December 18, 2013 | Peter Bradwell

Why WordPress bloggers were blocked by TalkTalk, and what it tells us about Internet filtering

Even a site with WordPress' popularity and clout struggled for a week to understand and fix their users' access problems.

At the end of November a number of WordPress blog admins complained on WordPress forums that they were having problems accessing their accounts. It appeared that TalkTalk subscribers who had WordPress blogs could not access their administration pages over https, and so couldn't write and publish new blog posts.

WordPress were unable to explain what was happening. The first reports were on 26th November and continued until around December 5th.

Similar access problems have occurred before, with users struggling to access WordPress and another site called Other ISPs have had issues (see below).

The story demonstrates some of the key issues with over blocking by ISPs' Internet filtering systems. There are lessons here for the Government as they press for more Internet blocking - about the ISPs' responsiveness to reports of over-blocking and how seriously the government and ISPs take the problem. 

It seems reasonable at this point to mention again that in June this year Claire Perry MP, who advises the Prime Minister on preventing the commercialisation and sexualisation of childhood, described concerns about overblocking as a 'load of cock'. 

What happened?

It seems a WordPress account was reported for containing child abuse content, and once this was confirmed WordPress took the account down and the IWF added the relevant URLs to its block list. (thanks to Barry Turnbull for his work figuring out what was happening.)

The Internet Watch Foundation (IWF) give ISPs a list of sites that contain child abuse images, which the ISPs then block. It is down to the ISP how this blocking actually works. The IWF maintained that no WordPress URLs were on their block list at the time of the access problems and that they are not responsible for how the blocking is implemented. 

So it seems the problem comes from the way TalkTalk deal with the list the IWF supply them. TalkTalk provided the following statement:

"Due to the application of our blocking of the IWF list of URLs that contain child abuse imagery, a small number of users may have experienced intermittent issues accessing WordPress at the end of last week. We apologise for any inconvenience this may have caused."

Beyond this, we don't know exactly why TalkTalk's implementation of the IWF blocking list causes this issue. TalkTalk do not seem to have supplied any further technical explanation. 

It's not the first time this has happened

The cases we have seen all involve filters struggling to limit the blocking to a specific page or site within a domain, and end up restricting access to more than was intended.

When their subscribers had similar problems accessing some of WordPress and in October this year, TalkTalk provided almost the same statement as the one above in response. Just before that statement was posted, TalkTalk admins posted some slightly unclear and unhelpful explanations, pointing the finger of blame at the IWF.

It was reported this week that Sky subscribers also had issues accessing imgur, an image sharing site, last weekend. The difference here is that instead of the intention being to block child abuse material via the IWF list, the aim in this case was to block sites found to be infringing copyright. 

Why does it matter?

1. It matters even when 'small numbers' of users can't access a site.

It seems any TalkTalk users trying to access their WordPress admin pages over https couldn't do so. It's important to look at who was affected as much as how many.

Some may have been journalists who couldn't post stories for a number of days. For others their WordPress sites may have been part of their business, meaning they couldn't reach their market for a week.

There shouldn't be a number of affected users that counts as legitimate collateral damage.

2. ISPs need to take more responsibility for negative affects of filtering.

Affected users received vague and sometimes conflicting information about the problem and who was to blame.

In their forums, for example, TalkTalk's admins initially blamed the existence of the IWF list rather than their implementation of it.

The IWF explained repeatedly on Twitter that the issue was not of their making.

WordPress struggled to explain why their users couldn't access the site, leaving some of their users to speculate that it was WordPress' fault. It is telling, for example, that WordPress lead developer Peter Westwood was tweeting at IWF for an explanation on 4th December.

Even WordPress and its users can find themselves in a protracted state of limbo. It will probably be a lot more difficult for a site with a lower profile to get things sorted.

ISPs should make sure that there are speedier ways for sites to get these issues resolved, and should explain as soon as possible what the cause of the problem is. Those running websites need to be able to find out quickly from ISPs what is happening and why so they can explain to their users.

3. The Government need to take more responsibility for their filtering policies - even if they involve 'voluntary' industry arrangements.

The Government unwisely want more Internet filtering. They have pushed ISPs to roll out network level parental control filtering and want to see more blocking of content related to extremism. They seem less concerned that blocking comes with technical issues.

In their response to an e-petition about over-blocking the government say they have set up a discussion group at UKCCIS to look at over-blocking, but stress users should complain to ISPs about their issues.

We know mistakes and errors will happen, and the Government should be ensuring ISPs deal with the problems quickly. At the moment, nobody is willing to take responsibility.

In cases like this, the Department for Culture, Media and Sport in particular, who have recently pushed filtering with such enthusiasm, should be trying to understand why these problems are occurring.

We've asked to be part of the UKCCIS group to see if that forum can be a route to a solution.

Comments (10)

  1. sigma:
    Dec 19, 2013 at 08:59 AM

    How were Sky mandated to block imgur in this case?

    There will be many more cases of over blocking and broken e-commerce before this runs its course.

  2. Martin:
    Dec 19, 2013 at 10:09 AM

    Very helpful to have the full story set out like this. As a TalkTalk-provided Wordpress account holder, it was very frustrating to have no access to my blog (which, although I don't use directly for business, is a potential way for clients to contact me), compounded by Wordpress' apparent inability to tell their users what was going on.

  3. Richard:
    Dec 19, 2013 at 11:21 AM

    Many thanks and I share Martin's concern over this issue. It least it's encouraging to know my suspicions of censorship voiced to WP on 26 July are now shown to have been correct and that you echo my ignored recommendations to WP engineers. I’d stressed to WP: “It's far too coincidental that this WP-ISP glitch is timed to accompany PM Cameron's declared war on I/net porn”. (I advised my readers accordingly at

    Generating over 370 exasperated comments from over 70 users in July and 275 from almost the same users indicates the size of this outrageous issue. It was especially aggravating this time round because WP had reported in July they were "taking steps to make sure we don’t see a repeat of this issue in the future"! I now understand their inability to have done so in these totally unacceptable situations.

  4. Stephen Blythe:
    Dec 20, 2013 at 02:02 AM

    I was one of the team members that were involved in responding to the enquiries from users about this issue.

    There was no warning, and it wasn't immediately clear what was causing people to have issues accessing their sites. Despite all of our best efforts, it initially could have seemed like there was an error on our side, because not all users were experiencing simple HTTP errors, but were having specific issues with access to various areas - mostly dashboards. Luckily, Westi (Peter) and others are sharp and clever enough to have pinpointed it to a specific ISP - but we still had no immediate fixes. TalkTalk denied it, and the IWF also said there should be no problems.

    Despite the steps we took to resolve the problem on our end, there was still no official word from the ISP days on; a totally unacceptable situation. Even now it's not entirely clear what was blocked - be it an IP range, a server, or what.

    There are serious questions that have to be asked about unilateral action like this from ISPs, and those originate from way before the proposed 'porn' filters. How exactly are ISPs implementing this IWF watch list, and why are we not challenging it more rigourously? There needs to be a massive increase in transparency to the way these issues are dealt with, and the response from TalkTalk is simply unacceptable.

    Disclaimer: I am an employee of Automattic, and member of the ORG Supporters' Council.

  5. Iain Collins:
    Dec 20, 2013 at 02:37 AM

    One reason why over blocking can go wrong is how the URLs are filtered. Typically routes are manipulated (via BGP) to force destinations to be routed through a filter. This happens on a per-IP basis (or for a range of IPs - the in case of large sites).

    This is the same approach ISPs and carriers have been using for a long time to null route bad hosts (like ones infected with viruses or caught spamming... even on rare occation to other organisations they just don't like).

    When URL's like WordPress or Imgur domains appear in lists things go wrong quickly because the systems which handle the blocking suddenly get flooded with HTTP requests.

    Most of these systems are typically very lightly taxed - people don't normally visit these sites and most popular sites are responsible and of course immediately take down inappropriate content immediately and never appear on the list.

    When they suddently have to start having ALL the customer network traffic for a popular destination they can't handle the load, either because they can't deal with handling so many HTTP requests per second, or because they can't cope with the sheer bandwith (e.g. some poor network interface somewhere doesn't have the capacity).

    As noted, while the details of the filtering systems vary widly - you could do DPI, or request proxying or something a bit in between those - they all tend to have the same weakness here, which is why it keeps happening at every provider.

    Note also the IWF maintain more than one list and not all ISPs choose to block all blacklisted URLs they publish.

    Source: Wrote the IWF filter used by Sky, have also worked on the HomeSafe front end at TalkTalk. Note: I am deliberately leaving out implmentation specific details here, but um yeah.

  6. sigma:
    Dec 20, 2013 at 09:38 AM

    Linkback to previous ORG article about TalkTalk's non opt-outable DPI of every browsing request of every TalkTalk user.

  7. James Sutherland:
    Dec 21, 2013 at 09:38 AM

    I think it's vital at this point that everyone affected - and their friends - switch ISPs, since this appears to have been TalkTalk's fault rather than the IWF's: call up, request your MAC (the reference number used to transfer to another ISP), and tell their customer service rep why you are changing. If they lose enough customers over it, perhaps TalkTalk will re-think their heavy-handed complacency over restricting services to customers.

  8. Ian Waring:
    Dec 23, 2013 at 08:06 PM

    I sounds like Talk Talk needed some education on how Content Delivery Networks work, and that if unwanted content is routed from them, that a better approach than blocking the CDN's Netblock is followed. I'm sure that's how imgur got cited recently, and given how Wordpress works (CDNs are a free bolt on to speed media delivery), I suspect the same root cause.