Indian Programmer Exposes Code Injection, Gets A Cease And Desist From The Injectors

In an exciting example of the Streisand Effect, an Indian Airtel customer, Thejesh GN, discovered that the carrier had begun using Flash Networks Layer8 “monetization” (read “ad injection”) solutions. The code, which appeared on most mobile webpages downloaded via Airtel’s network, consists of a pair of basic Javascript injectors. Thejesh published the code, which used to be freely downloadable via any browser, and was served a cease and desist letter.

The crime, it seems, was the uploading of public code to a public repository, Github. The code, which was publicly available here but now seems to be locked, is considered Flash Network’s proprietary property. However, like most code on the Internet, it is amazingly difficult to protect this claim barring proof of actual theft. However, like so many ridiculous cease and desist letters, that hasn’t stopped Flash Networks lawyer, Ameet Metha at Solicis Lex from trying to scare Thejesh and Github, for their part, cravenly pulled the code as part of DMCA request.

The problem with this sort of back-and-forth between spammers and the spammed is that the spammer never comes out ahead. Almost every example of code injection of this sort, from Superfish to AT&T’s attack on Weev make the corporations out to be the bad guys. While the Internet nerd in my says that isn’t a bad thing, the realist in me says that’s just silly. Presumably some short-sighted monetization person at Airtel talked to some short-sighted monetization person at Flash Networks and struck a deal which, because of the code injection, is unsafe and unwanted. Exposing that isn’t a crime and it’s a crime for Flash Networks to make it one.

Airtel, for their part, told Storypick that they have nothing to do with the C&D:

“This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage. One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used.As a responsible corporate, we have the highest regard for customer privacy and we follow a policy of zero tolerance with regard to the confidentiality of customer data.

We are also surprised at the Cease & Desist notice served by Flash Networks to Thejesh GN, and categorically state that we have no relation, whatsoever, with the notice.”

I’ve contacted Flash Networks as well to see what they can make of this whole exciting ordeal. I’m not holding my breath.

via TechDirt

from TechCrunch http://feedproxy.google.com/~r/Techcrunch/~3/5LP2iAHj1l0/
via IFTTT