Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Hotspots Now Injecting Ads

Posted by Soulskill on from the more-ads,-in-more-places dept.

An anonymous reader writes: Computer scientist Jonathan Mayer did some investigating after seeing some unexpected ads while he browsed the web at an airport (Stanford hawking jewelry? The FCC selling shoes?). He found that AT&T's public Wi-Fi hotspot was messing with HTTP traffic, injecting advertisements using a service called RaGaPa. As an HTML pages loads over HTTP, the hotspot adds an advertising stylesheet, injects a simple advertisement image (as a backup), and then injects two scripts that control the loading and display of advertising content. Mayer writes, "AT&T has an (understandable) incentive to seek consumer-side income from its free Wi-Fi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user's browsing activity to an undisclosed and untrusted business. It clutters the user's web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don't plan for extra scripts and layout elements."

1 of 187 comments (clear)

  1. Re:Copyright? by wbr1 · · Score: 5, Interesting
    To clarify. From the fraud and abuse act

    In practice, any ordinary computer has come under the jurisdiction of the law, including cellphones, due to the inter-state nature of most internet communication.

    ....

    (5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

    Sending my PC an ad, at the bear minimum causes damage due to increased wear on storage devices. At its worst it installs malware or defrauds such as to install malware.

    Perhaps more relevant is mail and wire fraud:

    18 U.S.C. 1343 provides:

    Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.

    --
    Silence is a state of mime.