Feeds

back to article TalkTalk serves up website blocking to users

TalkTalk just became the first major UK internet service provider to implement network-level anti-malware blockers on its service. The system has arrived later than originally planned, after the company quietly begun following its customers around the web and scanning what they looked at last summer as part of TalkTalk's …

COMMENTS

This topic is closed for new posts.
FAIL

from worse to worser

Talk Talk really are crap. I used to be a customer of theirs. As soon as the service was in place I could no longer phone mobiles. I reported the fault but they denied it was anything to do with them and blamed me and my home phone. I broke my contract, refused to pay a penny and dared them to take me to court - they declined, and i went with BT. The moment I was with BT I could phone mobiles again - which proved it was Tal Talk problem.

I've also seen friends and neighbours have numerous issues with TT and have no recourse but to leave and go with a proper phone company. TT got voted worst Customer Services in a recent pole - you'd think that someone in their organisation would get a clue and suggest that the company improve themselves, but no, that would be professional and competant, so that's not going to happen any time soon. Instead they've impemented this 'malware blocking' service, and you just know it's going to go wrong. It's inevitable! It'll prob start blocking legitimate downloads and Active X.

Still, it's a great way for them to loose more customers!

4
3
Anonymous Coward

Waiting for the fun to begin.

I'm just about to leave talktalk, MAC code arrived eventually (after much insistence and quoting of Ofcom regulations).

After hearing the horror stories of billing continuing after you've left, I have tried to pre-empt this by stopping the direct debit and moving the monthly payments onto my credit card. With any luck this will make it easier for me to contest any extra charges and hit them with a charge back. I'm not going through that "Oh you have to get the company to refund you" crap you get from your bank with direct debits.

1
0

MISTAKE

"have tried to pre-empt this by stopping the direct debit and moving the monthly payments onto my credit card"

DDs are protected by the DD guarantee, your credit card is not. Keep it on DD.

0
0

DD guarantee

Good luck with that.

I've never had to use it but my brother tried once and they were told it didn't apply as the amount taken was what the business intended to take (i.e. it only protects against errors).

Un-authorised transactions on a CC however are a slam dunk.

0
0
Unhappy

Yeah - you need to ask for a refund

... and, the DD is an agreement to allow a company to debit your account. Merely deleting it from your account page does not prevent the company simply re-invigorating the DD, as you have given *them* a signed piece of paper that allows them to take money.

As happened to me a while back.

0
0
Silver badge

Not my experience Hayden

Sounds like you have a shit bank. When I contacted my bank because I'd noticed an erroneous DD payment taken from my account that morning they asked me if I'd like to have the payment recalled and then promptly did it.

I think you'll also find that cancelling a direct debit cancels a direct debit. The paper says I give you the right and the cancellation says now I don't. If your bank simply pays out money whenever presented with a request then it's probably time for a change.

0
0
Silver badge
Stop

Agreed

Deleting a DD cancels the DD. If money is taken then the bank is being very naughty - there is an accepted administration delay (not quoted in time but generally a working day) between cancelling and a payment being taken, this is generally refunded by the bank but in some rare circumstances larger banks have often led people to the company taking the money.

Providing a copy of a DD guarantee with the magic words "cancel" on them should have sorted it. Most likely the gimp on the desk couldnt be bothered to sort it for you, afterall it is easier to point you somewhere else.

0
0
Silver badge
Boffin

Not ticking the box

If customers don't accept the trial are they still tracked but don't get the warning messages?

2
0
Alert

Everyone is subject to surveillance

You can opt out of the alerts, but your communications are still subject to surveillance, and used to effect a replay attack against the sites you visit.

Its completely illegal, but you'll find corrupt officials in the ICO and Police will do nothing to stop it.

You can however opt out by calling one of these numbers, 0800 049 0049, 0870 444 1820, 0845 077 4488 an asking for your MAC.

Then select a quality ISP instead.

1
1

What about the cost to content providers?

Who are now serving the content twice - once to the original requester and again to the scanner?

2
0
Anonymous Coward

Not how it works

Content owner -> ISP -> you

The filtering happens at the ISP before it gets to you. Otherwise how would they filter?

0
0

One solution

Block TT scanner IP ranges or put something to that effect in Robots.txt .

0
0
Alert

You need an SSL Certificate

Time to buy an SSL certificate if you care about the privacy, security, and integrity of your communications with TalkTalk subscribers.

Because otherwise you are being ripped off by TalkTalk, Charles ChengDu Dunston, and his Chinese spies.

No regulator or law enforcement agency will act to protect you.

Sorry. We did try to warn the Government, but no one would listen. Now its time to face the music.

1
0
Anonymous Coward

Watch out for that law thingy!

"As for the company's run-in with the ICO, TalkTalk provided the commissioner with documents to support its public claims that the technology and the trials complied with privacy laws."

They want to be careful or they might get chided.

4
0
Grenade

By any other name?

Wasn't this exactly how Phorm was supposed to "provide value" to the consumer?

3
0
Silver badge

I thought...

I thought that simply relying on TalkTalk's DNS was already a website blocking feature?

5
0
Thumb Down

Alas, poor Pipex...

Pipex used to be a superb ISP, but were bought by Opal who have now been bought by TalkTalk Business, thus making me a TalkTalk customer.

Can't say I'm overly happy by this news of covert scanning.

0
0
Anonymous Coward

@Poor Pipex

Opal were not bought by TalkTalk Business. Opal were a provider based in Manchester/Warrington which was bought by Carphone warehouse in 2003 which then what gave birth to TalkTalk.

Opal was then split into the business section (Opal) and the network (CPWN). Forward a few rebrands and Opal becomes TTB. Pipex being a residential provider which was owned by Tiscali was integrated into the residential customer base on TalkTalk.

Anyway, on subject. ISP's look at every URL you go to (They dont just magically appear after you type the URL in your browser.). TalkTalk are just giving you the option to block certain websites. Use it/dont use it. Who cares?

2
3
Coat

Um....

... and how do they scan the site if it's encrypted? Personally, at work we use SSL interception by installing a proxy cert on all domain macnines but unless they use some client application for the service I can't see how they'll manage to scan SSL sites.

Mine's the one with 'how to get around network level privacy invasion when they don't control the client-device'

2
0
Silver badge
Paris Hilton

Is this terrible?

I'm struggling to see the link to Phorm and the ilk that some folk's are spotting. If TalkTalk were merely using its users to generate URLs to search for blacklist material and ignoring the links between them (there's no reason it needs to track users or times - just a list of URLs to save it spidering) then I doubt there's a real privacy issue.

As for switching on an opt-in service that will protect people, this is effectively just moving NetNanny into the cloud-era of computing. A lot of people actually want their ISPs to protect them from malware and viruses. On any of my relatives devices (where I set them up) they use OpenDNS and their blockers - it's drastically cut down the amount of hassle I have in cleaning up their riddled machines, regardless of how much AV is protecting them.

I imagine it won't be perfect and that false-positives will exist, but overall I fear tech-heads forget that the average Joe just wants a safe Internet, without having to worry about what he can and can't click.

1
4
Alert

It is not Opt In

You cannot avoid the surveillance if you're a TalkTalk customer. Every URL you visit will be monitored, analysed, and replayed, regardless of your wishes (and the wishes of the person operating the web site).

Which is simply illegal. No ISP is entitled to do this involuntarily... it requires explicit *consent*. Particularly so because it is likely to involve the processing of highly sensitive personal information relating to health, religion, race, politics, and sexuality.

The link to Phorm? You won't find it because Huawei erased all trace of it.

Read here;

http://www.theregister.co.uk/2010/12/01/huawei_phorm/

1
2
Silver badge
Boffin

@dephormation

There are two different systems. The one everyone is upset about doesn't (as far as I can determine) track, identify or even link two URLs together. Customer A visits google.com. customer B visits theregister.co.uk. As far as I can tell, Talk Talk have just harvested these two URLs as links to be added to their malware scanner for future use. They don't identify customer A or B, even specifically or as an anonymous ID.

You're extrapolating this and assuming that there is any record of *who* visited the sites and when, thus constructing browsing habits. My point is that to gain a list of URLs for scanning (as Talk Talk are doing) does not necessitate tracking who and when.

But carry on down-voting folks, I can take it.

0
2
Silver badge
Thumb Down

indeed

riiiight. So they arent adding IP/internal connection data to each log entry for "customer satisfaction purposes" or to identify customer complaints etc.

I wonder how long until targetted adverts appear. Oh look it was phorm after all.

1
0
Alert

You're presupposing

that the Register, or Google, are happy for their communications to be intercepted in this way.

As someone using the web (both as an ordinary net user, and a web site developer) I don't want any aspect of the content of my private/confidential communications stored and processed in this way without my explicit consent.

And that's what the law ought to guarantee.

2
0

RE:@dephormation

"They don't identify customer A or B, even specifically or as an anonymous ID"

What evidence do you have for this statement? They may not *currently* have an overt link for that information but it all depends on exactly what data they are keeping. if they've recorded a date/time and IP address it wouldn't be a huge task to correlate with their other customer data. Most average users would believe they couldn't be identified if they're told it's just a URL, a date/time and an IP address in the database.

"You're extrapolating this and assuming..."

Hmmm, but you've used the words "As far as I can tell". How is that different to extrapolating and assuming?

My concern here is feature creep. Once they've got consent, what do you suppose the likelihood is that it *could* evolve into Phorm? They've got this list of sites, they fancy a bit more revenue without raising prices: it doesn't take a huge leap to imagine a post-acceptance minor change in Ts & Cs where customer identification is added.

In my view, when dealing with organisations like this, healthy cynicism and an assumption that they'll screw you for every penny they can get is a sensible position. They're not doing this out of civic duty - they see an income in doing this. Follow the money-making possibilities and tell me how *you* think they could make it pay without going down the Phorm route.

1
1
Silver badge
FAIL

Spurious logic

"What evidence do you have for this statement? [... ] Hmmm, but you've used the words "As far as I can tell". How is that different to extrapolating and assuming?"

I don't need to evidence it. Someone needs to show that there IS a link. I'm basing it on the information I have, instead of making up information I don't have.

0
1
Happy

Well, I'm shocked!

I would reckon this ISP data logging nonsense will drive a market in anonymous/proxy stuff (which I don't know much about) so the punter is left asking who to trust? Alternatively - a fee for every time my information is purchased might work - maybe an annual cheese or beer delivery might just about cover it but I'd probably expect a bit more tbh

0
0

Is this not Phorm by backdoor opt-in?

Scan all sites customers visit - who wants bet the data gathered from this will be used for marketing. Did talk Talk not consider using Phorm before it all blew up?

2
0

Pipex

Agreed, Pipex were the bollocks.

TalkTalk are total shit..... not your normal shit, that award goes to BT.

You know the dog shit that has mould on it? That's Talktalk...... White dog shit is cool, mouldy dog shit is just dog shit with mould on it.

Fuck off talktalk..... negative vote me if you want... I've been on bag all day and you haven't.

3
1
Silver badge

Nothing to hide

The sort of websites where this kind of service is required are usually the sort of websites that the visitor doesn't want to be associated with/tracked to.

Users should be looking to protect themselves and not rely on censorship as protection, no matter how well meaning, in reality, self serving the action is for the provider of the filter.

Now how long will it be before Talk Talk monetise the data harvested from this effort? Some have mentioned Phorm and its relationship with BT. The moment Talk Talk sell this data to third parties, there ceases to be any difference between the Talk Talk and Phorm, apart from the opt-in bit.

1
0
Stop

@Annihilator

The similarity to Phorm is in the way that large scale trials were run snooping on the URLs visited of Talk Talk customers without their knowledge and/or consent. It seems to me that technology corporations are almost becoming worse than governments in snooping. At least there is an arguable case for government bodies snooping in order to fight crime and terrorism.

It wouldn't be so bad if TalkTalk had asked for consent before running the trials but just like Phorm they decided that principle didn't apply to them.

2
0
Thumb Up

<Rant>

I can only see this as something positive myself.

When little Timmy is supposed to be doing homework his parents can be rest assured he is and not on Facebook throwing his future away.

If you read the article - it's an opt in feature - don't want it then don't opt in - if you can't comprehend that then unplug your router and throw it in the bin 'cause your not fit to go on the internet.

With it being on the network it's device independent so Timmy's iPad 2 can't get on Facebook either..

</Rant>

1
2
Alert

It is not opt in

You cannot opt in to the surveillance. Everyone using a TalkTalk connection will be monitored regardless of their wishes.

You can opt into alerts. But those alerts won't protect you or your child against all malware, nor malware delivered by SSL or any other protocol such as P2P or FTP. Nor will those alerts protect little Timmy from bullying, or grooming.

So sadly, no one can 'opt out' of parental supervision. Which negates the whole justification for this scam.

Which is why this is an utterly false proposition, as well as an illegal one.

1
1
Stop

Anonymous Coward <Rant>, its using DPI, stop and think

Anonymous Coward

<Rant>

what part of "Deep packet Interception" as per all these ISP installed devices dont you get ?

by the very definition and design of DPI , it Must intercept all incoming packets, ,store them (in ram etc), and then process them to determine what to then do with this 'derivative work' output data, there's a law or two that covers this you know.

at no point has any DPI vendor shown a real life valid workable diverting network for opt in where you do not go through this DPI interception if you are not opted in to this service.

every 3rd party DPI investigation to date (Phorm etc ) has shown that the watch word as regards all DPI kit sold today is "intercepted until proven otherwise" i dont see any real data here or elsewhere that changes that general view that this DPI interception is not taking place no matter what your opt-in status is.

1
0
Big Brother

A Phorm by any other name...

Would stink as sweet.

TalkTalk => Huawei => Phorm

as indicated above.

1
0
FAIL

Who cares?

You should all care because the UK government appears to be working hard to introduce a centralised monitoring and surveillance system that negates the need for ISP's to self regulate.

Just look at the evidence - Digital Economy Act, Ed Vaisey and Claire Perry MP's and their interest and push for ISP's to block at network level anything that "they" deem unsuitable for you.

And how easy is it to avoid systems like the one we are discussing in this thread? Very, which makes the use and implementation of it questionable.

Don't be fooled kiddies this is simply another step towards state controlled monitoring and subsequent action taken on your percieved unsuitable use of the Internet. One could argue that it is also funded in part by strong media and rights holder lobbying.

3
0
Coat

I care, honestly!

But we all sort of guessed the UK Gov would be listening anyway? If they are interested they must be even more bored than me. I got a tinfoil hat in that coat if you want it;

0
1
This topic is closed for new posts.