Dean Wilson reports more on the controversy concerning TalkTalk:
TalkTalk has today issued a statement defending its recent action of spying on customers, reiterating its assertion that its website tracker is only part of its anti-malware program, not an attempt to invade users’ privacy.
It said that its approach is designed to make the internet “a safer place”, scanning the URLs of websites visited and comparing them to a database of threats, allowing TalkTalk to block such threats before customers engage them.
Websites that are found to be clean will be stored in a “white list” database and automatically deleted after 24 hours, while websites found to contain malware are stored in a “black list” database for a full week before being deleted.
Read more on TechEye.net.
Not everyone seems to be persuaded by their statement that they are in compliance with both the Privacy and Electronic Communications Regulations 2003 and the Data Protection Act 1998, however. Webuser reports:
“What TalkTalk is doing is completely illegal,” said Alexander Hanff, a campaigner who has previously opposed other services using DPI techniques such as Phorm.
According to Hanff, TalkTalk misunderstands the EC Data Retention Directives that it claims to be upholding.
“It is an urban myth that ISPs are required to record every web page URL that you visit. In fact, the EC Data Retention Directives explicitly prohibit ISPs from doing so. Yet the data gathered by TalkTalk – the host name and web page address in a browser request to a web server – is the content of a communication,” he said.
Thanks to the reader who sent in these links.