Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK ISP TalkTalk Caught Monitoring Its Customers

kdawson posted more than 3 years ago | from the shades-of-phorm dept.

Privacy 139

An anonymous reader writes "The UK ISP TalkTalk has been caught using a form of Deep Packet Inspection technology to monitor and record the websites that its customers visit, without getting their explicit consent. The system, which is not yet fully in place, ultimately aims to help block malware websites by comparing the URL that a person visits against a list of good and bad sites. Bad sites will then be restricted. TalkTalk claims that its method is totally anonymous and that the only people with visibility of the URL database itself are Chinese firm Huawei, which will no doubt help everybody to feel a lot better (apply sarc mark here) about potentially having their privacy invaded."

cancel ×

139 comments

Twas ever thus (5, Insightful)

benbean (8595) | more than 3 years ago | (#33041820)

Doesn't really sound any different to what the search companies store. Sans encryption, nothing you do on the Internet is private. Caveat Browsor. Or, erm, something.

Re:Twas ever thus (3, Informative)

zaax (637433) | more than 3 years ago | (#33041834)

In the UK it is illegal to monitor a person priate converstaion on the phone, unless you have a judges authority. Also it's against Human Rights. Maybe Talk-Talk customsers should report them to the police.

Re:Twas ever thus (4, Informative)

mistralol (987952) | more than 3 years ago | (#33041864)

Actually in UK law the digital economy act practically requires by law that isp's are to monitor their users and notify certain bodies of any possible illegal activity. TalkTalk and BT are the only people attempting to stand up to this. I guess TalkTalk are a little more two faced than we thought.

Re:Twas ever thus (1)

Chrisq (894406) | more than 3 years ago | (#33041896)

Actually in UK law the digital economy act practically requires by law that isp's are to monitor their users and notify certain bodies of any possible illegal activity. TalkTalk and BT are the only people attempting to stand up to this. I guess TalkTalk are a little more two faced than we thought.

No they won't report it to the UK government. Only the Chinese!

Re:Twas ever thus (1)

HungryHobo (1314109) | more than 3 years ago | (#33044896)

"by comparing the URL that a person visits against a list of good and bad sites"

If their aim is to just block bad sites why would they have to log anything at all?
Just re-direct all traffic to bad IP's to /dev/null.

Re:Twas ever thus (1)

Chrisq (894406) | more than 3 years ago | (#33045052)

"by comparing the URL that a person visits against a list of good and bad sites"

If their aim is to just block bad sites why would they have to log anything at all? Just re-direct all traffic to bad IP's to /dev/null.

Playing the devil's advocate, if you found that someone visited known "bad" sites then looking at other sites they visited would probably be a good way to discover other "bad" sites.

Re:Twas ever thus (0)

Anonymous Coward | more than 3 years ago | (#33041970)

Eh? Not really, nowhere even near it.
I'm not defending this at all because if i wanted restricted access to the web, i'd opt-in, but this is nowhere near spying on users for the sake of spying.

As for monitoring users for illegal activity, well, that is entirely fine.
If people are DDoSing, sending viruses, uploading illegal material and so on, then they should be watched and caught.
Every single phone call everyone makes is monitored to some extent in most places, so why the hell should it be different here? The processes are automated.
This is basically the same sort of idiotic crowd who cried over things like Gmails Ad system, "OH NOES, IT READS MY PERSONAL PRIVATE E-MAILS, THAT MUST MEAN THAT EVERYONE KNOWS ABOUT MY FETISH FOR FURRY BEAR TEDDIES"

However, i will admit that it was a bit dickish of them to do it without permission.

Re:Twas ever thus (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33042332)

As for monitoring users for illegal activity, well, that is entirely fine.

No it's not. What is illegal and what is not, is more and more defined by corrupt politicians and lobby groups.

Re:Twas ever thus (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#33042024)

Doublethink is all the rage on airstrip one, I hear...

Re:Twas ever thus (3, Informative)

somersault (912633) | more than 3 years ago | (#33042426)

How is them trying to warn users they area about to visit a malicious site anything like recording activity for the purposes of relaying to the government? There is nothing two faced about this, it is good for the customer.

This is just the usual BS sensationalism. According to TFA, the data being recorded is anonymous:

Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers. We are not interested in who has visited which site - we are simply scanning a list of sites which our customers, as a whole internet community, have visited. What we are interested in is making the web a safer place for all our customers.

This is the type of thing we should be encouraging rather than discouraging, if it reduces the number of idiots infecting their machines, which it will slightly. I think the ISP should enable this type of warning by default, with the option to opt out for those who actually want the very slight improvement in latency.

Re:Twas ever thus (1)

IBBoard (1128019) | more than 3 years ago | (#33042580)

I agree that it is good in the way that TalkTalk present it, but I'd always be dubious about a) a company's real intentions and b) how they could change it in future so that what it does now isn't quite what it will do then.

Overall, most of the population probably need this kind of help, since they're not familiar enough with what can happen and assume that the web is fairly safe. In reality, there are a good number of things that could go wrong depending on how anonymised, automated and separate their system is and remains from everything else.

Re:Twas ever thus (4, Insightful)

h4rm0ny (722443) | more than 3 years ago | (#33042230)


They should indeed report them. It was not "ever thus" and quite demonstrably so because we've only had mass electronic communication relatively recently and in a form that is easy for third-parties to record en masse for substantially less time than that.

Each time a new frontier opens in the eternal war between the rulers and the ruled, a land-grab ensues where governments and corporations try to make the public accept something as inevitable or right whilst at the same time the public realizes just because they've allowed the government to make them do something in other areas, that doesn't mean it was right.

It's vitally important at times like this to defend our rights as forcefully as possible. We did a lot of damage to Phorm when this was tried previously. In fact, Phorm turned into a ugly business black hole that no-one wanted to touch, with a reputation as down the toilet as SCO and I pity the people associated with it (except I don't). Clearly someone hasn't learned their lesson and we need to burn down a few more companies before we finally establish our right to privacy.

So let's make them regret this.

Re:Twas ever thus (0, Troll)

somersault (912633) | more than 3 years ago | (#33042494)

How about reading TFA? This is not an invasion of privacy at all. It doesn't record any personal data. It is in fact a great thing to do when 99.9% your customers are complete noobs.

Re:Twas ever thus (1)

XSpud (801834) | more than 3 years ago | (#33043590)

How about reading TFA? This is not an invasion of privacy at all. It doesn't record any personal data.

If they have access to URLs they have access to anything sent via a GET HTTP request. Are you suggesting that there aren't any websites that collect personal data via GET requests?

Re:Twas ever thus (1)

somersault (912633) | more than 3 years ago | (#33044840)

Oh noes! Wait a second, your ISP already has access to everything you do online, as well as your real life name, address, bank account number, etc. Why would you suddenly start caring about them having access to that which they already have access to? If they really wanted to do something nefarious with this information, they could.

If you are actually submitting "personal data" that you don't want other people to see or record outside of an encrypted connection, you're an idiot.

Re:Twas ever thus (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33043972)

How about reading TFA? This is not an invasion of privacy at all.

Whether something is an invasion of privacy is the decision of the person potentially having their privacy invaded, not your decision, and most definitely not someone who will profit from invading privacy.

If I publicise my web browsing habits, people looking at the data are not invading my privacy. If I want to keep that info private, then those looking at that data are invading my privacy.

Given that most customers will never know about this monitoring, or will take TalkTalk's (marketing department's) representation of how it works as the truth, it is definitely a privacy invasion.

It doesn't record any personal data.

Yeah, they claim. Do you have access to the systems doing the monitoring and so actually know that?

I would wager that the difference between not recording and recording is one bit.

There is also a discussion linked from the comments on TFA where someone's private test site was being crawled by TalkTalk. The guy hadn't publicised the address, just visited it over his TalkTalk connection. So for them to do the crawling, they must be recording what URLs are being visited by users, and feeding that into their crawling system.

Do you work for TalkTalk or something? Why are you bullshitting so much?

It is in fact a great thing to do when 99.9% your customers are complete noobs.

That's probably the case for most ISPs, and even more so for the cheap ones like TalkTalk. But at the end of the day, TT are just exploiting those people, just like AV vendors do. They promise the world, will not deliver it, then hide behind terms and conditions, EULAs and the like. And all along, the customers do not learn anything at all about safe or sensible internet use because their ISP has told them they are safe.

Re:Twas ever thus (1)

somersault (912633) | more than 3 years ago | (#33044944)

Do you work for TalkTalk or something? Why are you bullshitting so much?

Actually if you look at my comment history you'll see that I do this kind of thing regularly on Slashdot, because people are always sensationalising and bullshitting themselves without actually reading TFA or thinking.

As you point out they probably are already recording sites that have been visited etc. But when they want to do something that could actually be beneficial to the world, you complain.

Yes, I don't think this will make things 100% secure, but it will help make them more secure. It would be similar to AV if they'd given the option to opt in or out.

Yeah, they claim. Do you have access to the systems doing the monitoring and so actually know that?

All we have is their claims, dumbass. All we ever have from any company is claims, unless they're audited. They could be recording everything already without your knowledge. This is a system that clearly will be known about by the public though, they're not trying to hide it if it's actually displaying messages to people that the site they are visiting is "potentially harmful" type thing. Gah, it's so frustrating how retarded you guys are sometimes.

Re:Twas ever thus (1)

smallfries (601545) | more than 3 years ago | (#33042788)

In the UK it is illegal to monitor a person priate converstaion on the phone ... Talk-Talk customsers should report them to the police.

Is that because TalkTalk are recording telephone calls as well? Or perhaps you are suggesting that TalkTalk should be reported for this because there are lots of other unrelated things that they are not doing? Murder would be pretty high up the list I guess, drug running, terrorism....

Re:Twas ever thus (1)

bersl2 (689221) | more than 3 years ago | (#33041852)

Probably better (and more general) to go with caveat usor, "let the user beware".

Re:Twas ever thus (1)

benbean (8595) | more than 3 years ago | (#33041866)

Yeah, that works. :-)

Re:Twas ever thus (2, Insightful)

noidentity (188756) | more than 3 years ago | (#33041994)

How about just using English in the first place?

Re:Twas ever thus (3, Funny)

Anonymous Coward | more than 3 years ago | (#33042134)

Because Latin keeps the proles out

Re:Twas ever thus (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33042642)

We speak American here(!)

The difference should be obvious (3, Insightful)

SmallFurryCreature (593017) | more than 3 years ago | (#33041904)

My ISP is often a matter of little choice, if I want to access the internet, I MUST go through an ISP.

I never ever have to go to google or any other domain. It is trivial to avoid any domain I wish, just put it in hosts file with local ip.

Especially since Google doesn't know my personal details. My ISP does.

Re:The difference should be obvious (5, Informative)

MoonBuggy (611105) | more than 3 years ago | (#33042076)

One thing to add, which you may not have realised if you're not a UK user, is that it is absolutely possible for people to vote with their wallets in this case. Unlike the situation as I understand it in the US, we have a fairly good choice of DSL ISPs.

If a person is using TalkTalk, it means they have a BT (physical) phone line, although it may not be currently connected to BT equipment at the exchange. Since BT has long been required to open up their government-provided-monopoly infrastructure to others, it means that there will be a wide choice of ISPs and switching is relatively straightforward.

Also, on a purely personal note, this allows me a brilliant concrete example of why I advise people to pay a little more for a straightforward, unadulterated connection from Be [bethere.co.uk] or UKFSN [ukfsn.org] 's LLU service (no affiliation with either other than as a satisfied customer) and support those ISPs who don't pull crap like this.

Re:The difference should be obvious (1)

somersault (912633) | more than 3 years ago | (#33042526)

That's fine for geeks who actually take care of their computer, but I welcome moves like this by ISPs to actually make an attempt to stop the proliferation of malware and botnets on machines where the user is clueless. This service is like the "immunise" option in Spybot: S&D, but you don't need to clog up your hosts file or update it every few weeks.

For users that want a direct connection for whatever reason then yes I think voting with the wallet is a good option. I have been saying above that TalkTalk should let users opt out, but if they do I hope they really don't make it a big button that's easy for people to click on, otherwise everyone will disable it and we'll be back to square one.

Re:The difference should be obvious (1)

Shakrai (717556) | more than 3 years ago | (#33043974)

but I welcome moves like this by ISPs to actually make an attempt to stop the proliferation of malware and botnets on machines where the user is clueless

Why do they have to log the websites you visit to block malware? It seems to me that they could just allow or deny the websites based on their database without keeping a record of them.

Re:The difference should be obvious (1)

somersault (912633) | more than 3 years ago | (#33044974)

Yeah I think that's a bit silly, though they might just want usage statistics like how many dodgy/valid/unknown sites people try to visit per month to be able to judge whether it's worth having the filter in place at all.

Re:The difference should be obvious (1)

Xest (935314) | more than 3 years ago | (#33042782)

"Especially since Google doesn't know my personal details."

That's what you think ;)

Re:The difference should be obvious (1)

mcgrew (92797) | more than 3 years ago | (#33044890)

if I want to access the internet, I MUST go through an ISP.

That's true, but it shouldn't be. When are we going to start growing a mesh network that doesn't depend on ISPs? Almost everywhere I go there are several wifi hotspots, and they're almost always private and protected. We should be able to give access to the internet without giving access to our whole computer or data we are transferring ourselves.

Sometimes I miss the old BBSes.

Re:Twas ever thus (2, Insightful)

smallfries (601545) | more than 3 years ago | (#33041924)

Sans encryption, nothing you do on the Internet is private

Very true, and yet within ten minutes there will still be several hundred posts in this story decrying the evil wiretappers of the man and how this is breach of basic civil liberties.

So here is a question (and it's only half devil's advocate) :
If you send your data to a private company who has not signed any kind of contract to say that they will keep the data private: why wouldn't they look at it?

Re:Twas ever thus (5, Informative)

MoonBuggy (611105) | more than 3 years ago | (#33042252)

Firstly, in the UK, the data protection act [ico.gov.uk] comes into play, especially considering the level of insight that browsing info can give about many of the items listed on the "Sensitive personal data" list.

Secondly, wiretapping legislation specifically forbids monitoring of telephone communications except in specific circumstances, whether they are encrypted or not. It's hardly a stretch to apply the same logic to internet communication.

Re:Twas ever thus (2, Interesting)

smallfries (601545) | more than 3 years ago | (#33042362)

That's a very cool site, best description of the data protection act that I've read. It still leaves me wondering how the DPI that TalkTalk performed would breach it though. If they pass URLs to a third party without anyway to lookup who requested each URL then it doesn't count as personal data under the act. I also see that any personal data they did pass on would have been legal as long as it was correct and TalkTalk actually told people what they were doing (not that they did).

Why would wiretapping legislation be relevant? It wouldn't be a great stretch if this were some third-party breaking into the line between TalkTalk and its customers, but it is not. This is the ISP looking at the data that it has been sent - that is a huge stretch of wiretapping legislation and it is not clear that it would apply at all.

Re:Twas ever thus (1)

MoonBuggy (611105) | more than 3 years ago | (#33042750)

For the data protection part, I was working on the assumption that they were treating it in a similar manner to that search data that AOL released a few years back (i.e. clustered by user but without a name attached), from which it was straightforward in many cases to extrapolate personal details. The act applies to "data which relate to a living individual who can be identified from those data". Anyway, it seems that I may have been mistaken there, so perhaps it doesn't apply.

In terms of wiretapping, I was considering the ISP to be an intermediate link between the user and the server. In the same way that I can reasonably expect the phone company not to eavesdrop on my calls to other businesses or individuals (at least without my consent), I expect my ISP not to eavesdrop on the contents of my packets while routing them to their destination.

Re:Twas ever thus (1)

smallfries (601545) | more than 3 years ago | (#33042868)

I only actually read the article after I replied to you but from the description it does look like just a list of URLs that is being passed over so it probably wouldn't be personal data. There are some corner cases though and TalkTalk have just opened up a huge can of worms as URLs can and do include things like user names.

Expectations of privacy seem to differ wildy. I don't consider myself to be paranoid but I assume that any data being routed across a network can (and will be) freely inspected by any intermediate point. I've always thought of privacy as something that the user has to supply on-top (ie SSL or VPN depending on what should be private).

In this case the information being extracted by "DPI" is the URL of http connections. Hardly an invasion of privacy - it's something that transparant proxies have been doing for years without provoking this kind of reaction. When you expect your ISP not to eavesdrop on your packets, would you really include URLs in your private data?

Re:Twas ever thus (2, Insightful)

Yer Mom (78107) | more than 3 years ago | (#33042790)

If they pass URLs to a third party without anyway to lookup who requested each URL then it doesn't count as personal data under the act.

http://www.example.com/account.php?e=myaddress@example.net. Bang. Personal data right there.

Unless they have a way that can guarantee email addresses, account numbers etc are stripped out of the URL, of course...

Re:Twas ever thus (1)

IBBoard (1128019) | more than 3 years ago | (#33043118)

a) I'd be concerned about that site and avoid using it anyway, b) that site would be making it a lot easier for you to hack it and c) who is to say that the email address (or thing that looks like an email address) in a URL is related to the URL fetcher? Who's to say it is even real?

Re:Twas ever thus (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#33042402)

If you send your data to a private company who has not signed any kind of contract to say that they will keep the data private: why wouldn't they look at it?

Did your phone company sign a contract that says they won't listen to your phone calls?

Re:Twas ever thus (1)

smallfries (601545) | more than 3 years ago | (#33042712)

A more appropriate comparison would be "did your phone company sign a contract not to look at the numbers that you call" given that we are talking about URLs here.

Re:Twas ever thus (1)

IBBoard (1128019) | more than 3 years ago | (#33043088)

Except that most phone numbers can't be looked up in slow-time to find out the content that the caller probably saw. It'd be more like "did your phone company sign a contract not to look at the new replacement they have for phone numbers where you dial a number followed by a descriptive string that may or may not give them access to a perfect transcript of what was told to you" (since they'll only get the fetches, not the posts).

Re:Twas ever thus (0)

Anonymous Coward | more than 3 years ago | (#33042622)

So am I evil for collecting Netflow statistics?

-zomg I know what IPs your IP went too! better run, scream, and hide!-

Re:Twas ever thus (2, Insightful)

renoX (11677) | more than 3 years ago | (#33042486)

> Sans encryption, nothing you do on the Internet is private.

Even with encryption, your ISP can log every IP address you access, I would hardly call this a private activity!

So I would correct: nothing you do on the Internet is private, only semi-private with encryption, except if you are using either
  1) encryption + TOR or
  2) steganography.
And (1) is quite easy to detect for your ISP, so you would be "noticed": in some country this could be dangerous..
So the only really private communication you can have on the Internet is (2)..

Re:Twas ever thus (1)

makomk (752139) | more than 3 years ago | (#33042714)

This actually has some nasty security implications, as it happens. If you visit a non-public part of a website that has a hard-to-guess URL, normally there's no easy way for potential attackers to know. However, if you do it from a Talk Talk broadband connection, now both TalkTalk and Huawei (which is owned by the Chinese government) know it's there, and anyone with access to this information can try and find security vulnerabilities in it which they'd otherwise have difficulty exploiting.

Also, I can confirm from my own website logs that TalkTalk have indeed been doing this. There's accesses from the IPs in question 62.24.222.131 and 62.24.222.132 to pages on my website immediately after I accessed them myself, including to the Wordpress admin panel URL.

Re:Twas ever thus (2, Interesting)

makomk (752139) | more than 3 years ago | (#33042848)

Actually, thinking a bit more, it's worse than that. If you know the URL of a Facebook image, even a private one, you can view the image (there's no access protection on static content like image files) and you can link it back to the Facebook account of the person who posted it. Unless someone's taken special care, this information is very likely to be in TalkTalk's logs.

Re:Twas ever thus (1)

sgbett (739519) | more than 3 years ago | (#33043098)

(there's no access protection on static content like image files)

I never knew this. How is this not huge news? I don't know why I am surprised/dismayed/appalled.

Re:Twas ever thus (1)

TheLink (130905) | more than 3 years ago | (#33044208)

Because the ones who know of it consider it a feature? ;)

If you're relying on Facebook for decent security you're going to be disappointed.

What would be news is if a facebook image url can be derived given known public parameters.

Re:Twas ever thus (1, Informative)

Anonymous Coward | more than 3 years ago | (#33042784)

Major difference: Google is not providing details of everything its users do directly to a foreign government with a well-known interest in hacking and industrial espionage.

Ironic (1, Informative)

Anonymous Coward | more than 3 years ago | (#33041846)

Ironic this, seeing as how TalkTalk have been pushing back against almost the same things in the Digital Economy Act. Shame really the did look like they might be good guys.

Re:Ironic (5, Informative)

asdf7890 (1518587) | more than 3 years ago | (#33041978)

Ironic this, seeing as how TalkTalk have been pushing back against almost the same things in the Digital Economy Act.

They are against the act because as itis currently written it favours smaller operators, as some of its rules such as the automatic disconnection for copyright violation only apply to ISPs with at least 40,000 customers. They are not fighting the act to protect anyone's privacy, they are fighting the act because it could make their services look less competitive.

Shame really the did look like they might be good guys.

No they didn't, not if you look into their (recent) past. They were one of the big three ISPs connected to the "ex-" spyware outfit Phorm in 2008/2009 and their past sales techniques including line-slamming (using people's details gleaned from other sales activity to switch their landline provision to them without permission) and apparetnyl deliberate ignorance of the Telephone Preference List have left a lot to be desired. See http://en.wikipedia.org/wiki/TalkTalk#Data_pimping [wikipedia.org] and http://en.wikipedia.org/wiki/The_Carphone_Warehouse#Data_protection [wikipedia.org] respectively for links to more info.

Re:Ironic (1)

nukenerd (172703) | more than 3 years ago | (#33042618)

Talk Talk good guys??!! The first time I ever heard of them was several years ago when one of their salesmen phoned me to get me to switch my phone service to Talk Talk from BT.

I told him he was breaking the law by cold-calling me because I was registered with the Telephone Preference Service. He then had the nerve to lie that Talk Talk was a subsiduary of BT, and as I was a BT customer he was therefore entitled to ring me.

I did not know at the time whether his claim was true or not, but I told him to f#%k off anyway.

End-to-end encryption (5, Insightful)

Anonymous Coward | more than 3 years ago | (#33041862)

It's the only way to be sure. I know of at least one German university which also filters all external web traffic through a proxy which blocks URLs, also supposedly to reduce malware infections. The road to hell is paved with good intentions. The same technology which is installed to fight malware is also ideally suited to work as censorship infrastructure. Once it's in place, the operators will undoubtedly be confronted with the question why they only filter malware and not other "illegal" content. Once they've succumbed to that, the list of URLs to block will grow to include "unruly" opinions, videos of police, etc.

End-to-end encryption. Now.

Re:End-to-end encryption (4, Informative)

AHuxley (892839) | more than 3 years ago | (#33041880)

Yes like in Australia the "URL database" will grow and grow.
http://zfoneproject.com/ [zfoneproject.com] for all :)

Re:End-to-end encryption (2, Funny)

Dexter Herbivore (1322345) | more than 3 years ago | (#33042098)

It's the only way to be sure.

No, nuke it from orbit.. THAT'S the only way to be sure.

Re:End-to-end encryption (1)

TheVelvetFlamebait (986083) | more than 3 years ago | (#33042358)

Once they've succumbed to that, the list of URLs to block will grow to include "unruly" opinions, videos of police, etc.

Why? What kind of evidence do you have for such a ludicrous assumption?

Re:End-to-end encryption (0)

Anonymous Coward | more than 3 years ago | (#33042422)

Historic continuity. There's no reason to suspect it will be different this time than the many times before.

Re:End-to-end encryption (1)

TheVelvetFlamebait (986083) | more than 3 years ago | (#33042722)

So, do you have any examples of universities, operating in a democracy, on their own initiative, deciding to block "'unruly' opinions, videos of police, etc."?

Oh, and do we get some kind of motive, or is it just the restless spirit of history deciding to possess the living from time to time?

Re:End-to-end encryption (1)

Haeleth (414428) | more than 3 years ago | (#33042834)

There's no reason to suspect it will be different this time than the many times before.

What many times before? Please provide evidence, not assertions.

I can provide a counter-example. Many ISPs in the UK already block access to sites known to host child pornography -- remember the controversy a while back when they blocked Wikipedia? So they've been blocking one type of illegal content for a long time now, and yet somehow they have managed not to slip one single step further down the alleged slippery slope to universal censorship that the tinfoil hat brigade believes in so strongly.

Re:End-to-end encryption (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33044956)

No, some ISPs claim to block access to CP, but the group that publishes that list is not publicly accountable. Many ISPs block the content by creating fake 404 messages, rather than telling you straight up that the content has been blocked, presumably to reduce support costs, and scrutiny of the list.

So if your ISP uses the IWF list, and you see a 404 error when surfing, it could be a missing file on the server, or it could be a private entity censoring. You have no way of knowing, and if you contact your ISP they will tell you they can't check. This is a lie, because a member of BE's tech support did confirm Wikipedia was on the list with the Virgin Killer's incident.

It always makes me laugh when people attack the messenger too, "tinfoil hat brigade" indeed. And trying to dismiss the message with bitching that the slippery slope isn't steep enough. Your ignorance of history is showing. There are people who are overly paranoid, but there are far too many who are trusting of any perceived authority.

Re:End-to-end encryption (1)

somersault (912633) | more than 3 years ago | (#33042570)

Evidence matters not when living inside a tinfoil fort you are.

Data protection (3, Insightful)

rainmouse (1784278) | more than 3 years ago | (#33041910)

Isn't passing personal information out for Europe without expressed permission a breach of the Data Protection Act? Though lets face it, peoples biggest privacy concerns here are their porn viewing habits. Perhaps some porn sites should set up shop that show up in the URL history as stocks and shares or Technology News.

Anna.Techsupport032a2.jpg, Anna.Techsupport032a3.jpg

Re:Data protection (0)

Anonymous Coward | more than 3 years ago | (#33041932)

Please leave your fetish out of this.

Re:Data protection (2, Funny)

Tapewolf (1639955) | more than 3 years ago | (#33041942)

Isn't passing personal information out for Europe without expressed permission a breach of the Data Protection Act? Though lets face it, peoples biggest privacy concerns here are their porn viewing habits. Perhaps some porn sites should set up shop that show up in the URL history as stocks and shares or Technology News.

Anna.Techsupport032a2.jpg, Anna.Techsupport032a3.jpg

There was once a porn site that had a very similar URL to an ADSL comparison site, presumably for that reason. It was particularly annoying when I was trying to find the ADSL site at work...

Re:Data protection (1)

mistralol (987952) | more than 3 years ago | (#33042084)

What just like the valid uk computer hardware store http://www.overclockers.co.uk/ [overclockers.co.uk] vs the gay porn site. http://www.overcockers.co.uk/ [overcockers.co.uk] Or at least it used to be years ago when i made an accidental typo infront of my boss at the time :/ At least he did see the honest mistake and saw the funny side of it

Re:Data protection (1)

Tapewolf (1639955) | more than 3 years ago | (#33042140)

What just like the valid uk computer hardware store http://www.overclockers.co.uk/ [overclockers.co.uk] vs the gay porn site. http://www.overcockers.co.uk/ [overcockers.co.uk] Or at least it used to be years ago when i made an accidental typo infront of my boss at the time :/ At least he did see the honest mistake and saw the funny side of it

Heh. I think the site in question was adslguide.org.uk or something. The porn site was the same but with co.uk or .com or something more usual. This was about ten years ago, the site seems to have adslguide.com now, no idea if the porn site is still around.

Re:Data protection (1)

Thanshin (1188877) | more than 3 years ago | (#33042512)

There was once a porn site that had a very similar URL to an ADSL comparison site

One of the following was NSFW.

alternate.com
alternate.es

No, I won't check which one's which nor whether they're still up. :)

Re:Data protection (1)

smallfries (601545) | more than 3 years ago | (#33042754)

They both resolve to hardware comparison / shopping sites. If you see either of them as something different then you need to check your machine for trojans.

I don't see what the fuss is about... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33041926)

.. Huawei are usually the ones *buying* the stolen corporate data.

Just another reason for normal people to use encryption on everything and look suspicious for not wanting to be spied on.

Deep deep packets (1)

Wowsers (1151731) | more than 3 years ago | (#33041928)

The current UK government, despite borrowing £900bn ($1.4Trillion) and climbing, is not cutting the £10bn+ black-ops DPI upgrade of the UK telephone network, which is in conjunction with BT (who just announced increased charges to their customers and all ISP's to cover the cost). Why do you think there is such an interest in phones having IP addresses in stead of an ADC?

Re:Deep deep packets (1)

MoonBuggy (611105) | more than 3 years ago | (#33042272)

Any chance of a link? I've heard nothing about this, but I'd be interested to read more.

Re:Deep deep packets (0)

Anonymous Coward | more than 3 years ago | (#33042686)

found this link: https://nodpi.org/

Re:Deep deep packets (1)

somersault (912633) | more than 3 years ago | (#33042650)

Why do you think there is such an interest in phones having IP addresses in stead of an ADC?

Why do you think giving phones IP addresses makes them any easier to monitor than they are already?

Re:Deep deep packets (1)

ledow (319597) | more than 3 years ago | (#33042898)

Link to anything, ANYTHING that actually backs up any of these wild assertions, please. I'm British, £10bn is a lot of money, and I think you're talking bullshit.

There are upgrades to the BT network. About f***ing time. We're only about 40 years behind the rest of the world in terms of telephone infrastructure.

These upgrades have led to a rise in cost (but only for BT at the moment - other places aren't passing them on, e.g. completely independent phone companies that you are utterly free to use, or set up yourself, oh, and my old ISP is part of BT and actually just LOWERED all my prices for the same package - strange that given that BT infrastructure is used to connect *most* ADSL/phone line customers). Everything BT does leads to a rise in cost. Stupidity costs money, BT is full of that (ex-government monopolies tend to suffer from that), and telephone networks are getting more and more expensive to build and run (ADSL, ADSL2, fibre to the home, fibre to the cabinet, loss of virtually all payphone income, an unpopular mobile arm used only by traffic-heavy users due to exclusive iPhone deals, 12% of houses having NO LANDLINES AT ALL any more etc.etc.etc.).

And £10bn is £357 for every phone line that BT manages in the UK - again, I call crap. BT already has the capability to intercept any phone line at will, on demand, with due legal process, and it costs NOTHING more than they already pay, whether they are analog, VoIP or anything else. IP phones are no easier or harder to intercept than traditional ones. Not since the days of gold-plated contacts, rotary pulse diallers and line-powered telephones has there NOT been an ADC or several dozen of them along the way, or the phone calls not passing straight through BT-owned hardware capable of sniffing anything it likes - BT's infrastructure from the cabinet to the exchange and to the receiving cabinet is virtually all digital and tappable and has been for decades - how do you think they know what number you dialled - all you did was put a DTMF tone down a copper line and it read it, interpreted it, formed paths, connected both ends, etc.

Then you have the question of the sheer amount of traffic such capabilities would generate, whether it's possible to analyse the traffic for any purpose whatsoever, useful or not, (given that 3 out of 10 times the best voice recognition algorithms, straight out of PhD's papers, on the planet can't work out what I'm saying from a very limited vocabulary and I don't even have a strong accent and/or am trying to obscure my communications), whether it's possible to analyse THAT amount of traffic, etc.

Stop spouting hyperbole. If you've spotted something on a budget, if you work at an ISP and have seen what the alleged "blackboxes" can do, if you work for BT and have had to install lines that you're completely under the Official Secrets Act for and therefore can't tell anyone about, etc. THEN you might have something worth listening to. And then I'd probably say "Oh?" and ignore you. So what? I'm a privacy nut but I already assume that anything the government wants to listen to, it can do so completely legally anyway. Telephone conversations, especially international ones, have absolutely no guarantee that you will NEVER be listened to. I don't expect them to monitor it routinely but then if they did, they have to have a damn good reason or you just go to the press (or Wikileaks if you believe the local press are compromised) and instantly everyone knows about it - you're going down because of an illegal act anyway, so might as well broadcast it to get attention off your "crimes" and onto those people who are monitoring phonecalls illegally. I mean, Wikileaks is just FULL of people who have done that, isn't it?

It's crap. Conspiracy hyperbole of the highest order. Absence of evidence is not proof of the negative. And when 90,000 classified US army logs can slip out the door, someone, somewhere would leak this stuff too. And the biggest question: to what purpose? Listening to Aunty June talk about those nasty terrorists that made the bus late this morning? Making terrorist have to use conversational codes that are undetectable anyway (i.e. "Yeah, John, did you see the football last night?" == "Have you got bomb ready")? Forcing terrorists onto better and better alternatives that are freely available, untraceable, undecryptable, and unmonitored? No. All you get out of such a project is exactly the same data as you would by watching someone - who they associate with, who they contact, where and when. If you watch all the "known/suspected" terrorists you actually get a BETTER dataset because you know who they meet AND who they phone and intercepting a single phone is 10000 times simpler than listening to every Aunty June and dealing with the false positives.

If it's true, it's pointless for basically any nefarious objective you might have. If it's not, it's not a worry.

tsk tsk (1, Interesting)

frenchbedroom (936100) | more than 3 years ago | (#33041962)

Such A Shame, Talk Talk. It's My Life, you Dum Dum Girl !

Name change (2, Funny)

Rik Sweeney (471717) | more than 3 years ago | (#33041974)

(You may want to sit down before reading on, or at least steady yourself against something)

(Ready?)

Maybe they should change their name to Watch Watch instead.

Re:Name change (5, Funny)

Dexter Herbivore (1322345) | more than 3 years ago | (#33042106)

Maybe they should change their name to Watch Watch instead.

Actually, I thought StalkStalk was a better option.

Re:Name change (0)

Anonymous Coward | more than 3 years ago | (#33043050)

Abd their customers should Walk Walk

Monitoring traffic, not customers (4, Interesting)

myxiplx (906307) | more than 3 years ago | (#33041982)

The thing is, if you ignore the sensationalist headline and look at what there doing, it's just a list of websites that are accessed over their network, which they're using to create an opt in filtering system.

Oh no, an ISP actually doing something useful for it's customers, whatever will we do!

Stories like this are what annoy me about the press (slashdot included).

Re:Monitoring traffic, not customers (0)

Anonymous Coward | more than 3 years ago | (#33042064)

I'll take my internet pure and unfilted, thank you very much.

I like my stuff uncut.

Re:Monitoring traffic, not customers (0)

Anonymous Coward | more than 3 years ago | (#33042242)

Oh really? So you wouldn't mind at all if you happened to stumble upon a known child porn website that tricked you in to announcing to everyone you know that you masturbated to baby-fuck?
Sorry, but even _I_ wouldn't want to end up on something like that and i'm all for "pure and unfiltered".
Some degree of protection is better than none. *
But considering how this already happens in most browsers, it is less likely to happen.

Of course, now it is a question of who do you trust more, the 3rd parties making these lists for the web browsers, or an ISP?

* As long as the list was reviewed regularly, unlike the shit that IWF pulls. (and pulled with Wikipedia article just because they were a no-profit organization)

Re:Monitoring traffic, not customers (0)

Anonymous Coward | more than 3 years ago | (#33042560)

I would mind happening stumbling onto such a site.

But not as much as I mind my Internet traffic and my right to communicate with whoever I choose abridged.

In my country, there is a simple DNS-level filter whose purpose ostensibly is to block known child porn sites. It's completely voluntary on the part of the ISP, and the filter is trivially bypassed just by using a different DNS server.

This filter has practically no judicial oversight whatsoever and there are many documented cases of sites "accidentally" turning up on these sites - The Pirate Bay was on this list for a while. This is apparently "okay", since apparently the filter is "voluntary" on terms of the ISP, and the big players would rather play ball with the police on this one than risk it being made law.

If I really want my computer to nanny me not to visit sites that somebody else has judged harmful or potentially illegal (innocent until proven guilty etc) - I can install software to do that for me myself, thank you very much. I don't need my ISP second guessing who I choose to send packets to or receive packets from, without my explicit instruction.

Re:Monitoring traffic, not customers (1)

Haeleth (414428) | more than 3 years ago | (#33042876)

How, exactly, does deep packet inspection help ISPs to block access to known child porn websites?

If they know about the website, all they have to do is block access to it. There's no need whatsoever for them to examine the content of my communications, if all they're trying to do is block access to certain IP addresses.

Re:Monitoring traffic, not customers (1)

Leperous (773048) | more than 3 years ago | (#33042200)

If you read other people's comments you will quickly see why, although this is a Good Thing prima facie, it does have worrying implications that need to be addressed (e.g. the storing of "secret" URLs).

Re:Monitoring traffic, not customers (0)

Anonymous Coward | more than 3 years ago | (#33042240)

The thing is, if you ignore the sensationalist headline and look at what there doing, it's just a list of websites that are accessed over their network,

That's exactly what TFS says, and it's exactly what is worrying (not to mention wrong).

Re:Monitoring traffic, not customers (1)

petes_PoV (912422) | more than 3 years ago | (#33042562)

if you ignore the sensationalist headline

what you actually have is an organisation in a position of trust clandestinely checking up on the websites its users visit.

Whatever their intentions might be, they did this without asking and attempted (though not very effectively) to conceal their actions by passing the information to another part of the operation which did the follow-up accesses. If they were convinced their actions were on the side of right, they would have announced their programme and made their customers aware of what they were doind - and the reasons why it was a good thing.

As it is, it wouldn't surprise me in the slightest to discover that other organisations were doing the same sort of thing, either en-masse or as part of a surveillance operation against individuals "under suspicion". The problem with this sort of trawling is that you never can tell when the records from your innocent surfing can / will be used against you.

Re:Monitoring traffic, not customers (1)

BandoMcHando (85123) | more than 3 years ago | (#33042602)

I agree absolutely - from reading the article (I know - a completely unfashionable and unforgivable thing to do here on /.) I take this to be very specifically a malware checker, that checks a given site/URL for malware, either directly or uses the cached result of the last check if it was checked within the last 24 hours.

Is this not very similar to the google safe site service that's built into Firefox and other browsers?

Oh, and I love the justification for claiming that it records what customers do... "They said it doesn't record anything at all conencted to the user, but they might be lying, so sod it, lets just claim that they record absolutely everything." (That's high quality Daily Mail level journalism there...)

Huawei has been mentioned before. (4, Informative)

dalmor (231338) | more than 3 years ago | (#33042104)

The company has been mentioned previously here on /. for its questionable relationship with the Chinese government.

http://tech.slashdot.org/story/10/05/28/1228224/Chinese-Networking-Vendor-Huaweis-Murky-Ownership [slashdot.org]

Re:Huawei has been mentioned before. (1)

stupid_is (716292) | more than 3 years ago | (#33042248)

Very old, all that. H// has a chequered history:

Sued by Cisco for nicking their IOS software (settled out of court, but H// withdrew all routing gear and made software changes).
Sued by Motorola (last week) for passing on trade secrets (no idea how valid, but it appears to be a follow on from a case last year, also involving another company called Lemko)
Anecdotally, I've heard of their engineers opening up competitor equipment to take pics while onsite at a customer premises.
Internally, I know they have very strict data protection policies as it is commonplace for workers to leave the company with a pile of docs, walk into a position at a competing company and hand them over - basically no computers allowed out of the buildings, USB ports and CD/DVD writers disabled. Mobile phones have to be very basic - no cameras on them...

On the other hand, it's not just Huawei that does it - it seems to be the culture in China to behave this way.

Re:Huawei has been mentioned before. (0)

Anonymous Coward | more than 3 years ago | (#33042506)

they ripped off Marconi multiplex designs too (now Ericsson), they used to be a licensed manufacturer, now they have their own (inferior) product which is almost identical

Re:Huawei has been mentioned before. (1)

wvmarle (1070040) | more than 3 years ago | (#33042656)

Remarkable that only at the end of the comments (as now, reading +3) I see a comment like this.

Personally I don't see too much problem with the ISP keeping these logs - your traffic passes through them after all, and there may be reasons (legal, technical, whatever) for them to keep such logs.

That a third party, a foreign third party in a jurisdiction not known for its great human rights record nonetheless, has access to this databases is far more worrying. If it is as anonymous as the ISP says it is no idea what Huawei can actually do with it - still it's not something that would make me happy if my ISP were to do something like it.

Makes me feel comfortable (1)

Arancaytar (966377) | more than 3 years ago | (#33042112)

There's nobody I'd rather have looking at my internet history than a Chinese company.

Except maybe the North Korean government.

Re:Makes me feel comfortable (1)

silentcoder (1241496) | more than 3 years ago | (#33042172)

Well then, good news, they already are. At least - every time you mention them on /.

Re:Makes me feel comfortable (0)

Anonymous Coward | more than 3 years ago | (#33042254)

Well then, good news, they [North Korea] already are. At least - every time you mention them on /.

OH HAI KOREA! Y YOU HATING? :'(((

If it were in his power (0, Offtopic)

ThatsNotPudding (1045640) | more than 3 years ago | (#33042414)

I'm sure Obama would give Talk Talk a free pass - just like he did for AT&T.

Hey TalkTalk! It's My Life! (2, Funny)

imac.usr (58845) | more than 3 years ago | (#33042440)

Don't you forget! [youtube.com]

Really, this story is Such A Shame [youtube.com] .

Everyone is doing it (1)

xda (1171531) | more than 3 years ago | (#33042480)

More drama over deep packet inspection... All major ISP are using some form of deep packet inspection for many different reasons and they have been doing it for a while now. This isn't new.

And that makes it *good* how? (0)

Anonymous Coward | more than 3 years ago | (#33045068)

And that makes it *good* how? Really, I'd like to know. People have been mutilating people they don't like for ages. So that makes it OK!

How Much of the URL? (2, Insightful)

s7uar7 (746699) | more than 3 years ago | (#33042700)

Presumably they need to capture at least the page that the user is visiting, as checking for malware on just the root of a site is a waste of time. As most sites these days are dynamic they'll also have to capture the parameters in a GET (and possibly POST), so there is every chance they *will* be capturing personally identifiable data.

OpenDNS (1)

emkyooess (1551693) | more than 3 years ago | (#33043126)

I opted in to a similar tracking that OpenDNS has (even part of its free service) that informs me when my network has been accessing known malware sites. I do wish they could do it without having to activate tracking/logging though -- "look at each one at a time, evaluate, discard" should be the norm.

Malware? Whats that? (0)

Anonymous Coward | more than 3 years ago | (#33044524)

I use linux. Immune to malware. So I should not be blocked. But I am.
See what Microsoft technology does? It retards entire industries.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...