Slashdot Mirror
AT&T Hotspots Now Injecting Ads
An anonymous reader writes: Computer scientist Jonathan Mayer did some investigating after seeing some unexpected ads while he browsed the web at an airport (Stanford hawking jewelry? The FCC selling shoes?). He found that AT&T's public Wi-Fi hotspot was messing with HTTP traffic, injecting advertisements using a service called RaGaPa. As an HTML pages loads over HTTP, the hotspot adds an advertising stylesheet, injects a simple advertisement image (as a backup), and then injects two scripts that control the loading and display of advertising content. Mayer writes, "AT&T has an (understandable) incentive to seek consumer-side income from its free Wi-Fi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user's browsing activity to an undisclosed and untrusted business. It clutters the user's web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don't plan for extra scripts and layout elements."
Free WiFi is a trap, news at 11!
Time for https on all websites.
Will they be charged? Probably not, and if so it will be a minuscule financial fine.
Silence is a state of mime.
In practice, any ordinary computer has come under the jurisdiction of the law, including cellphones, due to the inter-state nature of most internet communication.
(5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
Sending my PC an ad, at the bear minimum causes damage due to increased wear on storage devices. At its worst it installs malware or defrauds such as to install malware.
Perhaps more relevant is mail and wire fraud:
18 U.S.C. 1343 provides:
Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.
Silence is a state of mime.
Yup, an SSH proxy or other VPN is your bestest friend. I don't access public WiFi without it. That being said, I expect if more people do that, eventually the sociopaths that run the major ISPs will begin using deep packet inspection to shut down anyone using VPNs. Remember, the MBAs that run the world are evil monsters who would, if they weren't trying to find ways to extort money from us, would probably be finding ways of eating human flesh and killing elderly people for fun.
The real lesson here is that we should be banning all sociopaths and anyone with any significant narcissistic personality disorders from holding any position where they have any authority over anyone else. I would have a law that would ban such individuals from even being shift manager at a McDonald's. They wouldn't be allowed to become lawyers, doctors, accountants or engineers. All professions of any significant importance would be forbidden them.
The world's burning. Moped Jesus spotted on I50. Details at 11.