Airtel joins MTNL. Insert their own code in your browsing sessions. On 3G for now.

[moindear]

Source


Airtel has become sneaky in 3G Service

 

[amish]

Height of violation of privacy..and Government knows nothing.

But well. India hain.. sab chalana padega.

 

[Sushubh]

I am not sure if there is any law that prevents Airtel from tampering with data delivered to their customers.

 

[yepp]

they should make one now 😡

hope because of airtel this issue will highlight now

 

[Sushubh]

I am no longer on Airtel 3G. But can anyone verify this at least?

 

[fairusagepfft]

A quick glance at that code tells me they are even checking for device orientation changes, and are possibly going to collect all that data. Well, I was hoping to one day upgrade to Airtel 4G, but after this, no way.

 

---

[Sushubh]

Can Airtel Broadband users check if they are tampering with broadband traffic?

 

[fairusagepfft]

Try opening any random webpage, view the page source, and then search for "223.224.131.144"(without quotes), or "Anchor.js", and if they are consistent with the location of the script they are injecting, you should be able to know whether or not they are tampering with your traffic. There might be better ways for this, but they would require quite a bit more effort.

 

[Sushubh]

random http page 🙂

 

[fairusagepfft]

They're capable of MITM attacks if they wish. But http would be a safe bet.

 

[itzmynet]

just checked on airtel 3g. no script found.

 

[Sushubh]

I assume browsers would go crazy if they tamper with https traffic?

I have read about some ISPs using their own certificate to tamper with https traffic. If Airtel was doing that, someone would have caught them by now 🙂

 

[amish]

Someone? Every one would have found it.

It would be completely ILLEGAL to SPY on HTTPS traffic. All financial traffic go through HTTPS.

But anyway, you can not tamper https certificate. Because ROOT certificates will catch it in miliseconds!

 

[fairusagepfft]

An ISP is capable of carrying out pretty complex MITM attacks. I imagine they could terminate the connection on their servers, decrypt the data, tamper with it, and then encrypt it again. That is kinda like to what happens when you use a VPN. Lenovo did something similar with their laptops. If they don't have physical access to your device to install their CA(certificate authority) certificate, then it becomes significantly harder to do.

If Airtel was going this on a massive scale, I am certain they would have been discovered by now.

 

[newuser990]

not getting any script injection on wired BB but they are blocking imagebam in a different way since today. earlier i used to access that site with an alternate domain name but not now.

this is what i am getting in return instead of webpage:
Edited...can not get it to display properly 🙁