Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Hotspots Now Injecting Ads

Posted by Soulskill on from the more-ads,-in-more-places dept.

An anonymous reader writes: Computer scientist Jonathan Mayer did some investigating after seeing some unexpected ads while he browsed the web at an airport (Stanford hawking jewelry? The FCC selling shoes?). He found that AT&T's public Wi-Fi hotspot was messing with HTTP traffic, injecting advertisements using a service called RaGaPa. As an HTML pages loads over HTTP, the hotspot adds an advertising stylesheet, injects a simple advertisement image (as a backup), and then injects two scripts that control the loading and display of advertising content. Mayer writes, "AT&T has an (understandable) incentive to seek consumer-side income from its free Wi-Fi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user's browsing activity to an undisclosed and untrusted business. It clutters the user's web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don't plan for extra scripts and layout elements."

14 of 187 comments (clear)

  1. Free WiFi is a trap, news at 11! by sinij · · Score: 5, Funny

    Free WiFi is a trap, news at 11!

  2. Copyright? by msauve · · Score: 4, Insightful

    Why is modifying a web site in this way not copyright infringement? Is not AT&T creating an unauthorized derivative work?

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:Copyright? by wbr1 · · Score: 5, Insightful
      They are tampering with a data stream between client and server. That it is not encrypted is moot. This is a violation of the computer fraud and abuse act as well as FCC regulations. If they are a common carrier, they have no business at all tampering with the content.

      Will they be charged? Probably not, and if so it will be a minuscule financial fine.

      --
      Silence is a state of mime.
    2. Re:Copyright? by Anonymous Coward · · Score: 4, Insightful

      It definitely won't be the criminal penalties you or me would face if we did the same thing for monetary gain. There are two standards. One for corporations, and another standard for individuals. It's been that way for far too long.

    3. Re:Copyright? by wbr1 · · Score: 5, Interesting
      To clarify. From the fraud and abuse act

      In practice, any ordinary computer has come under the jurisdiction of the law, including cellphones, due to the inter-state nature of most internet communication.

      ....

      (5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

      Sending my PC an ad, at the bear minimum causes damage due to increased wear on storage devices. At its worst it installs malware or defrauds such as to install malware.

      Perhaps more relevant is mail and wire fraud:

      18 U.S.C. 1343 provides:

      Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.

      --
      Silence is a state of mime.
  3. Can You Say Lawsuit? by mschwanke97402 · · Score: 4, Interesting

    So, basically AT&T is placing their advertising on someone's web site without paying for the privilege? Were I the content owner, I'd be speaking to my lawyers first thing. The sad thing is that major companies don't even seem to worry breaching the public's trus or their reputations anymore. How long until Comcast decides to force extra advertising into my cable internet browsing. Oh! That's right, I cancelled them after the NetFlix throttling episode. So now, I guess I have to cancel DirecTV (AT&T) too.

  4. https by Anonymous Coward · · Score: 5, Insightful

    Time for https on all websites.

    1. Re:https by psyclone · · Score: 4, Insightful

      Yup. Encryption isn't just for people who have something to hide, it's for integrity of all communications, even if it's cat gifs.

  5. Piracy? by hawguy · · Score: 4, Funny

    So when I browse Pirate Torrent sites at an AT&T hotspot, then AT&T can get sued for profiting from piracy?

  6. Re:Noscript by psyclone · · Score: 4, Insightful

    But they could inject local CSS and local scripts into the page, so if you trust the current hostname by default (which many do for basic functionality) then NoScript won't help you here.

  7. Re: Good News by Anonymous Coward · · Score: 4, Insightful

    The ONLY thing unsavory advertising, in any form, does is the exact opposite of the initial intent; i.e., "never buying that". Advertisers, regardless of the delivery, apparently are not smart enough to realize if you annoy people, you have LOST the sale.
    Plus, the whores are then really easy to spot. No resposible consumer likes a whore.

  8. Re: Good News by MightyMartian · · Score: 5, Funny

    Yup, an SSH proxy or other VPN is your bestest friend. I don't access public WiFi without it. That being said, I expect if more people do that, eventually the sociopaths that run the major ISPs will begin using deep packet inspection to shut down anyone using VPNs. Remember, the MBAs that run the world are evil monsters who would, if they weren't trying to find ways to extort money from us, would probably be finding ways of eating human flesh and killing elderly people for fun.

    The real lesson here is that we should be banning all sociopaths and anyone with any significant narcissistic personality disorders from holding any position where they have any authority over anyone else. I would have a law that would ban such individuals from even being shift manager at a McDonald's. They wouldn't be allowed to become lawyers, doctors, accountants or engineers. All professions of any significant importance would be forbidden them.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  9. Re: Good News by Ol+Olsoc · · Score: 4, Insightful

    The ONLY thing unsavory advertising, in any form, does is the exact opposite of the initial intent; i.e., "never buying that". Advertisers, regardless of the delivery, apparently are not smart enough to realize if you annoy people, you have LOST the sale. Plus, the whores are then really easy to spot. No resposible consumer likes a whore.

    Mod this guy up! Anything that manages to get through my defenses is put on the "Never ever" list.

    The sooner advertisers understand that, and the sooner they understand that if they put simple unobtrusive ads on web pages, the sooner we'll stop this war on web users.

    When your ads are having the opposite effect than you intended, maybe its time to change.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  10. Re: Good News by Chris+Johnson · · Score: 4, Insightful

    Have you tested this conclusion?

    If it turns out that advertisers can test this—for instance, on Facebook, let's say—and discovered that it's not true: that there's a measurable advantage to obnoxiousness in that you're outnumbered by the people who shrug off the obnoxiousness yet retain the payload then you're mistaken.

    I think they've already tested this, and we're seeing the outcome. Results are in: short of legislating better behavior, being abusive gets you enough local gains that it becomes a required strategy, impossible to compete against without adopting the same strategy.

    It would be nice if the 'I boycott youuuu!' reaction made any sort of difference, but clearly it does not.