Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MTNL Broadband and BSNL Broadband have refused to provide any information on ad injection on their platform #175

Open
Sushubh opened this issue Feb 29, 2016 · 23 comments

Comments

Projects
None yet
8 participants
@Sushubh
Copy link

commented Feb 29, 2016

I am not an expert on RTI but I tried asking a few questions. They rejected all of them on the basis of Section 8(1)(d) in The Right To Information Act, 2005.

(d) information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information;

I am attaching the RTI and the response here for reference. And looking forward to guidance on how this can be proceeded further.

chrome_2016-02-29_13-32-23

2016-2-29_12516

@jace

This comment has been minimized.

Copy link
Member

commented Feb 29, 2016

Related: #164.

@kanishkablack

This comment has been minimized.

Copy link

commented Feb 29, 2016

Right one the face of RTI and indian Internet Users

@apsatwal

This comment has been minimized.

Copy link

commented Mar 13, 2016

These ad servers are vulnerable to open redirect as well. Tried reporting to CERT-IN but
- 2016-03-14 01 09 48

@kanishkablack

This comment has been minimized.

Copy link

commented Mar 14, 2016

@apsatwal i guess the certs mail box is full ..........

@Sushubh

This comment has been minimized.

Copy link
Author

commented Mar 15, 2016

Update 1: MTNL is also now injecting ads in both incoming and outgoing mails sent through their mail service. Outgoing is a common thing. A lot of webmail services add their signature line or at least they used to. But MTNL is going one step ahead and they are also tampering with INCOMING MAILS and insert their ads in them.

Update 2: The modified mails are now linking to this domain: http://mtnlads.in/ which appears to be their upcoming gateway that might let you book ads for websites/mails that are tampered by MTNL.

Update 3: I have prepared my appeal for the RTI and would be sending it tomorrow. If anyone want to see a copy, it can be accessed here.

@apsatwal

This comment has been minimized.

Copy link

commented Mar 15, 2016

As per above website title "MTNL Advertisements made by Carizen"
The domain mtnlads.in has been booked by Carizen Software (P) Ltd. with their homepage at www.carizen.com a Chennai based company appears to be the technology partners. As per info available on their website they already offer an email hosting solution by the name safentrix.in with option to serve advertisements.

@Sushubh

This comment has been minimized.

Copy link
Author

commented Mar 15, 2016

And their tech partner for ad-injection is Abeer Media and their subsidiary Adphonso. Just imagine how much private data is being leaked into private hands. Woo.

@apsatwal

This comment has been minimized.

Copy link

commented Mar 16, 2016

In the injected ad links the utm_source is abeer
www.caringpapa.com/landing/health/tax/?utm_source=abeer&utm_source_code=CP2818&utm_medium=bannertax&utm_content=bannertax&utm_campaign=affiliate

@Sushubh

This comment has been minimized.

Copy link
Author

commented Apr 26, 2016

Just an update. BSNL has also responded with the same excuse. Article 8(1)(d).

https://drive.google.com/file/d/0B7GnL1EQD2WZX0dBNkZjSmhzeDQ/view

@Sushubh Sushubh changed the title MTNL Broadband refuse to provide any information on ad injection on their platform MTNL Broadband and BSNL Broadband have refused to provide any information on ad injection on their platform May 1, 2016

@Sushubh

This comment has been minimized.

Copy link
Author

commented May 9, 2016

https://drive.google.com/file/d/0B7GnL1EQD2WZbk9Sa0sxdkQzUTQ/view

I filed an appeal with MTNL and they have responded to two questions now. They continue to block responses to other questions based on 8(1)(d).

Based on this response... MTNL claims that absolutely no data is being collected during the process. They got this information through a certificate from the vendor. Now if we assume that the vendor is Abeer Media and the technology has been developed by Adphonso... This is a possible lie as Adphonso website clearly states that they collect tons of information to personalize ads.

Of course, Adphonso could possibly disable the data collection feature on the platform. Question is... Is this enough? As long as they inject the ads, they can collect a lot of data whenever they want. They can track what websites are being visited by the user at any given time without any court order. This is in addition to all the revenue that is being made without caring about the user's security and privacy. Revenue which is being stolen from the content providers on the web including the MediaNama website which does not run on HTTPS.

I am kind of clueless on what I can do now. I can possibly go to the CIC. Or file a complaint with TRAI. Both of which I have not done until now so I have no idea how to proceed. Hoping to get any kind of feedback and suggestions on what can be done now. Cheers.

PS: I have also sent an appeal to BSNL in response to their non-answers. I assume they would be sending the exact response as MTNL as they did before.

@Sushubh

This comment has been minimized.

Copy link
Author

commented Jun 5, 2016

Got another letter from BSNL today. BSNL's Appellate authority states that the CPIO has applied his wisdom in answering/not-answering the questions so all is well.

https://drive.google.com/open?id=0B7GnL1EQD2WZeWx2T3lZQW5mOFE

PS: I am no longer pursuing this issue. I would update this thread when MTNL responds to the appeal I sent them few weeks ago.

@apsatwal

This comment has been minimized.

Copy link

commented Aug 9, 2016

Here is new advertisement redirect by BSNL
For non existing domains BSNL nameservers now redirect to http://id.domain-error.com

$ dig dddsasdffggh.hc
; <<>> DiG 9.8.3-P1 <<>> dddsasdffggh.hc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47480
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dddsasdffggh.hc.       IN  A

;; ANSWER SECTION:
dddsasdffggh.hc.    86400   IN  A   52.76.130.169

Here expected answer was NXDOMAIN

@kanishkablack

This comment has been minimized.

Copy link

commented Mar 21, 2017

@apsatwal check the server port which you are doing querying too

@apsatwal

This comment has been minimized.

Copy link

commented Mar 31, 2017

Here is another private ISP using misleading adv techniques, sending complete user details i.e. IP address, DSL Username along with advt
screen shot error adv
screen shot success adv
screen shot 2017-03-08 at 10 37 14

@Sushubh

This comment has been minimized.

Copy link
Author

commented Mar 31, 2017

MTNL also seems to be using phozeca these days. Can you tell the name of the ISP?

@apsatwal

This comment has been minimized.

Copy link

commented Mar 31, 2017

It is Connect Broadband a subsidiary of Videocon Group

@anomalizer

This comment has been minimized.

Copy link

commented May 2, 2017

Has anyone tried filing a complaint on the grounds of security and privacy? Asking them questions around commercials, scale of the programme and so on is what is getting stonewalled under the garb of trade secrets

@kanishkablack

This comment has been minimized.

Copy link

commented May 2, 2017

@apsatwal

This comment has been minimized.

Copy link

commented Jun 19, 2017

phozeca jquery inject
screen shot 2017-06-19 at 11 06 04

php.net serving advt, thanks to phozeca
php net

Fake site notifications
fakenotifications

@apsatwal

This comment has been minimized.

Copy link

commented Jun 19, 2017

Fake Notification thanks to phozeca, and a redirect to infected pdf?
screen shot 2017-06-20 at 12 18 44

Possible exploit of CVE-2016-1681?
screen shot 2017-06-20 at 12 14 46

@hemanth7787

This comment has been minimized.

Copy link

commented Jun 11, 2018

Many of these ad redirects go to pages that ask you to download malware installation files etc. Needless to say millions of BSNL subscribers might be infected with these malwares/viruses. I wonder, How is a govt owned company being able to do this and escape the public and laws of this country?

@RohitAwate

This comment has been minimized.

Copy link

commented Mar 9, 2019

@Sushubh Thank you for your efforts. Did you try approaching TRAI?

@foranastes

This comment has been minimized.

Copy link

commented Apr 16, 2019

Any updates on this?
I'm also experiencing ad injection from BSNL Boradband on these days

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.