mtnl

Government owned telecom operator MTNL has said in an RTI reply (pdf) that its advertising vendor, which injects ads into users Internet connections, does not capture any personal information of users, ‘as per the certificate given by it (vendor)’. The reply came from a second appeal filed by Sushubh Mittal seeking details about MTNL’s injected ads/service messages on browsers via its broadband network. (Source: Github)

Mittal had asked MTNL to clarify the following in his RTI:
– a copy of the circular which said that the MTNL decided to start injecting browser popup ads on its service
– the technology used for this
– the provider of the technology and a copy of the agreement made with the said company to get this service
– name of the company operating the service on behalf of MTNL and the charges MTNL paid for it
– a copy of the agreement of revenue sharing if there was one such in place
– the number of ads delivered and revenue made through the platform and
– the details of user data and who has access to this user data

However, MTNL refused to provide information about its injected ads by invoking Section 8(1)(d) of the RTI Act, but said that its ad vendor does not record user data. In March, Mittal had filed a different RTI seeking the above details; but  MTNL refused to provide answers to all queries by invoking Section 8(1)(d).

Section 8(1)(d) of the RTI Act which states that, “information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information”

How MTNL is injecting ads into browsers

Ads are injected by MTNL in the browser through a javascript code. MTNL appears to be pushing these ads via a private ad network named Adphoso, which is owned by Abeer Media, according to users on github and broadband forum, although the company hasn’t revealed this data in response to an RTI. In the past we have seen advertisements from companies like Micromax and Snapdeal in our connections. As of June last year, MTNL was charging Rs 150 per 1000 impressions from the advertisers/brands, with the maximum number of pop-up ads per device per day restricted to 5.

One particular user having an MTNL connection traced back a pop-up ad to this address. The pop-up ad seems to be hosted by Adphonso.
abeer-media-broadband-forum

Privacy Issue: An injected javascript code can also be modified to track and store user data as noted by Thejesh GN when Airtel was found to be injecting Javascript into its user’s browsing session without seeking user consent. At that time Airtel said: “This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of megabytes used.”

However, Mittal notes that these injected ads do not appear on websites using HTTPS protocol as that would take “some extra steps which would most likely raise red flags everywhere”.

Adphonso might be recording user data 

As pointed out by Mittal, Adphonso’s website clearly states that they provide “media advertisements to customers through networks” and that its solution “reads Machine Details, browser and OS information and Customer Behavior along with location”. The company mentions that this meant for creating relevant ad impressions.

A screenshot from the website:
adphonso

While, Abeer Media’s website, which owns Adphonso says that it provides “Behavioral Patterns” services under its “Advertising” operations “Data Capturing” under its “Mobile and Web Tools” offerings.

Un-Related: When Finance Minister Arun Jaitley’s website was compromised by hackers in 2014, it was found that Abeer Media hosted the website’s servers.

It is not proven that Abeer Media/Adphonso have been providing the injected ad service to MTNL. Nevertheless, MTNL’s reply to Mittal’s RTI query only adds to suspicions and more questions regarding the framework behind these ads. Even if Adphonso isn’t piling-up user data, it is making some amount of revenue by injecting ads on websites being visited by MTNL users, and as suggested in its website, it owns tools to track and personalize ads for different users.

BSNL injecting ads in browsers; refuses to provide info

 This month, BSNL was also found to be injecting banner ads and other service related messages on web browsers within its broadband network. One user from broadband forum (link) had submitted a screenshot showing a Snapdeal pop-up ad on BSNL’s broadband network. Both MTNL and BSNL ads are being hosted by Abeer Media according to users on github and broadband forum.

In addition, BSNL rejected an RTI query sent by Mittal seeking information abut injected ads, and whether it collects user data by invoking Section 8(d) of the RTI Act. However, surprisingly Mittal pointed out to us that BSNL had disabled ads for a user who raised the issue on BSNL’s PGPortal, a grievance redressal portal of BSNL.