Telstra has confirmed it is tracking websites visited by its mobile users in the lead up to a launch of a new web filtering solution.

Days after suspicions of Telstra's networking monitoring activity were first aroused, the telco has revealed it captures web addresses visited by millions of subscribers on its Next G network.

The addresses are compared to a blacklist of criminal sites curated by web filtering company Netsweeper, and held both in Australia and the US.

Users first noticed the new activity when they directed their Telstra devices to the telco's web servers and noticed it was also visited split seconds after by a Chicago IP address, believed to be held in a Rackspace facility.

Network engineers and users on the Whirlpool user forums suspected the activity was a marketing effort used to gather intelligence on the activities of Telstra customers.

A spokesman for the telco told CRN sister publication SC last week that the activity was part of a "normal network operation".

However, Telstra has since clarified that the activity was conducted ahead of a launch of a voluntary web filtering offering for mobile users.

The monitoring appears to relate to an as-yet unreleased feature dubbed "Smart Controls" that would allow users to access "mobile internet browsing restrictions and call restrictions on Telstra mobile services".

According to Telstra documentation (pdf) updated on Tuesday, users who opt into the feature would pay $2.95 per month for the ability to restrict internet access on mobiles associated with their account based on specific URLs and content categories, or allow access to only specific URLs.

The feature would only be available to newer Telstra customers — those on its Siebel-based billing system. It would also provide regular reports of internet use for users when the Smart Controls function is enabled.

"Whilst we take care in filtering content based on the preset internet categories, we cannot guarantee that any or all of the content will be filtered accurately or in accordance with these categories," the documentation reads.

The filtering appears to be only restricted to Telstra mobiles operating over the Next G network; those accessing the internet over a local wi-fi connection would not face the same restrictions.

However, preparation for launch of the service has seen Telstra monitor internet use for all mobile subscribers.

User privacy

Spokesman James Howe told SC that user data was "completely anonymised" before it was sent offshore to be compared against Netsweeper's URL blacklist.

He was unable to confirm if users could opt-out of the data slurping procedure at the time of writing. Senior Telstra technicians reportedly told some engineers that users could not opt out of the website tracking but could request a list of tracked sites through the company’s billing department.

Telstra was waiting on confirmation from its legal team before it is expected to issue a statement.

Users contended the activity was far from normal. Former Internode network engineer Mark Newton issued a strongly-worded statement to Telstra’s privacy wing requesting information on the activity in lieu of a request to the federal privacy office.

Greens senator Scott Ludlam told SC sending even anonymised traffic offshore could have serious privacy implications.

"It is potentially probelematic. Anything in the US is subject to the Patriot Act, even if the data is anonymised, or sent as batches," Ludlam said.

"Why weren't people asked if they could opt-in?"

The US Patriot Act, introduced in 2001, allows the US Government to grab any user data stored within the country for intelligence purposes.

Senator Ludlam said it was unfortunate that it took a gang of network engineers to spot Telstra's "capturing of shadow traffic", especially if Telstra was to launch a volunteer net filter product.

"Maybe it is of noble intent, and Telstra had gone about it in a subversive way," he said.

The use of voluntary filters has been seen as a favourable alternative to the Federal Government's proposed internet filtering scheme.

A similar system, blocking access to child pornography sites, is also run by Telstra for all its subscribers, based on a blacklist curated by Interpol and held by the Australian Federal Police locally.

In a demonstration of the tracking activity, Mark Newton wrote:

"a visit to "http://my-server/13uf2n232.html" yields this hit from my iPad: 149.135.145.71 - - [25/Jun/2012:17:24:59 +0930] "GET /13uf2n232.html HTTP/1.1" 200 736 "-" "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3" and, approximately 250 milliseconds later, this hit from 50.57.104.33 in Chicago 50.57.104.33 - - [25/Jun/2012:17:25:00 +0930] "GET /13uf2n232.html HTTP/1.0" 200 736 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0" end"

He alleged the transmission of user traffic data off-shore could be a breach of Australian privacy legislation.