19 Dec 2014

BT, Sky And Virgin 'Hijacking' Browsers To Push Porn Blocks

By James Temperton: BT, Sky and Virgin Media are hijacking people's web connections to force customers to make a decision about family-friendly web filters. The move comes as the December deadline imposed by prime minister David Cameron looms, with ISPs struggling to get customers to say yes or no to the controversial adult content blocks.
The messages, which vary by ISP, appear during browser sessions when a user tries to access any website. BT, Sky, TalkTalk and Virgin Media are required to ask all their customers if they want web filters turned on or off, with the government saying it wants to create a "family friendly" internet free from pornography, gambling, extreme violence and other content inappropriate for children. But the measures being taken by ISPs have been described as "completely unnecessary" and "heavy handed" by internet rights groups.
The hijacking works by intercepting requests for unencrypted websites and rerouting a user to a different page. ISPs are using the technique to communicate with all undecided customers. Attempting to visit WIRED.co.uk, for example, could result in a user being redirected to a page asking them about web filtering. ISPs cannot intercept requests for encrypted websites in the same way.
BT is blocking people's browsers until they make a decision, making it impossible for customers to visit any websites once the in-browser notification has appeared.
A spokesperson for the UK's biggest ISP said: "If customers do not make a decision, they are unable to continue browsing. The message will remain until the customer makes a decision."
BT explained that the message does not force people to activate BT Parental Controls and if a user selects "No" they will be taken to a confirmation page and be able to continue browsing without the message re-appearing.
Digital rights organisation Open Rights Group (ORG) said that ISPs risked encouraging customers to trust hijacked sessions by displaying messages in this way.
"How can a customer tell the difference between an ISP hijack and a phishing site made to look the same? There are better ways for ISPs to contact their customers -- particularly given that they have our phone numbers, email and actual addresses," an ORG spokesperson said.
Sky is also hijacking browser sessions to ask customers if they want to turn on its Sky Broadband Shield web filter. Unlike BT, Sky said it would not disconnect or block customers if they refused to make a decision.
A Sky spokesperson said the company may turn web filters on automatically for any undecided customers "from some point next year". The spokesperson added that these customers would get an email or letter explaining what had happened.
Virgin said it had no plans to disconnect or block customers who didn't make a decision, adding that its in-browser message about its Web Filters system could be ignored. The ISP did not say how it planned to get any remaining undecided customers to make a decision if they continued to ignore prompts.
TalkTalk is not displaying in-browser notifications about turning on its HomeSafe web filter, but did say that customers accessing their TalkTalk My Account page to view bills or check details would see a message about activating parental controls. Customers have to respond to the message to access the My Account features.
ISPs have been asking people to make a decision about web filtering since the prime minister announced the scheme in July 2013. At the time he said that all internet users in the UK would be faced with an "unavoidable decision" about whether to install web filters or not. Since then new customers have been asked about web filters during the signup process, with ISPs also required to contact millions of existing customers.
All four ISPs outsource web filtering to other companies who use a combination of block lists and automated content detection to decide if a website is inappropriate or not. The technology has been criticised for incorrectly blocking non-adult websites and for being easy to bypass. Privacy advocates have also claimed it is wrong for ISPs to have a database of people who do and do not have access to adult websites.
Renate Samson, chief executive of civil liberties group Big Brother Watch, said that ISPs had gone too far by hijacking people's browsers to force them to make a decision about web filters.
"Whilst most people will be happy to explicitly make a choice whether to opt in or out of filtering, forcing people to make a decision which they may have no strong feeling towards is completely unnecessary. To actively restrict users' service to establish agreement or otherwise is quite simply too heavy handed."
Apart from TalkTalk, none of the ISPs were able to provide figures on how many people had signed up to use the web filters. The DCMS was also unable to provide up to date figures on how successful the web filtering initiative had been. An Ofcom report in July put Virgin Media at 4 percent, BT at 5 percent, Sky at 8 percent. TalkTalk said that currently around 9 percent of its customers had chosen to turn on its HomeSafe web filters.
Independent technology consultant Terence Eden explained that as ISPs can see all customer web traffic it was easy for them to redirect people to another page. He explained that the technique being used was the same thing used to block websites such as Pirate Bay, but expressed technical concerns about hijacking browsers to communicate with customers.
"ISPs are supposed to be pure carriers of data. We trust them not to look into the emails we send, or the pages we visit. We rely on them not to manipulate the data that we request. This sort of interception could cause a download to be corrupted, or a browsing session to be interrupted."

Source

No comments:

Post a Comment