Expert questions TalkTalk's HomeSafe service

Expert questions TalkTalk's HomeSafe service

Summary: A researcher has questioned the efficacy and privacy implications of TalkTalk's anti-malware HomeSafe service, which scans all URLs regardless of whether a customer opts to use the service

TOPICS: Security

An expert has questioned the effectiveness and privacy implications of TalkTalk's network-level HomeSafe security system.

Criminals could easily serve harmless content to TalkTalk, and malicious content to everyone else, according to Richard Clayton, a security researcher based at the University of Cambridge. TalkTalk relies on a recognisable anti-malware agent to determine whether a site is malicious, which can be detected by criminals, Clayton told ZDNet UK.

If you're a bad guy, what you would do is arrange to alert when TalkTalk visits your site, and serve them up fluffy bunnies, and serve everyone else a drive-by.

– Richard Clayton, security researcher

"If you're a bad guy, then what you would do is arrange to alert when TalkTalk visits your site, and serve them up fluffy bunnies, and serve everyone else a drive-by," said Clayton on Wednesday.

Cybercriminals should not have much of a problem detecting TalkTalk's user agent string, Clayton wrote on the University of Cambridge computer labs security blog on Tuesday.

"The notion that it is possible for a centralised checking system — especially one that tells a remote site its identity — to determine whether sites are malicious are not [...] is problematic and I doubt that malware distributors will see this as much of a challenge," the researcher said.

Clayton visited TalkTalk in January to discuss the implications of its network-level security service, which the company said is intended to block malware and other web-borne threats.

URL scanning

The opt-in HomeSafe system — which also has parental control as well as anti-malware features — works by scanning the URLs that customers visit and creating a blocklist of malicious websites. However, while the end-user part of the service is opt-in, the company scans all web addresses that its customers visit regardless of whether they have opted-in to the service.

"Even if you haven't opted-in to the system, your URLs are still being sniffed," Clayton told ZDNet UK. "It turns the system into something that has all sorts of caveats."

ZDNet UK app

ZDNet UK app for iPhone and Android devices

It's small, it's simple, it's multi-platform. The ZDNet UK app is now available for download from the App Store and Android Market.

Read blog +

TalkTalk on Wednesday confirmed that its system scans URLs, but added that the company does not keep a record of the data.

"In order for our online protection to be effective, we scan all URLs," a TalkTalk spokeswoman told ZDNet UK on Wednesday. "This is done on a completely anonymous basis and recorded in temporary memory, prior to being deleted. The system is subject to the same high level of security already applicable to the TalkTalk network and TalkTalk's customer data."

Digital rights organisation the Open Rights Group has published a legal analysis (PDF) on its website that is attributed to TalkTalk, in which the ISP says it "already scans incoming emails received on TalkTalk domains for virus and other malware". It goes on to add that the HomeSafe virus alerts system is "simply an extension of TalkTalk's existing actions to protect customers and our network from malware and viruses".

ZDNet UK's Tom Espiner contributed to this article

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

Ben Woods

About Ben Woods

With several years' experience covering everything in the world of telecoms and mobility, Ben's your man if it involves a smartphone, tablet, laptop, or any other piece of tech small enough to carry around with you.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • As a TalkTalk customer I find it hard to accept that they don't store information about sites visited - I've noticed that when I open up their homepage the adverts that load up all seem to relate to searches I was making the last time I was on their site. Some even ralte to searches made with other search engines.
  • The reason why it seems as if advertising is catered towards you and perhaps what you have been searching is not to do with your Internet activity being monitored. Cookies are stored on your computer, these are gathered by the websites you visit- these cookies contain information which can be used for marketing purposes. You can solve this problem by deleting your entire web history.
    here are not enough laws and clarity regarding data privacy.