Telstra’s first attempt to introduce a cyber-safety service for mobile customers in June wasa flop of significant proportions. Customers and concerned members of the public reacted strongly to the collection and offshoring of user data that was part of the “Smart Controls” cyber-safety service and the service was eventually scrapped.
But earlier this week, Telstra representatives apologised for the first version of Smart Controls and announced the service would be re-introduced in late November 2012 following a suite of revisions.
The Smart Controls service was originally introduced to help parents ensure their children were only visiting appropriate websites when surfing the net via a mobile phone.
The service allowed parents to block certain web pages, allow access to other pages, manage the amount of time spent online and a number of other options.
Despite these noble aims, there were many concerns about how the service would be implemented, including:
- data collection for Smart Controls would be compulsory for all Telstra mobile customers
- Telstra offered no explanation about what data was collected
- the collected data was sent to a Canadian-based web-content-filtering company Netsweeper Inc.
It was the last of these that caused the greatest concern, with a thread on the Whirpool broadband forum addressing these issues given the title “Are Telstra hackers?”
Smart Controls 2.0
The process of checking webpages accessed by Smart Controls users has changed little from the original version to the revised version.
That is, when a customer using the service accesses a webpage via their mobile, Telstra checks the requested website against its database of known websites to see if the site is appropriate for minors or not.
And while this process is the same in the revised version of Smart Controls, there are some subtle changes.
One change is the fact that Telstra is only sending data to Netsweeper Inc. if a website accessed by the customer is not listed in the Telstra database. That is, if the requested page isn’t in Telstra’s database, it then sends the page request to Netsweeper’s more-extensive database to retrieve the page’s classification.
If the page isn’t in Netsweeper’s database then the target site is assessed using an automated process and, if necessary, by Netsweeper staff. Information about the page’s suitability for minors is then sent to Netsweeper’s and Telstra’s databases.
This is in contrast with the original version in which all mobile phone customer data was sent offshore to Netsweeper, albeit with variables and other extra information stripped from URLs first.
Source: The Conversation