I’ve started noticing requests to ’220.127.116.11′. Seeing as most ISPs use this IP internally, I thought I’d check out what’s going on.
This script is injected in to every HTTP page I request. When I request this web page, the server responds, identifying itself as WebProxy 6.0
For Vodafone to do this, they must be running a transparent HTTP proxy. This likely infers they are sniffing HTTP traffic for other purposes. It paves the way for deep packet inspection (DPI), much the same way that having a national web filter does. Vodafone can then implement infrastructure that allows the interception and modification of web pages in real time under the guise that this will deliver a better user experience.