If you're a Telstra Next G customer, you'll want to read this: Telstra yesterday admitted to tracking and recording the web history of its Next G network customers in order to help develop a new voluntary, paid filter service called Smart Controls.
Both ZDNet Australia and SC Magazine reported yesterday that Telstra had been monitoring the traffic of users, anonymising it and sending it to a company called Netsweeper. According to reports, Netsweeper analyses the sites visited and compares them to a database of salubrious sites to learn what's safe and what's not.
It works by visiting URLs milliseconds after a user has clicked them from their Telstra Next G-connected handsets and analysing them using infrastructure based out of a Chicago datacentre, reportedly owned by Rackspace.
Essentially, it's sending user data outside of Australia, and that's something that has network engineer Mark Newton pretty angry.
He explains how it works in an open letter to Telstra:
I have created unique test URLs for the specific purpose of testing this behaviour to confirm it.
For example: a visit to "http://my-server/13uf2n232.html" yields this hit from my iPad:
220.127.116.11 - - [25/Jun/2012:17:24:59 +0930] "GET /13uf2n232.html HTTP/1.1" 200 736 "-" "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
and, approximately 250 milliseconds later, this hit from 18.104.22.168 in Chicago:
22.214.171.124 - - [25/Jun/2012:17:25:00 +0930] "GET /13uf2n232.html HTTP/1.0" 200 736 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0"
It is abundantly clear that data regarding URLs I have visited using my Next G service are being sent to an offshore third-party.
This whole malarkey was to finish a product Telstra has in the works called Smart Controls. SC Magazine writes that it will cost $2.95 a month and will be pitched at parents wanting to ensure their kids don't stray from the straight and narrow online.
Surely there was a better way to research this product than spy on users?
Update: Telstra has taken to its blog, telling customers that it has stopped collecting data on them. Telstra's head of online and social media Danielle Clarke writes:
Our customers' trust is the most important thing to us, so upon hearing concerns about the development of our new cyber-safety product we have stopped all collection of website addresses for its development.
We've made this decision as part of our acknowledgement that more consultation was needed before launching this service.
You can read the whole blog here.