Posted on Mon 09 June 2008 by alex in geek

I had suspected it for a while but I've just confirmed it. T-Mobile is altering my web-pages. I suspect in this case it's nothing overly sinister like Phorm but it is still un-announced tampering with web-pages I request from 3rd party servers.

Transparent proxies have existed almost as long as consumer internet. Usually they just cache frequently accessed files (like the Google logo) and pass them to the browser directly rather than pulling it over the expensive backbone network again. Since a lot of the worlds content doesn't change and popular sites are visited by the majority of your customers this can make a significant saving to an ISP's bandwidth costs.

In the case of T-Mobile the proxy is inserting the line:
<script src="" language="javascript">
into every web-page that is served. Further more every image displayed is replaced with a link to an image server somewhere on the 1.2.3.* network and a piece of JavaScript that adds the hover text "Shift+R improves the quality of this image. Shift+A improves the quality of all images on this page." which works as advertised. On the limited resources of a mobile wireless connection this probably makes sense although I'm still a little wary of the fact T-Mobile is modifying my web-pages.

It looks like we won't be able to get broadband via the company (landlords not liking holes in walls) so I'm currently hunting round for broadband deals. I'm beginning to worry about some of the things Virgin Media is up to so I don't think cable is a given.

I've also set-up my virtual server firewall so I can run torrents as and when required. Although I pay per GB it's a fairly honest arrangement (the basic plan starts at 100Gb per month) which is a fair amount to get through. Of course I double the bandwidth usage when I pull the final file to my home machine but I'm fairly sure the ISP's cannot inspect the data thanks to ssh. In fact once connected I may set-up a few Tor nodes just to avoid my ISP tracking my every move. It's not that I don't trust them to abuse the data, oh hang on, that's right, I don't trust them....