Airtel which is a popular telecom provider in India with millions of subscribers is injecting javascript code into its user's content unknown to its users. This is being done to show them ad. This completely breaks NetNeutrality as ISP shouldnt play any role in modifying content of the user.
It is doing this using services of an Israeli company which means all the browsing session information is being shared with them in some or other way which completely compromises the user's privacy.
This is very ugly and that now the company is trying to arm-twist the developer who found to cover it up is worse.
In India, privacy laws are not well defined and unless there is some people's action on the street about this, there is a good chance it will be just buried.
No hopes from the current government which is busy cosying up private companies in whatever way it can.
Someone should tell that crappy lawfirm that threatening to bring criminal charges to attempt to induce a financial settlement can itself lay the basis for a criminal extortion charge in the US.
A lawyer in India sent a cease and desist email to a developer (in, I'm assuming, India) for posting javascript that's being used as an injection attack (for a mobile network provider) against insecure http requests, under the guise of "service enhancement".
"The said code is closed source software and our client is sole proprietor
of the same. Therefore, no one can use the said code without obtaining license
from our client against payment of fees and/or royalties and on commercial
and legal terms acceptable to our client. Your aforementioned actions
constitute a blatant violation of our client's copyrights and other proprietary
rights in the said code."
They can invoke the proprietary/copyright claims, but saying that JS is "closed source" just doesn't make sense when the source code is what gets distributed. IMHO it's the same situation with HTML and CSS.
Unless you have the right to do so because you are the copyright holder or have a licence you can't distribute code no matter whether you have access to the code or not.
There are fair-use exemptions, but when it comes to computer software, these exemptions suddenly become zero. Making a disclosure and proving a security/privacy flaw becomes extremely difficult.
Basically this company is injecting javascript into their responses. This guy noticed this and put up a github repo with details on what they are doing and the code they are injecting.
The company is asking him to take down the code, because it violates their copy right and he can't legally distribute without purchasing a license.
And before the pedants get here: No, not like a literal five-year-old. It means "Explain like I'm a reasonably intelligent adult with no special domain knowledge" but that becomes a mouthful, even if you abbreviate it. Complaining about how this expression has been corrupted by virtue of being used how it's always been used is so original.
Thanks. I was initially confused about why archive.org's redesign announcement was named Re: Cease and Desist Notice – Infringement of Copyright, and then I was further confused when the HN comments appeared to be about something else entirely.
Airtel which is a popular telecom provider in India with millions of subscribers is injecting javascript code into its user's content unknown to its users. This is being done to show them ad. This completely breaks NetNeutrality as ISP shouldnt play any role in modifying content of the user. It is doing this using services of an Israeli company which means all the browsing session information is being shared with them in some or other way which completely compromises the user's privacy. This is very ugly and that now the company is trying to arm-twist the developer who found to cover it up is worse. In India, privacy laws are not well defined and unless there is some people's action on the street about this, there is a good chance it will be just buried. No hopes from the current government which is busy cosying up private companies in whatever way it can.