Broadband provider TalkTalk has been caught monitoring and recording its customers’ online activity without their consent.
The situation first came to light when a TalkTalk customer noticed two “guest” IP addresses appearing in his web server logs, and brought the issue up on the ISPs discussion forum. Several other users discovered they were being tracked by the same IPs, prompting a fierce privacy debate among TalkTalk customers.
“We are developing some really exciting new security and parental control services, which will be based deep within our network infrastructure, to provide our customers with greater protection for all the devices they connect to their broadband line with,” said TalkTalk in a statement. “We’ve had considerable feedback from customers that PC-based software only deals with part of the wider security problem facing today’s Internet users, so we’ve developed these new services to help improve our customers online experience with us.”
Customers are currently not able to opt out of TalkTalk’s data collection project. As they browse the web, URLs are recorded and checked against a blacklist of sites known to be infected with malware, as well as a “whitelist” of sites that have been scanned for threats and approved in the last 24 hours.
Many people participating in the discussion on TalkTalk’s forum have likened the situation to BT’s secret trials of Phorm technology, which pledged to offer a similar filtering system alongside its controversial behavioural advertising service.
BT was forced to drop the technology in July last year, following a mass public outcry and threats from the European Commission that it would take legal action against the UK government over its failure to protect users from the software.
“Technologies like internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules. These rules are there to protect the privacy of citizens and must be rigorously enforced by all Member States,” said former EU telecoms commissioner Viviane Reding at the time.
Virgin Media faced similar outrage from privacy campaigners in November 2009, when it was found to be trialling new technology from Detica that would allow it to monitor file-sharing over the Internet. The trials were in response to a clause in the Digital Economy Bill – now the Digital Economy Act – which requires ISPs to combat illegal file-sharing over their networks.
Despite the obvious privacy implications of this type of software, TalkTalk defended its decision to work with Huawei, claiming that its new system effectively just gathers an anonymous list of public website addresses.
“Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers,” it said.
Ironically, TalkTalk has recently become known as a champion of online privacy. Earlier this month, BT and TalkTalk called for a judicial review of the Digital Economy Act by the High Court, claiming that the measures to curb online copyright infringement did not receive sufficient scrutiny when the bill was passing through Parliament.
“Innocent broadband customers will suffer and citizens will have their privacy invaded,” said TalkTalk Group chairman Charles Dunstone at the time. “We think the previous government’s rushed approach resulted in flawed legislation.”
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…
View Comments
It is illegal, just like Phorm's BT Webwise was. My URL data is part of my private communication. They have no legal right to use it whatsoever, not without a warrant making them do it. My URL may have sensitive data like my date of birth or user ID embedded into it. They are not allowed to process it at all, not without my informed consent.
Stop the STalking TalkTalk!!
From my website logs the URLs being used contain data which could allow Talktalk to access websites as if they the original authorised person. Attempts have been made here to access user's Private Message inboxes.
There is also the question of using a website owner's copyright material for the commercial gain of Talktalk.
The Stalkstalk system has also disobeyed robots.txt and tried to access Private areas of the website.