Hi guys,
I don't know if anyone has noticed, but Vodacom has started (as of Monday 23rd September 2013) injecting additional code into all html pages that are not HTTPS secured.
If you view source of any html page that you may have navigated to while connected via Vodacom, you will see the following code appended to the very end of that page:
If you connect using a different network provider, 8ta for example, and navigate to the exact same page then you do not receive this script. This script is being deliberately injected into your web pages by Vodacom.
I have tested this on multiple computers in my office and on multiple browsers with multiple cellular providers.
My research led me to the fact that some mobile operators try to use ByteMobile to "compress" your network traffic. My current finding is that in South Africa, Vodacom is the first.
For me, this is just causing a mountain of problems. For each and every page I navigate to, I receive a popup error message:
And this script is breaking our corporate web applications too (because that script raises errors all over the place).
Also see:
http://stackoverflow.com/questions/4113268/how-to-stop-javascript-injection-from-vodafone-proxy
But in any case, my biggest gripe is that they are actively tampering with the code on the page. I just don't think that is acceptable. It's practically a man-in-the-middle attack. Where does it end?
What else are they injecting into our pages that we are not yet aware of?
Since when should they choose what resolution I want a picture?
I have already laid a complaint via email, but I know how that goes.... straight into the call centre bin.
I think that as a community we need to say NO to this sort of manipulation.
I don't know if anyone has noticed, but Vodacom has started (as of Monday 23rd September 2013) injecting additional code into all html pages that are not HTTPS secured.
If you view source of any html page that you may have navigated to while connected via Vodacom, you will see the following code appended to the very end of that page:
Code:
<script language="javascript"><!--
bmi_SafeAddOnload(bmi_load,"bmi_orig_img",0);//--></script>
I have tested this on multiple computers in my office and on multiple browsers with multiple cellular providers.
My research led me to the fact that some mobile operators try to use ByteMobile to "compress" your network traffic. My current finding is that in South Africa, Vodacom is the first.
For me, this is just causing a mountain of problems. For each and every page I navigate to, I receive a popup error message:
Code:
Error: 'bmi_load' is undefined
Also see:
http://stackoverflow.com/questions/4113268/how-to-stop-javascript-injection-from-vodafone-proxy
But in any case, my biggest gripe is that they are actively tampering with the code on the page. I just don't think that is acceptable. It's practically a man-in-the-middle attack. Where does it end?
What else are they injecting into our pages that we are not yet aware of?
Since when should they choose what resolution I want a picture?
I have already laid a complaint via email, but I know how that goes.... straight into the call centre bin.
I think that as a community we need to say NO to this sort of manipulation.