Telstra Admits To Tracking Next G Customers For New Filter Product [Updated]

If you're a Telstra Next G customer, you'll want to read this: Telstra yesterday admitted to tracking and recording the web history of its Next G network customers in order to help develop a new voluntary, paid filter service called Smart Controls.

Both ZDNet Australia and SC Magazine reported yesterday that Telstra had been monitoring the traffic of users, anonymising it and sending it to a company called Netsweeper. According to reports, Netsweeper analyses the sites visited and compares them to a database of salubrious sites to learn what's safe and what's not.

It works by visiting URLs milliseconds after a user has clicked them from their Telstra Next G-connected handsets and analysing them using infrastructure based out of a Chicago datacentre, reportedly owned by Rackspace.

Essentially, it's sending user data outside of Australia, and that's something that has network engineer Mark Newton pretty angry.

He explains how it works in an open letter to Telstra:

I have created unique test URLs for the specific purpose of testing this behaviour to confirm it.

For example: a visit to "http://my-server/13uf2n232.html" yields this hit from my iPad: - - [25/Jun/2012:17:24:59 +0930] "GET /13uf2n232.html HTTP/1.1" 200 736 "-" "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"

and, approximately 250 milliseconds later, this hit from in Chicago: - - [25/Jun/2012:17:25:00 +0930] "GET /13uf2n232.html HTTP/1.0" 200 736 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0"

It is abundantly clear that data regarding URLs I have visited using my Next G service are being sent to an offshore third-party.

This whole malarkey was to finish a product Telstra has in the works called Smart Controls. SC Magazine writes that it will cost $2.95 a month and will be pitched at parents wanting to ensure their kids don't stray from the straight and narrow online.

Surely there was a better way to research this product than spy on users?

Update: Telstra has taken to its blog, telling customers that it has stopped collecting data on them. Telstra's head of online and social media Danielle Clarke writes:

Our customers' trust is the most important thing to us, so upon hearing concerns about the development of our new cyber-safety product we have stopped all collection of website addresses for its development.

We've made this decision as part of our acknowledgement that more consultation was needed before launching this service.

You can read the whole blog here.

[ZDNet Australia and SC Magazine]



    If you use the internet, and expect not to be tracked at some level, you are dreaming, and perhaps should go back to pen and paper with a shredder next to your desk.

      How can it be anonymous when your username can appear in the url, as in the Facebook timeline?

      I would smack myself if I agreed in totality with what you said, but you are correct to some degree. Knowing that I pretty much only visit news sites on my phone, for even an extra 1-200MB of data, I probably would have actually just agreed to be tracked. That said, I don't believe I have ever been made aware of this by Telstra before picking it up on here and ABC this morning.

    Knowledge is power, therefore privacy is money. If you control the privacy of a large number of individuals, you are rich. So what're you waiting for, start violating now!

    What's the fuss? Everytim you visit a website, more than likely there is a google analytic I. The code and your detail would be sent to google and nobody tells you this in the website disclaimer. At least they are annonymising it before sending.

    Shame. You missed NetRatings, Google +1, Facebook Social and 2 attempts by OpenX.

      Oh, and Nielsen

    I don't think the issue is that its being viewed, as people have said, if you are on the net, someone is looking at it. The problem I see if for enterprise organisations and government where there is legislation stating that all data of certain classification MUST be kept within Australian shores. There is a pretty big breach of that IMO

    As long as it is anonymous I don't see the problem, but it should at least be in their terms and conditions .

    If the URL's are being monitored but not linked to an individual at all, then no one is being tracked.
    The data wouldn't even need to be actively anonymised. They have literally millions of customers, how would a connection to a website from a Telstra service identify anyone in any way?
    I'm all for privacy, but this doesn't feel like anything other than I assume happens with every URL I visit. I'm a Telstra customer, so my browsing is in there, the good and the bad ;)

    Are you telling me that Telstra knows I watch midget porn on my phone all day? I don't want this getting out so please keep it to yourselves.

    As a user of the NextG network this is very disappointing. I understand that my browsing data is de-identified (or so we have to believe), but my browsing habits still should not be being sent to a foreign country for analysis by a company that I have no affiliation with.

    The NextG network is good, but not so good that I wont take my business elsewhere if Telstra continues to abuse its customers.

      *sigh* Welcome to the internet, please read the instructions prior to use.

    So who actually read their contracts and TOS when signing up for anything?

    and they told us there was nothing like CarrierIQ on any Australian smartphones.. HA!

    Anyone who thinks that telco's, ISP's etc don't track your data and usage is a complete moron in my opinion.

Join the discussion!