Attention Zong internet users: You may be infected by a Virus

Lahore (Staff Report) – One of Pakistan’s leading telecom operators and internet providers, Zong, was found to be inserting ads into their users browser, without the permission of the users.

The core function of internet service providers (ISPs) is to provide internet access to consumers in return for data fees.

However, imagine paying for a service that only shows you ads by the service provider, without asking your permission as the person who paid for the said service. This is exactly what Zong is doing.

If you are one of the Chinese telcos’ internet subscribers you might have seen random Zong Ads while browsing the internet.

Users have complained of being bombarded with Zong promotional pop-ups while in the middle of writing urgent and important emails, urging them to take up this or that irrelevant offer and slowing down their browsing.

Related: Windows 10 upgrade: Chinese angered by Microsoft’s “dirty trick” for more registrations

But this is more than an inconvenience; it is also a huge breach of your online privacy and security.

Zong ad appears on a third-party website

How does it work?

When you open a website, a very simple process happens in the background.

For example, you enter “google.com” in your browser’s address bar, as soon as you press enter, the following happens:
1. Your browser sends a request to the servers of your ISP for that webpage.
2. Your ISP’s servers will then send that request to the internet servers to load that site to your browser.
3. The relevant server on the internet will then send a response to your ISP’s server, essentially saying, “here is the webpage you asked for.”

Your ISP is supposed to send that response directly to your browser, unchanged. However, Zong is actually changing that response in the middle without your permission to insert promotional material and ads into your internet browsing experience.

This is not only unethical; it may also be an illegal breach of your online privacy and security.

“The only reason this is not illegal is because we do not have a proper legal structure to address something like this. Otherwise, people are literally paying a good amount of money to use a service but getting an unwanted ad-on in return.” – Nighat Daad, Executive Director, Digital Rights Foundation

This is because your ISP, in addition to monitoring your browsing habits, is also collecting your browsing data. The ISP can potentially use this data to its advantage by showing you targeted ads in the middle of loading a site and tailoring which ads you see according to your browsing history.

This is the equivalent of a “man in the middle attack” in which you are the unsuspecting victim, and it makes the websites you visit think that you are a “malicious user” whose online identity must be verified.

This is why Zong users have to fill in annoying captcha screens for almost every website they visit, effectively slowing down their browsing even though they have subscribed to the ‘fastest’ mobile internet in Pakistan.

zong
This might be a familiar webpage for Zong internet users, but what they might not know is that they have to see this only because of Zong’s hunger to show them ads.

The image above shows the kind of hoops Zong users must jump through to visit almost any website on the internet. And this is all because the website thinks the user has been infected by a virus and has compromised security, which may even endanger the website’s security itself.

And the website may not be entirely wrong either, because you have a ‘virus’, loaded onto your device by your service provider, Zong.

“We still do not know if the injected javaScript from Zong is only serving a toolbar, or it’s capturing credentials, this is possible.” – Rafay Baloch, Ethical Hacker and Security Researcher

Security Vulnerabilities

We asked Rafay Baloch, world-renowned ethical hacker and security researcher who has exposed vulnerabilities in sites such as Facebook and Paypal, about this security repercussions of Zong’s code injection into users browser.

According to Baloch, the tactics employed by Zong can be extremely dangerous for end-user’s security.

“It introduces to all kind of rogue JavaScript like browser based vulnerabilities etc. An attacker on the same network can conduct an MITM (Man in the middle attack) to replace the injected Zong’s JS with their own version and hence hijacking content on all HTTP related websites since the javaScript is universal for all pages.

 

“Also we still do not know if the injected javaScript from Zong is only serving a toolbar, or it’s capturing credentials, this is possible,” He said.

Lack of legal framework to stop this unethical practice

Nighat Dad, Executive Director of the Digital Rights Foundation, an organization working for the rights of internet users of Pakistan, explained that because this is an instance where consumers are buying a service from Zong, the practice is entirely unethical.

“The only reason this is not illegal is because we do not have a proper legal structure to address something like this. Otherwise, people are literally paying a good amount of money to use a service but getting an unwanted ad-on in return,” she said.

“There is no mechanism through which people can opt out of the ad program, and no real option to block them because these are not third-party ads,” she added.

She said that by using this strategy Zong was taking advantage of people who were not literate enough about the internet to know better.

“The fact that most people would not even know that this is something unethical and something that is being forced upon them deliberately is just absurd. Zong doesn’t ask for permission, it just forces the ads into your lives,” she explained.

Dad added that people should consider raising the matter in consumer courts. “While there is a gap for this to be tackled with through an existing law, there is no reason people should not pursue this in court,” she said.

unusual
Google thinks Zong internet users are ‘unusual’

Zong internet is fast, but when you try visiting Google from your Zong internet, a lot of users will see the image above, which tells you Google has detected “unusual traffic from your computer’s network”.

This is a clear sign of how Zong wants to show ads to its paid subscribers instead of giving them a great user experience, which is free from captcha requests and “unusual traffic” warnings from the websites that users just want to browse in peace.

The only way to stop this right now, it seems, is for user to take Zong to consumer court in addition to spreading awareness about consumer rights and obligations of ISPs.

Read more: Pakistan’s No. 1 property website Zameen.com back live after downtime

More from this category

Advertisment

Advertisment

Follow us on Facebook

Search