Internet service provider TalkTalk has said that it will reinstate its network-level security scheme called Virus Alerts that tracks every URL request made by customers.
The anti-malware scanning system — known as Virus Alert — was quietly introduced by the company in July without telling customers that it was scanning URLs in order to provide on-screen virus alerts.
The system works by scanning URL requests and then placing them in either a whitelist of trusted sites or a blacklist of pages that are known to host malicious software or viruses.
TalkTalk's chief networks officer Clive Dorsman wrote on the company blog on Thursday that it expects to re-instate the system "in the next few weeks". He also pointed out that only customers that opt-in will see the alerts.
However, Dorsman also said that the system "records all the website URLs to which our whole network has been asked to connect ".
The company said that Virus Alert doesn't collect any personally identifiable information with the URLs and that any personal information in the destination URL itself would be stripped out. Records for safe web pages are stored for just 24 hours, while blacklisted sites are retained for a minimum of one week. Unique URLs is only scanned a maximum of once a day.
Discovery that the company had begun testing the system in July only came when customers started noticing unusual DNS addresses shadowing their online activity, leading them to raise the issue on the company's support forum.
In August privacy watchdog Privacy International said that it was concerned that the technology "falls foul of Regulation of Investigatory Powers Act (Ripa) and Privacy and Electronic Communications (EC Directive) Regulations (PECR)".
However, on the Virus Alert Q&A page TalkTalk says that regulatory authorities have been made aware of the system and that it has provided full details of the product to the Information Commissioner's Office (ICO).
In September the ICO expressed disappointment that it had not been informed in advance that TalkTalk was intending to begin trialling the URL scanning scheme, particularly after a similar project — called Webwise and provided by Phorm — was met with strong criticism by customers, peers and privacy campaigners. The Webwise service was shelved in July 2009.