Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Using JavaScript Injection To Serve Ads On Public Wi-Fi Hotspots

Posted by Soulskill on from the perfectly-in-character dept.

An anonymous reader writes: For some time now, Comcast has setting up public Wi-Fi hotspots, some of which are run on the routers of paying subscribers. The public hotspots are free, but not without cost: Comcast uses JavaScript to inject self-promotional ads into the pages served to users. "Security implications of the use of JavaScript can be debated endlessly, but it is capable of performing all manner of malicious actions, including controlling authentication cookies and redirecting where user data is submitted. ... Even if Comcast doesn't have any malicious intent, and even if hackers don't access the JavaScript, the interaction of the JavaScript with websites could "create" security vulnerabilities in websites, [EFF technologist Seth Schoen] said. "Their code, or the interaction of code with other things, could potentially create new security vulnerabilities in sites that didn't have them," Schoen said."

6 of 230 comments (clear)

  1. Copyright violation? by crow · · Score: 5, Interesting

    Does this violate the copyright of the sites the user is visiting? By modifying the content stream, they're creating a derivative work without authorization.

    On the other hand, user-controlled plugins and ad blockers do that all the time, so I wouldn't be too quick to make that argument in court.

    1. Re:Copyright violation? by Em+Adespoton · · Score: 5, Interesting

      And doing so for a commercial purpose. Which, in theory, could make it criminal.

      If I recall correctly, Comcast is currently arguing just this in court -- but for third parties stripping ads from their cable streams.

      I think they're going to try really hard to differentiate between the goose and the gander here.

  2. so don't use them! by lophophore · · Score: 5, Funny

    Don't use random hot spots. It's like safe sex, only for your computer. Stay away from sketchy connections.

    --
    there are 3 kinds of people:
    * those who can count
    * those who can't
  3. Copyright violation? by j127 · · Score: 5, Insightful

    Yes, definitely. Also, it violates the policies of ad-free sites to not subject their visitors to ads. Websites will not be able to maintain their terms of service. For example: if you pay the website for an ad-free subscription, and Comcast then injects ads, your customers are screwed.

    An ad-blocker is for personal use -- kind of like marking a page in a book that you're reading or removing a picture because you don't want to see it. Systematic modification of copyrighted content before delivery to customers is definitely criminal.

  4. Re:JavaScript by bondsbw · · Score: 5, Insightful

    Better yet, disable HTTP. This is a MITM injection attack and SSL was invented to help prevent this.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  5. Until today, I didn't see the point... by kylemonger · · Score: 5, Insightful

    ... of using https for everything. I do now.