Update 1 – Vodafone Script Injection,
Update 2 – Cease & Desist Notice to Thejesh,
Update 3 – Airtel Statement (see at end of post)
This injection of scripts without user consent is a highly unethical thing.
According to a GitHub thread, Airtel is also inserting iframe into the browser forcibly.
Here is the tweet by Thej:
— Thejesh GN (@thej) June 3, 2015
As reported on the GitHub thread, the inserted iframe tries to insert a toolbar into the browsing session.
We were certainly not expecting an ISP like Airtel to come to this for collecting user data from the browser. Getting user data is like hitting a gold mine these days. Internet companies, ad companies, and intelligence agencies are willing to pay any price for getting such personal info.
If it is proved that Airtel is doing this purposely then it can soon land up in the court of law.
PS: Airtel has already been condemned nation-wide for violating net neutrality via its Airtel Zero platform, and it certainly won’t be in the best interest of the company to do such a malicious thing.
We have contacted Airtel for a word about this and we’ll update the post as soon as they give some clarification.
[Updated – 1]
It looks like even Vodafone has been accused of doing the same. One of our readers, Dayson Pais pointed us out on Facebook that Vodafone does this when user is connected through USB dongle. He also showed us a screenshot of the same. here it is.
If Vodafone and Airtel are doing it, chances are that other telecom operators may be doing the same. If you come across something like this with your mobile operator, do let us know.
[Update – 2 9th June]
The C&D order mentions that Thejesh has illegally uploaded that script to Github, as it is propreitary to them. The C&D letter was uploaded by Thejesh on Archive.org site and here is the full copy of the same.
As of writing this, we have not recieved any communication from Airtel. We will update this post as soon as we have more to share.
Update 3 – Statement from Airtel
Airtel representatives have got back to us with their statement. They are stating that it is a standard procedure which many telco’s globaly adopt. Here is their statement in full.
“This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage. One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used. As a responsible corporate, we have the highest regard for customer privacy and we follow a policy of zero tolerance with regard to the confidentiality of customer data.
We are also surprised at the Cease & Desist notice served by Flash Networks to Thejesh GN, and categorically state that we have no relation, whatsoever, with the notice.”