NEW DELHI: Telecom giant Airtel has been accused of injecting lines of code into its users' web browsers without their knowledge, whenever they visit a web page via its 3G network.
Thejesh GN, an information activist and programmer has exposed how the telecom operator inserts Javascript code and iframes into a user's browsing session. He traced the IP address from which the code originated and found that it belonged to Bharti Airtel.
Thejesh also posted the code on the GitHub repository. It's not clear what the purpose of the code is but it certainly raises a privacy flag. Airtel or a third party could be tracking user behaviour and even monetizing it. These scripts are also used for inserting advertisements into the webpage based on the user's browsing pattern. The tactic is clearly a violation of user consent as the code is inserted without his knowledge and even of net neutrality as the original content is altered.
Airtel issued a statement saying the code is part of a tool it's working on to help users keep a track of their data consumption. It had partnered with Ericsson for the same and was testing the solution with select customers. Ericsson was using Flash Network's mobile solution. However, the company has decided to stop the testing and has put a plug on the tool.
"This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage. One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used. As a responsible corporate, we have the highest regard for customer privacy and we follow a policy of zero tolerance with regard to the confidentiality of customer data," said an Airtel spokesperson.
Following the expose, Israel based company Flash Networks has sent a legal notice with a cease-and-desist order to Thejesh asking him to remove the code and its description from GitHub as it violated the company's copyright on it. The notice warned of criminal action under the IPC 1860 and Information and Technology Act, 2000.
GitHub also received a DMCA (Digital Millennium Copyright Act) takedown notice following which the files were removed from the repository.
Flash Networks offers mobile Internet optimization and monetization solutions, and enables operators to boost network speed, optimize video and web traffic, and generate over-the-top revenues from the mobile internet. The company's clients include Bharti Airtel, Vodafone, Orange, T-Mobile, and Telefonica, among others.
Airtel has said that it has nothing to do with the notice. An Airtel spokesperson said, "We are also surprised at the Cease & Desist notice served by Flash Networks to Thejesh GN, and categorically state that we have no relation, whatsoever, with the notice."
Airtel's mystery code raises privacy concerns - The Times of India
Thejesh GN, an information activist and programmer has exposed how the telecom operator inserts Javascript code and iframes into a user's browsing session. He traced the IP address from which the code originated and found that it belonged to Bharti Airtel.
Thejesh also posted the code on the GitHub repository. It's not clear what the purpose of the code is but it certainly raises a privacy flag. Airtel or a third party could be tracking user behaviour and even monetizing it. These scripts are also used for inserting advertisements into the webpage based on the user's browsing pattern. The tactic is clearly a violation of user consent as the code is inserted without his knowledge and even of net neutrality as the original content is altered.
Airtel issued a statement saying the code is part of a tool it's working on to help users keep a track of their data consumption. It had partnered with Ericsson for the same and was testing the solution with select customers. Ericsson was using Flash Network's mobile solution. However, the company has decided to stop the testing and has put a plug on the tool.
"This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage. One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used. As a responsible corporate, we have the highest regard for customer privacy and we follow a policy of zero tolerance with regard to the confidentiality of customer data," said an Airtel spokesperson.
Following the expose, Israel based company Flash Networks has sent a legal notice with a cease-and-desist order to Thejesh asking him to remove the code and its description from GitHub as it violated the company's copyright on it. The notice warned of criminal action under the IPC 1860 and Information and Technology Act, 2000.
GitHub also received a DMCA (Digital Millennium Copyright Act) takedown notice following which the files were removed from the repository.
Flash Networks offers mobile Internet optimization and monetization solutions, and enables operators to boost network speed, optimize video and web traffic, and generate over-the-top revenues from the mobile internet. The company's clients include Bharti Airtel, Vodafone, Orange, T-Mobile, and Telefonica, among others.
Airtel has said that it has nothing to do with the notice. An Airtel spokesperson said, "We are also surprised at the Cease & Desist notice served by Flash Networks to Thejesh GN, and categorically state that we have no relation, whatsoever, with the notice."
Airtel's mystery code raises privacy concerns - The Times of India