegal" content. Once they've succumbed to that, the list of URLs to block will grow to include "unruly" opinions, videos of police, etc.

    End-to-end encryption. Now.

  3. The difference should be obvious by SmallFurryCreature · · Score: 3, Insightful

    My ISP is often a matter of little choice, if I want to access the internet, I MUST go through an ISP.

    I never ever have to go to google or any other domain. It is trivial to avoid any domain I wish, just put it in hosts file with local ip.

    Especially since Google doesn't know my personal details. My ISP does.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

  4. Data protection by rainmouse · · Score: 3, Insightful

    Isn't passing personal information out for Europe without expressed permission a breach of the Data Protection Act? Though lets face it, peoples biggest privacy concerns here are their porn viewing habits. Perhaps some porn sites should set up shop that show up in the URL history as stocks and shares or Technology News.

    Anna.Techsupport032a2.jpg, Anna.Techsupport032a3.jpg

  5. How Much of the URL? by s7uar7 · · Score: 2, Insightful

    Presumably they need to capture at least the page that the user is visiting, as checking for malware on just the root of a site is a waste of time. As most sites these days are dynamic they'll also have to capture the parameters in a GET (and possibly POST), so there is every chance they *will* be capturing personally identifiable data.