UK ISPs BT, Sky, TalkTalk, and Virgin are reportedly hijacking their subscribers web browser sessions to try and push them to use porn filters.
Recently, we’ve reported on the UK overblocking problem where the Chaos Computer Club was censored by porn blocks. Now, it seems that the porn blocks have gotten a fresh round of controversy where users browser sessions are being hijacked by their own ISPs in an attempt to sell users on using these porn filters.
The report comes out of Arstechnica where major UK ISPs are promoting a so-called “family friendly” internet where inappropriate content is blocked. Apparently, when a user accesses an unencrypted page, that user is redirected to a different page that asks the users about web filtering. If the user does not make a decision, web browsing is apparently disabled until a decision is made.
This kind of technique bears remarkable similarities to ransomware where hackers find a way to install malware on a persons computer. The ransomeware then locks down a computer and demands money from the user in order to permit the user to use their computer again. One key difference here, though, is the fact that ISPs are doing the hijacking and nothing is being installed on the users computer (ISPs wouldn’t have to resort to that necessarily).
The controversial move has digital rights advocacy organizations upset. From the report:
Digital rights organization Open Rights Group (ORG) said that ISPs risked encouraging customers to trust hijacked sessions by displaying messages in this way.
“How can a customer tell the difference between an ISP hijack and a phishing site made to look the same? There are better ways for ISPs to contact their customers—particularly given that they have our phone numbers, email and actual addresses,” an ORG spokesperson said.
[…]
Renate Samson, chief executive of civil liberties group Big Brother Watch, said that ISPs had gone too far by hijacking people’s browsers to force them to make a decision about web filters.
“Whilst most people will be happy to explicitly make a choice whether to opt in or out of filtering, forcing people to make a decision which they may have no strong feeling towards is completely unnecessary. To actively restrict users’ service to establish agreement or otherwise is quite simply too heavy handed.”
For longtime digital rights advocates, this controversy has a slippery slope side to it. In 2007, there was a controversy in the US where ISPs considered hijacking browser sessions to inject their own ads as a form of an additional revenue stream. One may wonder if ISPs are able to hijack a users session to push their filtering technology, what is stopping them from trying to also insert their own ads as well?
For now, it seems that UK ISPs are not backing away from this move. Some ISPs say that their hijacking of browsers sessions won’t force users to make a decision, while other ISPs seem to force such a decision. Where all of this goes from here remains to be seen.
Drew Wilson on Twitter: @icecube85 and Google+.