TalkTalk's HomeSafe is their broadband network-level filtering product, featuring malware and Adult content filters. It reportedly took two years and cost an estimated £20 million[1] to develop and a further "six figure sum" annually in maintenance and running costs[2]. Unannounced testing of the system was noticed by TalkTalk users in July 2010[3]. Trials of the system, then known as "Network Security" completed in March 2011[4]. It was publicly launched on the 9th May 2011.

Development

The hardware is manufactured by Huawei Symantec (now wholly-owned by Chinese company Huawei). It was examined in January 2011 by Richard Clayton[5] for ORG when it was known as BrightFeed[6]. The system may be based on Huawei's "Service Inspection Gateway" or "GREENnet" filter system[7]. Both TalkTalk and Huawei employees are able to add and remove sites from blacklists independently.[8]

Operation

Regardless of whether TalkTalk customers sign-up to the system, any http URLs requested using TalkTalk's network are retrieved using DPI and added to a list for later testing.[9][10]

By the end of 2011 it was reported to have "only attracted around 200,000" users.[11] In February 2012 it announced it would be introducing an "Active Choice" forcing all new customers to signal if they wished to opt-out of adult-content filtering [12].

One year after launch this had risen to about 350,000 homes[13], about 8.6% of customers - presumably helped by Active Choice and increased publicity from the Claire Perry report and subsequent Mail campaign. In May 2012 TalkTalk announced that, unless they specifically requested access to adult content every year, customers would automatically be signed-up for HomeSafe adult content filtering[14].

[15]

Malware checking

Branded Virus Alert the network blocks access to locations it has listed as malware sources. It also retrieves all http URLs visited by TalkTalk customers to scan for malware.

Crawler

The bot associated with the service (checking for malware, etc) identifies as "HuaweiSymantecSpider"[16] or "TalkTalk Virus Alerts Scanning Engine"[17]

Adult content filter

Branded Kid Safe, the filter allows URLs for a limited number of user-selected categories to be blocked for the connection. This allows a user to, for example, block sites categorised as "Pornography" but to allow sites categorised as "Social Networking". It also allows for up to nine specific user-supplied addresses to be blacklisted[18]. While TalkTalk have never claimed their content filtering as 100% effective, it suffered embarrassment in December 2011 when Kid Safe was shown to fail to block high-profile pornography site Pornhub[19].

Categories available for blocking are: "Dating", "Drugs, Alcohol and Tobacco", "File Sharing Sites", "Gambling", "Games", "Pornography", "Social Networking", "Suicide and Self-Harm", "Weapons and Violence".

Time-based content filter

Branded Homework time, this provides time-of-day controls for blocking categories such as "Games" and "Social Networking".

TLS interception

HomeSafe attempts to block sites over https, presumably by attempting to pull the domain from the certificate exchange.

Error Message when accessing Twitter of Facebook:

You may be browsing to the secure (https) version of Facebook or Twitter. Due to the secure nature of https sites, we’ve had to program HomeSafe differently to still provide blocking to these types of sites. Unfortunately the process doesn’t allow us to show the normal HomeSafe blocking page. Instead you will see an error page from your internet browser.[20]

Legality of DPI use

In response to questions regarding the system's legality, in inspecting the traffic of those not using filters, under RIPA TalkTalk argue that the system’s purpose is to protect their network, which gives them a statutory exemption from wire-tapping legislation.[21]

Overblocking

Issues have been caused by the TalkTalk implementation of the IWF CAIC list block. Wordpress.com, one of the major hosts of website content, has been blocked on multiple occasions (e.g. July 2013 [22][23], and possibly November 2013[24]) Implementation of the IWF blocks were also blamed for the throttling of popular image-hosting site Imgur in March 2014.[25]

Reporting overblocking

TalkTalk customers can log a report using button on the blocked page.

Content owners can follow the instructions now provided on the TalkTalk site[26]:

If you have a website which you think is being incorrectly blocked by HomeSafe Add please email Homesafe.classification@talktalkplc.com including the following details: Your responsibility for the website (e.g. owner, administrator or owner of the business advertised).

The full URL or domain name

The HomeSafe category you believe it is being blocked under e.g. Dating. We'll review this feedback and make changes where necessary.