Forgot your password?
typodupeerror
Australia Businesses Network Privacy The Internet Your Rights Online

Australian Telco Causes Minor Panic While Preparing Web Filter 105

Posted by Soulskill
from the don't-scare-the-wallabies dept.
Twisted64 writes "Australia's largest telco, Telstra, has been frightening users of its mobile data services for the last week. Logging revealed that HTTP requests from a mobile device on Telstra's network were duplicated with a request from another server, located in Chicago. Eyebrows were raised on the Whirlpool forums, with fears that Telstra was giving up Australian browsing data to a U.S. company and therefore the U.S. government. Following a well-worded letter, Telstra revealed today that the reason for this behavior is that the company is preparing an opt-in web filter. Personally, while the idea of my browsing data being logged anywhere does not fill me with joy, the idea of the U.S. government having access to it (randomized or not) is probably going to be enough to make me switch to an inferior carrier once my current plan ends."
This discussion has been archived. No new comments can be posted.

Australian Telco Causes Minor Panic While Preparing Web Filter

Comments Filter:
  • Australia's laws and internet restrictions are worse than anything the USA can do to you.
    We finally get something outsourced to us and everyone is scared... We freakin outsource our EMR coding to India, the one thing we value the most of our private data.
    • Re:Seriously? (Score:5, Informative)

      by Cimexus (1355033) on Wednesday June 27, 2012 @03:10AM (#40464255)

      This is not about 'internet restrictions'. This is to do with the fact that this represents a potential breach of the Privacy Act [comlaw.gov.au]. Australia has fairly strong privacy regulations that govern how and when information can be sent overseas, and how people need to be notified of how their information is used, who can see it, what it can be used for etc. America OTOH is notorious for having probably the most lax privacy regulations/legislation in the developed world.

      So yeah, in that respect, Australia's laws are "worse" (in that they are more strict with regards to protecting personal information). And we like it that way. Surreptitiously exporting information to a jurisdiction where similarly tough controls do not exist is not looked upon favourably.

      • One other possibility that doesn't seem to have been touched on is the reverse. Where intercept of domestic comms requires a warrant, intercept of domestic communications where one of the end points is located offshore provides significantly more latitude.

  • spin control (Score:2, Interesting)

    by Anonymous Coward

    What a nicely biased summary.

    Why does Telstra need to send all URLs to another company in order to "prepare" a content filter?

    Do they expect us to believe that Netsweeper didn't already have a database of URLs?

    • by Anonymous Coward

      Do they expect us to believe that Netsweeper didn't already have a database of URLs?

      They do, but they also profile the web browsing habits of your users, you can then split them into groups, oh, like, filter/do-not-filter, perv/non-perv, and your network-filter-of-choice then disallows/allows traffic based on their grouping.
      Of course, irrespective of your grouping, once they implement this, all the traffic still goes to Netsweeper, its just that depending on your group, you either get filtered or not.

      Of course, the cynic in me has to also point out that the profiles they build up of indivi

    • Course they don't. Thats why they are doing this.
      Free database without having to do as much work.

    • by AHuxley (892839)
      The filter will be massive, hit and miss and need 24/7 support.
      Doing it via the USA gives them a huge instant well understood database, political cover and brand cover, less local security clearances, legal costs.
      If a dentist or travel agent is blocked they be can un blocked and a "sorry, third party, its new, its our first year filtering... see we fixed it fast "
      Mix in the legal national security dream of all Australian search texts magically been lopped to the US, it brings in a big thanks from other p
  • Maybe they plan to relocate the server somewhere more local once it's running.
  • by Anonymous Coward

    From TFA: "Telstra was waiting on confirmation from its legal team before it is expected to issue a statement later today."

    Hmm. Do something and then only check if it's legal? Equivalent to fire first and ask questions later. Tsk tsk.

    Other Telstra users who frequent /.: is this typical behavior for them?

    • by Nursie (632944)

      It sounds a lot like British Telecom and their phorm debacle also. Turns out that (ex-)monopolies think they can get away with anything.

      It's a shame they're usually proven right.

    • by Cryacin (657549)
      Yes. That's why a lot of us are former users.
    • by mug funky (910186)

      yep.

      they lost me years ago when they repeatedly hassled me for money (a year after i'd switched to someone else), inexplicably calling me by my father's name (i've never had my phone linked to his account, though back in the day we were all linked to mum's), then refusing to tell me what the bill is and how much is owed because due to privacy they can't tell me - it has to be the account holder. when i tell them i am the account holder for the number they called they get confused and go away for another 2

    • Re:Question (Score:4, Interesting)

      by dbIII (701233) on Wednesday June 27, 2012 @07:53AM (#40465623)

      Other Telstra users who frequent /.: is this typical behavior for them?

      Yes.
      They were a government owned monopoly which got privatised and they are stuck with the worst elements of both, with a few twists from being run by a nuclear scientist with no business experience and a Mexican bandit (chosen by a the most nepotistic board imaginable led by a failed farmer turned union buster and with such gems as a third rate historian that made friends in politics by USSR style revisionism sanitising history to make ultra-conservatives feel better and the wife of a powerful party powerbroker). Among their epic failures are the loss of all backup tapes for three entire government departments by storing them in wheeled trash cans (wheelie bins), firing employees for their behaviour on their own time after a staff Christmas party that had been delayed until March, and making sales staff wear recording devices around their necks. Service quality is such that I waited four weeks to get a failed landline fixed which is located less than 5km from the main telephone exchange in Australia's third largest city, and the tech just turned up unannounced on a Saturday afternoon (they sacked a lot of people so there is little co-ordination and they just dump a list of jobs on overworked contractors).
      There are hundreds of stories about them that stretch as far a China (they wasted millions on half-baked financial adventures there most notably buying the "IP" of a ringtone company that had 100% pirated mp3 files), and New Zealand (where they fucked up the carrier and the ISP they bought - two fucking months to change one MX record). So yes, they do whatever they like because they are big enough and check later if necessary to see if it's legal.
      The main purpose of Australian's NBN (national broadband network) is to get telecommunications out from under the control of Telstra and to build what Telstra planned in 1996 before they decided only the short term mattered.

  • by Sasayaki (1096761) on Wednesday June 27, 2012 @02:43AM (#40464119)

    All I can say is,

    "It's opt-in. For now."

    • But their current testing process is copying your web traffic overseas. And is most certainly not opt-in.
    • by AHuxley (892839) on Wednesday June 27, 2012 @04:40AM (#40464749) Homepage Journal
      "But Mr Dent, the opt-in option has been available via a link from your settings page for the last nine months."
      "Oh yes, well as soon as I found out I logged in to see it, yesterday afternoon. You hadn't exactly gone out of your way to call attention to it, had you? I mean, like actually telling anybody or anything."
      "But the opt-in option was on display ..."
      "On display? I eventually had to go download java to display it."
      "That's the website department."
      "With .net and ActiveX"
      "Ah, well your OS had probably missed an update."
      "So had the site."
      "But look, you found the option didn't you?"
      "Yes," said Arthur, "yes I did. It was on site in the bottom of an encrypted page stuck in a disused directory with a banner on the page saying 'Beware of the .....
  • Double requests (Score:5, Interesting)

    by kaunio (125290) on Wednesday June 27, 2012 @02:43AM (#40464121) Homepage

    These double requests also causes a lot of trouble for some people.

    I'm working for a company running a web service for corporations and we have a very high level of logging and surveillance in order to provide a good service. However we get a lot of strange alerts from double requests from different ip numbers. It appears that some content filtering companies like to do the same (Bluecoat I'm looking at you) and they even do requests with cloned cookies (so they act in the same session as the user).

    A lot of funky things happens if you assume that a user is only going to access certain (GET) links once but a filtering company is intercepting the request and sometimes manage to make the request faster than the user.

    • by mwvdlee (775178)

      A lot of funky things happens if you assume that a user is only going to access certain (GET) links

      What happens to your website if a user clicks the refresh or back button of their browser?

      • by kaunio (125290)

        In most cases things work as expected. The things that causes most problems are when we are using redirect links (temporary redirects) that are only ment to be used once. Normally the user doesn't see them and the browsers aren't supposed to cache them. Which works fine until the filtering companies like to do double of everything.

      • The school I work at has had to take all the five-button mice out of one room and replace them with three button mice, as some of the learning-support students have coordination problems and kept accidentially pressing the 'back' button on the side during computerised exams.
    • by dbIII (701233)

      and they even do requests with cloned cookies

      Would that fit the definition of "wire fraud"?

  • Personally, while the idea of my browsing data being logged anywhere does not fill me with joy, the idea of the U.S. government having access to it...

    My US-based Business stores user's information (I own a repair shop, we document model & S/N, names, addresses, etc, just like any other company), but that doesn't mean we share that information with the US government. What leap of logic could possibly lead people to believe that just because the server is in the US that the US Feds have access to it, or even care? Sure, the Feds like to spy on us (citizens), but why would they care what you (Aussies) shop for on eBay? Even if you can come up with a

    • Re:US Govt.? (Score:4, Insightful)

      by ThatsMyNick (2004126) on Wednesday June 27, 2012 @03:00AM (#40464219)

      By "having access to the records", OP means the US govt (or a US court, under the request of some party, say RIAA) can subpoena the records. Not at all misleading.

    • by AK Marc (707885)
      So you don't respond to US subpoenas issued by the FBI?
      • by Zibodiz (2160038)
        Not being sarcastic at all, but I would really like to see some statistics on how many average citizens in a foreign country (especially an ally) the FBI has enough interest in to invest the time to subpoena their browsing habit information. It just seems like an empty fear.
        Remember, we aren't talking about warrantless automated mass wiretapping, airport screens, and the like -- the fear here is that it's possible to search you. It's like the difference between refusing to fly, because you're guaranteed
        • Julian Assange?

          • by AK Marc (707885)
            Kim dotcom?

            Now they don't need to go through official channels, they just get the servers in the US, then use "secret" subpoenas or warrantless wire taps and get everything from billions of people with nobody knowing or knowing and able to talk about it.
    • Re:US Govt.? (Score:5, Informative)

      by AliasMarlowe (1042386) on Wednesday June 27, 2012 @03:16AM (#40464287) Journal

      Personally, while the idea of my browsing data being logged anywhere does not fill me with joy, the idea of the U.S. government having access to it...

      What leap of logic could possibly lead people to believe that just because the server is in the US that the US Feds have access to it, or even care?

      One of the provisions of the Patriot Act [wikimedia.org] gives the US government access to all data stored within the US on request. Essentially unlimited access can be granted in secret, and the request for access and the reasoning behind the request can be kept secret.

      • by will_die (586523)
        Please do yourself a favor and educate yourself on the Patriot Act, what it allows, and what was allowed before it.
        All data is not allowed access by request, unless you mean a request signed by a judge, which you don't since you pointed the patriot act. The part that has people upset is not adding terrorism to a list of items were this actition was allowed, pre Patriot act, but that the Patriot Act automaticly makes it a crime to call up the person being investigated and offer to sell or give them info t
    • Re:US Govt.? (Score:5, Interesting)

      by xQx (5744) on Wednesday June 27, 2012 @05:40AM (#40465011)
      <quote>What leap of logic could possibly lead people to believe that just because the server is in the US that the US Feds have access to it, or even care? </quote>

      Give the closeness of the Aussie and American governments, and the long history of governments getting around their "we will not spy on our citizens" decree is by having their allies spy on their citzens instead,I think the more accurate question is:

      What makes you think the american government doesn't have access to your data just because it never leaves australia?
      • by dbIII (701233)
        One amusing thing is it was a fairly useless Australian politician that spilled the beans on the US "carnivore" intelligence gathering system when a shared intelligence system using it failed to warn him of political developments in nearby Papua New Guinea.
        Personally I'm pissed off with this monitoring by commercial entities because there's probably nothing to stop them onselling the data to spammers or others that can try to make a buck out of private information. There's not enough SSL traffic yet to kee
  • "is probably going to be enough to make me switch to an inferior carrier once my current plan ends." --- ha! Telstra is an inferior carrier, you really should be supporting iiNet. They are looking after their users rights, something Telstra has never done.
  • by trifish (826353) on Wednesday June 27, 2012 @02:56AM (#40464193)

    Even if you switch an ISP, 99% of your browsing will still be logged by third-party servers (most of which are in the US, if that matters to you).

    Most sites today use iframes that send HTTP requests to the following:

    Google Analytics
    Google ads
    Facebook
    Twitter
    etc.

    • Re:No worries (Score:4, Informative)

      by ThatsMyNick (2004126) on Wednesday June 27, 2012 @03:01AM (#40464223)

      RequestPolicy takes care of it.

      • by trifish (826353)

        Yep, that looked very promising, until I realized that most of the major websites today use dozens of domain names (not subdomains, but different 2nd-level domains) one a single site to speed things up.

        For example, google.com uses gstatic.com, g4154605.com, or whatever-they-come-up-with-at-that-day.

        Just like NoScript breaks the web for me, so does RequestPolicy. Both are unusuable. And this is not a flame, it is a reflection of reality.

        • Yeah most websites have a separate static domain to improve caching. But it does not take long to get to a point where one do not even notice RequestPolicy running. I have whitelisted all request from google & duckduckgo, and all request to most common cdns, and about 300 pairs of source and destination domains (most of these are for news websites). It took me a week to reach very good usability, but after the first week, you rarely notice it.

          • To add to that, if you are looking for a ready-made solution, Ghostery is worth a look. It claims to block these, but I am not really familiar with how it works.

        • NoScript (Score:4, Informative)

          by DrYak (748999) on Wednesday June 27, 2012 @04:33AM (#40464719) Homepage

          Just like NoScript breaks the web for me,

          That's normal and intented. NoScript is supposed completely block any interactive content (either scriptable/programmable stuff like javascript/java/.net/flash, or big media files like audio/video tags), until you whitelist something.
          It is supposed to "break" everything (or more precisely make everything "Web 1.0" :-) ) until you say: "Well, I might trust that source not to completely bork my machine, please unbreak it, and only it".

          It is for the paranoid us out there. It's not designed for someone who expect a set and forget solution to security (unlike tools like CertPatrol or HTTPS Everywhere, which don't require much fumbling from regular users). It's designed for people who don't trust anything and prefere to manually select which tiny bit of the web they might choose to trust, while disabling everything else (it's closer to Flashblock and other similar tools in that way. Except that NoScript has a wider scope by blocking *anything* interactive)

          (In addition to that, it will also block cross-site-scripting until whitelisted, and will put alerts about click jacking).

  • Inferior Carrier? (Score:4, Interesting)

    by thegarbz (1787294) on Wednesday June 27, 2012 @06:09AM (#40465145)

    Personally, while the idea of my browsing data being logged anywhere does not fill me with joy, the idea of the U.S. government having access to it (randomized or not) is probably going to be enough to make me switch to an inferior carrier once my current plan ends."

    I didn't actually know there were inferior carriers. I remember Telstra. We were a loyal customer for years. These were the guys who in I think a world first introduced the concept of a download limit. 3GB. Yes that's no typo. We had 10mbit cable and a 3GB download limit. I remember hitting that download limit on the second day of our billing cycle after which we were capped at 28.8kbps. This is the company which introduced an acceptable use policy without defining what acceptable use was. This was the company which refused to roll out ADSL2 in areas which already had ADSL. This was the company which charged more for wholesale use of it's network than it charged it's retail customers. It was a wise business decision too because once the ACCC put a stop to that practice users left in droves to cheaper better ADSL2 services.

    I remember my last few days of Telstra cable fondly. We were paying some $80 per month with a 20GB download limit. When we tried to quit they gave us $300 credit so we jumped on the most expensive plan and then quit a month later anyway. Now I pay $60 per month for completely unlimited internet which is faster than the old cable we were on and we don't pay phone line rental either.

    The only time I've seen people recently give Telstra a choice is if a) the company is paying, b) they had absolutely no other choice. Even if I now look at their plans, $70 for 200GB ex line rental for ADSL2 it boggles the mind that someone would pay these people willingly.

    • by fostware (551290)

      50% discount to seniors when bundling, and their superior 3G/4G mobile networks.

      Other than that, they exist because of the copper their wholesale department owns...

    • You've obviously not used their mobile network in recent years. The prices are a bit higher than you pay with other carriers, but the network is brilliant. I can actually use the data I pay for each month, as opposed to getting dialup speeds on those occasions when I can even load anything to begin with.
      • by thegarbz (1787294)

        No motivation mate. I'm not paying $20/month more to get exactly the same thing I'm getting now.

        If I lived in a rural area or a fringe suburb I may agree with you. I have heard that Telstra's network is quite a bit better than others. That said I have yet to experience someone getting a faster speed that I do, or even a case where someone gets service where I don't.

        2 years ago I switched carriers because one of them offered sketchy service where I lived. But then that carrier has an entire hate website [vodafail.com] dedi

  • by MichaelSmith (789609) on Wednesday June 27, 2012 @06:11AM (#40465155) Homepage Journal

    This is another good reason not to google self incrimination while planning a murder.

  • If I had to opt into a filter and the consequences were that my traffic has to go all the way from Austrialia to Chicago and back, that's not even about filtering anymore. Unacceptable ping time!!!

New crypt. See /usr/news/crypt.

Working...