Temporary fix to StarHub’s illegal code injection

StarHub continues to do their illegal code injection into the return stream and here are four ways to you temporarily fix it:

  • Run a proxy server somewhere. By using a proxy server, you can by pass StarHub completely and their illegal code injection.  An added benefit would be that you will not be censored as well (wink, wink).
  • In Firefox, install NoScript. With NoScript, you should block anything from wishfi.com, which is the service StarHub is using to do the illegal code injection.
  • Run Tor – The Onion Routing – anonymous routing protocol.
  • If you are running Chrome or Chromium, you can disallow running of Javascript (chrome://settings, click “Under the Hood”, then click “Content Settings”, under Javascript, click on “Do not allow any site to run Javascript”. That will set up the browser to stop running Javascript and when a site needs it, on the URL line, a small box will appear and clicking on it will offer you options to allow Javascript to run per site.  Very much like NoScript does.  Not sure how this option for Chromium compares with NoScript for Firefox.

But not all of us have a means to run a proxy or a socks server, so the NoScript option would be a good solution.

You should seriously considering running Tor as well.  Helps to ensure your presence on the Internet is anonymous and helps getting past the likes of the GFC.

Update from StarHub’s code injection: It is now more than three months, and their response has been significantly less than stellar. Yes, they have privately replied to me stating that what they are doing is halal and that they checked with the IDA. They also want me to rephrase my original post about their activity being illegal.  We are at a temporary stalemate. I am waiting for them to blink.


  1. the “illegal” is a strong word here. I would say “unannounced” feature/service and this is common bad behavior for starhub.
    It is similar with their terms&conditions small font issue where you would not be able to read it neither printed no softcopy versions.

    • I agree. Illegal is harsh. But if I don’t use it, there will be no response at all. At least with “illegal” they get shaken a little. Not that it has changed anything. Yet.

  2. Well, if this happened in the U.S. you would probably get a DMCA take-down notice for the source you posted in the earlier post 😉

    • highly unlikely. it is not hidden stuff. it is part of the code that has to be sent to the browser.

      and having said that, starhub is behaving illegally to begin with.

  3. I have sent a formal letter to the IDA to open a complaint (or to add my name to any existing complaint), copying StarHub. According to Singapore’s Telecommunications Act, nobody (including carriers) is permitted to intercept and/or tamper with telecommunications services (voice and data). StarHub is doing exactly that, and it is exactly the same as if a voice telecommunications carrier intercepted your calling party’s words, digitally interpreted them, inserted recorded words into the conversation, and then passed that adulterated voice transmission to your handset — without anybody’s consent. It is illegal, and it must stop.

    It’s also incredibly dangerous. StarHub now has servers installed which are not only capable of intercepting, interpreting, and rewriting HTML data streams, those servers are also actively doing so. The mere installed capability for doing so is extremely risky, because any hacker who manages to gain control over even one of those servers can insert their own HTML code into the data stream. That code could spoof a DBS, OCBC, UOB, or other bank’s Web page, prompting unsuspecting users for intimate personal details that could be used to commit criminal fraud. Such pages could prompt for credit card details, and most users would blithely type in their credit card details. And this is not just an academic concern. SK Communications in Korea was hacked in late July, and the personal details of up to 35 million are now in the hands of unknown hackers, most probably from North Korea (operating through Chinese IP addresses). SK Communications is the largest Internet service provider in South Korea. Having these StarHub servers in the middle of practically every HTML exchange presents an extraordinary opportunity for malicious hackers. In contrast, hackers cannot hack mere wires. These StarHub intercept servers have no business even being installed.

Leave a Reply