Share this page!

Internet Freedom Foundation (IFF) Profile picture
Twitter logo
9 Aug, 9 tweets, 3 min read
Is @BSNLCorporate injecting code into your browser? The answer is a definite yes! At IFF, we took a closer look at... what exactly the code does.

We've talked about it before, but we've found more information, and this needs your serious attention. 🧵 1/n
internetfreedom.in/taking-a-close…
In May '19, we had sent a representation to @BSNLCorporate regarding these code injections, explaining their illegality under frameworks like the IT Act and Cellular Media Telephone Services Agreement signed by BSNL.

We didn't get an adequate response, so we filed some RTIs. 2/n
Although our complaints & incident reports received no responses, our RTIs did. @BSNLCorporate acknowledged the code injections, but refused more information on the basis of 'commercial confidence' violations.

The bottom line: code is still being injected into your browser. 3/n Screenshot of BSNL code
So what *is* the code that's being injected by @BSNLCorporate? We were able to analyse some of it.

Turns out, they're sharing A LOT of your data (presumably with a 3rd party advertiser) — not just the URL you visit but also information that could potentially identify YOU! 4/n
Like: your IP address for sure, and possibly — this is important! — an identifier, presumably *unique* to you.

Whoa. Generally, your data is aggregated (i.e. "anonymised") when it is shared, but this identifier means that BSNL is probably directly sharing your browsing data! 5/n
But wait, that's not all. This feature includes ads previously categorised as MALWARE & these injections seem to be made on an hourly basis (approximately), even if you shift browsers. This likely means that some sort of cookie is being stored *locally* on your computer! 6/n
And interestingly, when one of the users clicked on an ad, they were led to a page that only *looked* like an error page, but was actually not! That is, somebody had simply designed it to look like an error page.

This raises a lot of questions. Why would somebody do that? 7/n
This issue is really old (2015) and here are our recommendations:

1. Make explicit consent mandatory!

2. Provide clarity: about decisions, agreements & revenue.

3. Clearly outline all the security practices being followed here so as to protect users from compromised code. 8/n
We're watching the watchmen. Help us ask the right questions.

internetfreedom.in/donate/

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Internet Freedom Foundation (IFF)

Internet Freedom Foundation (IFF) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @internetfreedom

Internet Freedom Foundation (IFF) Profile picture
6 Aug
In 2018, we asked the Government of India about the number of electronic surveillance orders passed by it.

Two years later, @PIBHomeAffairs claims to have *destroyed* all records relating to the total number of surveillance orders passed. 🧵 1/n

internetfreedom.in/information-so…
IFF had filed six RTI applications in December '18 with the @PIBHomeAffairs to gauge the extent of surveillance conducted by the government. But MHA refused to grant the sought information then, relying on unrelated exemptions under the RTI Act, 2005. 2/n
internetfreedom.in/iff-keeps-push…
The questions asked were merely, “How many people were surveilled” and sought no information that threatened national security or interfered with any ongoing investigations.

Yet, @PIBHomeAffairs refused to divulge the crucial data necessary for an informed public debate. 3/n Screenshot of an RTI response that refuses to reveal "h
Read 7 tweets
Internet Freedom Foundation (IFF) Profile picture
5 Aug
We're back with the freshest edition of #CybersecCharcha — IFF's monthly newsletter where we discuss data rights and all things cybersecurity!

With everything that has happened recently, our latest edition focuses on (of course) spyware. 🧵 1/n

internetfreedom.in/4-cybersec-cha…
Repressive governments use spyware, seeking to invade the privacy of dissidents’ to know exactly what they do, when, where, and with whom.

Journalists and activists are major targets around the globe, and intimidation is the name of the game. #CybersecCharcha 2/n
The #PegasusProject and NSO — you probably know a little bit about them. But how much do you know about the booming surveillance industry? #CybersecCharcha 3/n

📷: @privacyint Screenshot of how many surv...
Read 7 tweets
Internet Freedom Foundation (IFF) Profile picture
5 Aug
Petitions related to #Pegasus were heard by the Supreme Court today. The petitioners have been directed to serve copies of the petitions to the Union Government and the matter to be listed next week for further consideration.

Here what happened: 🧵1/n

internetfreedom.in/pegasus-rupesh…
Represented in Court by Mr Arvind Datar, Senior Advocate — with legal assistance from IFF — @RupeshKSingh85 & @IpsaShatakshi have asked the Court to declare the use of a spyware like #Pegasus as unconstitutional, and direct the Govt. to disclose all Pegasus-related documents. 2/n
On the basis of a leaked database accessed by @FbdnStories & @amnesty, explosive reports were published last month by an international media consortium that alleged that a spyware, #Pegasus, was being used to conduct targeted surveillance. 3/n

thewire.in/government/pro…
Read 11 tweets
Internet Freedom Foundation (IFF) Profile picture
4 Aug
Remember the “Manipulated Media” episode? When @GoI_MeitY sent letters to Twitter asking it to stop conducting fact checks?

Well, the Ministry of Electronics and Information Technology has now admitted that the letters were not issued under any provision of the IT Act, 2000. 1/n RTI reply from MeitY saying no direction under IT Act was is
When @GoI_MeitY first issued its letter to Twitter in May '21, asking it to remove the “Manipulated Media” tag, we wrote to MeitY pointing out that nothing in the IT Act or Rules empowers MeitY to do this. And that this request had no statutory basis. 2/n

We also filed 2 RTIs with MeitY in June asking if it had directed Twitter to remove the tag & under which provisions, if so. MeitY’s response did not refer to any legal provision under the IT Act, although MeitY provided copies of 2 letters to Twitter. 3/n
Read 6 tweets
Internet Freedom Foundation (IFF) Profile picture
2 Aug
We have an update on the #Sec66A hearings!

In short: S.66A was declared unconstitutional by the Supreme Court in 2015, but cases are still being filed under that section.

Today, the SC has asked all the States, UTs & HC Registrar-Generals to respond. 1/n
internetfreedom.in/supreme-court-…
PUCL is one of the foremost civil liberties organisations in the country! They've helped bring about several landmark judgments expanding human rights in India.

They were petitioners in the original 'Shreya Singhal' judgement & have been following up on #Section66A since. 2/n
Why, you ask? Because even after the 2015 judgement that struck down #Section66A as unconstitutional, authorities kept registering cases with it!

Don't believe us? Check our tracker 👇🏽

zombietracker.in 3/n
Read 10 tweets
Internet Freedom Foundation (IFF) Profile picture
2 Aug
Hearing update: A Supreme Court bench led by Justice Nariman will hear @PUCLindia's application seeking directions against the continued enforcement of S.66A of the IT Act. (1/n) Image
On 05.07.2021, the Supreme Court directed the Government to respond to the application. The Government filed their reply on 26.07.21 and PUCL has responded to the reply. (2/n)
Based on PUCL's application, MHA has issued a notification on 14.07.21, directing police to stop registering cases under S.66A and to withdraw pending cases.

internetfreedom.in/spooked-by-the…

(3/n)
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @internetfreedom has new unrolls!

Check out other threads from @internetfreedom!

Read all threads by @internetfreedom

:(