Airtel seems to be doing some serious firefighting after being accused of “spying” by Bengaluru-based programmer Thejesh GN.
Debashis Sarkar
Airtel seems to be doing some serious firefighting after being accused of “spying” by Bengaluru-based programmer Thejesh GN. The company has accepted that it did inject a javascript into subscribers’ browsing sessions, a “standard solution” to help customers keep track of data usage.
“After Israeli firm Flash Network served a Cease and Desist notice to Thejesh, it is clear that Airtel has injected the said javascript. However, what this code does is yet to be confirmed,” says Prasanth Sugathan, counsel at donor-supported legal services organisation Software Freedom Law Centre India.
This “standard solution” is a breach of privacy in itself. While it is unclear whether the injected javascript helps in improving customer experience or is meant to record browsing history, the question is how the ISP can inject anything without the subscriber’s knowledge. “Once you have a javascript running on your browser, it can definitely track your browsing session. The intentions of this particular code is not known as javascripts are capable of achieving more than just pushing advertisements,” adds Sugathan.
“This is a case of Airtel doing something on my device without my knowledge. This is illegal. And how can Airtel justify this wrong by saying others are doing it as well,” explains Sugathan. The intentions of the code, first spotted by Thajesh, is now difficult to investigate with Airtel taking down the source soon after the news broke. While it is obvious that Airtel aimed at monetising this, experts said the script itself attracts spams.
Meanwhile, the Free Software Movement Karnataka on its website said “Airtel can’t devolve itself from this issue as its Israeli vendor, Flash Network, has clearly mentioned in its letter to Thejesh that the code to be injected into subscriber’s browsers was created and owned by Airtel.”