back to article ICO chides TalkTalk over sneaky StalkStalk trials

Christopher Graham, the Information Commissioner, has rebuked TalkTalk for following its 4.2 million customers around the web without telling them. He also told the firm he was disappointed it kept the trials of its forthcoming anti-malware system quiet at a recent meeting, citing the controversy when BT's similarly …

COMMENTS

This topic is closed for new posts.
  1. TimNevins
    Thumb Down

    When will people realise

    .. that Industry Watchdogs are actually watchdogs for the Industry and *not* the public(who fund the watchdogs).

    All of them OfCom,OfGen etc are all in on the racket.

    Search TheRegister for "ofcom' to find plenty of previous cases where the dog rolled over and played dead.

    The word 'Watch' being key since they never serve the public but instead offer an occasional 'rebuke' to show they are on your side.

    BT and Talk Talk should be up on RIPA charges and executives in the dock to face charges of unlawful interception. Add the charges of labelling ISP plans as "Unlimited" to that as well

  2. Jonathan 17

    I'll send them a stern letter

    After they saw what happened to BT/Phorm (namely, precisely nothing except customer disappointment) they knew they could do whatever they liked so long as they kept mum about it.

    ICO - the toothless wonder. Maybe someone will throw it a bone?

  3. Hatari
    FAIL

    Some URLs are identifiable

    As the Stalker does not access the sites instantly, perhaps the ICO might like to ask Stalkstalk, where they store the information collected from the Stalkstalk’s customers and as those URLs contain information identifiable to an individual, how do they justify that data processing without permission.

    Also perhaps the ICO could get Stalkstalk to explain how I can identify the Stalkstalk customer the URL was used by, from some of the URLs. The URLs contain information specific-to-specific users of my site.

  4. Tin Foil Hat
    Coat

    How long

    How long will it be, until this fancy "monitoring" service changes into a fancy ad replacement service? Replacing ads supplied by the site I visit with ads based on the profile my ISP has made? All done in the name of safety, of course.

    There is a lot of money in ads and I am sure ISP's would love a fat slice of it.

  5. SImon Hobson Bronze badge
    FAIL

    Not only that ...

    As Hatari points out, URLs often contain information that can directly or indirectly identify individuals. Also, TalkTalk admit that they visit the site using the same URL and analyse what they get back - which means they download and analyse pages that may well contain private information.

    The interesting thing would be to know how they avoid problems caused by visiting URLs that "do something". At the very least it's going to distort traffic logs, at the other extreme it may well result in actions being performed twice with unpredictable results.

  6. SilverWave
    FAIL

    Wow they have rally stepped in it here.

    Phorm2 from TalkTalk

  7. Pirate Peter
    Unhappy

    look at the huawei system

    if you read up on the system supplied by huawie to talk talk it has the capability to "CATEGORISE" the pages it visits

    as this will be a free service to STALK STALK (sorry talk talk) customers i will leave it to those on here to work out where talk talk is going to recoup the costs from, as they will not put a system like this in at a loss just to provide a nice service to their customers ??

  8. Anonymous Coward
    Grenade

    The Black Helicopters aren't circling...

    ISP are allowed to lawfully intercept communications without a warrant if "it takes place for purposes connected with the provision or operation of that service or with the enforcement, in relation to that service, of any enactment relating to the use of postal services or telecommunications services."

    See Section 3(3) of RIPA - http://www.legislation.gov.uk/ukpga/2000/23/section/3

    This is how they can check your e-mails for malware and spam, along with protecting their network, service and revenues in other ways. Preventing your machine from being infected via bad website content and joining a DDoS botnet is likely equally covered under this exemption to RIPA.

  9. John Smith 19 Gold badge
    Flame

    Developed in china.

    The home of global privacy invading ^H ^H^H^H^H^H^H^H protecting technology.

  10. David 45

    Rebuke? Wow, what a deterrent.

    Naughty boy - take a smack on the wrist. Much better than an expensive police investigation, possible prosecution and sentencing to a few years in clink (if found guilty, of course).

  11. John Smith 19 Gold badge
    Thumb Down

    No opt out either. Much like Phorm. Time for those ISP recommendations for TT users

    Again.

  12. Alan Brown Silver badge

    StalkStalk

    What I have to wonder about is how StalkStalk believes their system will remain secure, given they can't even configure reverse DNS for their users.

    I'll believe the ICO is effective when I see them take some action.

  13. RobotHead
    Stop

    ermmmm....

    what about URLs that contain form data? surely thats personal info?

  14. John Smith 19 Gold badge
    Happy

    slightly OT. Phorm at 52 week low

    http://www.iii.co.uk/investment/detail?type=chart&display=chart&code=cotn%3APHRM.L&it=le&timeframe=3m&index=&versus=&linetype=line&Go=Plot+&overlay=&overlay2=&overlay3=&overlay4=&indicator=&indicator2=&indicator3=&indicator4=&chartwidth=500

    Lists them at 80p and falling.

    It looks like there has never been a better time to short them. A modest (say) 5% profit for tying up some cash for a few weeks?

    Meanwhile they have chewed through >$110m in 4 years.

    Phorm does what it does because people coughed up *lots* of cash to help them do it. They will stop when investors get tired of their BS and find their investments rapidly disappear and their shares get turned into cash by others selling them out.

  15. Steve Beesley

    Not following me?

    When I visit my own site which logs every page load (including by web bots), I do not see anybody following me around (i.e. the pages are not revisited by anyone afterwards).

    Maybe it's just certain sites they check, or only ones they have not previously looked at?

    For reference, unfortunately got lumbered with a talk talk contract when I moved house, only a few months to go before I can ditch them forever - have had nothing but problems with them.

    1. John Smith 19 Gold badge
      Happy

      @Steve Beesley

      I think the article makes clear the system checks if it has visited a URL within the *previous* 24 hours against its black and white lists. If so (its on the white list) it should *not* follow you.

      So it depends if you started logging who was following you as soon as you heard about it, how often *you* visit you sites and (equally) importantly how often *other* TT customers visit it.

      Check your logs and you might well find a regular visit to your sites. what they are actually looking at on your site is another matter.

      As for how effective this whole scheme is well if a site is infected right after the last scan TT customers get a whole day (at least) to be infected before it warns them off. How many TT customers have no effective AV and would feel "secure" with this system is an excercise for someone else.

This topic is closed for new posts.

Other stories you might like