[Rehaan]

'Water-boarding at Guantanamo Bay' sounds like a fun weekend activity, to those who don't know any better.


Hopefully this post will help you know better -- about what's happening to you right now, without you even realising it.

Internet providers like Airtel & MTNL are intercepting your browsing data, and injecting it with additional ads & JavaScript code.

Their goal? To earn additional revenue from you. Yes, additional revenue on the connections & services you've already paid for!


To illustrate this with an analogy, it is like:

• Your car audio system inserting its own ads between songs you're playing via your iPod.
• Your cell phone provider squeezing ad messages into your WhatsApp conversations with friends.
• Your phone calls being interrupted by an audio ad every hour.
• The pizza delivery guy swapping out one slice of your pizza with something you didn't order.

Here's an example of what it looks like on MTNL. It's not easy to spot, since it only happens occasionally:


The only way I spotted it was because I know what ads on Team-BHP are supposed to look like (hint: not this!):


The highlighted code is NOT originally present on the Team-BHP webpage. MTNL has changes the contents of the page:


They even place their rogue ads on top of legitimate ads:


Dear Esteemed Customer, you might even get ads without a close button!


The CEO of Adphonso (the partner ad network) even pretended to be a MTNL customer who was in favour of it. Insta-ban


With new advertisers coming on board (eg. BankBazaar), you will no longer be able to easily identify the ads as the rogue ones from MTNL!


It gets worse! Soon they will be injecting:

• Animated ads : They are already experts in awful graphic design. This will just take it to the next level!
• Frames : Shifts the whole webpage to one side and inserts their ads beside it (or on both sides).
• Interstitials : A full-screen splash page ad before you are taken to your desired destination.
• Appear anywhere : Bad enough that they appear, but now they'll appear anywhere on the page.

It's also reported that:

• The maximum number of pop-up ads per device per day is restricted to 5.
• There seems to be no process in place to seek consumer consent before pushing ads into their browsing sessions.

AIRTEL

A Few weeks back Airtel was also busted for injecting JavaScript code from an Israeli company Flash Networks into webpages:


Flash Networks then sent a ridiculous copyright infringement notice to the Bangalore techie who uncovered this malpractice.

Who is Flash Networks? Their LinkedIn page says:

Flash Networks is a global leader in optimization and monetization. Our solutions, enables operators to boost network speed, optimize video and web traffic, and generate over-the-top revenues from the mobile Internet.

Hmmm... I wonder what Airtel is interested in here?

Ironically, Airtel thinks all its customers are idiots, and claims the injected JavaScript is only to "track data usage". Rubbish. There's absolutely no need to inject JavaScript to do that.

[Rehaan]

IT'S WAY WORSE THAN YOU THINK...

I'm sure you realise that this is messed up. However, allow me to illustrate how much worse it truly is...


Your Security is Compromised:

• This is nothing short of a 'Man In The Middle' attack from our ISPs! (Definition = where the attacker secretly alters the communication between two parties who believe they are communicating directly with each other).
• The ISPs have the potential to do ANYTHING that a webpage can do - play audio, show an image, trigger a pop-up, redirect you to another site, attempt to access your webcam, record audio, etc. Imagine that.
• Unethical business practices draw all sorts of advertisers. Expect adware, malware & phishing to sneak through soon enough.

Bye-bye Privacy:

• These 3rd party partners have the ability to see what you're browsing (even in private browsing mode).
• Ad networks love being nosy about user behaviour. Expect them to collect & sell data about your browsing habits too.
• Your landline phone number is used as an identifier for the ads. Combine this with the above point, and it's a ridiculous breach of privacy (not to mention potential for tele-marketing).

Hello Inconvenience:

• Slower page loads, since the content goes through an additional ad-server.
• Content on the websites you visit is covered by the rogue ads.
• The ads have a tiny close button that doesn't even work correctly.
• They'll use any possible invasive or irritating tactic to ensure you notice the ad.

Websites are the losers:

• The injected content covers ads from legitimate advertisers, blocking what the they have rightfully paid for.
• Most users will blame the website for having these awful ads, since they don't realise it's their shady ISP doing this!

Is it even Legal?

• Here's what section 79 of India's IT act has to say:

[Rehaan]

HOW CAN WE STOP THIS?

Raise Awareness:

• Most people don't even realise this has been happening! Spread the word.
• Complain to the government via PGPortal
• Write an email to the MTNL abuse address - networkabuse@bol.net.in
• If you run a website or blog, educate your visitors about the issue.

In the Meanwhile; Protect Yourself:

• Use HttpS versions of sites, if available. (The encryption makes them harder to snoop on).
• Use a browser extension like Https Everywhere
• Use a VPN (secure connection to another ISP)
• Note: Simply blocking the ads is not a real solution. The ISP & ad network will still be able to see your browsing data.
• Note2: If there are any unsecured elements on the page, secure connections (https) can be compromised by these injections.

Get Social:

• Educate your friends. Click to share on : Facebook / Twitter / Google+ / LinkedIn

[mayankk]

Ive seen this. Its sort of easy to make-out. At least with MTNL.
They do run some current things, but all of a sudden, there'll be one floaty ad on the lower right saying "Good governance day offer, till 31st December 2014!! Subscribe now to MTNL broadband."
Er, one, its 2015, and two, I'm already ON mtnl, morons.

The problem with this is, since MTNL is so efficient, and IT savvy, these ads get served occasionally with a wait time of 30 seconds to infinity, and the page doesn't load at all!
To get rid of this, open up your router in a browser, and under access management, block these two:

adphonso.com

203.94.243.40

Like so:

I understood this method here:
http://www.yogeshsarkar.com/blog/201...k-mtnl-popups/

This ought to take care of MTNL, since bad-mouthing doesnt matter to them.

For airtel, I'm sure if you search, you can fish up a similar solution.
And going after them of Social media.

PS:Adblocker plugin on chrome works as well, but it causes occasional mangled pages.

[Rehaan]

Quote:

Originally Posted by mayankk

To get rid of this, open up your router in a browser, and under access management, block these two:

While this hides the ads, it is only a half-way-there solution : since it doesn't really take care of all aspects of the problem.

Namely, your data is still going through adphonso's servers, and all the privacy and security issues still exist. (Though it might also be inserted with Javascript - but i did not come across that code in my brief look).

It's a decent interim solution, as long as you know that it hasn't truly solved the problem

[Lalvaz]

Thanks Rehaan for highlighting this. You're absolutely correct that its an invasion of the users privacy and degrades the user experience, plus its clearly illegal. for users of data usage based internet plans, its cheating, since you're now also paying for the bandwidth consumed by those ads.

All the more shameful and surprising that this is coming from MTNL, if the government operators behave in an illegal manner, then what can one expect from the private players?

Will definitely take up the issue with MTNL at all forums.

[tsk1979]

Under the Indian IT act, if this is illegal, can an FIR be filed against MTNL?
Only a MTNL customer can do so I guess.

[mayankk]

Quote:

Originally Posted by Rehaan

While this hides the ads, it is only a half-way-there solution : since it doesn't really take care of all aspects of the problem.

Namely, your data is still going through adphonso's servers, and all the privacy and security issues still exist.

It's a decent interim solution, as long as you know that it hasn't truly solved the problem

Oh?
I thought since its been blocked at the router level, all to and from is stopped?
You mean to say, all this does is stop the ads popping up?

[latentpotential]

Quote:

Originally Posted by mayankk

Oh?
I thought since its been blocked at the router level, all to and from is stopped?
You mean to say, all this does is stop the ads popping up?

Yes, at your router, you have stopped the ad. BUT at the MTNL level, the ad has already been injected in to your pages, which means that your traffic has gone through the ad servers.

[girimajiananth]

Quote:

Originally Posted by latentpotential

Yes, at your router, you have stopped the ad. BUT at the MTNL level, the ad has already been injected in to your pages, which means that your traffic has gone through the ad servers.

OK , from what I understand the ad server is the one that injects java scripts and snoops on your data ? adphonso is the only one to do that ? How many such adservers are there ? Is there a list of such servers ? How will I know through which adserver my data is being routed ?

[dar3dev|l]

Just curious to know, is Team-bhp completely on Https ? That way atleast users accessing our website are not troubled with it and ofcourse unregistered folks can still see our ad's and not what ISP shows them.

[CarJunki]

This code injection and pushing of Ads in this manner is quite dangerous.
Using secure protocols like Https is the only way to go for individual users, as they do not have the resources to technically stop this.

On the other hand, this issue shall be published again and again so that operators face the negative business environment.

[fine69]

Quote:

Originally Posted by mayankk

Ive seen this. Its sort of easy to make-out. At least with MTNL.....
This ought to take care of MTNL, since bad-mouthing doesnt matter to them.

When it comes to getting any MTNL broadband related issue fixed no amount of calls/emails/written complaints to Nodal Officers, Public Grievance Officers etc. works. I have to bribe my area lineman everytime who in turn gets any and every issue fixed. That's the state of affairs here so yes, no amount of bad-mouthing can EVER work with them.

Quote:

Originally Posted by tsk1979

Under the Indian IT act, if this is illegal, can an FIR be filed against MTNL?
Only a MTNL customer can do so I guess.

I'm an MTNL customer and would love to file an FIR if the Act permits. But would the cops really accept my FIR in the first place?

[varunanb]

Thanks Rehaan for the detailed explanation. You explained the problem very well, that even I could understand. Im a stranger to IT and my knowledge is limited to using them.

Many organizations have invested in e-commerce as the future of all bussiness and now with most cash transactions are online, a layman like me has no chance to identify right and wrong. I hope there are strict regulations and are enforced rigourously.

[Zappo]

I think as Rehaan suggested, if every person starts putting up complaints on the PGPortal against MTNL as well as Airtel for putting their customer's transactions in jeopardy it should start getting enough attention. May be even start twitting, posting on FB etc. about such malpractices (these are malpractices on mltiple counts in my opinion)

P.S.: Strangely though I dont recall having seen BSNL resort to these practices as yet! May be they are better off or else are more sensible?!! LOL