Easy there. No need to be hostile, I'm passing no judgement on the wrongs or rights of it, just explaining how I understand it to work.
I'm not being hostile. I'm just passionate about the subject.
Perhaps my post was not quite clear on the blacklist scenario - it meant to say that a url stays in the blacklist and is periodically rescanned until it is found to be clean and thence removed from the list. The 24 hours (or whatever it was) referred to the whitelist. There would be no point having a permanently stored whitelist clearly.
This is no more comforting. I don't want ANY of my web browsing habits being stored by my ISP, regardless of whether they consider it malware.
I would say a website that passes session information or personally identifiable information in the URL is irresponsible - it's perfectly possible to do so using secured connections and using cookies passed over that encrypted connection.
Agreed, but it still happens everywhere.
As for your purchasing scenario - I'd be more concerned that purchases can be made over a non-https connection in the first place myself.
I was pointing out how short-sighted they were when they designed the system. Personally, I would never transmit financial information over plain HTTP, but given the sheer size of TalkTalk's userbase, the situation is not that implausable.
Indeed yes they could not re-issue the http request, instead they could theoretically implement a system that scans the html content on the fly as it passes through their network. The costs involved to do that at line speed for every one of their multi-million customers would be insane, as would the other possiblity of storing it all and scanning it offline. It certainly wouldn't be a preferable solution either as it would be completely invisible.
They already have to scan all content on the fly in order to extract the HTTP headers. I don't see how extracting the rest of the content is any more of an expensive process, other than the fact that the data will most likely be spread across multiple packets. Maybe I'm overlooking something.
Thanks for the help guys. uno and Vivacti look like two good candidates. Uno, can you confirm whether I will have to switch back to a BT line before I can receive service from uno?
The VPS solution also sounds like a viable choice. I figured this would be expensive, but doing a cursory search on the Internet says otherwise. At the moment, I'm using Tor to conduct most of my web browsing, but I am forced to avoid it if I wish to communicate sensitive information to sites without HTTPS support. I can't help shake the feeling that I'm being recorded on a police-owned database somewhere for simply being connected to the Tor network, either.
Pages in this thread: 
Print Thread
