As it currently stands the four largest ISP's all offer systems which use a centralised database. The following are the comments that I have from each of the ISPs.
Virgin Media said:
We're in the process of transitioning from our existing device-based parental controls solution, to a new, DNS network-based solution. By the end of 2014 all new and existing customers will be given the choice of whether to implement these new controls. Through a robust, two-step verification process, we will ensure it is only the adult account holder who makes the decision on whether to apply the filters.
Our new solution is applied at a household router level. It uses the IP address assigned to the subscribers' router to deliver a consistent level of filtering to any and all devices connecting to that home broadband connection. We have procured and invested in the solution in line with Government's desired objective of "whole home" filtering.
Where a subscriber has opted in to apply the filters, DNS lookups associated with that subscriber's IP address will be analysed against our block list to determine whether access is permitted. Only subscribers that opt in to the filters will have their DNS lookups analysed.
Whilst it is clearly necessary for us to retain data on whether an IP address has selected filters in order for us to implement them, details of sites accessed by subscribers will not be recorded unless specifically required for diagnostic purposes, and will not be retained after diagnosis is complete.
Our solution does not utilise Deep Packet Inspection technology. As such, our systems only get sight of URL data, unlike systems that use DPI which have the capability to view all traffic passing across the network.
We are committed to providing our customers with all the tools they need to keep their families safe online. As a result, we will be rolling out a ‘whole-home’ filtering service before the end of the year. This will give our customers complete piece of mind, letting them control the type of content that is available across all internet-connected devices used in the home.
The system will use DNS technology to identify the websites that need to be filtered out according to a customer’s preferences and will not use deep packet inspection technology.
To make this solution work, we need to store the level of filtering required by each customer and we will not keep a record of individual web queries. The information on the choices customers have made about what content to filter out is also subject to stringent data protection measures
We don't have a formal response from TalkTalk, but their system appears to operate based upon a proxy server. With a central database.
We at BT take seriously the need to keep children as safe as possible online. The Government has been clear in its online child safety agenda about its desire to see ISPs do more to make all their customers aware of and apply filtering tools. BT is responding to that. We take customer privacy, data protection and confidentiality of customer records equally seriously in doing so.
Our child protection filters are optional . There are multiple filtering categories of which pornography is but one – and this has always been the case. By the end of next year all new and existing BT customers will be given the unavoidable choice as to whether to block pornography, but as before, they can also choose to block any of the existing other categories: these will be applicable to all devices in home. BT and other ISPs are required to have in place a process which ensures that the internet account holder is not by passed in the setting, re-setting or alteration of filtering choices. This is to ensure that children in households cannot bypass parental choices without their knowledge.
To conclude. All the four top ISPs operate a central database. TalkTalk's system is the most intrusive as it also tracks the individual pages that people look at.