- Aug 30, 2012
- 6,598
BT, Sky and Virgin Media are hijacking people's web connections to force customers to make a decision about family-friendly web filters. The move comes as the December deadline imposed by prime minister David Cameron looms, with ISPs struggling to get customers to say yes or no to the controversialadult content blocks.
The messages, which vary by ISP, appear during browser sessions when a user tries to access any website. BT, Sky,TalkTalk and Virgin Media are required to ask all their customers if they want web filters turned on or off, with the government saying it wants to create a "family friendly" internet free frompornography, gambling, extreme violence and other content inappropriate for children. But the measures being taken by ISPs have been described as "completely unnecessary" and "heavy handed" by internet rights groups.
The hijacking works by intercepting requests for unencrypted websites and rerouting a user to a different page. ISPs are using the technique to communicate with all undecided customers. Attempting to visit WIRED.co.uk, for example, could result in a user being redirected to a page asking them about web filtering. ISPs cannot intercept requests for encrypted websites in the same way.
An example of how Virgin Media is hijacking browsers with a message about turning on its Web Safe web filter
Terence Eden
BT is blocking people's browsers until they make a decision, making it impossible for customers to visit any websites once the in-browser notification has appeared. A spokesperson for the UK's biggest ISP said: "If customers do not make a decision, they are unable to continue browsing. The message will remain until the customer makes a decision."
BT explained that the message does not force people to activate BT Parental Controls and if a user selects "No" they will be taken to a confirmation page and be able to continue browsing without the message re-appearing.
Digital rights organisation Open Rights Group (ORG) said that ISPs risked encouraging customers to trust hijacked sessions by displaying messages in this way.
"How can a customer tell the difference between an ISP hijack and a phishing site made to look the same? There are better ways for ISPs to contact their customers -- particularly given that they have our phone numbers, email and actual addresses," an ORG spokesperson said.
Sky is also hijacking browser sessions to ask customers if they want to turn on its Sky Broadband Shield web filter. Unlike BT, Sky said it would not disconnect or block customers if they refused to make a decision.
A Sky spokesperson said the company may turn web filters on automatically for any undecided customers "from some point next year". The spokesperson added that these customers would get an email or letter explaining what had happened.
in July 2013. At the time he said that all internet users in the UK would be faced with an "unavoidable decision" about whether to install web filters or not. Since then new customers have been asked about web filters during the signup process, with ISPs also required to contact millions of existing customers.
David Cameron said that all UK internet users would face an "unavoidable decision" about turning web filters on or off
Shutterstock
All four ISPs outsource web filtering to other companies who use a combination of block lists and automated content detection to decide if a website is inappropriate or not. The technology has been criticised for incorrectly blocking non-adult websites and for being easy to bypass. Privacy advocates have also claimed it is wrong for ISPs to have a database of people who do and do not have access to adult websites.
Renate Samson, chief executive of civil liberties group Big Brother Watch, said that ISPs had gone too far by hijacking people's browsers to force them to make a decision about web filters.
"Whilst most people will be happy to explicitly make a choice whether to opt in or out of filtering, forcing people to make a decision which they may have no strong feeling towards is completely unnecessary. To actively restrict users' service to establish agreement or otherwise is quite simply too heavy handed."
An Ofcom report in July put Virgin Media at 4 percent, BT at 5 percent, Sky at 8 percent. TalkTalk, which has 4.2 million customers, said 1.6 million (38 percent) were using its HomeSafe system, which also includes malware protection, but that only 400,000 (9 percent) were using the web filtering component.
The messages, which vary by ISP, appear during browser sessions when a user tries to access any website. BT, Sky,TalkTalk and Virgin Media are required to ask all their customers if they want web filters turned on or off, with the government saying it wants to create a "family friendly" internet free frompornography, gambling, extreme violence and other content inappropriate for children. But the measures being taken by ISPs have been described as "completely unnecessary" and "heavy handed" by internet rights groups.
The hijacking works by intercepting requests for unencrypted websites and rerouting a user to a different page. ISPs are using the technique to communicate with all undecided customers. Attempting to visit WIRED.co.uk, for example, could result in a user being redirected to a page asking them about web filtering. ISPs cannot intercept requests for encrypted websites in the same way.
An example of how Virgin Media is hijacking browsers with a message about turning on its Web Safe web filter
Terence Eden
BT is blocking people's browsers until they make a decision, making it impossible for customers to visit any websites once the in-browser notification has appeared. A spokesperson for the UK's biggest ISP said: "If customers do not make a decision, they are unable to continue browsing. The message will remain until the customer makes a decision."
BT explained that the message does not force people to activate BT Parental Controls and if a user selects "No" they will be taken to a confirmation page and be able to continue browsing without the message re-appearing.
Digital rights organisation Open Rights Group (ORG) said that ISPs risked encouraging customers to trust hijacked sessions by displaying messages in this way.
"How can a customer tell the difference between an ISP hijack and a phishing site made to look the same? There are better ways for ISPs to contact their customers -- particularly given that they have our phone numbers, email and actual addresses," an ORG spokesperson said.
Sky is also hijacking browser sessions to ask customers if they want to turn on its Sky Broadband Shield web filter. Unlike BT, Sky said it would not disconnect or block customers if they refused to make a decision.
A Sky spokesperson said the company may turn web filters on automatically for any undecided customers "from some point next year". The spokesperson added that these customers would get an email or letter explaining what had happened.
in July 2013. At the time he said that all internet users in the UK would be faced with an "unavoidable decision" about whether to install web filters or not. Since then new customers have been asked about web filters during the signup process, with ISPs also required to contact millions of existing customers.
David Cameron said that all UK internet users would face an "unavoidable decision" about turning web filters on or off
Shutterstock
All four ISPs outsource web filtering to other companies who use a combination of block lists and automated content detection to decide if a website is inappropriate or not. The technology has been criticised for incorrectly blocking non-adult websites and for being easy to bypass. Privacy advocates have also claimed it is wrong for ISPs to have a database of people who do and do not have access to adult websites.
Renate Samson, chief executive of civil liberties group Big Brother Watch, said that ISPs had gone too far by hijacking people's browsers to force them to make a decision about web filters.
"Whilst most people will be happy to explicitly make a choice whether to opt in or out of filtering, forcing people to make a decision which they may have no strong feeling towards is completely unnecessary. To actively restrict users' service to establish agreement or otherwise is quite simply too heavy handed."
An Ofcom report in July put Virgin Media at 4 percent, BT at 5 percent, Sky at 8 percent. TalkTalk, which has 4.2 million customers, said 1.6 million (38 percent) were using its HomeSafe system, which also includes malware protection, but that only 400,000 (9 percent) were using the web filtering component.
