Slashdot Mirror
Comcast Using JavaScript Injection To Serve Ads On Public Wi-Fi Hotspots
An anonymous reader writes: For some time now, Comcast has setting up public Wi-Fi hotspots, some of which are run on the routers of paying subscribers. The public hotspots are free, but not without cost: Comcast uses JavaScript to inject self-promotional ads into the pages served to users. "Security implications of the use of JavaScript can be debated endlessly, but it is capable of performing all manner of malicious actions, including controlling authentication cookies and redirecting where user data is submitted. ... Even if Comcast doesn't have any malicious intent, and even if hackers don't access the JavaScript, the interaction of the JavaScript with websites could "create" security vulnerabilities in websites, [EFF technologist Seth Schoen] said. "Their code, or the interaction of code with other things, could potentially create new security vulnerabilities in sites that didn't have them," Schoen said."
And doing so for a commercial purpose. Which, in theory, could make it criminal.
As I recall, it's not free ... it's available to people who are already Comcast subscribers.
In other words, this should be no different from any other context in which you connect to the interwebs via your Comcast service.
Except Comcast is letting the people who host the routers pay the electrical bill, and injecting even more ads into it.
And I definitely agree that modifying other people's content is getting into a sketchy area of copyright, and possibly stealing the ad revenue from those site owners.
Because, if the people who actually own the sites aren't having their ads serves, but suddenly someone else's ads are showing up, then isn't Comcast just skimming from someone else's stuff?
Lost at C:>. Found at C.
honestly the number of times i have to whitelist a page to run javascript is surprisingly small. In fact, some even end up working better (I'm looking at you theonion.com and your regional paywall-after-a-certain-number-of-pageviews).
A lot of browser addons like NotScript and NoScript even allow you to easily whitelist javascript permissions by domain trying to do so on a page, so if things are not happy you just click the icon, and click allow for the domains that are pertinent to the site and not the ad networks et al.
Came here to say that. Would mod up. No points.
That would be nice, but it's impossible to use the modern web and HTML5 without JavaScript.
Just disable JavaScript from third party sites. When you browse your local news page there is no reason for them to pull in scripts from adtech, google-analytics or whatever.
The pages that doesn't work when you disable external JavaScripts are just a handful and usually you just need to enable "samename-cdn.com" or similar because they store some stuff on another domain to distribute the load.
> That would be nice, but it's impossible to use the modern web and HTML5 without JavaScript.
Tell that to the 2.2 millions users that have made NoScript the 3rd most popular non-developer add-on for firefox.
Now if those @#*$&! at Mozilla gave me that convenient checkbox to enable/disable Javascript without having to mess with about:config, I'd have one gripe less.
Then you should use the NoScript plug-in which automatically blocks JavaScript from sites you visit (except certain white list sites and you may have to block them yourself). Besides, the plug-in remember what you have set it up (allow/not allow) even after the browser update (thump up for the developers to keep up with the browser). It is a simple workaround.