TalkTalk is going ahead with tests of a network-based anti-malware service which logs all the URLs visited by its customers, despite fears that it will breach users’ privacy.
The Virus Alerts service, which TalkTalk tested in secret until users uncovered the project in July, records all web addresses visited by TalkTalk customers and can warn users who are visiting a site known to contain malware. Users complained in July that it was tested on them without their consent, and compared it to the notorious Phorm service, with which BT intended to target adverts based on user activity.
A FAQ on the new service argues that network-based anti-malware is better than that installed on individual PCs, because it allows the ISP to protect other Internet devices in a home as well as PCs, covering “the whole connected home”.
“We now expect to be able to commence trials for a limited number of customers who have agreed to test our anti-malware system in the next few weeks,” said Dorsman. “This system will warn customers who opt into the service about sites they try to access, which we know to be infected with viruses or other malicious software.”
ThoughVirus Alerts, provided by Chinese network company Huawei, tracks all the sites visited by TalkTalk customers, Dorsman said “the system simply records the destination website URLs; it does not record who sends the request or other personal data with the URL.”
On a different front, TalkTalk is championing user privacy, in opposing the Digital Economy Act, which would require it to monitor users’ downloads and issue warnings to people sharing copyright material. BThis month, BT and TalkTalk won a judicial review of the Digital Economy Act
US widening lead over China on AI development, as UK places third in Stanford index…
Amazon to invest a further $4bn into AI start-up Anthropic, doubling its investment as it…
The demand for tech skills is surging, driving economic growth but revealing challenges. Financial costs,…
US Supreme Court tosses Meta's appeal over Cambridge Analytica-linked investor lawsuit, meaning case must proceed
Uber reportedly seeks $10m stake in Chinese autonomous driving firm Pony AI via US IPO,…
iPhone maker reportedly developing next-generation AI large language model for Siri for spring 2026 as…
View Comments
Google already do this. If you select block reported attack sites, every site you go to is compared with their attack site list.
The big difference here is that TalkTalk keep a log of the URLs, rather than just checking if they're okay or not.
If they ditched the logging part, and kept the service opt-in, there would be no controversy.
But what if I want malware on my PC?
Sometimes, visiting known malware sites is a fantastic way to test security software on virtual PCs.
Mind you, you'd have to be a fool to use TalkTalk anyway, so maybe this "protection" is a good thing.
Jon, there is a huge difference between what Google is doing and talk talk, Google is an opt in service, much like installing protection on your computer by choice, whereas Talk Talk were doing it by stealth. Saying that, shouldnt ISPs have a duty to protect users from malicious attacks before they reach your home a bit like crime protection/police. Although as individuals there is things we should do to protect our homes like locking doors, not leaving valuables on display etc, but have a responsibilty to try and prevent the crime in the first place.
It really is typical of the arrogant behaviour of these companies. Having run covert trials, as Phorm did, and being found out, as Phorm was, they are back-pedalling to a degree but we are still seeing the same worthless PR spin.
For example claims about the system being opt-in. Well, while that may be the case for the 'protection' side of things, and as others have suggested such functions are available from any other number of sources, it is opt-nothing for the scanning side of things.
The system uses Deep Packet Inspection to extract URLs from the users Communications Data. Note that is Communications Data not Routing Data. No matter how much TalkTalk try to weasel their way past it this represents an Interception of Communications and therefore should and must be subject to RIPA. The DPI is performed without asking for or gaining consent on every customer. TalkTalk have stated as much.
The equipment is supplied by Huawei,
http://www.huawei.com/products/datacomm/catalog.do?id=3576
http://www.huawei.com/products/datacomm/catalog.do?id=3596
http://www.huawei.com/products/datacomm/catalog.do?id=3597
First link is the family, second link is the GreenNet solution as implemented by TalkTalk.
The third link, if you wish to be surprised, is Phorms DPI based BTA system. Don't forget TalkTalk were tightly linked to that previous controversy.
Elsewhere there has been a Parliamentary Debate about filtering Pornography by ISPs. If you read the GreenNet brochure you will see that this is one of the possible functions of the system. It has also been highlighted by TalkTalk, as parental controls as an 'exciting' new feature they will be introducing next year.
http://www.publications.parliament.uk/pa/cm201011/cmhansrd/cm101123/debtext/101123-0003.htm
Under, Internet Pornography. Be amazed at the timing of this and the timing of the debate. Often discussed and asked for but now 'we' or rather TalkTalk/Huawei, as discussed in the above debate, have the technology available to do it.
We've just had what is effectively another White Wash from the ICO who are allowing the 'Virus Protection' to go ahead, under advisement. We have the 'botched' public consultation on RIPA from the Home Office and now MPs are debating internet filtering.
It's all coming together nicely for one collectively large White Wash. TalkTalk will get their way and the next thing you know Phorm will be in the back door again along with the IMP. You can kiss off any expectation you may have had about on-line privacy and get used to the next level of the surveillance state.
GreenNet is GreenDamn..
http://en.wikipedia.org/wiki/Green_Dam_Youth_Escort
Actually their method seems to be to simply strip the url of any querystring and invoke the page without the querystring data. Since malware usually gets onto a page via SQL injection into the database text fields, I don't see how stripping the querystring will allow them to spot any virus since the querystring is often used to determine what data to retrieve from the database.
In fact, they are just generating errors in the web sites they are 'checking' as the page expecting the querystring data receives none. I know that this is the case as I have some code that emails me when an error occurs, with the details, so that I can fix bugs. All I'm getting at the moment is talk-talk virus alert induced errors due to querystring removal.