State owned telecom operator BSNL has been injecting banner ads and other service related messages on web browsers within its broadband network. It has followed in the footsteps of the other state owned telecom operator: MTNL, which was found to be inserting code into what users were browsing in June last year.
One user from broadband forum (link) has submitted a screenshot showing a Snapdeal pop-up ad:
Another user claims to have traced the Snapdeal ad’s IP address source to BSNL :
We tried accessing multiple PCs with a BSNL broadband connection; the ads happen to appear on news sites regularly in three test PCs. At times, these ads are repetitive as it appeared multiple times on news websites. Take a look at the screenshots attached below:
BSNL refuses to provide info on injected ads
Sushubh Mittal wrote to Public Information Officer of BSNL through an RTI application (pdf), asking for the information on the technology used in the ads, provider of the technology, and revenues accumulated through this ad network. (Source: Github)
BSNL rejected all of these points by invoking Section 8(d) of the RTI Act which states that, “information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information”
Mittal notes that these injected ads do not appear on websites using HTTPS protocol as that would take “some extra steps which would most likely raise red flags everywhere”.
MTNL refuses info on injected ads: In a similar incident in March, MTNL also refused to provide information invoking Section 8(d) of the RTI Act to Sushubh Mittal when he inquired injected ads/service messages on MTNL’s network.
BSNL disabled injected ads upon user request: However, surprisingly Mittal pointed out to us that BSNL had disabled ads for a user who raised the issue on BSNL’s PGPortal, a grievance redressal portal of BSNL. Below is a copy of BSNL’s reply to the complaint, given to us by Mittal. BSNL calls these ads as ‘service messages’ and they are meant for dispersing information regarding BSNL’s service plans, and other products and that it is aimed at “fetching benefits to customers”
Airtel found to be injecting scripts to track users
A report from Access Now in August 2015, indicated that in some cases, Indian telecom operator Bharti Airtel was inserting a “tracking header” in the connections of some users. According to the report, these tracking headers can capture data including IMEI, IMSI, and ICCID identities — that include information about who you are and where you are located.
Image Credit: Wikipedia User CC BY-SA 3.0under