Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Using JavaScript Injection To Serve Ads On Public Wi-Fi Hotspots

Posted by Soulskill on from the perfectly-in-character dept.

An anonymous reader writes: For some time now, Comcast has setting up public Wi-Fi hotspots, some of which are run on the routers of paying subscribers. The public hotspots are free, but not without cost: Comcast uses JavaScript to inject self-promotional ads into the pages served to users. "Security implications of the use of JavaScript can be debated endlessly, but it is capable of performing all manner of malicious actions, including controlling authentication cookies and redirecting where user data is submitted. ... Even if Comcast doesn't have any malicious intent, and even if hackers don't access the JavaScript, the interaction of the JavaScript with websites could "create" security vulnerabilities in websites, [EFF technologist Seth Schoen] said. "Their code, or the interaction of code with other things, could potentially create new security vulnerabilities in sites that didn't have them," Schoen said."

8 of 230 comments (clear)

  1. JavaScript by Anonymous Coward · · Score: 4, Insightful

    Yet another reason to disable JavaScript from your computing devices.

    1. Re:JavaScript by bondsbw · · Score: 5, Insightful

      Better yet, disable HTTP. This is a MITM injection attack and SSL was invented to help prevent this.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  2. Re:Copyright violation? by thieh · · Score: 4, Insightful

    There is a subtle difference: user modification on visit is personal use and mostly not shared, what Comcast is doing is broadcasting modified content.

  3. Re:Copyright violation? by steppin_razor_LA · · Score: 3, Insightful

    I think it is.

    It is one thing to install software on your own computer that serves modified content. When you start serving the modified content to other people, I believe that creates the difference.

    If comcast can inject ads, then there would be no problem with ISPs offering "Advertising Filtering" proxy servers for their customers and serving them sanitized content.

    --
    Evolution: love it or leave it
  4. Copyright violation? by j127 · · Score: 5, Insightful

    Yes, definitely. Also, it violates the policies of ad-free sites to not subject their visitors to ads. Websites will not be able to maintain their terms of service. For example: if you pay the website for an ad-free subscription, and Comcast then injects ads, your customers are screwed.

    An ad-blocker is for personal use -- kind of like marking a page in a book that you're reading or removing a picture because you don't want to see it. Systematic modification of copyrighted content before delivery to customers is definitely criminal.

  5. JavaScript by j127 · · Score: 4, Insightful

    That would be nice, but it's impossible to use the modern web and HTML5 without JavaScript. Maybe Privacy Badger or Ghostery can block it.

  6. Until today, I didn't see the point... by kylemonger · · Score: 5, Insightful

    ... of using https for everything. I do now.

  7. Until today, I didn't see the point... by riceracer · · Score: 3, Insightful

    To bad you can't use https for slashdot. Redirects back to http. (And after all their own coverage of NSA spying?) FAIL.