124 comments

[ 0.20 ms ] story [ 548 ms ] thread
I wonder, if I write some HTML/JS code and deny the write to modify, can I send Flash a cease and desist for violation?
You don't have to do that; there are plenty of webpages with GPL'd html and injecting such code into that html without also providing the code under GPL on request to any user is a violation of the GPL.

I'm curious if the above copyright infringement would stand in court or not... Copyright infringement normally does need intent and I'm not sure if this is really intent or not.

I'd never considered that angle before, that's a good thought! If they intend to modify the source of a page then that would be considered a derivation, and obfuscated code is not considered a source code release.

I'd love to hear a more professional analysis on this angle.

Its clear intent on the part of the programmer who wrote the code, in my opinion. They obviously designed it to modify webpages, and its not doing anything out of the ordinary or unexpected when its modifying GPL'd webpages. Just because the programmer didn't consider that there may be licensing restrictions attached to modifying web pages doesn't mean that they should be exempt from them.
Intent for specific infringements has so far not been a requirement when torrent sites has been taken down. It is enough that they simply causes infringement in the abstract to be found guilty of assisting in copyright infringement.

The problem with injecting code into html is that it "adapts" the work, and adaptations requires copyright permission.

He got a cease and desist letter from the copyright holders, not the injectors. I believe his ISP was injecting.
Why is this downvoted? The statement appears to be correct based on the article linked.

>an Indian Airtel customer, Thejesh GN, discovered that the carrier had begun using Flash Networks Layer8 “monetization” (read “ad injection”) solutions.

>However, like so many ridiculous cease and desist letters, that hasn’t stopped Flash Networks lawyer Ameet Metha at Solicis Lex from trying to scare Thejesh

>Airtel, for their part, told Storypick that they have nothing to do with the C&D:

I think we should do a research project on comments like mine that get initially downvoted, but then receive statements like yours clarifying the authenticity of the original comment. I have more upvotes on this comment than on most of my other comments.
Funnily enough, my clarification got 1 up vote...
> and Github, for their part, cravenly pulled the code as part of DMCA request.

That's a very weirdly-opinionated statement. Isn't GitHub legally required to obey the DMCA request?

Not required exactly, but if they refuse to take down the content, then they can be sued for copyright infringement themselves. The DMCA removes their liability and makes the fight between the uploader and the copyright holder. But if they step outside of the "safe harbor" they become potential targets.
IANAL, but can't github still be sued in India where the DMCA doesn't apply? GitHub is doing business in India as well, so wouldn't they be subject to the jurisdiction of an indian court?
They may be able to, depending on Indian Court's jurisprudence on personal jurisdiction, but unless they have assets in India, the Indian judgement would have to be brought to the United States for enforcement. The U.S. has laws and procedures outlining what sorts of foreign judgements will and will not be honored and enforced by U.S. Courts. For example, a U.S. Court will not enforce a libel judgement from a UK court, because of the SPEECH Act. See more: http://en.wikipedia.org/wiki/Enforcement_of_foreign_judgment....
(comment deleted)
No, it's absolutely not. Placing content in the public domain takes an explicit public domain dedication; simply making it available doesn't have that effect.

(Edit: Alternatively, content can enter the public domain if all copyrights on it have expired. But that's certainly not the case here either.)

No, the code is still copyrighted by Networks Layer8 or Airtel.

Publishing or delivering it on request doesn't make it public domain.

Here is one definition of public domain: the status of a literary work or an invention whose copyright or patent has expired or that never had such protection.

How was it in the public domain?
Yep. Part of DMCA safe harbor is that you have to pull it down for a couple weeks, regardless of frivolity.
Google rejects many DMCA requests, does that mean they aren't covered under safe harbor?
For the DMCA they rejected and if the request is found to be valid, yes, they become potential party to the legal action.

I'm guessing they reject obviously spurious and incomplete/ill-formed ones.

it means the people who made the request can sue google.
Google is in the unusual situation of receiving a lot of blatantly invalid DMCA takedowns. Like, a movie studio (or a company under contract to them) will do a Google search for something broad, like "download game of thrones", and issue a mass takedown for every single link that shows up, often without even looking at the links. So a lot of perfectly legal content (e.g, a news article that says "Game Of Thrones is one of the most commonly downloaded TV shows") gets swept up, and Google is being good enough to spot those and reject them.

(Sometimes the DMCA agents screw up even worse. For instance, there's evidence that some of them forget important keywords sometimes, and end up issuing a takedown on all the top links for searches like "download".)

The ridiculous thing is that there are no consequences for the groups sending out those invalid DMCA requests. Every other week I read about how someone uses DMCA to censor a YouTube video or article that's critical of them, but apart from the loss of face with the public they don't see any of the legal or financial penalties that are supposed to result from invalid DMCAs.
Part of the problem there is that the DMCA (and arguably the legal system in general) doesn't deal well with pseudonymity. Contesting a DMCA takedown requires that you send your real name and contact information to the service provider and to the sender of the DMCA. This ends up making the DMCA a dangerous harassment tool; targeted individuals end up with an unpalatable choice between allowing their harassers to force any content of theirs to be taken offline (which will often cause their accounts to be suspended on sites like YouTube!), or giving their harassers their personal information.

But more generally -- yes, it's a huge problem that the DMCA has few consequences for "spray and pray" takedowns. While there are some provisions in the law for damages against knowingly issuing an invalid takedown, it's incredibly hard to prove (I'm not sure if it's ever happened!), and in any case, it doesn't apply if the takedown was simply sent in error. Even if you make that error repeatedly, and don't do anything to prevent it.

A takedown notice is sent under penalty of perjury (which makes it different than a C&D notice). The issue is that it's up to the party that receives the takedown to petition the court for the perjury cause, and that's almost never worth it.
safe harbor means: if you do that, even if you are guilty, you are exempt.

if you are innocent, you don't need safe harbor because well, you're innocent!

but just like every criminal case in the usa where law representation is far from fair and free, its often better to accept the guilty while being innocent just to avoid the legal costs.

that's why dmca stinks. it forces your hand even more to just assume guilty for the low cost of censoring someone else in favor of someone that can pay a legal battle.

I have never heard the term "American" programmer. Why?
I have, but not in America.

Perhaps an "us" as opposed to "them" pre-supposition on the part of writers wherever they are?

Are you in the US and/or consuming primarily American media sources? I'd imagine the term might be more common in articles written in India and the term Indian programmer more common in articles written in the US.
I am in India. Never heard American programmer. Maybe Indian media doesn't cover much tech.
Interesting, thanks for the perspective. I wonder if the term is more common in any other countries or just uncommon in general. I can find a few examples googling but that doesn't really answer if it's common or not.
I felt it was more about the situation of the person (being an Indian ISP and in India) rather than a defining characteristic of the person. I would expect them to call a programmer American if it's an Indian newspaper and the piece of news happened in the US.
So...without knowing anything more about you...I would guess the reason is because you currently either reside in the U.S. or get much of your news from U.S.-based sources.

So a U.S.-based press outlet might write this:

"The Game of Thrones cast includes British actors Kit Harrington and Emilia Clarke"

But a U.S.-based press outlet would probably not write this, because it is assumed their audience is American and the "default" nationality is American unless stated otherwise:

"The cast of Seinfeld includes American actors Jerry Seinfeld and Julia Louis-Dreyfus"

In the case of the OP, TechCrunch is an American based outlet with a heavily American-skewed audience. If this case involved an American programmer who exposed the flaw, it might not be in the headline, but it would likely be stated in the body text since the story deals with two foreign-owned entities and the readers could likely be curious about the affiliation of the programmer.

Can we stop with the identity politics and use our brains for a while (and yes, recently I have figured out that they are mutually exclusive). It is Indian programmer because he is from India and a programmer. And the fact that the mobile operator is also in India is also relevant ... so what is happens is that Israeli company with the help of Indian mobile operator censors Indian programmer that has unearthed wrongdoing using US law.

The guys that were from Russia and tried on wall street were referred as Russians too.

Now you have: http://www.bbc.com/news/technology-10685669

  "It took a long time for the international media to pick up on the story,
   so I spent a long time following the Kampala hashtag on Twitter and
   checking my e-mail," said Jonathan Gosier, an American programmer
   living in the country.
And: http://www.bbc.com/news/technology-21280943

  There's a buzzword, coined by the American programmer Ward Cunningham,
  for the problems hidden in computer systems as a result of corners being
  cut: technical debt.
Also: https://www.google.com/search?q=%22american+programmer%22+si...
(comment deleted)
Wow!

I was using the WiFi at the Bangalore or Mumbai airport one day when I realised that half of the websites appeared broken in some way. I looked into the code and realised that the WiFi provider was injecting JavaScript ad codes in all the web pages I was visiting.

I talked to some people about it, but no one seemed perturbed. Such invasions of privacy are a hallmark of Indian companies. Even more perturbing is the lackadaisical attitude of consumers towards such breaches; most them don't think it's wrong.

On a slightly un-related note: India has a national DND registry, for preventing marketers from spamming users' phones. I have filed over a dozen DND complaints and appeals over the last year, with Airtel and Vodafone, against major e-commerce Indian companies. It's amazing the extent to which these operators would go to suppress the issue. None of my complaints were resolved, and I still get spammed. People tell me - It's just a bunch of messages. Ignore them.

Well, you should always be able to tell if you limit yourself to HTTPS sites. If they offered their own devices and had hacked them to make middle-manned HTTPS sites appear safe, that would be crossing the line for me.
It's not really a big deal but why do they need to say Indian programmer as apposed to just a programmer?
It does provide some context, but probably not enough to justify it's use - unless of course adding it to your lead caused an increase in readership.
Because the story takes place in India, and since TechCrunch is an American publication, people would otherwise assume the story was taking place in the US.
That and the DMCA does not apply in India, they are just abusing the system.
No, the DMCA does apply because GitHub is an American company.

(I mean, they are abusing the system, but not in that particular way.)

Github is in the US, where India does not have jurisdiction. DMCA laws DO apply.
(comment deleted)
This happens in Brazil, too. It is outrageous but the public in Brazil is horribly unenducated and they couldn't care less.
I'm from Brazil. Which carrier do you use that has this same behaviour? I really want to check what they are doing...
I had a sim card from VIVO and they regularly used DNS-hijacking to show me captive portals which tried to convince to pay for more traffic. One thing at least as annoying as that is that Firefox caches that site so that when I close the portal and try to reaccess the original website Firefox shows me again the captive portal.
Brief summary:

Thejesh has accused Indian Airtel and Flash Networks Layer8 of something that may be a crime (depending on the particulars of Indian law) and is definitely a scandal. Specifically, the accusation is that Flash Networks Layer8 wrote a piece of malicious software and that Airtel injected it into customers' network connections. Thejesh republished the injected script on GitHub.

Flash Networks sent a nasty letter to GitHub asking them to take down the evidence, claiming that their malicious software is copyrighted. GitHub complied.

Just because code/webpages are delivered to you over the web doesn't mean you can take them and republish them somewhere else.
Just because fingerprints were found at the scene of the burglary doesn't mean you take them and republish them somewhere else.
Doesn't that fall under vigilantism? Publishing fingerprints might get you in trouble.

In most countries you are forbidden to take photos in a private setting without permission, and in some even in public.

wvenable's comment is on point. Just as public websites aren't public domain, publishing information delivered on request might not be legal.

It may not be legal, but I'm not sure it is wrong either (the web stuff and not the burglary)
Fingerprints are not copyrighted, code is.

You might claim fair use if you published it as part of an article, but probably not on GitHub which is intended for using and editing code.

Publishing research on malware should be perfectly legit.
Publishing a book report is very different than publishing the book itself.
If that book is malware itself? It should be OK, because it's security research and exposure of that malware. It should be covered by fair use.
But fingerprints are personal data and at least in the EU the handling of personal data is very strictly regulated. It's not the same thing at all, but still the analogy works I think.
Personal data and copyright are completely different things. The analogy doesn't work at all.

For example, even if you are worried about personal data, you can still publish a fingerprint if you don't identify the individual.

That was a very imprecise analogy. What we actually have here is the intersection of copyright, digital forensic evidence, three jurisdictions, and facts and circumstances that are in dispute. Figuring out what the law actually says on this matter would be a sizable project for a law firm, and probably can't be settled without a judge.
What about the copyright of the webpage whose code was altered with these injected ads? It's ironic that a company whose product disrespects the copyright of others would be so sensitive to the issue.
Is illegal code (i.e. malware) protected by the copyright to begin with? If it is, then all antiviruses blatantly violate copyright. But something tells me they don't need to ask any permission from malware authors.
It seems like illegal works should be protected by copyright[1]

But that begs the question, as ad injectors are probably not illegal.

[1] http://www.cardozo.yu.edu/sites/default/files/Eldar%20Haber,...

I'm not sure they are not illegal. At least they shouldn't be any less illegal than many other types of malware. But I'm not familiar what laws that falls under.
Injecting ads into content has been what television stations have been doing for decades. Users of the network service may even have agreed to this in the terms of service for using the network. It's a crappy thing to do but not all crappy things are illegal.
This example was not about injecting ads. It was about collecting data about users which is violating their privacy (i.e. it's malware).
What are you basing this on? Flash Networks said "The javascript mentioned does not collect or store any user data but is used to deliver user messages." and I haven't heard anything to contrary.

In fact, it doesn't sound like it was even going to be used to inject ads except for offering users to upgrade to larger plan when they were near their data expiration.

I agree that any code injection is shady and unwanted but you're just making stuff up.

On the article:

> “This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage. One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used.”

The same thing was claimed about various malware in the past, which was found capable of doing all kind of weird things way beyond "improving customer experience".

You are not stating any facts and so this doesn't add anything to the discussion.
In the UK it would be an offence under the section 3 of Computer misuse act.

"3.unauthorised modification of computer material, punishable by 12 months/maximum fine (or 6 months in Scotland) on summary conviction and/or 10 years/fine on indictment;[8]"

Does India not have something similar on the books.

Using a copyright work and modifying it in some way often qualifies for fair use. I also think that in your example the antivirus companies would be happy to see who complains about their copyright violation.

http://copyright.gov/fair-use/

I assume there is some fair use cover AV providers could argue ("purpose and character of use" sounds like their bag) but I'd be surprised if many authors want to come out of the woodwork to fight that fight with them in the first place. As we can see in this case, it's a big deal that the author is seeking copyright takedown.
It should teach them a lesson. Being exposed as malware authors (with intent to sell it to be used for malicious purposes) will not serve them well.
why not?

i can probably patent a full auto gun, even if it's illegal for me to have one

Regardless of whether or not it is, the article makes statements about how its " freely downloadable via any browser" and how "The crime, it seems, was the uploading of public code to a public repository". The point is that (legal or not), the code is not public and shouldn't be treated as such. No other code (eg javascript from all the HN starstups' web apps) that is downloadable is automatically "public code". Innocent until proven guilty and all that.

But... since copyright automatically applies to all works, yes, I think it does and should apply to illegal code (and every other code or work out there).

Having said that, I don't particularly see much morally objectionable with what this guy did in this case, even if its not legal.

> The point is that (legal or not), the code is not public and shouldn't be treated as such.

I brought a few examples (like antiviruses). How publishing security research even into the public repository with the code of malware that's involved wrong? Fair use should cover it. If it's indeed illegal, then all antiviruses are illegal too, because not only they publish - they redistribute that said code.

You keep making this argument but it's wrong. Antivirus software does not contain complete copies of malware.
Yes, malicious code is protected by copyright.

Antivirus software isn't distributing the copyrighted virus, and I can't begin to wrap my head around the conception you must have of how they work, in order to think they do. Copyright is utterly irrelevant to the relationship between computer virii and antivirus software.

> Antivirus software isn't distributing the copyrighted virus

Why not? Many of them include patterns for detecting viruses, which literally contain originals in some way (partially at least). There are tons of malware types, including one that's not polymorphic.

Regardless, even if they include malware in full, it should be perfectly fine under fair use. I.e. that malware souldn't be protected by the copyright in such case (because it's for the purpose of security).

Fair use doesn't remove a copyrighted work's protections. What ever gave you that idea?

Think of it in criminal law terms: it's like the "affirmative defense" that having a medical marijuana card gives you in states that have such programs. Pot is still illegal, but if you get caught with some, and have a card (and are compliant with the restrictions of your local MMJ program), then the charges are dismissed.

It doesn't change the law; it changes how the law applies to you.

> Fair use doesn't remove a copyrighted work's protections.

It doesn't remove them, it just says that that they aren't even applicable in that case. I.e. there is nothing to remove when it's not there to begin with.

I agree that it's somewhat poorly defined that's why there can be different ways to view it. See https://w2.eff.org/IP/eff_fair_use_faq.php

Approach of "affirmative defense" doesn't sound logical to me. Approach of limiting copyright applicability makes more sense. I.e. fair use defines some borders beyond which copyright can't reach.

Fair use is a defense against claims of copyright infringement. In other words, claiming fair use will not keep the law suit from being filed but you can use it as a defense. It isn't a direct limit on copyright applicability.

In other words, distribution of a copyrighted material isn't considered fair use until a judge says it is.

> Fair use is a defense against claims of copyright infringement.

That's an interpretation of what fair use is. Another one says that it defines public rights, as in limiting the reach of copyright. I.e. it defines exceptions to where copyright applies (and this makes perfect sense to me, unlike the other interpretation). I.e. it defines uncopyrightable scenarios.

The problem is that the law itself is not clearly defined, that's why it becomes a matter of interpretation and is given to judges to handle. May be copyright reform can fix this making this an explicit right in the law to avoid this ambiguity.

If copyright worked the way you seem to think it does, then the GP's scenario — where someone using a work under Fair Use terms could still be sued, and then has to prove that their use was legitimately Fair Use — wouldn't be the norm.

But it is.

So, there's how you appear to think it works, and there's how it works in the world outside your skull. It turns out, that things in the real world are sometimes sloppy, or inefficient, or illogical, or just plain weird; just because something makes "more" or "perfect" sense to you doesn't begin to make it correct.

> If copyright worked the way you seem to think it does, then the GP's scenario — where someone using a work under Fair Use terms could still be sued, and then has to prove that their use was legitimately Fair Use — wouldn't be the norm.

So where did presumption of innocence go? I know it's tossed out all the time in copyright (that's the core of the whole DRM approach), but it's not supposed to be that way. If they claim that copyright is violated, they need to prove it (i.e. violation and lack of fair use), and not those who say it was fair use need to prove they have that right.

And if you say that's what's going on in practice (presumption of guilt) - then the whole system is seriously perverted and requires deep fixing.

I'm not even sure why I'm bothering any more. You seem determined not to hear what anyone else is saying, but instead just keep talking about how things should be, how they're supposed to be.

Which might be an interesting discussion to have, if you were aware enough of how things actually worked to understand the difference between civil and criminal court proceedings. "Presumption of innocence" exists in criminal cases. The kinds of suits that copyright holders tend to engage in over things where the defense argues Fair Use are overwhelmingly civil. (Seriously, has there ever been a criminal copyright infringement prosecution where the defense argued fair use? If so, how did that work out for them?)

Please stop spouting off about how shit should be based solely on an embarrassingly broken a priori idea of how the things you're railing against work, and try to understand how they really, actually work. I promise you that, if nothing else, doing so will better enable you to fight the fight you seem to believe so much in.

Either way, I'm not going to argue any more with you, if you continue to insist on engaging from broken premises. Enjoy the rest of your day.

Since I'm not a lawyer, please explain why presumption of innocence isn't applied in civil cases? That would be more productive than expecting that everyone should know that just because you do.
Presumption of innocence doesn't prevent you from having to go to court and defend yourself. However, the DMCA provides safe harbor for sites and networks, essentially removing them from the conflict entirely, if they quickly act to remove contentious materials. Then there is a process by which the two sides actually involved can dispute over the materials can make their case.

The DMCA favors copyright complainants but it also completely absolves providers of liability. So it's a messy compromise.

> Presumption of innocence doesn't prevent you from having to go to court and defend yourself.

That's right, but you have to defend against what they should prove to the court. But @rosser is claiming that it's not even applicable in the civil law. That's really surprising to me (IANAL just to be clear), so I want to understand why.

@rosser is wrong, there is presumption of innocence in civil cases as well (at least in the US). Or to rephrase, the the necessity of proof always lies with the person who lays charges.
Burden of proof isn't presumption of innocence. Burden of proof always lies with the party making the positive assertion. In criminal trials, that's something like "Shmerl did it, with a pipe, in the pantry" or whatever.

This is why, for example, a criminal defense of insanity must be proven by the defense — and why such a defense is risky. The defense is stipulating to the fact that the defendant committed the act, but arguing the defendant didn't have the requisite mens rea to make their actions a crime. That eliminates the State's burden to prove that they did it, and assumes the burden of proving the defendant's state of mind/lack of culpability at the time.

In a civil case, the question is more one of "Here's why Shmerl is responsible (and, consequently, liable) for what happened." The facts (that Shmerl did whatever, to whomever, at whatever time) are often stipulated to. The positive assertion being made by the plaintiff against him is the degree of liability.

Consider the oft-mocked case of Liebeck v. McDonald's. No one disputed for a second that she bought the coffee at McDonald's, that it was the temperature it was, or that it was spilled. That wasn't remotely the question. Rather, the question was, "Should they have known better, to a degree that makes what happened to her their fault?"

Does that distinction make sense?

> The facts are often stipulated to

But they have to prove that those facts constitute a violation of copyright, don't they? And that's not given, since that should mean they have to prove it's not fair use (since fair use can be viewed as a right). If it's not viewed as a right, then what you said is correct. But how it's viewed is decided by the judge ad hoc (since the law is ambiguous). Or there is some other logic there?

Antivirus software is based upon code signatures. When you install some AV software, it does not come with complete, unabridged copies of every single sample and every mutation of every piece of malware ever. Not only is that a bad idea from a copyright standpoint (regardless of whether any malware author would bother to enforce their rights), but also because the AV software would completely fill up your hard drive and it would give everybody (including competitors) access to complete copies of malware.
So aren't those signatures derivative works then?
Excerpts of materials are fair use. A signature is even a transformative excerpt. You can't reconstruct the original malware from the signature.
"Just because", no. But:

1. The server has no access restrictions for the Javascript URL, presumably. So, if you trust the server's configuration to match the owner's intent, then the owner was saying "this page is intended for public consumption."

Which is to say, importantly, not only for their customers to view in exchange for their subscription fees (which would put the ad-injector script under license of whatever TOS the customers agreed to), but rather for anyone to view who has no prior relationship with them, for any purpose.

This is the "reproductions are allowed of works of artistic craftsmanship (buildings, sculptures, etc.) that are permanently situated in a public place or in premises open to the public" argument.

2. The owner never put a copyright claim against anyone else making copies of this work. Like the Internet Archive's copy of their website, say (if there is one.) That would suggest this takedown notice is a motivated use of copyright law to attack someone, rather than business-as-usual of them enforcing their IP.

Judges don't like it when you have a history of not caring about people doing something you could have complained about. They take that as evidence you don't care.

3. Fair use! This is a:

transformative use (it's visible source code, not an executing program!),

• of a small part of their copyrighted work (it's just the Javascript!),

• intended for a purpose that could be said to be both parody (revealing a previously-unnoticed essence of the original work through transformation) and edification (teaching people that the network is doing this thing.)

There's probably even more arguments than these. I hope the poster takes some of them to Github with a counter-takedown to get their repo back up.

> The server has no access restrictions for the Javascript URL, presumably. So, if you trust the server's configuration to match the owner's intent, then the owner was saying "this page is intended for public consumption."

That argument did not help weev with AT&T. If they are distributing the code, they are allowed to do that as the copyright owner. That's why it's called copyright. But that doesn't grant anyone else the right to distribute the content. By your argument, any content posted anywhere publicly on the Internet is not subject to copyright restrictions. Which is clearly not the case.

> The owner never put a copyright claim against anyone else making copies of this work.

It's unlikely they are aware of anyone else distributing their work. This may be the only unauthorized distribution of this work so far.

> transformative use (it's visible source code, not an executing program!),

There is nothing transformative about this.

> of a small part of their copyrighted work (it's just the Javascript!),

It must be very small; an excerpt. This is not an excerpt of the program.

> There's probably even more arguments than these.

If they're of the same quality they're unlikely to make a difference. These are poor arguments. Fair use never* applies to copying a complete work.

* It's perhaps possible; but this case certainly doesn't qualify.

It also didn't help in a famous piracy case in Sweden where people shared paid web streamed sports that didn't have any access restrictions. Since the cable company intended for the web pages to be access only by paying customers, sharing them was seen as infringing copyright.
Additionally Airtel denies foreknowledge and says it has nothing to with the C&D. I would not be surprised if this is PR (given their weasel-worded reasoning behind being affiliated with Flash NW in the first place [1]) but on the face of it they also think the C&D was unwarranted and not a good idea...

[1] “This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage. One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used. As a responsible corporate, we have the highest regard for customer privacy and we follow a policy of zero tolerance with regard to the confidentiality of customer data. We are also surprised at the Cease & Desist notice served by Flash Networks to Thejesh GN, and categorically state that we have no relation, whatsoever, with the notice.”

(comment deleted)
If anyone finds themselves in a similar situation, please email me the snippets and explain the story. I'll mirror them for you.

scott@arciszewski.me

Fuck censorship.

Your site is down.

Error 526 Ray ID: 1f474c500f7a0ef1 • 2015-06-10 18:56:46 UTC Invalid SSL certificate

Oh? It's up from here. Maybe it's a CF issue?

Regardless, I have other domains/sites for mirroring content. ;)

The link in his profile works (https://scott.arciszewski.me/)

even though I see the same error when going directly to https://arciszewski.me/ does not.

My guess is that arciszewski.me is not on the certificate because it is not meant to host web content, only the subdomains do.

Oh, right. I had SSL on both endpoints and the main site was intended to be just a list of family members' domains I hosted (and by that, I usually mean "reverse proxied" because I don't trust them).
Privacy is never a serious issue in India and even in this case, it only caught an eye when C&D letter was sent. In fact, code and advertisement injection is something broadband providers like MTNL have been doing since ages. Sadly, business malpractices rarely get punished in India and have become more of norm that comes with running it.

The only way I see out is to hurt these companies as much as possible. Boycotting their services on a large scale, so they get to know that they are not the king here.

How weird, an israeli company doing this.
Doesn't using HTTPS prevent such an injection?
I would hope so, unless there is some monkey business with the SSL Certs like the "superfish".

A lot of pages aren't https yet though.

Superfish was because the laptop manufacturer bundled adware which added its own root certificate that was broken, they aren't able to add root certificates in this case.
Unless its something they require on their phones as a carrier ¯\_(ツ)_/¯
I had a similar thing happen to me in the USA actually but had a different outcome.

I got on instagram.com (when it was still served over HTTP) one day and noticed an alignment issue. I believe reddit also had the issue. It was caused by a rogue iframe that was being injected into the page.

After some investigating the iframe domain was owned by my ISP. I sent emails to some of the higher ups telling them they should stop and the problem disappeared after about a month, and wrote a chrome extension to block the domains in the meantime. Not really sure what their idea was but it goes to show that you can't trust your ISP anywhere in the world (or anyone on the internet for that matter).

Comcast uses code injection like this in markets where they implement the 300gb/mo bandwidth cap. Not for injecting ads or anything outwardly malicious, but to display a javascript overlay telling you when you're approaching or over your bandwidth limit for the current month. It's a piece of javascript that they'll inject right on whatever page you're browsing (HN, Reddit, whatever).