AT&T Hotspots Now Injecting Ads

An anonymous reader writes: Computer scientist Jonathan Mayer did some investigating after seeing some unexpected ads while he browsed the web at an airport (Stanford hawking jewelry? The FCC selling shoes?). He found that AT&T's public Wi-Fi hotspot was messing with HTTP traffic, injecting advertisements using a service called RaGaPa. As an HTML pages loads over HTTP, the hotspot adds an advertising stylesheet, injects a simple advertisement image (as a backup), and then injects two scripts that control the loading and display of advertising content. Mayer writes, "AT&T has an (understandable) incentive to seek consumer-side income from its free Wi-Fi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user's browsing activity to an undisclosed and untrusted business. It clutters the user's web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don't plan for extra scripts and layout elements."

Good News

[binarylarry]

Soon someone will have a script or browser extension for this.

Re: Good News

VPN...

Re: Good News

The ONLY thing unsavory advertising, in any form, does is the exact opposite of the initial intent; i.e., "never buying that". Advertisers, regardless of the delivery, apparently are not smart enough to realize if you annoy people, you have LOST the sale.
Plus, the whores are then really easy to spot. No resposible consumer likes a whore.

Re: Good News

[MightyMartian]

Yup, an SSH proxy or other VPN is your bestest friend. I don't access public WiFi without it. That being said, I expect if more people do that, eventually the sociopaths that run the major ISPs will begin using deep packet inspection to shut down anyone using VPNs. Remember, the MBAs that run the world are evil monsters who would, if they weren't trying to find ways to extort money from us, would probably be finding ways of eating human flesh and killing elderly people for fun.

The real lesson here is that we should be banning all sociopaths and anyone with any significant narcissistic personality disorders from holding any position where they have any authority over anyone else. I would have a law that would ban such individuals from even being shift manager at a McDonald's. They wouldn't be allowed to become lawyers, doctors, accountants or engineers. All professions of any significant importance would be forbidden them.

Re: Good News

[Ol+Olsoc]

The ONLY thing unsavory advertising, in any form, does is the exact opposite of the initial intent; i.e., "never buying that". Advertisers, regardless of the delivery, apparently are not smart enough to realize if you annoy people, you have LOST the sale. Plus, the whores are then really easy to spot. No resposible consumer likes a whore.

Mod this guy up! Anything that manages to get through my defenses is put on the "Never ever" list.

The sooner advertisers understand that, and the sooner they understand that if they put simple unobtrusive ads on web pages, the sooner we'll stop this war on web users.

When your ads are having the opposite effect than you intended, maybe its time to change.

Re: Good News

The problem's not the people - it's the corporations. The people are just cogs in the machine.

Re: Good News

Sure, YOU might react like this. But they are playing a numbers game. Many users are too stupid to even realize that nasa.gov would never sell vitamins.

Re: Good News

[Vokkyt]

I agree with you in principle, but I think you're missing that you're not all that important to advertisers as an individual. AT&T's actions are frustrating and dangerous, but they really aren't concerned about the buying habits of habitual ad-blockers. You are collateral damage as far as the advertising goes, not a "valued consumer". The people that these ads target are not you; you just happen to see them. There is a subset of people who do buy whatever junk an ad thrusts at them; if it's not you, then great! But the ads aren't gonna stop just because you aren't compelled by their random ads.

So it's great that you are incensed over this (and that's not being condescending, this is something people should be upset about), but as long as the general public has this feeling that ads everywhere are just fine without understanding the reasons why rampant ads can be bad, business will continue as normal.

Of course, even if the public got into ad-blocking on a large scale, that would just bring about the tech arms race between the very kind coders who work on adblockers and the advertising agencies.

Re: Good News

[Chris+Johnson]

Have you tested this conclusion?

If it turns out that advertisers can test this—for instance, on Facebook, let's say—and discovered that it's not true: that there's a measurable advantage to obnoxiousness in that you're outnumbered by the people who shrug off the obnoxiousness yet retain the payload then you're mistaken.

I think they've already tested this, and we're seeing the outcome. Results are in: short of legislating better behavior, being abusive gets you enough local gains that it becomes a required strategy, impossible to compete against without adopting the same strategy.

It would be nice if the 'I boycott youuuu!' reaction made any sort of difference, but clearly it does not.

Re: Good News

Shutting down access to those running VPN on open WiFI in public areas such as airports is already being done. I have already seen it myself.

Also, limiting sociopaths will never happen. Corporations love them. They choose to place them in charge at the highest levels because they get the results desired ... more of everyone else's money so the rich can get richer. They can easily do this because they DO NOT CARE about anything else.

Re: Good News

[ememisya]

So the cute little WI-FI hotspot version of big daddy NSA. Awwww

Re:Good News

it's called HTTPS.

Re: Good News

Funny one, but aren't people in control of corporations? It's not a robot. And since the court ruling, I'm waiting for the first one to go to jail, or get executed for something. But they keep arresting the little guys who are two or three levels down, who were doing what they were told to do by the controllers of corporations.

Re: Good News

[wasteoid]

You make it sound like whores are bad.

Re: Good News

[Ol+Olsoc]

Sure, YOU might react like this. But they are playing a numbers game. Many users are too stupid to even realize that nasa.gov would never sell vitamins.

Many are stupid, many aren't. I have a lot of computers I've installed adblock on after people complain how slow they've become. Then a hosts file. Then noscript.

While there are a lot of non-rocket surgeons out there, they are smart enough to notice when they have to wait 30 seconds or more for the ads to show up so they can scroll the page.

Ad blocking is getting more popular for just those reasons. And soon it won't be just so called smart people that have it.

I can convert a person in a minute thst they want to block ads. Doesn't take a genius to see what happens when you turn adblock on and off. Coupled with thereduction in malware on their computers, its a win-win situation.

Teh inttubez has got to stop being the electronic equivalent of walking down the boardwalk in Atlantic City, while at every step being accosted by hookers offering you bonus STD's and thugs who offer to trade your money in exchange for not shivving you. The sooner advertisers learn that, the sooner we start turning off our self defense mechanism

Re: Good News

[rahvin112]

They can't kill VPN without basically making the service useless for business. This reason alone will protect VPN.

Re: Good News

[Ol+Olsoc]

I agree with you in principle, but I think you're missing that you're not all that important to advertisers as an individual. AT&T's actions are frustrating and dangerous, but they really aren't concerned about the buying habits of habitual ad-blockers. You are collateral damage as far as the advertising goes, not a "valued consumer".

Perhaps. But when ordinary people can suddenly speed up the internet by blocking that shit, it starts to become a problem. I've noted in another post in this thread how I've sped up people's browsers by installing adblock and others. None of them are computing geniuses, they are just tired of paying for fast internet connections to be yanked back into dialup world because of loading all the ads. And being normal people, they don't mind the ads, just the inconvenience.

tl;dr version

Regular folks will put up with more for longer, but don't fool yourself thinking they will put up with everything forever.

Re: Good News

[adamstew]

They could target specific commercial VPN providers. Pick the top 10 VPN providers and just block access to connecting to them. You'd stop a good majority of the unwanted VPN traffic while still allowing businesses (whose VPNs are almost certainly privately run) to continue to work just fine.

Re: Good News

Sadly it's the exact opposite in America. You can't attain a high political office without being a sociopath.

Re:Good News

It should be pretty easy to add "||adapi.ragapa.com/*" to your adblocker or "127.0.0.1 adapi.ragapa.com" to you HOSTS file.

Re: Good News

By this logic, they can't win. Without being an option to buy, they lost the sale too. Damned if they do, damned if they don't. I'm not defending them, I'm just saying that given your comment, they may as well do it because they can't win. Maybe do an OPT IN or make it clear which ads are network centric (vs website).

Re: Good News

[beastofburdon]

Sadly it's the exact opposite in America. You can't attain a high political office without being a psychopath.

There, fixed that for you.

Free WiFi is a trap, news at 11!

[sinij]

Free WiFi is a trap, news at 11!

Re: Free WiFi is a trap, news at 11!

More like, AT&T are scumbags. Tune in at 10.

Re:Free WiFi is a trap, news at 11!

[Darinbob]

But I pay for AT&T service and as part of that service they claim access to free wi-fi hotspots of theirs. I think this means that I PAY for these hotspots. So having advertisements in a paid service is obscene (well, more obscene than general purpose advertising). They don't need this side income from their paying customers.

Re:Free WiFi is a trap, news at 11!

[sglewis100]

But I pay for AT&T service and as part of that service they claim access to free wi-fi hotspots of theirs. I think this means that I PAY for these hotspots. So having advertisements in a paid service is obscene (well, more obscene than general purpose advertising). They don't need this side income from their paying customers.

Yeah. Like their ad-free U-verse service. Oh no... wait. Look, advertising isn't the problem. A pre-roll add, or whatever wouldn't be offensive (just annoying). But injecting code into other people's sites. Yeah... not good.

Copyright?

[msauve]

Why is modifying a web site in this way not copyright infringement? Is not AT&T creating an unauthorized derivative work?

Re:Copyright?

[wbr1]

They are tampering with a data stream between client and server. That it is not encrypted is moot. This is a violation of the computer fraud and abuse act as well as FCC regulations. If they are a common carrier, they have no business at all tampering with the content.

Will they be charged? Probably not, and if so it will be a minuscule financial fine.

Re:Copyright?

It definitely won't be the criminal penalties you or me would face if we did the same thing for monetary gain. There are two standards. One for corporations, and another standard for individuals. It's been that way for far too long.

Re:Copyright?

[wbr1]

To clarify. From the fraud and abuse act

In practice, any ordinary computer has come under the jurisdiction of the law, including cellphones, due to the inter-state nature of most internet communication.

....

(5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

Sending my PC an ad, at the bear minimum causes damage due to increased wear on storage devices. At its worst it installs malware or defrauds such as to install malware.

Perhaps more relevant is mail and wire fraud:

18 U.S.C. 1343 provides:

Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.

Re: Copyright?

Amen brotha!

Re:Copyright?

> Why is modifying a web site in this way not copyright infringement? Is not AT&T creating an unauthorized derivative work?

It is, and they are.

I had the same idea for a start-up 5 or 6 years ago. Ditched it after a couple hours thought for the very same reason. Injecting ads is creating a derivative work, which is copyright infringement.

Re:Copyright?

[adolf]

Is using a browser on a dumb phone with a WAP gateway creating a derivative work?

Is using the Readability bookmarklet creating a derivative work?

Both of these things have been happening for number of years (over a decade, in the first example). They simply reformat web pages.

Now that you've thought about these questions for a moment, consider: If they reformatted a web page and added advertising, does that addition of advertising affect the things status as a (non-)derivative work? (Aside from making you livid, of course. I'm not happy about ads, either.)

Re:Copyright?

[tompaulco]

It definitely won't be the criminal penalties you or me would face if we did the same thing for monetary gain. There are two standards. One for corporations, and another standard for individuals. It's been that way for far too long.

So incorporate. No reason not to enjoy the protections that the law was specifically written to provide.

Re:Copyright?

[tompaulco]

Along those lines, is using adblock+ copyright infringement? Is something that was served up dynamically copyrightable?

Re:Copyright?

[Anon-Admin]

Why is modifying a web site in this way not copyright infringement? Is not AT&T creating an unauthorized derivative work?

It is! I used to run an Anon Service and had a lengthy discussion with my attorney about doing something like what they are doing.

My idea was to capture the banner ad's and replace them with my own as the proxy processed the web page. I was not going to add to it or inject scripts. Just replace the banner ad's with ones my sponsors were paying for.

The final decision was to go with a set of frames and tag the banner ad in the top frame as being a sponsor of the anon-service while displaying the requested page in the bottom frame.

The attorney assured me that replacing content in a page as it went through the proxy was violating the craters copyright.

Re:Copyright?

[wbr1]

Maybe, like Michael Valentine Smith, I will chose to discorporate.

Re:Copyright?

Your analogy sucks because your examples are of the end-user modifying the content on their end.

Re: Copyright?

[skywire]

Prepare to be flamed by cretins who have no sympathy for your making the reasonable assumption that ISPs are common carriers (which they are by nature but not in US law).

Re: Copyright?

[HiThere]

ISPs may not be common carriers under US law, but I believe that AT&T *is* a common carrier under US law.

Re:Copyright?

[pepty]

So long as RaGaPa doesn't try to inject ads into Google search results pages they will probably be fine.

Re:Copyright?

[piojo]

I'm not sure either of those applies. I'm no lawyer, but I doubt a judge or jury would agree with your interpretation of "intentionally causes damage". First of all, wear and tear is not damage. When you finish an apartment lease, the landlord cannot keep your deposit to pay for wear and tear. When you rent a car, you are not charged damages for wear and tear. When you borrow something, it would be unheard of to hold you accountable for wear and tear. Furthermore, how do you prove it? Due to the way hard drives and OSs work, I doubt the amount of damage is statistically significant. If it's not statistically significant, it doesn't exist. Finally, if AT&T is sending headers that tell the browser not to cache the data, it should not be written to the hard drive anyway.

Finally, you ignored "intentionally". Do you know how high a bar it is to prove intention rather than incompetence? It's hard, even when it's true. And in this case it just isn't. AT&T doesn't want to fuck your computer, they want to fuck your wallet.

In the wire fraud definition you cited, I don't think AT&T is fulfilling the core of the definition: "defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises". Advertising, by and large, is not considered fraud (as much as we might feel that way about most ads we see).

Re:Copyright?

[cfalcon]

At the point where you have to spend a bunch of money in order to be treated with the proper legal regard, you have "privilege" - literally "private law". You are espousing a tiered set of laws based on how much money you pay, correct? Do you see a lot of good coming from this? Do you normally favor government owned monopolies, or are you just making a special exemption here?

Re:Copyright?

[quantaman]

I'm not sure either of those applies. I'm no lawyer, but I doubt a judge or jury would agree with your interpretation of "intentionally causes damage".

Agreed.

In the wire fraud definition you cited, I don't think AT&T is fulfilling the core of the definition: "defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises". Advertising, by and large, is not considered fraud (as much as we might feel that way about most ads we see).

Here I'm not so certain. The fraud isn't the ad itself, but the fact that the ad being on the site claims a relationship between their client (the advertiser) and the site owner that does not exist. Stanford accepted that jewelry ad? They must be legit. My favourite webcomic is advertising X? Well I know the guy really vets his advertisers and I like to support the comic so I'll go through.

Of course AT&T is not the first to insert their own ads into web pages, any charges are likely thwarted by whatever click-through consent they obtained or by the precedent of adware companies getting away with the same thing for years.

Re:Copyright?

[Alumoi]

And this is how things are supposed to be. After all, you, the individual, do not spend a shitload of money on politicians

Re: Copyright?

It was said before. Sociopaths. We need to eliminate them from leadership positions. They've be screwing up the human race for thousands of years and it's time to end their ability to get into leadership positions.

Wasn't it reported a while back that there was a test developed to detect sociopaths that they couldn't fool? I was rather excited by this notion and I don't recall hearing about it since. Strange, huh?

Re:Copyright?

As usual, intent is an important aspect as far as the law is concerned. Creating a derived work is sometimes legal and sometimes it's not. It does matter that AT&T injects ads without your consent, which makes them a third party. On the other hand, WAP gateways and ad blockers work for you, which makes them your agents. It is OK for you or your agents to change the way you perceive the published work by rearranging, omitting and changing its parts. It is not OK for a third party to do that. Doing so does not just create an unauthorized derived work that they use for commercial purposes, it also misrepresents authorship because the recipient will perceive the modified page to be authored by the original author. Depending on the ads, that may even make the misattribution libelous.

Re:Copyright?

Basically by changing web pages they are declaring that they are most certainly not a common carrier and so should be legally responsible for all content they deliver. It won't happen of course.

Right now I'm actually considering moving my mother's internet from a really bad wireless ISP to what Verizon provides. I figure if we did a family share thing for $80 + 2 $20 dollar charges that would be 12GB, mostly for her use, since I have cable separately. Put another way, if we both just went to that without moving away from the WISP for her house then we would probably need the $45 3GB plan, which would make her household internet cost $35, which isn't bad. Of course, my brother's grandson plays minecraft every couple weeks for some time, so 12GB might not be enough, and there is at least a small amount of netflix, but well, her WISP is really crap. That being said, if AT&T gets away with it, it wouldn't be that long before everyone was doing it.

Another ISP alternative is Verizon's home service via LTE. It is $60 for 10GB, 90 for 20GB, and 120 for 30GB. That is expensive, but is a better deal if you need 30GB. It also has a policy where if you exceed those numbers you get ridiculous charges for the amount you exceeded, which I don't think you get on the regular cell phone plan + tethering, though I'm not completely sure.

That being said, I think I could figure out a way to VPN either one, if I had to, and Verizon didn't block it. Whether or not that needs to include a really paranoid squid proxy server that deletes most anything that even looks like an ad is another matter. In some ways the adblocking software makes that redundant. The main technical problems with the VPN link are the increased latency and increased number of bytes used, though you might offset that with compression. You could even modify openvpn slightly to reduce waste sending headers, but that is very minimal. (I did that some years back, and for all I know it would not even help now.) The main practical problem is of course that any system designed for family is not one you want complicated layers added to, particularly ones that might break web pages. (I make it a policy to setup my mother at least two web browsers. One with ad blocking and such for normal use and one without for problematic web pages.) Of course one advantage of the proxy approach, though I'm not sure squid will do it is you can do real time recompression of images and possibly even videos, but that is almost too evil to seriously consider. Still, you might be able to create an artificial throttling of video from NetFlix which insures you get the lower quality streams, hopefully reliability without completely wiping out your bandwidth allotment. (Did I mention the only option we have is a WISP that is crap?) I think there is a Netflix setting for that somewhere though, so maybe not worth the trouble.

One thing that would be particularly nice is wireless LTE providers like Verizon had off peak data allotments, or some other variant like that, so you could have a hybrid between Netflix DVDs and Netflix streaming. Basically either your portable device or even a Roku unit could be set to coordinate with Verizon to download the streaming content when their network is less busy, and keep you under your cap. (A roku might need either a thumb drive or a small external hard drive.)

Re:Copyright?

[coats]

They are creatilng an unauthorized derivative work for commercial gain: this is criminal copyright infringement; see the relevant chunk of the Copyright Act: US Code Title 17, Section 506 (here courtesy of the Cornel Legal Information Institute, https://www.law.cornell.edu/uscode/text/17/506)

Re:Copyright?

Not sure if a deliberate straw-man or just missing the mark, but anyway:

There is a difference between you deciding to use a feature to do things to content on your behalf, and someone else - in this case a middle-man - deciding to manipulate content on *their* behalf without your consent.

Re:Copyright?

[Raenex]

They probably have a terms of service that you have to agree to before you can browse web pages that explicitly allows them to do this.

Re:Copyright?

Copyright is an artifact of creative work. If the advertising is part of the "creative work" then there's a strong argument that running adblock as a third party, not the author or the reader, is indeed a copyright infringement. However, you running adblock on material you're viewing is not copyright infringement.

Re:Copyright?

[JazzLad]

Also no lawyer, but I think it would be up to Stanford and the webcomic to sue AT&T (and gosh, would I love to see that).

Re:Copyright?

[david_thornley]

The obvious thing to do is to make some static but halfway useful web pages, and register their copyrights. Put a prominent copyright notice on them. Record how they come out of AT&T's hotspot. Sue AT the minimum statutory damages for violating a registered copyright are plenty enough to cover the expenses, bearing in mind that the money amount is (IIRC) per copyrighted work.

Re:Copyright?

[david_thornley]

IANAL; if this matters to you, find somebody who is. I'm not liable for the actions of people who rely on the uneducated legal musings of a pseudonymous Internet user.

Something that is put together creatively on the spot is copyrighted automatically, but it isn't a registered copyright, and there's (IIRC) no statutory damages there. So, to get in trouble, it would be necessary to establish (a) that something with outside content selected by algorithm is creative (that could go either way), (b) that this is not permissible end-user alteration of a copy legally obtained, and (c) that this isn't fair use. If the court held that this was a copyright violation, the court could tell you not to adblock that particular combination of page and ads again and award the advertiser actual damages, which would be trivial. The big awards you read about are cases where the copyright is registered.

Re:Copyright?

[pnutjam]

(I make it a policy to setup my mother at least two web browsers. One with ad blocking and such for normal use and one without for problematic web pages.)

You could have her open problematic pages in incognito mode.

Re:Copyright?

You aren't rebroadcasting those derivative works.

Re: Copyright?

Oops. AT&T is NOT a common carrier even when acting as a ISP, unless recent FCC rule changes get validated by the courts, and even then only partially. Read their ToS. When providing internet service in a public place, they will claim that they're an "information service" that is totally unregulated, and given the number and price of their lawyers they can probably make that stick. So read the ads and weep, or use suitable blockers. And don't be surprised if significant bits of the service don't work if the ads are blocked - have found that recently on several "public broadcasting" sites which don't work unless you unblock all the trackers.

Re:Copyright?

[adolf]

Dear flurry of ACs who don't know their dick from a screwdriver,

You aren't rebroadcasting those derivative works.

Do you know what a WAP gateway is? Because it certainly is a third-party thing that sits in the middle, reformatting HTML for retransmission to the end user.

Did you notice that the Readability bookmarklet linked does server-side processing of third-party content before retransmitting that content to the end user?

Re: Copyright?

[HiThere]

Well, I'm unlikely to find that out, as I don't use portables. But if they're providing the "dial tone" aren't they a common carrier as well as being the ISP? (OTOH, I'll agree that their lawyers would probably find grounds to prove differently under the law.)

Re:Copyright?

is using adblock+ copyright infringement?

Is closing my eyes?
What about turning off my speakers?

Re:Copyright?

[Daniel+Klugh]

You mean Valentine Michael Smith; The Stranger in a Strange Land?

Re:Copyright?

[wbr1]

Yes, for some reason my brain put it backwards, but you grok. I need to reread some Heinlein.

Let's call it what it is... MITM attack

AT&T is initiating a man-in-the-middle attack. Can you really trust those ads? I mean they're injecting scripts. Who knows what those do, right?

Re:Let's call it what it is... MITM attack

Well, it's AT&T, than whom no corporation, unless perhaps Microsoft, has ever been friendlier to the National Security Agency. So, I'd guess that you have a pretty good idea of what AT&T's ads and scripts and zero-days could do, but admitting it to yourself is probably too traumatic.

Interfering with a communication

This behavior should be prosecuted by the FCC as interfering with a communication. Anyone who is not an endpoint to a connection, either virtual or physical, has no business adding or deleting (or even monitoring) that connection.

Re:Interfering with a communication

[SQLGuru]

It was probably buried in the TOS that you agreed to when you connected to the hotspot.......

Can You Say Lawsuit?

[mschwanke97402]

So, basically AT&T is placing their advertising on someone's web site without paying for the privilege? Were I the content owner, I'd be speaking to my lawyers first thing. The sad thing is that major companies don't even seem to worry breaching the public's trus or their reputations anymore. How long until Comcast decides to force extra advertising into my cable internet browsing. Oh! That's right, I cancelled them after the NetFlix throttling episode. So now, I guess I have to cancel DirecTV (AT&T) too.

Re:Can You Say Lawsuit?

[fustakrakich]

Cancel all those services and what will you have left?

Re:Can You Say Lawsuit?

[jeek]

Wasn't it Comcast who broke the world's email for days when they thought it was worth the advertising dollars to redirect all nonexistent domains to an ad-laden server they set up?

Re:Can You Say Lawsuit?

[Dutch+Gun]

I wouldn't be surprised if a lawsuit occurs the first time malware is injected onto a user's machine though one of these advertisements. If this keeps happening, it's really only a matter of time.

I think Comcast tried this same thing earlier, and temporarily backed off when people noticed them doing this and complained about it. Advertisements are bad enough, but you can sort of understand the desire of a website operator to want to pay for bandwidth. It's downright slimy when ads are simply injected in content someone doesn't own at all.

Re:Can You Say Lawsuit?

[The+Grim+Reefer]

So, basically AT&T is placing their advertising on someone's web site without paying for the privilege?

Yes, on a free (to the user) airport WiFi connection.

Were I the content owner, I'd be speaking to my lawyers first thing.

Which means you don't want the traffic from someone who's delayed at an airport with free WiFi, in this case.

The sad thing is that major companies don't even seem to worry breaching the public's trus or their reputations anymore.

I'm sure it's covered by the EULA for access to "free" WiFi.

How long until Comcast decides to force extra advertising into my cable internet browsing.

Hopefully never as you're paying for that connection. Though I wouldn't put it past Comcast.

Oh! That's right, I cancelled them after the NetFlix throttling episode.

Lucky you. Comcast is the only real option that I have where I live.

So now, I guess I have to cancel DirecTV (AT&T) too.

Why? Because their "free" WiFi service at the airport does this? Unless I misunderstood something, this is not occurring on paid home internet service. I cancelled DirecTV a while back as the prices are ridiculous and the customer service was awful. I actually owned my receivers, yet they charged me a receiver leasing fee. When I argued this point, they accused me of stealing them.

Re:Can You Say Lawsuit?

[sphealey]

AT&T Wi-Fi isn't free. It is an included benefit of various AT&T services including cellular and home data service. The end user is paying for it - just not on a specific basis as with Bongo.

sPh

Re:Can You Say Lawsuit?

Money... 100's of extra $.

Re:Can You Say Lawsuit?

[Darinbob]

Sanity.

Re:Can You Say Lawsuit?

[psyclone]

The web traffic incident was VeriSign, manager of the .com & .net TLDs.

Re:Can You Say Lawsuit?

[Darinbob]

But these AT&T hotspots are intended for AT&T's paying customers. They're not free hotspots for freeloaders. They don't need the side income to pay for the bandwidth since they already claimed in their marketing that these hotspots were a part of their customer ISP and mobile phone packages. This marketing undoubtedly attracted customers who otherwise would have chosen other providers.

Re:Can You Say Lawsuit?

[Darinbob]

DirecTV used to be great. Even when I left them a year ago, they were much cheaper than ComCast and with much better service. The fee on the Tivo was a pain, and they did change it so that all new DVRs were leased instead of purchased outright. I did argue with them when cutting the cord that the Tivo box was mine and was purchased by me and that I would not send it back to them, and they backed down pretty quickly (I think there was some confusion from the original third-party installer).

Sleazy, yes, but not worse than what you get with cable companies or uverse, and over the lifetime it was a much better experience.

Re:Can You Say Lawsuit?

No they aren't placing ads on someone's web site. They are injecting ads when the traffic transits their network. Completely different and I would say it is fine to do. After all it is THEIR network that you are using for free. Personally I would avoid using such networks.

Re:Can You Say Lawsuit?

[Dutch+Gun]

But these AT&T hotspots are intended for AT&T's paying customers. They're not free hotspots for freeloaders.

I'm not sure how you come to that conclusion given that it sounded like it was an open wifi spot in an airport. There was no mention that this was a paid access point, like with the Boingo partnership a few years ago. The article calls it "free", but it actually required paid access, so apparently there's some confusion on PC Mag's part as to what the word "free" means.

My guess? Few customers bothered with the paid access plans, so they're trying to figure out other ways of monetizing those hotspots, and some genius MBA thought this plan up after typing "How to monetize your network" into Google search.

If AT&T isn't up for offering free wifi hotspots to non-customers, that's their business. I just don't approve of this particular advertising practice. It's actually exposing the user to more risk of malware (albeit a small one), but more critically, it sets a terrible precedent.

Re:Can You Say Lawsuit?

[tompaulco]

No they aren't placing ads on someone's web site. They are injecting ads when the traffic transits their network. Completely different and I would say it is fine to do. After all it is THEIR network that you are using for free. Personally I would avoid using such networks.

Not for free. It is included as part of your service as an AT&T customer.
The browser can avoid using such networks, but the people serving up the websites should also be outraged by this illegal copyright infringement. Their only shoice is to sue or block the AT&T backbone.

Re:Can You Say Lawsuit?

No these are the free AT&T ones. Like the free wifi at McDonalds, Target, etc (provided by AT&T). They aren't modifying the website itself. You are confused.

Re:Can You Say Lawsuit?

A lawsuit isn't going to happen, ever, for a number of reasons:

1: You will be asked to prove it came from the ad injector that was in transit. Good luck at that. Malvertising is extremely successful because it is random, and they can tailor their malware exposure to avoid people with clues... or just people coming from one domain or IP address space. It is impossible to prove malware came from this ad injector.

2: It may be part of the TOS/EULA that you agreed to by using that connection. TOSes have held up again and again in court, and even malware is covered under that.

3: You will have to prove damage was done. Good luck with that.

Re:Can You Say Lawsuit?

Doesn't matter if it is for free or not. They're creating derivative works, which is illegal under copyright law.

Re:Can You Say Lawsuit?

Silly rabbit, lawsuits are used by corporations against people, not against corporations by people.

Re:Can You Say Lawsuit?

[gl4ss]

it's "free" in the sense that they don't want to agree that it's a service they sell to you(and be responsible for).

it's also free in the same sense that at&t unlimited 4g is "unlimited".

Re:Can You Say Lawsuit?

[Culture20]

Imagine if all the backbones inserted ads. A page with just "hello world!" would become a jumbled mess of ads and scripts.

Re:Can You Say Lawsuit?

[david_thornley]

It's their network, and unless restrained by something like monopoly law they can hang whatever advertising they want on the page. Modifying the actual page is copyright infringement and potentially trademark infringement. These are offenses against whoever served the web page, and so a TOS with the person downloading the page wouldn't provide any protection.

ads

I am shocked, SHOCKED I say, by this news, which I never, NEVER in ONE MILLION YEARS expected to happen.

ZZZzzzzZZZzz

Anyone wondering why Google wants to sell a router

...needs to wonder no more.

https

Time for https on all websites.

Re:https

[psyclone]

Yup. Encryption isn't just for people who have something to hide, it's for integrity of all communications, even if it's cat gifs.

Re:https

Time for https on all websites.

All day this.

Re:https

I really wish HTTP servers could digitally sign their content, so that people couldn't tamper with the data, but people with slow or metered connections could still use a caching proxy.

While I'm wishing for things that will never happen, password fields in forms should hash their value with the domain name you're posting to, which would go a long way toward defeating password phishing.

Re:https

Wouldn't adding ad source adapi.ragapa.com to a hosts file 0.0.0.0 blocked work?

Re:https

Yes, because there is no way they could force HTTPS users to use a proxy service so they have the session keys to view the encrypted traffic in plain text.

Encryptions good but people need to seriously stop trusting HTTPS and SSL will keep them safe. Regardless of their cryptographic strength, they are systemically broken.

Well at least they didn't sell us out to the NSA.

[r-diddly]

...oh wait...

HTTPS, bitches.

Somebody else tried this a while back too. Verizon? Uproar. I guess AT&T didn't learn from that.

https://www.eff.org/Https-everywhere

Piracy?

[hawguy]

So when I browse Pirate Torrent sites at an AT&T hotspot, then AT&T can get sued for profiting from piracy?

Re:Piracy?

[DewDude]

They would likely claim safe harbor...saying they didn't know what content they were injecting ads in. They'd probably be shooting themselves in the foot when admitting they blindly added advertising to everything.

Re:Piracy?

Which to quote General Ackbar- it's a trap. As a Common Carrier, they're forbidden to PLAY the games they apparently are. Big fines, actually, are possible.

So...guess they need to decide this wasn't such a good idea.

Re:Piracy?

When you get an advertisement, browse to a competitor website. Wait for that advertisement to show up on the page. Screenshot it. Notify the competitor that they may want to investigate trademark dilution, copyright infringement, and marketing fraud. Give them enough details that they can figure out that AT&T did it. The lawyers will sort it out.

Free wifi

[Archfeld]

and you wonder that they push ads ? Provide your own connection and stop using free ones. While I think it is low class, what do you expect for FREE ?

Re:Free wifi

Adherence to the law.
Even for free products.

Re:Free wifi

[andymadigan]

Fine, but require AT&T to disclose (in large font) that it's not an internet connection, since the content is being modified en route.

Something like:

WARNING: Web pages you view may be recorded or altered by AT&T or its affiliates. Web pages and other content retrieved may not reflect the content available over a standard internet connection. Information you enter or retrieve may be transferred or sold to third parties. AT&T is not responsible for malware injected into your content by its affiliates, or damage done to you or your computer by said malware.

(Actually, I think that last sentence should be in large font at the top of every web page that uses ads inject by third parties)

Re:Free wifi

[Darinbob]

They're not free. As in AT&T hotspots are not accessible to everyone who wanders by, but are only for paying AT&T customers. You log in using your existing account. So yes, as a customer I expect decent service for a product I pay for, not additional monetization. If it's unacceptable to sell my customer lists to advertisers then it's also unacceptable to inject side advertisements into a paid product.

And despite being a paid customer, I suspect some one being paid by advertisers is going to pop on here and accuse us of being cheap ass freeloaders by using adblock. Yet this is yet another perfect argument about why ad block is a necessary tool to fight against the tactics being used by immoral advertisers.

Re:Free wifi

[adolf]

It's free at McDonald's. Has been for years, much to my annoyance as a paying AT&T customer. [citation]

Re:Free wifi

[tompaulco]

WARNING: Web pages you view may be recorded or altered by AT&T or its affiliates. Web pages and other content retrieved may not reflect the content available over a standard internet connection. Information you enter or retrieve may be transferred or sold to third parties. AT&T is not responsible for malware injected into your content by its affiliates, or damage done to you or your computer by said malware.

Add to that "Do not use this connection under any circumstances."

Re:Free wifi

Dumb Dumb. You have the First Class and foreign dignitaries , and more importantly supermodels using compromised free wifi.
Look for an exploit in the injected ManInMiddle ads, the rob pillage and download the bounty. In some cases, the chance of loosing a $50 computer on a stick will be worth it. Dont forget the 'ads' are known content, so breaking keys will be much easier. With 'partners' like these carriers, downloading a VIP's device will be a snap.

Re:Free wifi

How does that annoy you? When a local restaurant donates good to a homeless shelter, I don't think "&@$!! I just payed money for what I could have gotten for free!" Don't begrudge someone over a kindness done to others.

Re:Free wifi

[david_thornley]

In other words, if somebody is accessing my web site (unavailable at the moment, need rehosting), AT&T is supposed to confess to violating my copyright? My website is copyright by me, and any modifications of my copyrighted material without my permission is copyright infringement (although damages are trivial unless I've registered the copyright). Since AT&T is violating my copyright arbitrarily many times for commercial gain, I think we get criminal law in there too.

Re:Free wifi

[Xanlexian]

Fine, but require AT&T to disclose (in large font) that it's not an internet connection, since the content is being modified en route.

Back in the day, quite often I'd have to explain the difference between AOL being an 'online service provider' and Mindspring/MediaOne/whoever being an 'internet service provider'.

Re:Free wifi

[Archfeld]

thanks for the info, I did not get that from the article. I'd be pissed as well then, but if I was paying for AT&T's service I'd not feel bad about using an ad-blocker at all either.

Umm

[MobileTatsu-NJG]

Didn't they claim to just be a carrier in order to not being held liable for what the users do with that connection? By delivering content they've created aren't they having their cake and eating it, too?

Re:Umm

They can't inject crap into the stream and keep Common Carrier- because a Common Carrier is only supposed to be transport, a pipe.

Google wifi

We need google wifi hotspots now. Everywhere. I know, I know, they study everything I do and supply me ads that are more and more disturbingly relevant. But I still trust them more than all the others companies. Actually, I don't use an ad blocker cuz I get a kick out of seeing what their new Skynet initiative is cooking up for me ...

Noscript

Simply put, Noscript blocks the scripts, thus preventing the ads from loading. I don't care if the damn thing is pushing a custom CSS page, if it's not from the site I'm visiting, then it's not going to be loaded.

Re:Noscript

[psyclone]

But they could inject local CSS and local scripts into the page, so if you trust the current hostname by default (which many do for basic functionality) then NoScript won't help you here.

Re:Noscript

Wouldn't adding ad source adapi.ragapa.com to a hosts file 0.0.0.0 blocked work to stop this thing?

Re:Noscript

You're using the wrong terminology. If they inject inline CSS and scripts into the page it won't help. Local has a different meaning altogether.

Re:Noscript

[psyclone]

Thanks, inline CSS and javascript was what I meant.

Boycotted AT&T a decade ago.

Zero dollars go to that company from me. I own zero AT&T branded devices.

A more interesting story than WiFi spam is AT&T radio towers beaming waves directly through residences and inhabited buildings. A friend of mine was an engineer for AT&T for many years. He explained to me how when AT&T thinks they need a tower in a location they pay whoever is necessary to get it there. I have never confirmed if he was joking or not... but he did tell me they put a tower up in one location... beaming straight through a high-rise in very close proximity... and all the kids in the building were being born girls.

Trap? Usually its a tarpit of unusable service

[swb]

The free ATT hotspots I've found to be basically unusable tarpits of service that would make me grateful for the whine and hiss of a 9600 baud modem.

I've mostly encountered them at McDonalds where they were almost always unusable. I kind of wonder how they get their Internet service for these, whether they just steal from whatever the specific franchise might have or whether it's something more retarded, like an ancient 3G hotspot above the ceiling.

Surprised? Don't be ...

[gstoddart]

Anybody who is surprised by shit like this is an idiot.

Everybody setting up "free" hotspots wants to monetize with anayltics and ads.

Google wanting to sell you a router they can control is also going to lead to monetizing and ads.

The problem is unless we have really good quality tools to block this shit, we're never going to stop it. And this is why we can't trust ad infrastructure at all and need to block it .. because it's being done by people who want money, and don't give a crap about your security of your privacy.

Until this shit is deemed illegal (ie the computer fraud and abuse act), it will continue. Because the assholes at AT&T feel it is their right to do anything they want with your internet traffic.

Never trust that "free" doesn't come with strings like this. And never trust than any corporation won't revert to being sociopaths and decide they can do anything they want to.

amusing effects in mint update manager

[SkunkPussy]

mint update manager seems to query for descriptions of package updates via http. So wifi that interferes with http somtimes causes mint to give nonsonse descriptions for updates.

breaking end-to-end connections is really really really bad.

Re:amusing effects in mint update manager

[psyclone]

Why aren't all those requests going over HTTPS?

Re:amusing effects in mint update manager

[SkunkPussy]

Well why does any HTTP request not go over HTTPS? In the long run every request will. But for now, equipment that assumes (reasonably) that people won't corrupt their HTTP responses will fail in various ways.

TWC

[CptChipJew]

Time Warner Cable has been doing this for over a year on their public networks in California.

the network is hostile

Always assume that the network is hostile, even when you're pretty sure that it's not. There are countermeasures available. VPN, Tor Browser, etc. Be smart out there.

Re:Can You Say Lawsuit? - No, no I can't

So, basically AT&T is placing their advertising on someone's web site without paying for the privilege? Were I the content owner, I'd be speaking to my lawyers first thing.

Comcast has been getting away with this for a year now, where are those lawsuits? Comcast Using JavaScript Injection To Serve Ads On Public Wi-Fi Hotspots

Sue for Copyright Infringement

Web site owners could potentially sue AT&T for copyright infringement, essentially creating a "derivative work" of original copyrighted material dynamically by injecting ads/scripts/content. SUE THEM! SUE THEM!

AT&T

We might wonder if AT&T is injecting ads in the user data they are belching forth to the government sons of Satan. After all, snoops shop too. Advertisers will pay for anything, anything at all.

Re:Trap? Usually its a tarpit of unusable service

[by+(1706743)]

https://www.youtube.com/watch?...

(Yeah, it's not 9600, sorry.)

EULA says no piracy

Of the several wifi hotspots I've used, you have to browse through a webpage, which includes 'terms and conditions', which tend to include a prohibition on using the free wifi for piracy.

Re:EULA says no piracy

[hawguy]

Of the several wifi hotspots I've used, you have to browse through a webpage, which includes 'terms and conditions', which tend to include a prohibition on using the free wifi for piracy.

Regardless, If I start a money laundering business, look the other way when people bring me stolen money, and then when the police come to bust me from profiting from stolen money, point to the contract and say "Well all of my customers promised not to launder stolen money so clearly it's not my fault that I earned all of this money from their stolen goods".

Re:Surprised? Don't be ...

[Darinbob]

Except that it's not free. This service is for paying customers. Which makes this behavior even worse, actually.

.... minimum design standards ...

> what do you expect for FREE ?

The Internet, like the Interstate Highways.

Both were designed to carry military traffic when an attack is impending or underway.

Both have ample capacity to handle anything a citizen could possibly want to carry on them in peacetime.

Both are clogged up by far too many far too large corporate shipments, by this point in time. Put your little bitty car in among those double-length trucks and pray a lot. Put your data and web page out among Comcast's traffic and do the same.

Those curve and bridge clearances on the Interstates?

"... In developing minimum design standards for the Interstate System, the State highway agencies and the Bureau of Public Roads (BPR) agreed in July 1956 to include a minimum vertical clearance of 14 feet in Policy on Design Standards - Interstate System prepared by the American Association of State Highway Officials (AASHO) and adopted by the BPR for use on Interstate projects. This figure wasn't pulled out of thin air. The DOD had previously indicated, in 1949 and 1955, that a 14-foot vertical clearance was adequate for most military vehicles. However, after the Soviet Union launched its Sputnik satellite in October 1957, the DOD determined that a 17-foot vertical clearance was needed for some larger equipment, such as the Atlas intercontinental ballistic missile, that could not be transported by rail."

Re:.... minimum design standards ...

You think the Interstate highway system is free?

Did you know that use of the Interstate system by non-commercial traffic is a secondary use? Commercial traffic is the primary intended use of the Interstate system, and non-commercial traffic is allowed to use it as long as it does not impede commercial traffic.

Of course, all must yield in time of war.

Re:.... minimum design standards ...

The only reason they're clogged is because they've got orange barrels blocking off ten lanes of a twelve lane road. "Cars are still getting through with minimal zero-velocity time; the roads work as expected."

Re:Trap? Usually its a tarpit of unusable service

[adolf]

AT&T's hotspots used to be faster back when they were non-free.

I used them a few times back then, generally at McDonald's, as an AT&T customer ("free" for me).

They seemed backed by a T1, based on speeds and traceroute guessery in an empty store. And that was generally better than the alternatives at that time (3G or nothing), so was certainly welcome. But that was a different time...

These days a T1 with multiple freeloading users is painfully slow. Overall experience can be helped considerably with some very careful QoS at the endpoint to prioritize small data streams over more lengthy streams but this is something they apparently aren't doing.

The last time I was at a McDonald's and wanted a cup of free WiFi I had far better results turning my cell phone into a 4G hotspot and paying by the gigabyte.

Same with the local public library: They have free Wifi, and welcome you to use it, but it's so slow that it's useless.

China Telecom

[Balthisar]

My home ISP -- China Telecom -- does this to me, for the service that I pay for. And no, I can't use a VPN 100% of the time because China is getting pretty good at killing VPN connections. It doesn't even matter if I use a non-ISP DNS server, because it's standard in China to poison DNS results (I've not tried experimenting with DNSSEC yet).

In my case I'll try to load Bing (which isn't blocked by Golden Shield), and the only content will be a meta reload instruction. The rest of the "real" page will have been served via an injected javascript with a shitty Chinese ad at the bottom. Reloading will fetch the real page, as the ads aren't injected 100% of the time, but only seemingly randomly.

Once again....

[JustAnotherOldGuy]

Once again, I'm shocked, SHOCKED I tell you!!

Re:Trap? Usually its a tarpit of unusable service

[Dunbal]

I once got a 300 baud modem to handshake with me by whistling the carrier tone.

Re:Trap? Usually its a tarpit of unusable service

There *IS* a reason I spend $200/mo for LTE Internet access for my devices.

Re:Surprised? Don't be ...

No it is free. They are talking about the free AT&T wifi at places like McDonalds. You don't need to be a paying customer of AT&T or McDonalds to use it.

Re:Trap? Usually its a tarpit of unusable service

[Ol+Olsoc]

I once got a 300 baud modem to handshake with me by whistling the carrier tone.

I was going to say something snarky like "women must have been fighting over each other for you", but you know what ? That's actually damn cool!

Modded FUNNY?!

[macraig]

Why did people mod you funny? Do they all know something about you that I don't? I could have written that myself, and I would've been sociopathically dead serious. All human social hierarchies suck, and the reason they suck, the sole reason, is because sociopaths always wind up in charge of them. If we had a prenatal test for sociopathy or a gene therapy cure, I'd be advocating eugenics like there was no tomorrow!

Re: Modded FUNNY?!

[ememisya]

That's because this is slashdot. The title's a little misleading though, should've said, "AT&T CEOs Now Injecting Heroin"

Re:Modded FUNNY?!

[beastofburdon]

Just remember though, sociopathy is not a boolean value, it is a scale. A little bit is okay, but it needs to be dialed back in practically every politician, lawyer, CEO, police officer, ect, ect...

Re:Modded FUNNY?!

[macraig]

Knew that. The problem is that there is a corollary - or a replacement - theorem to the Peter Principle at work here: people in social hierarchies rise to the level of their sociopathy. Wouldn't it be priceless if the Peter Principle was coined by a sociopath as a deliberate misdirection?

Re:Trap? Usually its a tarpit of unusable service

[pepty]

There *IS* a reason I spend $200/mo for LTE Internet access for my devices.

Your work pays for it?

We're the phone company

Oh you little crybaby geeks. Shut up. We're AT&T, we can do whatever we want.

Https-everywhere

[slazzy]

https://www.eff.org/Https-ever...

Re:Https-everywhere

[misnohmer]

...except sites such as slashdot will remain vulnerable to ad insertion as they redirect you back to http.

Sounds like a job for mod_rewrite

redirect users to a page that says:

*** BROWSER SESSION HIJACKED **

Your browser session has been hijacked and web page contents has been edited and/or amended to include additional code belonging to the hijacker.

To protect you, your privacy, and the integrity of our webiste, we have directed you to this page.

The company hijacking your browser session has been identified as:

AB&C

We have identified the companies telephone number as 1-800-XXX-YYYY.

If you have any concerns, you can call them to confirm if they are intercepting and editing the web pages served to you.

Just one step away from lowest form of spyware

[Ilgaz]

They may inject their referral code to other people's/companies legimate ads soon, that is what spyware developers did back in the day. That (topmoxie) was the lowest level spyware could get.

Let's hope a clever law company sue them on behalf of effected parties and make billions.

They aren't dumb

[Ilgaz]

People who took this decision surely knows about extensions, VPN and even Tor. They know only 0.001% may care too. This is the magic formula which runs spam&spyware industry.

Remember Sony rootkit, nobody were aware of anything until they were absurdly unlucky to hit World's most advanced Windows kernel hacker Mark Russinovich. https://en.m.wikipedia.org/wik... .I remember reading that story on /. That was the last drop for Sony shareholders. I hope the same for AT&T too.

The Fuckers do it to TV video on UVerse too !!!!!!

Down around where the actual channel normally puts it's text ads (Watch New Show X!!! It's Exciting!!!)

And now a word from our NSA loving ISP friends who help the NSA break the law even more than those friends are required to.

Soon as my UVerse contract is up I am going elsewhere.

Clearer advertising

Let's face it, this story would still exist in the same tone if the ads were clearly made out as ATTs ads for supporting the wi-fi spot, and it was all transparent to the end user.
Even if it was only ATT servers. Even if they were merely text ads on a little strip at the top of the webpage that was completely sandboxed from the rest of the webpage and doesn't interfere with any of it.
Even if those ads were related to the webpage in some way.

People like bitching because they get free stuff, regardless of how nicely it is presented to them.
More at 11.

Ad/Script Blockers To The Rescue

Sheesh.... Just install Pale Moon, AdBlock edge and NoScript already.

I haven;t seen an ad for ages. Not interested in them, they're not using my bandwidth and CPU to display all that crap.

Re:Ad/Script Blockers To The Rescue

Pale Moon, AdBlock edge.

NIce placebo, I trust more Firefox ESR + uBlock Origin

Clearly a Violation of Copyright

Website owners generally claim copyright over their content. AT&T is in violation of those rights by modifying that content without obtaining written permission of the copyright holder.

Re:Trap? Usually its a tarpit of unusable service

[swb]

I only tried using them when I first got my cellular-enabled iPad. Because it was an ATT cellular model, they would automatically associate with ATT hotspots and I figured that was better than the buy-as-you-go data I used at the time.

I gave up when I realized how unusable they were and just disabled the ATT hotspot association and used LTE, which was much faster.

trademark as well as by applying your brand to it

[raymorris]

There's also a trademark issue. Suppose I load Bruce Schneier's web site and his site has an ad for some bogus "security" software. That reflects poorly on Bruce because it appears that Bruce is endorsing, or at least tolerant of, the scam software. Similarly, suppose I load DaveRamsey.com and his page contains ads questionable financial products. Dave's brand is damaged by falsely associating those products with his trademarked brand.

Re:Surprised? Don't be ...

Anybody who is surprised by shit like this is an idiot.

Um, no. Naive, maybe, but not necessarily an idiot.

You, however, appear to be an arrogant prick, purely based on empirical observation.

The reality may be different, with you being a very nice guy.

I hope it's the latter. Your response, if any, will show.

Re:Trap? Usually its a tarpit of unusable service

[cdrudge]

These days a T1 with multiple freeloading users is painfully slow.

These days a T1 is painfully slow, even without multiple or even a single other user. I can't think of any reason to still use a dedicated circuit like that unless you absolutely positively need the guaranteed bandwidth and SLA service...or there was absolutely no other option.

"It tarnishes carefully crafted online brands"

Can websites be copyrighted? Can they sue for having their copyrighted work altered and redistributed for profit?

Free?

[Holi]

I get access to AT&T hotspots because I am an AT&T customer, So I am wondering about this use of the term "free". Access to these access points was a selling point when I signed up. In what world is something I am paying for called free?

The Gervais Principle

[Capt.Albatross]

http://www.ribbonfarm.com/2009...

I assume the irony in your enthusiasm for eugenics as an antidote to sociopathology was intentional.

It's part of the deal; get over it

The whole idea that you can be secure on the internet if you only visited "trusted sites" is wrong. The NYT, Yahoo!, Google and others have let in malicious advertisers before. Security comes by way of bug fixes and users applying updates. It's just that simple.

Now if you don't like AT&T injecting advertisements don't use there service. That's obviously part of the agreement.

Essentially this is like complaining that some websites have advertisements. That's just part of the deal.

You can thwart this via SSH tunnel, VPN, and other mechanisms. Or just use your phone as an access point. You'll pay for it, but there won't be (presumably) advertisements injected.

Now I do have to say I don't like my paid for ISP's interfering with traffic. Including non-compliance with DNS, etc (ie returning an IP of an ISP controlled ad-server when no domain exists). However this practice with access points injecting advertisements is less concerning. AT&T owes me nothing and it's part of the price if I want to use there service.

Re:Surprised? Don't be ...

[david_thornley]

Free at McDonalds? You're telling me that I can register copyright on web pages, walk a few blocks away, and immediately get solid evidence of criminal copyright infringement that I can sue for hundreds of thousands of dollars minimum? This is sounding better all the time!

It's FREE

What the hell. Don't use it if you don't want to. When will these folks pull their heads and realize that nothing at all is entirely free.

NetZero

[OrangeTide]

How is this significantly different from the old NetZero free dial-up business model? If you don't want to use "free" internet access paid through ad revenue, then don't join the network.

Browser Extension

[DrYak]

browser extension by EFF to automatically switch to HTTPs.

Re:Surprised? Don't be ...

Wouldn't adding ad source adapi.ragapa.com to a hosts file 0.0.0.0 blocked work to stop this?

Is It Really AT&T ?

[tmjva]

Note: You can take 10% off all slashdot deals with coupon code "slashdot10off." X

Re:Trap? Usually its a tarpit of unusable service

[adolf]

Painfully slow for what?

For /.? For email? Gaming? Streaming audio? Facebook? Youtube? Netflix? Downloading Linux ISOs from TPB?

1.544Mbps is plenty for lots of things and insufficient for some other things.

TANSTAAFL

[eric_harris_76]

Which doesn't mean I don't find this digusting.

Re:Surprised? Don't be ...

[adolf]

But is it copyright infringement, or just annoying enough that we're all sure that there must be something illegal about it?

Re:Trap? Usually its a tarpit of unusable service

[cdrudge]

Painfully slow by today's broadband standards.

Re:Trap? Usually its a tarpit of unusable service

[adolf]

Yeah. I think you mentioned that.

Thanks for the clarity!

Re:Trap? Usually its a tarpit of unusable service

[Agripa]

These days a T1 is painfully slow, even without multiple or even a single other user. I can't think of any reason to still use a dedicated circuit like that unless you absolutely positively need the guaranteed bandwidth and SLA service...or there was absolutely no other option.

Or you want lower latency. My U-Verse service using FTTN has 3 to 4 times the latency to the gateway than my old SDSL had and the SDSL upload speed was half of the current U-Verse speed so it was not that much slower. Upload bandwidth has doubled but latency has increased 4 times.

Easily stopped using hosts files: How? apk

Add ad source used to hosts, as blocked, via 0.0.0.0 adapi.ragapa.com

* :)

APK

P.S.=> For the BEST hosts file possible vs. threats online & for more speed using hardcoded favorites @ the TOP of your custom hosts file it creates (which cache into LOCAL ram for best possible resolution speed):

APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o...

FREE & adds speed, security, + reliability, doing more with less, more efficiently vs. browser addons & locally installed DNS servers @ home + fixes DNS' redirect security issues - obtaining its data vs. online threats & adbanner blocking from 10 reputable sites in the security community - using something you already have vs. "bolting on browser addons 'MOAR' that's usermode slower & increases messagepassing, cpu + ram overuse overheads!

* :)

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news...

&

It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

+

In its 32-bit model also https://www.virustotal.com/en/...

... apk

Re:Trap? Usually its a tarpit of unusable service

[adolf]

McDonalds does not care about latency, and that is the context of this thread.

And yes, AT&T U-Verse's VDSL seems to be more latent than AT&T's own ADSL and SDSL. It's still fast (non-latent) enough, at least according to the girls I go out with.

Re:Trap? Usually its a tarpit of unusable service

[Agripa]

These days it is not even that. For more than a year now my U-Verse FTTN service has suffered from congestion during peak times with peak times being more than 1/3rd of the day and congestion yielding download speeds (upload not affected) below 1 Mb with attendant packet loss. I responded by downgrading my service to the slowest service they provide since anything faster is not usable.

The latency (and various mysterious failures like suddenly being unable to pass HTTP but not other protocols) still make me long for the days of SDSL.

Re:Trap? Usually its a tarpit of unusable service

[adolf]

Have noted zero congestion issues, at 4 different locations. Did have one location which had ancient (lead-jacketed, even) copper and took forever (easily 100 man hours) for them to get it to work properly, but they did.

Ever have a look at your stats at http://192.168.1.254/xslt?PAGE=C_1_0?

The bitloading graph at the bottom of http://192.168.1.254/xslt?PAGE=C_5_3 is instructive, too: It's a representation of the spectrum currently being used on your circuit.

Re:Trap? Usually its a tarpit of unusable service

[Agripa]

The congestion is further into AT&T's network. My local FTTN connection is perfect other than having a power backup time of seconds or less in the event of loss of power. My side is backed up but the DSLAM or something further into the network is not.