This article exists as part of the online archive for HuffPost India, which closed in 2020. Some features are no longer enabled. If you have questions or concerns about this article, please contact indiasupport@huffpost.com.

Airtel Has An Explanation For The 'Suspicious Code' It Is Inserting On Users' Browsers

Airtel Has An Explanation For The 'Suspicious Code' It Is Inserting On Users' Browsers
jupiterimages

A Bengaluru-based blogger who had pointed out that Airtel was infecting a suspicious piece of code on its users' browser sessions has received a take-down notice from an Israeli technology company that is apparently a vendor for the Indian telco.

The strange tale blew up Tuesday morning after the blogger, who goes by the handle “TheJesh GN”, reported that he has been served a so-called "cease and desist" notice by the Israeli tech firm. The Israeli firm got aggressive after the blogger reported spotting a suspicious javascript code on his browsing session. He had uploaded the screenshots and reported the matter on his profile on GitHub, a digital platform used by developers to collaborate.

He examined the IP address that the hosted javascript file Anchor.js originated from.

Using a public IP tracking tool, he was able to point out that the IP address belonged to Bharti Airtel, and that the code belonged to Flash Networks.

Airtell 3G is injecting javascript into your browsing session https://t.co/QHPpSKinve

— Thejesh GN (@thej) June 3, 2015

Five days later, he received a takedown notice from Flash Networks, an Israel-based company for publishing the code and screenshots. The firm says on its website that it works with 85 telecom operators and offers an “enhanced browsing experience while generating revenues from search, over-the-top content, and targeted advertising.”

So I got cease and desist letter for exposing JS injection by big a telco for publishing JS code & screenshots. I will probably remove it :(

— Thejesh GN (@thej) June 8, 2015

Following the takedown notice, none of the media is visible on the Github, but we were able to find a cache of the same.

Netizens are not amused by these strong-arm tactics by the Israeli company.

Dear @FlashNetworks: the Javascript code you inject surreptitiously might be proprietary, but it most certainly isn't "confidential".

— Pranesh Prakash (@pranesh_prakash) June 9, 2015

The wronged/affected/aggrieved party here are Airtel users whose browsing is being intercepted and modified, unbeknown to them.

— Rohin Dharmakumar (@r0h1n) June 9, 2015

Furthermore, in a discussion on the topic by Trak.in, Dayson Pais pointed out that Vodafone has been doing the same on its dongle-based internet service.

An Airtel spokesperson said the code was part of a third-party application to help customers understand data consumption. The company said it was surprised by the take-down notice.

This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage. One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used. As a responsible corporate, we have the highest regard for customer privacy and we follow a policy of zero tolerance with regard to the confidentiality of customer data. We are also surprised at the Cease & Desist notice served by Flash Networks to Thejesh GN, and categorically state that we have no relation, whatsoever, with the notice.

If it was indeed an innocuous application, why did Flash Networks get so aggressive, we wonder.

Contact HuffPost India

Close
This article exists as part of the online archive for HuffPost India, which closed in 2020. Some features are no longer enabled. If you have questions or concerns about this article, please contact indiasupport@huffpost.com.