Recently I found that my Internet provider being “naughty” in their business practices. They added a tracking code to a web page if that page doesn’t use https. This is very annoying and I did try to call the ISP and as usual it goes to the support operator which doesn’t know anything about what I’m talking about…sigh…
See the screenshot below:
That script is injected at before the </body> tag, and I don’t know for sure what it does, it could be one of the following:
- Cookies stealing
- Redirect You to spoof websites
- Javascript Miner, this will consume your internet bandwidth and battery power.
- Keylogger
- Download malware to your browser
So that’s the price if your site doesn’t use https, it could harm your visitors. And please protect them, using https for your site is a mandatory!
Wow .. can’t believe that happens!