Jon AtkinsonI'm a web developer and system administrator

http://1.2.3.8/bmi-int-js/bmi.js

Posted on 26th December 2007. Tagged as web, javascript, mobile

I'm currently using my T-Mobile 3G connection to do most of my web browsing, what with it being Christmas, and that I've been travelling around a lot without reliable WiFi.

In contrast to a few years ago, when the hardware support for laptop to phone connections was terrible, that is now incredibly simple. I paired my phone and my laptop, then chose 'Connect to network' from the Bluetooth menu. My phone asked if this was okay, and everything worked pretty much flawlessly (and incidentally, I get a better upload speed over 3G than I do over my DSL at home).

So, I was happily doing some lazy Boxing day web development,and I started to notice errors in my Javascript. Not errors because I'd had a few beers, or errors because I was using a library incorrectly, but errors appearing in functions which I hadn't even written.

I checked the source of my pages, and noticed that someone or something was inserting Javascript into my pages. Specifically, a script from http://1.2.3.8/bmi-int-js/bmi.js. The 'Oh shit, my server has been cracked' alarm went off pretty loudly, and after some peer-review, that changed to the 'Oh shit, someone has released a trojan for OSX for which I am very under prepared' alarm.

It turns out that T-Mobile (and Vodafone UK) think it is appropriate to insert their own Javascript into each page which I visit, which pipes all images through a proxy to degrade their quality. However, due to an improperly terminated newline, this script cannot be parsed by Firefox or Opera in conjunction with any XHTML 1.1 or XML documents.

This causes the sort of errors which break all subsequent Javascript. For sites with lots of Javascript, that is kind of a big deal. It isn't behaviour which I asked for, and clearly it hasn't been appropriately tested. Interestingly, script isn't even inserted when using Safari (come on, T-Mobile, browser sniffing is so very Nineties). In addition, it maps key events to Shift-R, which can cause problems with other web applications (for example, GMail), and access keys in Firefox.

This is a terrible solution to a problem which didn't really exist in the first place. I've paid for a data connection, so I expect the data I requested to be delivered to me as requested, not as T-Mobile think I should recieve it. If I download large images, then I'm happy to take responsibility for what I've done and pay the cost of those downloads. Very disappointing.

blog comments powered by Disqus

Twitter

About Me

Picture of Jon Atkinson

Jon Atkinson is a web developer, sysadmin and occasional business guy. He works in the north west of England.

Jon can be contacted at , or on freenode as JonA. Also available: twitter, LinkedIn and Github.

84labs logo

I own and run 84labs, a company which provides bespoke web application development for businesses and startups.

If you're interested in working with me, take a look, then contact me via 84labs.

Testled logo

I'm one of the founders of Testled.com, a web service to provide simple remote usability testing of web sites and desktop applications

Testled.com is currently in private beta, but you can still signup for an invite.