More trouble for Airtel: Injects JavaScript code to monitor data usage; activist receives notice

Airtel, if not the net-neutrality debate, seems to have returned to the fore on account of a legal notice sent to Thejesh GN, an activist and programmer.


Net neutrality has been a raging debate in India in the past few months. 'Save the internet' and several other efforts by volunteers, groups, organisations and surprisingly even politicians have focussed on the neutrality of data packets accessed by users.

Airtel, if not the net-neutrality debate, seems to have returned to the fore on account of a legal notice sent to Thejesh GN, an activist and programmer.

Last week, Thejesh posted his findings on his twitter handle @thej that highlighted the injection of JavaScript code into webpages browsed by Airtel consumers.

https://twitter.com/thej/status/606126370364649472

Later, his GitHub post was taken down after a DMCA take down notice was issued on 05 June.

What was alarming in this story was the obscure manner in which the code was embedded. The source for the script pointed to an IP address http://223.224.131.144/scripts.

More trouble for Airtel: Injects JavaScript code to monitor data usage; activist receives notice

A retrieved copy of the post by Thejesh. Image: @thej

 

An IP lookup reveals this IP address belongs to Bharti Airtel in Bangalore. In response to the revelation by Thejesh, Flash Networks, an Israeli company, has sent him a cease and desist order requesting him to take down the description and implication of Anchor.js  in his post.

The notice to Thejesh is attached below:

LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0000

LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0001

LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0002

LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0003

LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0004

We spoke to Bangalore-based startup founder Rohin Dharmakumar to get his thoughts on the development:

What in your opinion is wrong in this case?
We pay our ISPs and mobile operators a monthly fee for broadband access. From all accounts, it's quite profitable for them. So why should they be surreptitiously inserting scripts into our browsing, with the objective of targeting us through ads? Who gave them this right? Is TRAI aware of this? Are subscribers aware of it?

What could be potential / known breaches in this matter?
At the minimum, Airtel is guilty of modifying the content of web pages that are received by its subscribers. But who knows what else they're doing or have planned. My educated guess is that they (along with partners like Flash Networks) will read through every page that is delivered to their subscribers in order to insert their own targeted advertising. For instance, you might get an Airtel-inserted ad for smartphones when you're browsing a gadget site or one for water purifiers when browsing a health site.

Is there proof of an interception of data by Airtel?
I think Thej's original post adquately documents this, including tracing back the IP addresses where the scripts are hosted, to Airtel and Flash Networks. You should ask both of their companies for their official responses.

Airtel on its part, clarified to The NextBigWhat that:

"Our customers have frequently asked us for ways of easily keeping a track of their data consumption – specifically dongle and broadband users, who unlike mobile users, cannot receive real-time alerts on their usage"

We have written to Airtel and Flash Networks for an official response on the matter. Airtel has replied with an official response. You can read it here.

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.