TELKOM Indonesia Secretly Injects Advertisements

Raymond Reddington
Jan 31, 2016 · 4 min read

TELKOM (https://twitter.com/TelkomIndonesia), the biggest telco company in Indonesia has been secretly injecting advertisements into nearly every non-secure (HTTP) webpage viewed by its customers. It sniffs the traffic and injects javascripts which potentially loads ads at the top of the page without the website owner’s and the customer’s consents. This shady practice has been going on for years without any actions from the government.

TELKOM is not the only one (XL is also known for doing a similar practice) but I decided to focus this article on TELKOM because it is partially owned by the government, it has the biggest number of customers and internet network in this country.

When confronted by many in 2014, the company stated that it had the legal rights to utilize its network for anything including (secretly) injecting ads into web pages loaded into its customers’ browsers. Here are a few of many articles related to this issue.

This smiling idiot from the regulator board (BRTI) said it’s OK! (because TELKOM owns the infrastructure, its entitled to do anything with it including, but not limited to, shoving ads to your face, making you pay for it, and ruining your websites)

So what would happen if you used TELKOM internet service? Here are some examples if you visit some non-secured (HTTP) web sites.

STACK OVERFLOW

TELKOM sniffs the traffic between your browser and SO and then injects JavaScript code into SO page on its way to your browser. The script looks like this:

Image for post
Image for post
The script Injected into the victim web page
Image for post
Image for post
Ad injected into SO header
Image for post
Image for post
The Ad comes from TELKOM Ad Server

Once the script is loaded onto your browser, it talks to TELKOM ad server to get an ad. When it gets one, it loads more assets that are required to show the ad to you.

Image for post
Image for post

Because of that script, the page you’re viewing becomes at least 125KB heavier and of course, feels slower. Obviously, if you’re on a time/volume-based connection, it is you who pays for the extra KB — it’s not FREE.

Some Other Sites

Image for post
Image for post
www.lazada.co.id
Image for post
Image for post
www.tiket.com
Image for post
Image for post
When there’s no ad to show, TELKOM’s script throws an exception
Image for post
Image for post
BBC
Image for post
Image for post
CNN
Image for post
Image for post
RedHat

Even its competitors like Indosat becomes a victim. The script is injected into its home page and also all HTML iframes in that page (see it yourself on Indosat home page).

Image for post
Image for post

If you make money from Google ads, you will be hurt.

If you use Google’s IMA SDK, don’t be surprised when you find out ads suddenly gone from your pages. That fucking TELKOM script can break IMA.

Here’s an example that I just saw on one of my clients sites.

Image for post
Image for post
Syntax error on Line 74
Image for post
Image for post
On Line 74, there it is. That fucking ad script.

Also notice, the different size of bridge.html with and without TELKOM script. That certainly makes your website loads slower. A lot slower.

Image for post
Image for post
WITH TELKOM script
Image for post
Image for post
WITHOUT TELKOM script

If you spend a lot of time and money crafting a beautiful website …

TELKOM will ruin it. Just one big ad on the header.

Image for post
Image for post
Your pretty site is no more

If you can switch to another provider, go for it. Don’t ever look back. Don’t even think twice. Just leave TELKOM. Now.

But if you live in an area, like most other places in Indonesia, where TELKOM is the only provider available then you can use ad blocker and/or a VPN.

If you’re a website owner, secure your website with SSL to keep everyone, including your ISP, from sniffing the traffic.

Last but not least, share this post and let the Indonesian government know that we don’t like being treated like idiots.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store