AT&T Hotspots Now Injecting Ads

An anonymous reader writes: Computer scientist Jonathan Mayer did some investigating after seeing some unexpected ads while he browsed the web at an airport (Stanford hawking jewelry? The FCC selling shoes?). He found that AT&T's public Wi-Fi hotspot was messing with HTTP traffic, injecting advertisements using a service called RaGaPa. As an HTML pages loads over HTTP, the hotspot adds an advertising stylesheet, injects a simple advertisement image (as a backup), and then injects two scripts that control the loading and display of advertising content. Mayer writes, "AT&T has an (understandable) incentive to seek consumer-side income from its free Wi-Fi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user's browsing activity to an undisclosed and untrusted business. It clutters the user's web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don't plan for extra scripts and layout elements."

Good News

[binarylarry]

Soon someone will have a script or browser extension for this.

Re: Good News

The ONLY thing unsavory advertising, in any form, does is the exact opposite of the initial intent; i.e., "never buying that". Advertisers, regardless of the delivery, apparently are not smart enough to realize if you annoy people, you have LOST the sale.
Plus, the whores are then really easy to spot. No resposible consumer likes a whore.

Re: Good News

[MightyMartian]

Yup, an SSH proxy or other VPN is your bestest friend. I don't access public WiFi without it. That being said, I expect if more people do that, eventually the sociopaths that run the major ISPs will begin using deep packet inspection to shut down anyone using VPNs. Remember, the MBAs that run the world are evil monsters who would, if they weren't trying to find ways to extort money from us, would probably be finding ways of eating human flesh and killing elderly people for fun.

The real lesson here is that we should be banning all sociopaths and anyone with any significant narcissistic personality disorders from holding any position where they have any authority over anyone else. I would have a law that would ban such individuals from even being shift manager at a McDonald's. They wouldn't be allowed to become lawyers, doctors, accountants or engineers. All professions of any significant importance would be forbidden them.

Re: Good News

[Ol+Olsoc]

The ONLY thing unsavory advertising, in any form, does is the exact opposite of the initial intent; i.e., "never buying that". Advertisers, regardless of the delivery, apparently are not smart enough to realize if you annoy people, you have LOST the sale. Plus, the whores are then really easy to spot. No resposible consumer likes a whore.

Mod this guy up! Anything that manages to get through my defenses is put on the "Never ever" list.

The sooner advertisers understand that, and the sooner they understand that if they put simple unobtrusive ads on web pages, the sooner we'll stop this war on web users.

When your ads are having the opposite effect than you intended, maybe its time to change.

Re: Good News

[Vokkyt]

I agree with you in principle, but I think you're missing that you're not all that important to advertisers as an individual. AT&T's actions are frustrating and dangerous, but they really aren't concerned about the buying habits of habitual ad-blockers. You are collateral damage as far as the advertising goes, not a "valued consumer". The people that these ads target are not you; you just happen to see them. There is a subset of people who do buy whatever junk an ad thrusts at them; if it's not you, then great! But the ads aren't gonna stop just because you aren't compelled by their random ads.

So it's great that you are incensed over this (and that's not being condescending, this is something people should be upset about), but as long as the general public has this feeling that ads everywhere are just fine without understanding the reasons why rampant ads can be bad, business will continue as normal.

Of course, even if the public got into ad-blocking on a large scale, that would just bring about the tech arms race between the very kind coders who work on adblockers and the advertising agencies.

Re: Good News

[Chris+Johnson]

Have you tested this conclusion?

If it turns out that advertisers can test this—for instance, on Facebook, let's say—and discovered that it's not true: that there's a measurable advantage to obnoxiousness in that you're outnumbered by the people who shrug off the obnoxiousness yet retain the payload then you're mistaken.

I think they've already tested this, and we're seeing the outcome. Results are in: short of legislating better behavior, being abusive gets you enough local gains that it becomes a required strategy, impossible to compete against without adopting the same strategy.

It would be nice if the 'I boycott youuuu!' reaction made any sort of difference, but clearly it does not.

Re: Good News

[ememisya]

So the cute little WI-FI hotspot version of big daddy NSA. Awwww

Re: Good News

[wasteoid]

You make it sound like whores are bad.

Re: Good News

[Ol+Olsoc]

Sure, YOU might react like this. But they are playing a numbers game. Many users are too stupid to even realize that nasa.gov would never sell vitamins.

Many are stupid, many aren't. I have a lot of computers I've installed adblock on after people complain how slow they've become. Then a hosts file. Then noscript.

While there are a lot of non-rocket surgeons out there, they are smart enough to notice when they have to wait 30 seconds or more for the ads to show up so they can scroll the page.

Ad blocking is getting more popular for just those reasons. And soon it won't be just so called smart people that have it.

I can convert a person in a minute thst they want to block ads. Doesn't take a genius to see what happens when you turn adblock on and off. Coupled with thereduction in malware on their computers, its a win-win situation.

Teh inttubez has got to stop being the electronic equivalent of walking down the boardwalk in Atlantic City, while at every step being accosted by hookers offering you bonus STD's and thugs who offer to trade your money in exchange for not shivving you. The sooner advertisers learn that, the sooner we start turning off our self defense mechanism

Re: Good News

[rahvin112]

They can't kill VPN without basically making the service useless for business. This reason alone will protect VPN.

Re: Good News

[Ol+Olsoc]

I agree with you in principle, but I think you're missing that you're not all that important to advertisers as an individual. AT&T's actions are frustrating and dangerous, but they really aren't concerned about the buying habits of habitual ad-blockers. You are collateral damage as far as the advertising goes, not a "valued consumer".

Perhaps. But when ordinary people can suddenly speed up the internet by blocking that shit, it starts to become a problem. I've noted in another post in this thread how I've sped up people's browsers by installing adblock and others. None of them are computing geniuses, they are just tired of paying for fast internet connections to be yanked back into dialup world because of loading all the ads. And being normal people, they don't mind the ads, just the inconvenience.

tl;dr version

Regular folks will put up with more for longer, but don't fool yourself thinking they will put up with everything forever.

Re: Good News

[adamstew]

They could target specific commercial VPN providers. Pick the top 10 VPN providers and just block access to connecting to them. You'd stop a good majority of the unwanted VPN traffic while still allowing businesses (whose VPNs are almost certainly privately run) to continue to work just fine.

Re: Good News

[beastofburdon]

Sadly it's the exact opposite in America. You can't attain a high political office without being a psychopath.

There, fixed that for you.

Free WiFi is a trap, news at 11!

[sinij]

Free WiFi is a trap, news at 11!

Re:Free WiFi is a trap, news at 11!

[Darinbob]

But I pay for AT&T service and as part of that service they claim access to free wi-fi hotspots of theirs. I think this means that I PAY for these hotspots. So having advertisements in a paid service is obscene (well, more obscene than general purpose advertising). They don't need this side income from their paying customers.

Re:Free WiFi is a trap, news at 11!

[sglewis100]

But I pay for AT&T service and as part of that service they claim access to free wi-fi hotspots of theirs. I think this means that I PAY for these hotspots. So having advertisements in a paid service is obscene (well, more obscene than general purpose advertising). They don't need this side income from their paying customers.

Yeah. Like their ad-free U-verse service. Oh no... wait. Look, advertising isn't the problem. A pre-roll add, or whatever wouldn't be offensive (just annoying). But injecting code into other people's sites. Yeah... not good.

Copyright?

[msauve]

Why is modifying a web site in this way not copyright infringement? Is not AT&T creating an unauthorized derivative work?

Re:Copyright?

[wbr1]

They are tampering with a data stream between client and server. That it is not encrypted is moot. This is a violation of the computer fraud and abuse act as well as FCC regulations. If they are a common carrier, they have no business at all tampering with the content.

Will they be charged? Probably not, and if so it will be a minuscule financial fine.

Re:Copyright?

It definitely won't be the criminal penalties you or me would face if we did the same thing for monetary gain. There are two standards. One for corporations, and another standard for individuals. It's been that way for far too long.

Re:Copyright?

[wbr1]

To clarify. From the fraud and abuse act

In practice, any ordinary computer has come under the jurisdiction of the law, including cellphones, due to the inter-state nature of most internet communication.

....

(5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

Sending my PC an ad, at the bear minimum causes damage due to increased wear on storage devices. At its worst it installs malware or defrauds such as to install malware.

Perhaps more relevant is mail and wire fraud:

18 U.S.C. 1343 provides:

Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.

Re:Copyright?

[adolf]

Is using a browser on a dumb phone with a WAP gateway creating a derivative work?

Is using the Readability bookmarklet creating a derivative work?

Both of these things have been happening for number of years (over a decade, in the first example). They simply reformat web pages.

Now that you've thought about these questions for a moment, consider: If they reformatted a web page and added advertising, does that addition of advertising affect the things status as a (non-)derivative work? (Aside from making you livid, of course. I'm not happy about ads, either.)

Re:Copyright?

[tompaulco]

It definitely won't be the criminal penalties you or me would face if we did the same thing for monetary gain. There are two standards. One for corporations, and another standard for individuals. It's been that way for far too long.

So incorporate. No reason not to enjoy the protections that the law was specifically written to provide.

Re:Copyright?

[tompaulco]

Along those lines, is using adblock+ copyright infringement? Is something that was served up dynamically copyrightable?

Re:Copyright?

[Anon-Admin]

Why is modifying a web site in this way not copyright infringement? Is not AT&T creating an unauthorized derivative work?

It is! I used to run an Anon Service and had a lengthy discussion with my attorney about doing something like what they are doing.

My idea was to capture the banner ad's and replace them with my own as the proxy processed the web page. I was not going to add to it or inject scripts. Just replace the banner ad's with ones my sponsors were paying for.

The final decision was to go with a set of frames and tag the banner ad in the top frame as being a sponsor of the anon-service while displaying the requested page in the bottom frame.

The attorney assured me that replacing content in a page as it went through the proxy was violating the craters copyright.

Re:Copyright?

[wbr1]

Maybe, like Michael Valentine Smith, I will chose to discorporate.

Re: Copyright?

[skywire]

Prepare to be flamed by cretins who have no sympathy for your making the reasonable assumption that ISPs are common carriers (which they are by nature but not in US law).

Re: Copyright?

[HiThere]

ISPs may not be common carriers under US law, but I believe that AT&T *is* a common carrier under US law.

Re:Copyright?

[pepty]

So long as RaGaPa doesn't try to inject ads into Google search results pages they will probably be fine.

Re:Copyright?

[piojo]

I'm not sure either of those applies. I'm no lawyer, but I doubt a judge or jury would agree with your interpretation of "intentionally causes damage". First of all, wear and tear is not damage. When you finish an apartment lease, the landlord cannot keep your deposit to pay for wear and tear. When you rent a car, you are not charged damages for wear and tear. When you borrow something, it would be unheard of to hold you accountable for wear and tear. Furthermore, how do you prove it? Due to the way hard drives and OSs work, I doubt the amount of damage is statistically significant. If it's not statistically significant, it doesn't exist. Finally, if AT&T is sending headers that tell the browser not to cache the data, it should not be written to the hard drive anyway.

Finally, you ignored "intentionally". Do you know how high a bar it is to prove intention rather than incompetence? It's hard, even when it's true. And in this case it just isn't. AT&T doesn't want to fuck your computer, they want to fuck your wallet.

In the wire fraud definition you cited, I don't think AT&T is fulfilling the core of the definition: "defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises". Advertising, by and large, is not considered fraud (as much as we might feel that way about most ads we see).

Re:Copyright?

[cfalcon]

At the point where you have to spend a bunch of money in order to be treated with the proper legal regard, you have "privilege" - literally "private law". You are espousing a tiered set of laws based on how much money you pay, correct? Do you see a lot of good coming from this? Do you normally favor government owned monopolies, or are you just making a special exemption here?

Re:Copyright?

[quantaman]

I'm not sure either of those applies. I'm no lawyer, but I doubt a judge or jury would agree with your interpretation of "intentionally causes damage".

Agreed.

In the wire fraud definition you cited, I don't think AT&T is fulfilling the core of the definition: "defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises". Advertising, by and large, is not considered fraud (as much as we might feel that way about most ads we see).

Here I'm not so certain. The fraud isn't the ad itself, but the fact that the ad being on the site claims a relationship between their client (the advertiser) and the site owner that does not exist. Stanford accepted that jewelry ad? They must be legit. My favourite webcomic is advertising X? Well I know the guy really vets his advertisers and I like to support the comic so I'll go through.

Of course AT&T is not the first to insert their own ads into web pages, any charges are likely thwarted by whatever click-through consent they obtained or by the precedent of adware companies getting away with the same thing for years.

Re:Copyright?

[Alumoi]

And this is how things are supposed to be. After all, you, the individual, do not spend a shitload of money on politicians

Re:Copyright?

[coats]

They are creatilng an unauthorized derivative work for commercial gain: this is criminal copyright infringement; see the relevant chunk of the Copyright Act: US Code Title 17, Section 506 (here courtesy of the Cornel Legal Information Institute, https://www.law.cornell.edu/uscode/text/17/506)

Re:Copyright?

[Raenex]

They probably have a terms of service that you have to agree to before you can browse web pages that explicitly allows them to do this.

Re:Copyright?

[JazzLad]

Also no lawyer, but I think it would be up to Stanford and the webcomic to sue AT&T (and gosh, would I love to see that).

Re:Copyright?

[david_thornley]

The obvious thing to do is to make some static but halfway useful web pages, and register their copyrights. Put a prominent copyright notice on them. Record how they come out of AT&T's hotspot. Sue AT the minimum statutory damages for violating a registered copyright are plenty enough to cover the expenses, bearing in mind that the money amount is (IIRC) per copyrighted work.

Re:Copyright?

[david_thornley]

IANAL; if this matters to you, find somebody who is. I'm not liable for the actions of people who rely on the uneducated legal musings of a pseudonymous Internet user.

Something that is put together creatively on the spot is copyrighted automatically, but it isn't a registered copyright, and there's (IIRC) no statutory damages there. So, to get in trouble, it would be necessary to establish (a) that something with outside content selected by algorithm is creative (that could go either way), (b) that this is not permissible end-user alteration of a copy legally obtained, and (c) that this isn't fair use. If the court held that this was a copyright violation, the court could tell you not to adblock that particular combination of page and ads again and award the advertiser actual damages, which would be trivial. The big awards you read about are cases where the copyright is registered.

Re:Copyright?

[pnutjam]

(I make it a policy to setup my mother at least two web browsers. One with ad blocking and such for normal use and one without for problematic web pages.)

You could have her open problematic pages in incognito mode.

Re:Copyright?

[adolf]

Dear flurry of ACs who don't know their dick from a screwdriver,

You aren't rebroadcasting those derivative works.

Do you know what a WAP gateway is? Because it certainly is a third-party thing that sits in the middle, reformatting HTML for retransmission to the end user.

Did you notice that the Readability bookmarklet linked does server-side processing of third-party content before retransmitting that content to the end user?

Re: Copyright?

[HiThere]

Well, I'm unlikely to find that out, as I don't use portables. But if they're providing the "dial tone" aren't they a common carrier as well as being the ISP? (OTOH, I'll agree that their lawyers would probably find grounds to prove differently under the law.)

Re:Copyright?

[Daniel+Klugh]

You mean Valentine Michael Smith; The Stranger in a Strange Land?

Re:Copyright?

[wbr1]

Yes, for some reason my brain put it backwards, but you grok. I need to reread some Heinlein.

Let's call it what it is... MITM attack

AT&T is initiating a man-in-the-middle attack. Can you really trust those ads? I mean they're injecting scripts. Who knows what those do, right?

Re:Let's call it what it is... MITM attack

Well, it's AT&T, than whom no corporation, unless perhaps Microsoft, has ever been friendlier to the National Security Agency. So, I'd guess that you have a pretty good idea of what AT&T's ads and scripts and zero-days could do, but admitting it to yourself is probably too traumatic.

Can You Say Lawsuit?

[mschwanke97402]

So, basically AT&T is placing their advertising on someone's web site without paying for the privilege? Were I the content owner, I'd be speaking to my lawyers first thing. The sad thing is that major companies don't even seem to worry breaching the public's trus or their reputations anymore. How long until Comcast decides to force extra advertising into my cable internet browsing. Oh! That's right, I cancelled them after the NetFlix throttling episode. So now, I guess I have to cancel DirecTV (AT&T) too.

Re:Can You Say Lawsuit?

[fustakrakich]

Cancel all those services and what will you have left?

Re:Can You Say Lawsuit?

[jeek]

Wasn't it Comcast who broke the world's email for days when they thought it was worth the advertising dollars to redirect all nonexistent domains to an ad-laden server they set up?

Re:Can You Say Lawsuit?

[Dutch+Gun]

I wouldn't be surprised if a lawsuit occurs the first time malware is injected onto a user's machine though one of these advertisements. If this keeps happening, it's really only a matter of time.

I think Comcast tried this same thing earlier, and temporarily backed off when people noticed them doing this and complained about it. Advertisements are bad enough, but you can sort of understand the desire of a website operator to want to pay for bandwidth. It's downright slimy when ads are simply injected in content someone doesn't own at all.

Re:Can You Say Lawsuit?

[The+Grim+Reefer]

So, basically AT&T is placing their advertising on someone's web site without paying for the privilege?

Yes, on a free (to the user) airport WiFi connection.

Were I the content owner, I'd be speaking to my lawyers first thing.

Which means you don't want the traffic from someone who's delayed at an airport with free WiFi, in this case.

The sad thing is that major companies don't even seem to worry breaching the public's trus or their reputations anymore.

I'm sure it's covered by the EULA for access to "free" WiFi.

How long until Comcast decides to force extra advertising into my cable internet browsing.

Hopefully never as you're paying for that connection. Though I wouldn't put it past Comcast.

Oh! That's right, I cancelled them after the NetFlix throttling episode.

Lucky you. Comcast is the only real option that I have where I live.

So now, I guess I have to cancel DirecTV (AT&T) too.

Why? Because their "free" WiFi service at the airport does this? Unless I misunderstood something, this is not occurring on paid home internet service. I cancelled DirecTV a while back as the prices are ridiculous and the customer service was awful. I actually owned my receivers, yet they charged me a receiver leasing fee. When I argued this point, they accused me of stealing them.

Re:Can You Say Lawsuit?

[sphealey]

AT&T Wi-Fi isn't free. It is an included benefit of various AT&T services including cellular and home data service. The end user is paying for it - just not on a specific basis as with Bongo.

sPh

Re:Can You Say Lawsuit?

Money... 100's of extra $.

Re:Can You Say Lawsuit?

[Darinbob]

Sanity.

Re:Can You Say Lawsuit?

[psyclone]

The web traffic incident was VeriSign, manager of the .com & .net TLDs.

Re:Can You Say Lawsuit?

[Darinbob]

But these AT&T hotspots are intended for AT&T's paying customers. They're not free hotspots for freeloaders. They don't need the side income to pay for the bandwidth since they already claimed in their marketing that these hotspots were a part of their customer ISP and mobile phone packages. This marketing undoubtedly attracted customers who otherwise would have chosen other providers.

Re:Can You Say Lawsuit?

[Darinbob]

DirecTV used to be great. Even when I left them a year ago, they were much cheaper than ComCast and with much better service. The fee on the Tivo was a pain, and they did change it so that all new DVRs were leased instead of purchased outright. I did argue with them when cutting the cord that the Tivo box was mine and was purchased by me and that I would not send it back to them, and they backed down pretty quickly (I think there was some confusion from the original third-party installer).

Sleazy, yes, but not worse than what you get with cable companies or uverse, and over the lifetime it was a much better experience.

Re:Can You Say Lawsuit?

[Dutch+Gun]

But these AT&T hotspots are intended for AT&T's paying customers. They're not free hotspots for freeloaders.

I'm not sure how you come to that conclusion given that it sounded like it was an open wifi spot in an airport. There was no mention that this was a paid access point, like with the Boingo partnership a few years ago. The article calls it "free", but it actually required paid access, so apparently there's some confusion on PC Mag's part as to what the word "free" means.

My guess? Few customers bothered with the paid access plans, so they're trying to figure out other ways of monetizing those hotspots, and some genius MBA thought this plan up after typing "How to monetize your network" into Google search.

If AT&T isn't up for offering free wifi hotspots to non-customers, that's their business. I just don't approve of this particular advertising practice. It's actually exposing the user to more risk of malware (albeit a small one), but more critically, it sets a terrible precedent.

Re:Can You Say Lawsuit?

[tompaulco]

No they aren't placing ads on someone's web site. They are injecting ads when the traffic transits their network. Completely different and I would say it is fine to do. After all it is THEIR network that you are using for free. Personally I would avoid using such networks.

Not for free. It is included as part of your service as an AT&T customer.
The browser can avoid using such networks, but the people serving up the websites should also be outraged by this illegal copyright infringement. Their only shoice is to sue or block the AT&T backbone.

Re:Can You Say Lawsuit?

[gl4ss]

it's "free" in the sense that they don't want to agree that it's a service they sell to you(and be responsible for).

it's also free in the same sense that at&t unlimited 4g is "unlimited".

Re:Can You Say Lawsuit?

[Culture20]

Imagine if all the backbones inserted ads. A page with just "hello world!" would become a jumbled mess of ads and scripts.

Re:Can You Say Lawsuit?

[david_thornley]

It's their network, and unless restrained by something like monopoly law they can hang whatever advertising they want on the page. Modifying the actual page is copyright infringement and potentially trademark infringement. These are offenses against whoever served the web page, and so a TOS with the person downloading the page wouldn't provide any protection.

Anyone wondering why Google wants to sell a router

...needs to wonder no more.

https

Time for https on all websites.

Re:https

[psyclone]

Yup. Encryption isn't just for people who have something to hide, it's for integrity of all communications, even if it's cat gifs.

Well at least they didn't sell us out to the NSA.

[r-diddly]

...oh wait...

HTTPS, bitches.

Somebody else tried this a while back too. Verizon? Uproar. I guess AT&T didn't learn from that.

https://www.eff.org/Https-everywhere

Piracy?

[hawguy]

So when I browse Pirate Torrent sites at an AT&T hotspot, then AT&T can get sued for profiting from piracy?

Re:Piracy?

[DewDude]

They would likely claim safe harbor...saying they didn't know what content they were injecting ads in. They'd probably be shooting themselves in the foot when admitting they blindly added advertising to everything.

Free wifi

[Archfeld]

and you wonder that they push ads ? Provide your own connection and stop using free ones. While I think it is low class, what do you expect for FREE ?

Re:Free wifi

Adherence to the law.
Even for free products.

Re:Free wifi

[andymadigan]

Fine, but require AT&T to disclose (in large font) that it's not an internet connection, since the content is being modified en route.

Something like:

WARNING: Web pages you view may be recorded or altered by AT&T or its affiliates. Web pages and other content retrieved may not reflect the content available over a standard internet connection. Information you enter or retrieve may be transferred or sold to third parties. AT&T is not responsible for malware injected into your content by its affiliates, or damage done to you or your computer by said malware.

(Actually, I think that last sentence should be in large font at the top of every web page that uses ads inject by third parties)

Re:Free wifi

[Darinbob]

They're not free. As in AT&T hotspots are not accessible to everyone who wanders by, but are only for paying AT&T customers. You log in using your existing account. So yes, as a customer I expect decent service for a product I pay for, not additional monetization. If it's unacceptable to sell my customer lists to advertisers then it's also unacceptable to inject side advertisements into a paid product.

And despite being a paid customer, I suspect some one being paid by advertisers is going to pop on here and accuse us of being cheap ass freeloaders by using adblock. Yet this is yet another perfect argument about why ad block is a necessary tool to fight against the tactics being used by immoral advertisers.

Re:Free wifi

[adolf]

It's free at McDonald's. Has been for years, much to my annoyance as a paying AT&T customer. [citation]

Re:Free wifi

[tompaulco]

WARNING: Web pages you view may be recorded or altered by AT&T or its affiliates. Web pages and other content retrieved may not reflect the content available over a standard internet connection. Information you enter or retrieve may be transferred or sold to third parties. AT&T is not responsible for malware injected into your content by its affiliates, or damage done to you or your computer by said malware.

Add to that "Do not use this connection under any circumstances."

Re:Free wifi

[david_thornley]

In other words, if somebody is accessing my web site (unavailable at the moment, need rehosting), AT&T is supposed to confess to violating my copyright? My website is copyright by me, and any modifications of my copyrighted material without my permission is copyright infringement (although damages are trivial unless I've registered the copyright). Since AT&T is violating my copyright arbitrarily many times for commercial gain, I think we get criminal law in there too.

Re:Free wifi

[Xanlexian]

Fine, but require AT&T to disclose (in large font) that it's not an internet connection, since the content is being modified en route.

Back in the day, quite often I'd have to explain the difference between AOL being an 'online service provider' and Mindspring/MediaOne/whoever being an 'internet service provider'.

Re:Free wifi

[Archfeld]

thanks for the info, I did not get that from the article. I'd be pissed as well then, but if I was paying for AT&T's service I'd not feel bad about using an ad-blocker at all either.

Umm

[MobileTatsu-NJG]

Didn't they claim to just be a carrier in order to not being held liable for what the users do with that connection? By delivering content they've created aren't they having their cake and eating it, too?

Noscript

Simply put, Noscript blocks the scripts, thus preventing the ads from loading. I don't care if the damn thing is pushing a custom CSS page, if it's not from the site I'm visiting, then it's not going to be loaded.

Re:Noscript

[psyclone]

But they could inject local CSS and local scripts into the page, so if you trust the current hostname by default (which many do for basic functionality) then NoScript won't help you here.

Re:Noscript

[psyclone]

Thanks, inline CSS and javascript was what I meant.

Trap? Usually its a tarpit of unusable service

[swb]

The free ATT hotspots I've found to be basically unusable tarpits of service that would make me grateful for the whine and hiss of a 9600 baud modem.

I've mostly encountered them at McDonalds where they were almost always unusable. I kind of wonder how they get their Internet service for these, whether they just steal from whatever the specific franchise might have or whether it's something more retarded, like an ancient 3G hotspot above the ceiling.

Surprised? Don't be ...

[gstoddart]

Anybody who is surprised by shit like this is an idiot.

Everybody setting up "free" hotspots wants to monetize with anayltics and ads.

Google wanting to sell you a router they can control is also going to lead to monetizing and ads.

The problem is unless we have really good quality tools to block this shit, we're never going to stop it. And this is why we can't trust ad infrastructure at all and need to block it .. because it's being done by people who want money, and don't give a crap about your security of your privacy.

Until this shit is deemed illegal (ie the computer fraud and abuse act), it will continue. Because the assholes at AT&T feel it is their right to do anything they want with your internet traffic.

Never trust that "free" doesn't come with strings like this. And never trust than any corporation won't revert to being sociopaths and decide they can do anything they want to.

amusing effects in mint update manager

[SkunkPussy]

mint update manager seems to query for descriptions of package updates via http. So wifi that interferes with http somtimes causes mint to give nonsonse descriptions for updates.

breaking end-to-end connections is really really really bad.

Re:amusing effects in mint update manager

[psyclone]

Why aren't all those requests going over HTTPS?

Re:amusing effects in mint update manager

[SkunkPussy]

Well why does any HTTP request not go over HTTPS? In the long run every request will. But for now, equipment that assumes (reasonably) that people won't corrupt their HTTP responses will fail in various ways.

TWC

[CptChipJew]

Time Warner Cable has been doing this for over a year on their public networks in California.

Re:Can You Say Lawsuit? - No, no I can't

So, basically AT&T is placing their advertising on someone's web site without paying for the privilege? Were I the content owner, I'd be speaking to my lawyers first thing.

Comcast has been getting away with this for a year now, where are those lawsuits? Comcast Using JavaScript Injection To Serve Ads On Public Wi-Fi Hotspots

Re:Trap? Usually its a tarpit of unusable service

[by+(1706743)]

https://www.youtube.com/watch?...

(Yeah, it's not 9600, sorry.)

Re:Surprised? Don't be ...

[Darinbob]

Except that it's not free. This service is for paying customers. Which makes this behavior even worse, actually.

Re:Trap? Usually its a tarpit of unusable service

[adolf]

AT&T's hotspots used to be faster back when they were non-free.

I used them a few times back then, generally at McDonald's, as an AT&T customer ("free" for me).

They seemed backed by a T1, based on speeds and traceroute guessery in an empty store. And that was generally better than the alternatives at that time (3G or nothing), so was certainly welcome. But that was a different time...

These days a T1 with multiple freeloading users is painfully slow. Overall experience can be helped considerably with some very careful QoS at the endpoint to prioritize small data streams over more lengthy streams but this is something they apparently aren't doing.

The last time I was at a McDonald's and wanted a cup of free WiFi I had far better results turning my cell phone into a 4G hotspot and paying by the gigabyte.

Same with the local public library: They have free Wifi, and welcome you to use it, but it's so slow that it's useless.

China Telecom

[Balthisar]

My home ISP -- China Telecom -- does this to me, for the service that I pay for. And no, I can't use a VPN 100% of the time because China is getting pretty good at killing VPN connections. It doesn't even matter if I use a non-ISP DNS server, because it's standard in China to poison DNS results (I've not tried experimenting with DNSSEC yet).

In my case I'll try to load Bing (which isn't blocked by Golden Shield), and the only content will be a meta reload instruction. The rest of the "real" page will have been served via an injected javascript with a shitty Chinese ad at the bottom. Reloading will fetch the real page, as the ads aren't injected 100% of the time, but only seemingly randomly.

Once again....

[JustAnotherOldGuy]

Once again, I'm shocked, SHOCKED I tell you!!

Re:Trap? Usually its a tarpit of unusable service

[Dunbal]

I once got a 300 baud modem to handshake with me by whistling the carrier tone.

Re:EULA says no piracy

[hawguy]

Of the several wifi hotspots I've used, you have to browse through a webpage, which includes 'terms and conditions', which tend to include a prohibition on using the free wifi for piracy.

Regardless, If I start a money laundering business, look the other way when people bring me stolen money, and then when the police come to bust me from profiting from stolen money, point to the contract and say "Well all of my customers promised not to launder stolen money so clearly it's not my fault that I earned all of this money from their stolen goods".

Re:Trap? Usually its a tarpit of unusable service

There *IS* a reason I spend $200/mo for LTE Internet access for my devices.

Re:Trap? Usually its a tarpit of unusable service

[Ol+Olsoc]

I once got a 300 baud modem to handshake with me by whistling the carrier tone.

I was going to say something snarky like "women must have been fighting over each other for you", but you know what ? That's actually damn cool!

Modded FUNNY?!

[macraig]

Why did people mod you funny? Do they all know something about you that I don't? I could have written that myself, and I would've been sociopathically dead serious. All human social hierarchies suck, and the reason they suck, the sole reason, is because sociopaths always wind up in charge of them. If we had a prenatal test for sociopathy or a gene therapy cure, I'd be advocating eugenics like there was no tomorrow!

Re: Modded FUNNY?!

[ememisya]

That's because this is slashdot. The title's a little misleading though, should've said, "AT&T CEOs Now Injecting Heroin"

Re:Modded FUNNY?!

[beastofburdon]

Just remember though, sociopathy is not a boolean value, it is a scale. A little bit is okay, but it needs to be dialed back in practically every politician, lawyer, CEO, police officer, ect, ect...

Re:Modded FUNNY?!

[macraig]

Knew that. The problem is that there is a corollary - or a replacement - theorem to the Peter Principle at work here: people in social hierarchies rise to the level of their sociopathy. Wouldn't it be priceless if the Peter Principle was coined by a sociopath as a deliberate misdirection?

Re:Trap? Usually its a tarpit of unusable service

[pepty]

There *IS* a reason I spend $200/mo for LTE Internet access for my devices.

Your work pays for it?

We're the phone company

Oh you little crybaby geeks. Shut up. We're AT&T, we can do whatever we want.

Re:Interfering with a communication

[SQLGuru]

It was probably buried in the TOS that you agreed to when you connected to the hotspot.......

Https-everywhere

[slazzy]

https://www.eff.org/Https-ever...

Re:Https-everywhere

[misnohmer]

...except sites such as slashdot will remain vulnerable to ad insertion as they redirect you back to http.

Just one step away from lowest form of spyware

[Ilgaz]

They may inject their referral code to other people's/companies legimate ads soon, that is what spyware developers did back in the day. That (topmoxie) was the lowest level spyware could get.

Let's hope a clever law company sue them on behalf of effected parties and make billions.

They aren't dumb

[Ilgaz]

People who took this decision surely knows about extensions, VPN and even Tor. They know only 0.001% may care too. This is the magic formula which runs spam&spyware industry.

Remember Sony rootkit, nobody were aware of anything until they were absurdly unlucky to hit World's most advanced Windows kernel hacker Mark Russinovich. https://en.m.wikipedia.org/wik... .I remember reading that story on /. That was the last drop for Sony shareholders. I hope the same for AT&T too.

Re:Trap? Usually its a tarpit of unusable service

[swb]

I only tried using them when I first got my cellular-enabled iPad. Because it was an ATT cellular model, they would automatically associate with ATT hotspots and I figured that was better than the buy-as-you-go data I used at the time.

I gave up when I realized how unusable they were and just disabled the ATT hotspot association and used LTE, which was much faster.

trademark as well as by applying your brand to it

[raymorris]

There's also a trademark issue. Suppose I load Bruce Schneier's web site and his site has an ad for some bogus "security" software. That reflects poorly on Bruce because it appears that Bruce is endorsing, or at least tolerant of, the scam software. Similarly, suppose I load DaveRamsey.com and his page contains ads questionable financial products. Dave's brand is damaged by falsely associating those products with his trademarked brand.

Re:Trap? Usually its a tarpit of unusable service

[cdrudge]

These days a T1 with multiple freeloading users is painfully slow.

These days a T1 is painfully slow, even without multiple or even a single other user. I can't think of any reason to still use a dedicated circuit like that unless you absolutely positively need the guaranteed bandwidth and SLA service...or there was absolutely no other option.

Free?

[Holi]

I get access to AT&T hotspots because I am an AT&T customer, So I am wondering about this use of the term "free". Access to these access points was a selling point when I signed up. In what world is something I am paying for called free?

The Gervais Principle

[Capt.Albatross]

http://www.ribbonfarm.com/2009...

I assume the irony in your enthusiasm for eugenics as an antidote to sociopathology was intentional.

Re:Surprised? Don't be ...

[david_thornley]

Free at McDonalds? You're telling me that I can register copyright on web pages, walk a few blocks away, and immediately get solid evidence of criminal copyright infringement that I can sue for hundreds of thousands of dollars minimum? This is sounding better all the time!

NetZero

[OrangeTide]

How is this significantly different from the old NetZero free dial-up business model? If you don't want to use "free" internet access paid through ad revenue, then don't join the network.

Browser Extension

[DrYak]

browser extension by EFF to automatically switch to HTTPs.

Is It Really AT&T ?

[tmjva]

Note: You can take 10% off all slashdot deals with coupon code "slashdot10off." X

Re:Trap? Usually its a tarpit of unusable service

[adolf]

Painfully slow for what?

For /.? For email? Gaming? Streaming audio? Facebook? Youtube? Netflix? Downloading Linux ISOs from TPB?

1.544Mbps is plenty for lots of things and insufficient for some other things.

TANSTAAFL

[eric_harris_76]

Which doesn't mean I don't find this digusting.

Re:Surprised? Don't be ...

[adolf]

But is it copyright infringement, or just annoying enough that we're all sure that there must be something illegal about it?

Re:Trap? Usually its a tarpit of unusable service

[cdrudge]

Painfully slow by today's broadband standards.

Re:Trap? Usually its a tarpit of unusable service

[adolf]

Yeah. I think you mentioned that.

Thanks for the clarity!

Re:Trap? Usually its a tarpit of unusable service

[Agripa]

These days a T1 is painfully slow, even without multiple or even a single other user. I can't think of any reason to still use a dedicated circuit like that unless you absolutely positively need the guaranteed bandwidth and SLA service...or there was absolutely no other option.

Or you want lower latency. My U-Verse service using FTTN has 3 to 4 times the latency to the gateway than my old SDSL had and the SDSL upload speed was half of the current U-Verse speed so it was not that much slower. Upload bandwidth has doubled but latency has increased 4 times.

Re:Trap? Usually its a tarpit of unusable service

[adolf]

McDonalds does not care about latency, and that is the context of this thread.

And yes, AT&T U-Verse's VDSL seems to be more latent than AT&T's own ADSL and SDSL. It's still fast (non-latent) enough, at least according to the girls I go out with.

Re:Trap? Usually its a tarpit of unusable service

[Agripa]

These days it is not even that. For more than a year now my U-Verse FTTN service has suffered from congestion during peak times with peak times being more than 1/3rd of the day and congestion yielding download speeds (upload not affected) below 1 Mb with attendant packet loss. I responded by downgrading my service to the slowest service they provide since anything faster is not usable.

The latency (and various mysterious failures like suddenly being unable to pass HTTP but not other protocols) still make me long for the days of SDSL.

Re:Trap? Usually its a tarpit of unusable service

[adolf]

Have noted zero congestion issues, at 4 different locations. Did have one location which had ancient (lead-jacketed, even) copper and took forever (easily 100 man hours) for them to get it to work properly, but they did.

Ever have a look at your stats at http://192.168.1.254/xslt?PAGE=C_1_0?

The bitloading graph at the bottom of http://192.168.1.254/xslt?PAGE=C_5_3 is instructive, too: It's a representation of the spectrum currently being used on your circuit.

Re:Trap? Usually its a tarpit of unusable service

[Agripa]

The congestion is further into AT&T's network. My local FTTN connection is perfect other than having a power backup time of seconds or less in the event of loss of power. My side is backed up but the DSLAM or something further into the network is not.