Why is Indonesian telcom firm Telkomsel hijacking websites?

Update, added a couple of links below with previous coverage on this scabby behaviour.

Indonesian telcom firm Telkomsel have for a while been injecting crappy little banners above websites without the website owner’s permission. This happens if you’re using their prepaid 3G simcards. This has for years been regarded as a particularly crappy parasitical practice, but Telkomsel take it to an extra level by coding it so badly that the sites they are injecting the ads onto (including mine) get broken.

Here are some screenshots:

Travelfish homepage
This is a “best case” usage as the injected ad (the “weplay” leaderboard up top) doesn’t actually break the site.

Example 1

Example 1

Travelfish forum page
This is a “bad case” usage, where, because their crappily coded stylesheet uses the same element names we do, it breaks the form on this page (it overly widens it) making it impossible to read the screen.

Example 2

Example 2

Agoda booking form
This is a “worst case” usage, where the crappy Telkomsel code makes the Agoda page unusable. I’d imagine Agoda and Priceline’s legal departments would find this of considerable interest.

Example 3

Example 3

Here’s the code Telkomsel are using to inject the ads — they are clearly hosting it. I’ve wrapped it for legibility and bolded a couple of the ad serving URLs.

For websites that are transactional, like Agoda, there is a clear revenue affect here where the ad code Telkomsel is inserting is making Agoda’s website unusable. For other sites, like ours, it is just a PITA.

<head>
<noscript>
&lt;meta http-equiv="refresh"content="0;
URL=http://ads.telkomsel.com/ads-request?t=3&amp;
j=0&amp;i=174559005&amp;
a=https://www.travelfish.org/board/post/hongkong/21242_what-s-the-most-famous-attraction-in-hong-kong-/0"/&gt;
</noscript>
<link href="http://ads.telkomsel.com:8004/COMMON/css/ibn.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="http://ads.telkomsel.com/ads-request?t=3&amp;i=174559005&amp;j=2&amp;
callback=_.jsonp501&amp;rnd=501&amp;
a=http%3A%2F%2Fwww.travelfish.org%2Fboard%2Fpost%2Fhongkong%2F21242_what-s-the-most-famous-attraction-in-hong-kong-%2F0">
</script>
<script type="text/javascript" id="placeholder-script"
src="http://ads.telkomsel.com:8004/PHD/00030/main.js">

</script>
<meta content="minimum-scale=1.0, width=device-width,
maximum-scale=0.6667, user-scalable=yes" name="viewport">
<meta content="yes" name="apple-mobile-web-app-capable">
<title>What's the most famous attraction in Hong Kong? :
Travelfish Hong Kong travel forum</title>
<script type="text/javascript"
src="http://ads.telkomsel.com/ads-impression?j=2&amp;i=174559005&amp;adsTransactionId=X20111104155602394&amp;
orgUrl=http%3A%2F%2Fwww.travelfish.org%2Fboard%2Fpost%2Fhongkong%2F21242_what-s-the-most-famous-attraction-in-hong-kong-%2F0
&amp;callback=_.jsonp866">

</script>
</head>
<body>
<div id="container">
<div id="top-banner">
<div id="offdeck-ads-div"
class="offgroup"
style="height: 69px; padding-top: 2px; padding-bottom: 0px;
margin: 0px auto; background-color: rgb(221, 221, 221);
position: relative; box-shadow: rgb(0, 0, 0) 0px 2px 3px;
-webkit-box-shadow: rgb(0, 0, 0) 0px 2px 3px; z-index: 50;
clear: both; background-position: initial initial;
background-repeat: initial initial;">
<div id="ads" style="width:100%;text-align:center;">
<div align="center">
<a href="http://telkomselprod.amobee.com/upsteed/actionpage?as=15353&amp;t=1411104155737
&amp;h=2344839&amp;pl=1&amp;u=6240000982570065&amp;isu=true
&amp;rid=f6f15490-3fbc-11e4-8391-2c768a4e8644&amp;i=10.103.143.29&amp;partner=Telkomsel
&amp;acc=4040581&amp;monitor=0&amp;n=http%3A%2F%2F&amp;a=85733636&amp;data=" accesskey="">
<img src="http://telkomselprod.amobee.com/content/4040581/85733630/85733629.gif" alt=""></a>
<img src="http://telkomselprod.amobee.com/upsteed/notification?event=3
&amp;correlator=4040581,85733636,15353,2344839,1,Telkomsel,1,6240000982570065,f6f15490-3fbc-11e4-8391-2c768a4e8644"
height="1" width="1" alt="" style="display:none">
</div>
</div>
<hr style="margin-top:2px; padding-top:0px; padding-bottom:0; margin-bottom:1px;">
<div id="toolbar" style="width:100%; text-align: center;">
<div style="width:300px; margin: 0px auto;">
<div style="text-align:right; width: 295px; display:inline-block; height:12px; vertical-align: top;">
<img id="btn-hide" class="ibn-ads-button" src="http://ads.telkomsel.com:8004/COMMON/images/hide.jpg"
style="cursor: pointer; height:10px; width: 50px; vertical-align: top;">&nbsp;
<img id="btn-close" class="ibn-ads-button" src="http://ads.telkomsel.com:8004/COMMON/images/close.jpg"
style="cursor: pointer; height:10px; width: 50px; vertical-align: top;">
</div>
</div>
</div>
</div>
</div>
<div id="middle">
<div id="left-banner">

</div>
<div id="content">
<iframe id="main-frame" scrolling="no"
src="https://www.travelfish.org/board/post/hongkong/21242_what-s-the-most-famous-attraction-in-hong-kong-/0"
height="5015" style="height: 5015px;">

</iframe>
</div>
<div id="right-banner">

</div>
</div>
<div id="bottom-banner">

</div>
</div>
<script type="text/javascript">
p={'t':'3', 'i':'174559005'};
d='';
</script>
<script type="text/javascript">
var b=location;
setTimeout(function(){
if(typeof window.iframe=='undefined'){
b.href=b.href;
}
},15000);
</script>
<script src="http://ads.telkomsel.com:8004/COMMON/js/if_20140604.min.js"></script>
<script src="http://ads.telkomsel.com:8004/COMMON/js/ibn_20140223.min.js"></script>

<div id="showbutton" class="sh-div sh-div-top-bottom sh-div-top " style="display: none;">
<span class="showbar">
<a id="btn-show" href="javascript:void(0)" style="padding: 5px; font-size: 10px; font-family:
verdana; color: black; text-align: center; font-weight: bold; text-decoration: none;">show ad</a>
</span>
</div>
</body>

So Telkomsel, could you stop doing this please?

Thanks.

Update 20 September 2014, seems I’m very late to the party on this issue. Here’s some others who are equally displeased with the situation.

On similar practises by another Indonesian Telco, XL, Batista Harahap says: “I can’t agree with these kind of practices. Period.”

Aulia Masna in October last year for Daily Social: “There is a concern that XL’s employees or anyone with access to this practice will be able to capture people’s login details for various websites.

I liked your post so much I didn’t read it

Last week, as a part of our “giving back in Southeast Asia” series we published a piece profiling the Soi Dog Foundation. They’re a group in Thailand doing great work helping stray dogs (and other animals) and are funded totally by donations. Nice work!

The charity pieces tend to get very few reads on Travelfish and this was no exception. But, as you can see from the screenshot below, the story got quite a few likes — 3,894 according to Facebook.

Likes all over the place!

Likes all over the place!

It wasn’t till the author of the piece let me know that the Soi Dog Foundation had shared the piece on their Facebook page, that this made more sense. Afterall, they have around half a million “fans” on Facebook. Sure enough, when I look at the piece on their Facebook page, there are the bulk of the likes — 3,580 of them.

How can you not like that dog?

How can you not like that dog?

I got all excited, expecting a tonne of (well 3.5 tonnes to be exact) readers on the story on our site. But, it seems I was barking up the wrong tree.

A bit of a dog.

A bit of a dog.

The above screenshot is from Google Analytics and shows ALL traffic to the story — not just from Facebook. The busiest day saw 313 reads.

What does this mean?

It means that one shouldn’t see Facebook likes as some kind of proxy for web traffic.

It indicates, that at least in this case, the vast majority of readers (90%) liked the post without reading it.

Perhaps most importantly, it means that a story displaying a badge saying it has x number of likes is largely meaningless. (We’re removing them in the redesign).

Lastly it means all stories you publish to Facebook should include a photo of a cute dog.

You can learn more about the great work the foundation is doing here.

How to speed up your website

The easiest way to speed up your website is to invest in a better server.

The second best way to speed up your website is to not have 3 meg GIFs of cats on the page.

But what about after that?

I took a typical Travelfish feature story page, with a standard Adload and went through a series of steps to see just how quickly I could get it to load. You’ll see that the problem of a lagging load are quickly taken out of your hands.

All results are via the smart cookies at Pingdom

Baseline
Grade 77
Requests 107
Load time 2.43 seconds
Pagesize 1.2 meg

Step 1: Remove all social sharing buttons
Theoretically effects ability of readers to share content on other networks.
Grade 80
Requests 81
Load time 3.54 seconds
Pagesize 1.1 meg

Step 2: Switch Adsense ads to async
No downside I’m aware of. That the code wasn’t already async was my oversight.
Grade 79
Requests 89
Load time 3.53 seconds
Pagesize 1.0 meg

Step 3: Reduce Jpg images from 80% to 60%
Slight change to image quality. More noticeably on retina screens. This was the biggest single improvement.
Grade 79
Requests 91
Load time 2.05 seconds
Pagesize .915 meg

Step 4: Split images across four S3 subdomains
This would have more of an effect if I had say a dozen images as there could be more parallel downloading. In this case a bit of a non issue.
Grade 78
Requests 91
Load time 2.01 seconds
Pagesize .916 meg

Step 5: Remove GAM to basic Adsense code
Removes ability for me to set an artificial floor on the ads displayed. Immediately started seeing weightloss ads. This change would have a revenue implication.
Grade 80
Requests 84
Load time 1.79 seconds
Pagesize 1.0 meg

Step 6: Dump to a plain HTML page
Removes ability to serve dynamic content.
Grade 80
Requests 82
Load time 1.15 seconds
Pagesize .918 meg

Step 7: Remove all ads
Obvious revenue implication!
Grade 85
Requests 37
Load time 0.715 seconds
Pagesize .614 meg

Step 8: Remove Facebook like code
Ego/social proof buttons no longer shown – this should have gone in step 1 – I forgot.
Grade 92
Requests 26
Load time 0.647 seconds
Pagesize .466 meg

Step 9: Remove Google search suggestion from the search box
Readers lose search suggestion.
Grade 97
Requests 19
Load time .416 seconds
Pagesize .361 meg

Step 10: Remove Google Analytics
Obvious loss of traffic measurements.
Grade 98
Requests 17
Load time 0.357 seconds
Pagesize .345 meg

So in ten steps I’ve improved load time from 2.43 seconds to .357 seconds — not too shabby. In the process though, I’ve removed all sharing, tracking and revenue opportunities. This is not exactly a win win situation.

Off the top of my head takeaways.
1) Any changes while still serving Adsense are difficult to measure as Adsense can serve wildly varying ads that will impact the Pingdom results. On one load I saw an Adsense cumulative load of around 700meg!

2) The “easiest” improvement was reducing the image quality. But there seems little point in doing this when Adsense can dump something massive in. The second easiest way is to remove ads. Great for readers — not so hot for the bottom line.

3) Google (and Facebook to a lesser extent) really need to consider adopting some of the “best practises” they keep advising everyone else to.