Covert tracking of TalkTalk ISP customers - Website Analytics - Tracking and Logging forum at WebmasterWorld - WebmasterWorld

Forum Moderators: DixonJones

Message Too Old, No Replies

Covert tracking of TalkTalk ISP customers

ISP TalkTalk covertly follows customers to websites using personalised urls

revrob

11:25 am on Aug 9, 2010 (gmt 0)

10+ Year Member

Hi - I would like to alert webmasters to a problem experienced as a result of a UK ISP (TalkTalk) that has been covertly monitoring the browsing habits of its customers, and sending unidentified bots to visit sites just after their customers have visited. In some cases the bots have used the complete personalised URL used by the customer including the personal details after the ?. this raises privacy issues, and has also caused technical problems including getting some TalkTalk customers banned from forums and other sites as the spider visits have triggered security mechanisms.
You can follow the issue here
[the-phoenix-broadband-advice-community.co.uk...] (login required)
and here
[nodpi.org...] (viewable by guests)
and on TalkTalk's own members forum
[talktalkmembers.com...] (viewable by guests)
and the "official" explanation from TalkTalk is here (although the promised "answers" seem slow in coming, and the blog is censoring questions heavily.
[talktalkblog.co.uk...]

If you wish to check your logs (June/July 2010) then look for 62.24.***.*** addresses (closely following TalkTalk ISP customer visits and using the same URL)

You can also read up on this by googling the term STalkSTalk

caribguy

5:25 pm on Aug 9, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Thanks for the heads up. Alarming, but not surprising...

There is a similar issue, although I believe it is by choice, with an outfit called Covenant Eyes. That company tracks surfers who might be 'tempted' to look for adult content.

Many bot blocking methods are discussed in the Search Engine Spider and User Agent Identification [webmasterworld.com] forum

revrob

6:00 pm on Aug 9, 2010 (gmt 0)

10+ Year Member

The difficulty here is that this is not something the ISP customer has been given a choice over. We are not talking about a voluntary "parental controls" type filter where consent is sought first. This ISP just DID it, intercepting, copying, and re-using the browser requests, and got caught by websites spotting patterns in their logs with unique urls used by visitors from the TalkTalk ISP, being "re-used" a few moments later by TalkTalk's Radius Servers - those urls included session ID info, and other unique personal information. It looks as if the whole thing was illegal under a whole raft of UK laws, as well as opening the ISP up to civil claims from the websites. It looks remarkably similar to the sort of Deep Packet Inspection scandal involving Phorm (UK) and NebuAD in the USA. Police are investigating over here. Webmasters who wish to enforce their own legal rights will find advice on the links in my OP.

caribguy

7:38 pm on Aug 9, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Agree, and consider it more than 'a difficulty' - maybe an oddball question here, but wouldn't it have been more (cough) sensible for TT to intercept the traffic Carnivore style?

revrob

9:26 pm on Aug 9, 2010 (gmt 0)

10+ Year Member

If you mean the FBI carnivore tool, my understanding is that would be illegal in the UK/EU. But what TalkTalk have been doing, is also illegal according to the best advice I have received.

revrob

10:12 pm on Aug 21, 2010 (gmt 0)

10+ Year Member

For anyone interested in detecting the spidering visits from TalkTalk via .htacces redirects and php scripts, and automatic email notification, do make contact with me via a sticky mail. What they are doing could be legally challenged if you are prepared to collect the evidence. This would mostly affect UK based websites, but potentially could affect sites worldwide that are visited by the several million broadband customers of this ISP.