TELKOM (, the biggest telco company in Indonesia has been secretly injecting advertisements into nearly every non-secure (HTTP) webpage viewed by its customers. It sniffs the traffic and injects javascripts which potentially loads ads at the top of the page without the website owner’s and the customer’s consents. This shady practice has been going on for years without any actions from the government.

TELKOM is not the only one (XL is also known for doing a similar practice) but I decided to focus this article on TELKOM because it is partially owned by the government, it has the biggest number of customers and internet network in this country.

When confronted by many in 2014, the company stated that it had the legal rights to utilize its network for anything including (secretly) injecting ads into web pages loaded into its customers’ browsers. Here are a few of many articles related to this issue.

This smiling idiot from the regulator board (BRTI) said it’s OK! (because TELKOM owns the infrastructure, its entitled to do anything with it including, but not limited to, shoving ads to your face, making you pay for it, and ruining your websites)

Victim 1: The Customers

So what would happen if you used TELKOM internet service? Here are some examples if you visit some non-secured (HTTP) web sites.


TELKOM sniffs the traffic between your browser and SO and then injects JavaScript code into SO page on its way to your browser. The script looks like this:

The script Injected into the victim web page

Ad injected into SO header

The Ad comes from TELKOM Ad Server

Once the script is loaded onto your browser, it talks to TELKOM ad server to get an ad. When it gets one, it loads more assets that are required to show the ad to you.

Because of that script, the page you’re viewing becomes at least 125KB heavier and of course, feels slower. Obviously, if you’re on a time/volume-based connection, it is you who pays for the extra KB — it’s not FREE.

Some Other Sites

When there’s no ad to show, TELKOM’s script throws an exception




Even its competitors like Indosat becomes a victim. The script is injected into its home page and also all HTML iframes in that page (see it yourself on Indosat home page).

Victim 2: Website Owners

If you make money from Google ads, you will be hurt.
If you use Google’s IMA SDK, don’t be surprised when you find out ads suddenly gone from your pages. That fucking TELKOM script can break IMA.

Here’s an example that I just saw on one of my clients sites.

Syntax error on Line 74

On Line 74, there it is. That fucking ad script.

Also notice, the different size of bridge.html with and without TELKOM script. That certainly makes your website loads slower. A lot slower.


Also notice, the different size of bridge.html with and without TELKOM script. That certainly makes your website loads slower. A lot slower.


If you spend a lot of time and money crafting a beautiful website …

TELKOM will ruin it. Just one big ad on the header.

What can you do?

If you can switch to another provider, go for it. Don’t ever look back. Don’t even think twice. Just leave TELKOM. Now.

But if you live in an area, like most other places in Indonesia, where TELKOM is the only provider available then you can use ad blocker and/or a VPN.

If you’re a website owner, secure your website with SSL to keep everyone, including your ISP, from sniffing the traffic.

Last but not least, share this post and let the Indonesian government know that we don’t like being treated like idiots.

Original Post By Raymond Reddington


Harris Marfel

Welcome to Harris Marfel (hrace009) Personal Blog. At this blog i only write what i like. If you don't like it, simple GTFO

Leave a Reply

Related Posts


[WordPress] Memperbaiki Error Sorry This File Type Is Not Permitted For Security Reasons

Jika website WordPress Anda mengalami error ketika mengupload file dengan pesan “Sorry, this file type is not permitted for security reasons”, tutorial kami kali ini dapat membantu Anda mengatasi masalah tersebut. Error tersebut merupakan salah Read more…


10 Best Free WordPress Gaming Themes 2017

Most of us have grown up playing video games. But the increasing fondness amongst adults for video games and online gaming, clearly hints that video games are not a kids domain any more. Many adults Read more…


Telkomsel terkena deface

Telkomsel adalah sebuah perusahaan telekomunikasi yang sangat besar di Indonesia, dan sekaligus menjadi layanan provider Internet yang jaringan nya sudah ada sekitar 90% di seluruh Indonesia. Namun sangat di sayangkan, mereka mematok harga yang sangat Read more…

%d bloggers like this: