Why is Indonesian telcom firm Telkomsel hijacking websites?

Update, added a couple of links below with previous coverage on this scabby behaviour.

Indonesian telcom firm Telkomsel have for a while been injecting crappy little banners above websites without the website owner’s permission. This happens if you’re using their prepaid 3G simcards. This has for years been regarded as a particularly crappy parasitical practice, but Telkomsel take it to an extra level by coding it so badly that the sites they are injecting the ads onto (including mine) get broken.

Here are some screenshots:

Travelfish homepage
This is a “best case” usage as the injected ad (the “weplay” leaderboard up top) doesn’t actually break the site.

Example 1

Example 1

Travelfish forum page
This is a “bad case” usage, where, because their crappily coded stylesheet uses the same element names we do, it breaks the form on this page (it overly widens it) making it impossible to read the screen.

Example 2

Example 2

Agoda booking form
This is a “worst case” usage, where the crappy Telkomsel code makes the Agoda page unusable. I’d imagine Agoda and Priceline’s legal departments would find this of considerable interest.

Example 3

Example 3

Here’s the code Telkomsel are using to inject the ads — they are clearly hosting it. I’ve wrapped it for legibility and bolded a couple of the ad serving URLs.

For websites that are transactional, like Agoda, there is a clear revenue affect here where the ad code Telkomsel is inserting is making Agoda’s website unusable. For other sites, like ours, it is just a PITA.

<head>
<noscript>
&lt;meta http-equiv="refresh"content="0;
URL=http://ads.telkomsel.com/ads-request?t=3&amp;
j=0&amp;i=174559005&amp;
a=https://www.travelfish.org/board/post/hongkong/21242_what-s-the-most-famous-attraction-in-hong-kong-/0"/&gt;
</noscript>
<link href="http://ads.telkomsel.com:8004/COMMON/css/ibn.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="http://ads.telkomsel.com/ads-request?t=3&amp;i=174559005&amp;j=2&amp;
callback=_.jsonp501&amp;rnd=501&amp;
a=http%3A%2F%2Fwww.travelfish.org%2Fboard%2Fpost%2Fhongkong%2F21242_what-s-the-most-famous-attraction-in-hong-kong-%2F0">
</script>
<script type="text/javascript" id="placeholder-script"
src="http://ads.telkomsel.com:8004/PHD/00030/main.js">

</script>
<meta content="minimum-scale=1.0, width=device-width,
maximum-scale=0.6667, user-scalable=yes" name="viewport">
<meta content="yes" name="apple-mobile-web-app-capable">
<title>What's the most famous attraction in Hong Kong? :
Travelfish Hong Kong travel forum</title>
<script type="text/javascript"
src="http://ads.telkomsel.com/ads-impression?j=2&amp;i=174559005&amp;adsTransactionId=X20111104155602394&amp;
orgUrl=http%3A%2F%2Fwww.travelfish.org%2Fboard%2Fpost%2Fhongkong%2F21242_what-s-the-most-famous-attraction-in-hong-kong-%2F0
&amp;callback=_.jsonp866">

</script>
</head>
<body>
<div id="container">
<div id="top-banner">
<div id="offdeck-ads-div"
class="offgroup"
style="height: 69px; padding-top: 2px; padding-bottom: 0px;
margin: 0px auto; background-color: rgb(221, 221, 221);
position: relative; box-shadow: rgb(0, 0, 0) 0px 2px 3px;
-webkit-box-shadow: rgb(0, 0, 0) 0px 2px 3px; z-index: 50;
clear: both; background-position: initial initial;
background-repeat: initial initial;">
<div id="ads" style="width:100%;text-align:center;">
<div align="center">
<a href="http://telkomselprod.amobee.com/upsteed/actionpage?as=15353&amp;t=1411104155737
&amp;h=2344839&amp;pl=1&amp;u=6240000982570065&amp;isu=true
&amp;rid=f6f15490-3fbc-11e4-8391-2c768a4e8644&amp;i=10.103.143.29&amp;partner=Telkomsel
&amp;acc=4040581&amp;monitor=0&amp;n=http%3A%2F%2F&amp;a=85733636&amp;data=" accesskey="">
<img src="http://telkomselprod.amobee.com/content/4040581/85733630/85733629.gif" alt=""></a>
<img src="http://telkomselprod.amobee.com/upsteed/notification?event=3
&amp;correlator=4040581,85733636,15353,2344839,1,Telkomsel,1,6240000982570065,f6f15490-3fbc-11e4-8391-2c768a4e8644"
height="1" width="1" alt="" style="display:none">
</div>
</div>
<hr style="margin-top:2px; padding-top:0px; padding-bottom:0; margin-bottom:1px;">
<div id="toolbar" style="width:100%; text-align: center;">
<div style="width:300px; margin: 0px auto;">
<div style="text-align:right; width: 295px; display:inline-block; height:12px; vertical-align: top;">
<img id="btn-hide" class="ibn-ads-button" src="http://ads.telkomsel.com:8004/COMMON/images/hide.jpg"
style="cursor: pointer; height:10px; width: 50px; vertical-align: top;">&nbsp;
<img id="btn-close" class="ibn-ads-button" src="http://ads.telkomsel.com:8004/COMMON/images/close.jpg"
style="cursor: pointer; height:10px; width: 50px; vertical-align: top;">
</div>
</div>
</div>
</div>
</div>
<div id="middle">
<div id="left-banner">

</div>
<div id="content">
<iframe id="main-frame" scrolling="no"
src="https://www.travelfish.org/board/post/hongkong/21242_what-s-the-most-famous-attraction-in-hong-kong-/0"
height="5015" style="height: 5015px;">

</iframe>
</div>
<div id="right-banner">

</div>
</div>
<div id="bottom-banner">

</div>
</div>
<script type="text/javascript">
p={'t':'3', 'i':'174559005'};
d='';
</script>
<script type="text/javascript">
var b=location;
setTimeout(function(){
if(typeof window.iframe=='undefined'){
b.href=b.href;
}
},15000);
</script>
<script src="http://ads.telkomsel.com:8004/COMMON/js/if_20140604.min.js"></script>
<script src="http://ads.telkomsel.com:8004/COMMON/js/ibn_20140223.min.js"></script>

<div id="showbutton" class="sh-div sh-div-top-bottom sh-div-top " style="display: none;">
<span class="showbar">
<a id="btn-show" href="javascript:void(0)" style="padding: 5px; font-size: 10px; font-family:
verdana; color: black; text-align: center; font-weight: bold; text-decoration: none;">show ad</a>
</span>
</div>
</body>

So Telkomsel, could you stop doing this please?

Thanks.

Update 20 September 2014, seems I’m very late to the party on this issue. Here’s some others who are equally displeased with the situation.

On similar practises by another Indonesian Telco, XL, Batista Harahap says: “I can’t agree with these kind of practices. Period.”

Aulia Masna in October last year for Daily Social: “There is a concern that XL’s employees or anyone with access to this practice will be able to capture people’s login details for various websites.