Telstra tracks users to build web filter

Powered by SC Magazine
 

Updated: Says website monitoring 'definitely not' for marketing.

Telstra has confirmed it is tracking websites visited by its mobile users in the lead up to a launch of a new web filtering solution.

Days after suspicions of Telstra's networking monitoring activity was first aroused, the telco has revealed it captures web addresses visited by millions of subscribers on its Next G network.

The addresses are compared to a blacklist of criminal sites curated by web filtering company Netsweeper, and held both in Australia and the US.

Users first noticed the new activity when they directed their Telstra devices to thier own web servers and noticed it was also visited split seconds after by a Chicago IP address, believed to be held in a Rackspace facility.

Network engineers and users on the Whirlpool user forums suspected the activity was a marketing effort used to gather intelligence on the activities of Telstra customers.

A spokesman for the telco told SC last week that the activity was part of a "normal network operation".

However, Telstra has since clarified that the activity was conducted ahead of a launch of a voluntary web filtering offering for mobile users.

Spokesman James Howe told SC that user data was "completely anonymised" before it was sent offshore to be compared against Netsweeper's URL blacklist.

He was unable to confirm if users could opt-out of the data slurping procedure at the time of writing.

Telstra was waiting on confirmation from its legal team before it is expected to issue a statement later today.

The monitoring appears to relate to an as-yet-unreleased feature dubbed "Smart Controls" that would allow users to access "mobile internet browsing restrictions and call restrictions on Telstra mobile services".

According to Telstra documentation (pdf) updated after SC approached the telco for comment, users who opt into the "Smart Control" feature would pay $2.95 per month for the ability to restrict internet access on mobiles associated with their account based on specific URLs and content categories, or allow access to only specific URLs.

The feature would only be available to newer Telstra customers — those on its Siebel-based billing system. It would also provide regular reports of internet use for users when the Smart Controls function is enabled.

"Whilst we take care in filtering content based on the preset internet categories, we cannot guarantee that any or all of the content will be filtered accurately or in accordance with these categories," the documentation reads.

The filtering appears to be only restricted to Telstra mobiles operating over the Next G network; those accessing the internet over a local wi-fi connection would not face the same restrictions.

"Once Smart Controls has been purchased, you can choose to restrict mobile internet access when the mobile service is accessing the mobile internet via the Telstra Mobile Network," it read.

User privacy

Users contended the activity was far from normal. Former Internode network engineer Mark Newton issued a strongly-worded statement to Telstra’s privacy wing requesting information on the activity in lieu of a request to the federal privacy office.

Greens senator Scott Ludlam told SC sending even anonymised traffic offshore could have serious privacy implications.

"It is potentially probelematic. Anything in the US is subject to the Patriot Act, even if the data is anonymised, or sent as batches," Ludlam said.

"Why weren't people asked if they could opt-in?"

The US Patriot Act, introduced in 2001, allows the US Government to grab any user data stored within the country for intelligence purposes.

Senator Ludlam said it was unfortunate that it took a gang of network engineers to spot Telstra's "capturing of shadow traffic", especially if Telstra was to launch a volunteer net filter product.

"Maybe it is of noble intent, and Telstra had gone about it in a subversive way," he said.

The use of voluntary filters has been seen as a favourable alternative to the Federal Government's proposed internet filtering scheme.

A similar system, blocking access to child pornography sites, is also run by Telstra for all its subscribers, based on a blacklist curated by Interpol and held by the Australian Federal Police locally.

In a demonstration of the tracking activity, Mark Newton wrote:

"a visit to "http://my-server/13uf2n232.html" yields this hit from my iPad:

149.135.145.71 - - [25/Jun/2012:17:24:59 +0930] "GET /13uf2n232.html HTTP/1.1" 200 736 "-" "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"

and, approximately 250 milliseconds later, this hit from 50.57.104.33 in Chicago

50.57.104.33 - - [25/Jun/2012:17:25:00 +0930] "GET /13uf2n232.html HTTP/1.0" 200 736 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0" end"

He alleged the transmission of user traffic data off-shore could be a breach of Australian privacy legislation.

Senior Telstra technicians reportedly told some engineers that users could not opt out of the web site tracking and could request a list of tracked sites through the company’s billing department.

Copyright © SC Magazine, Australia


Telstra tracks users to build web filter
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1426

Vote