-
othermaciej firefox FirefoxNightly webkit reinhart1010 johnwilander Here is the original post on Reddit. Reddit is blocked by the Indonesian government (for explicit content reasons, same with Vimeo) but some users are still able to access the service via VPN and DNS-over-HTTPS services reddit.com/r/indonesia/comments/evkqns/beaware_tracking_script_isp_telkom/Permalink On twitter.com
Mood -1 🙁
-
othermaciej firefox FirefoxNightly webkit reinhart1010 johnwilander Some Telkom Indonesia (an ISP and state-owned enterprise) customers noticed the addition of a tracking script embedded at the end of non-HTTPS websites and web pages that looks like this:Permalink On twitter.com
-
othermaciej firefox FirefoxNightly webkit reinhart1010 johnwilander The tracking script never appeared when the (non-HTTPS) site was visited through another ISP, using VPN/DoH, or even when the connection was upgraded to HTTPS. One customer also confirmed this script appeared regardless of devices and browsers.Permalink On twitter.com
-
othermaciej firefox FirefoxNightly webkit reinhart1010 johnwilander Based on the code above the script is intended to gather several information such as viewport sizes and current domain, which is likely used for analytics. However, customers feared that this might be used by the ISP for tracking purposes.Permalink On twitter.com
-
othermaciej firefox FirefoxNightly webkit reinhart1010 johnwilander Despite that the Reddit author posted this a few days ago, this script injection has occured for years. For example, this StackOverflow post that suggest the same script is used to inject advertisements: stackoverflow.com/questions/30076093/how-to-clean-up-ads-injection-on-wordpress-which-injected-through-ispOn twitter.com