AT&T Injecting Ads Into Its Wi-Fi Hotspot Data Streams
from the the-man-in-the-middle-is-a-bit-of-a-jerk dept
Everybody wants a piece of the Internet advertising pie, and many are willing to sink to the very bottom of the well of stupidity to get what they believe is owed them. For years now ISPs, hardware vendors and even hotels simply haven't been able to help themselves, and have repeatedly been caught trying to inject their own ads over the top of user browsers and data streams. This is a terrible idea for a number of reasons, ranging from the fact that ad injection is effectively an attack on user traffic, to the obvious and inherent problem with defacing other people and organizations' websites and content with your own advertising prattle.Still, companies like Comcast, Marriot and Samsung have all been caught trying to shove their ads over the top of user data streams. When pressed, most companies are utterly oblivious (or pretend to be utterly oblivious) as to why this behavior might not be that good of an idea.
AT&T appears to be the latest company to use its perceived power over the conduit to manipulate the message. Stanford computer science and legal lecturer Jonathan Mayer recently visited the Dulles airport in DC, and found AT&T's Wi-Fi hotspots pushing a number of pop up ads, overlaying themselves on browser content:
As already noted, this type of injection is highly problematic and sets an awful precedent:
"AT&T has an (understandable) incentive to seek consumer-side income from its free wifi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user’s browsing activity to an undisclosed and untrusted business. It clutters the user’s web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service. And it introduces security and breakage risks, since website developers generally don’t plan for extra scripts and layout elements."As Mayer also notes, this is a legally muddy area, and, worried about regulatory wrist slaps, most busted ISPs have very quickly and sheepishly backed away from the practice for fear of legal repercussions. I reached out to AT&T to see whether this is a one-off instance of stupidity on the part of AT&T or somebody else (like Dulles), or if aggressively and idiotically injecting itself into the user browsing experience is now going to be AT&T's standard operating procedure across the company's network of 30,000+ Wi-Fi hotspots.
Update: AT&T has sent us a statement indicating that this was part of a limited trial:
"Our industry is constantly looking to strike a balance between the experience and economics of free Wi-Fi. We trialed an advertising program for a limited time in two airports (Dulles and Reagan National) and the trial has ended. The trial was part of an ongoing effort to explore alternate ways to deliver a free Wi-Fi service that is safe, secure and fast."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ad injection, advertisements, dulles, encryption, wifi hotspot
Companies: at&t, ragapa
Reader Comments
Subscribe: RSS
View by: Time | Thread
Maybe website owners should go after the ISPs for copyright violations.
[ link to this | view in chronology ]
Criminal infrimgement; ex parte seizure?
or private financial gain: see US Code Title 17 § 506:
<https://www.law.cornell.edu/uscode/text/17/506>
According to <https://www.fenwick.com/FenwickDocuments/Copyright_Pirates.pdf>,
...and AT&T and RaGaPa would certainly be subject to having all
the related computing/networking equipment seized, as well as
being hit for legal fees and costs. It couldn't happen to a nicer
company (except maybe ComCast :-) )
[ link to this | view in chronology ]
Re: Criminal infrimgement; ex parte seizure?
don't modify users http traffic
[ link to this | view in chronology ]
Re: Criminal infrimgement; ex parte seizure?
If what Swartz did violated the CFAA, this does to a far greater extent.
[ link to this | view in chronology ]
So this is clearly piracy, right?
[ link to this | view in chronology ]
See this?
Make ads that are low-key, don't present a security threat, and by the FSM aren't pop-ups, and you might convince younger people that they don't need ad blocking software. Don't even bother spending time trying to convince older people though, they've seen what browsing is like without ad blocking software, and aren't likely to want to repeat the experience, ever.
[ link to this | view in chronology ]
And what they failed to mention is they will engage users in ways to express their outrage & finding workarounds. It will help damage the brand, and when it finally starts infecting peoples computers you will then have to walk back your stupidity and the amount of fines & legal damages will outweigh anything you earned from this idiotic methods.
No end user thinks kindly of ads.
This type of intrusive kind is really shitty.
Isn't it bad enough you have supercookies, tracking IDs and the 1000 other ways you spy on consumers to make a buck enough? Do you really have to try and scrape that last half a cent out of it?
[ link to this | view in chronology ]
Re: "In-Browser User Engagement Solutions"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Maybe they changed this.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
AT&T Open Access
All AT&T Wayport hotspots are open now.
[ link to this | view in chronology ]
U.S. Code § 2511 - Interception and disclosure of wire, oral, or electronic communications prohibited
[ link to this | view in chronology ]
Re: U.S. Code § 2511 - Interception and disclosure of wire, oral, or electronic communications prohibited
[ link to this | view in chronology ]
But it's done by a big corporation, and therefore gets a pass.
If I copied the New York Times website, or published my version of the Washington Post, substituting my advertisements in place of theirs, I would be quickly sued.
This is no different from a copying viewpoint, and far worse for security.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
2) They're making bigger the problem that they themselves created. The whole reason for blocking javascript and popups and the proliferation of ad blockers is because these companies just can't help themselves to destroying the user's experience. This sort of thing that it's trying to circumvent is exactly the reason the thing they're trying to circumvent came into existence. It's an arms race.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Free hot spots could be advertising
[ link to this | view in chronology ]
why do they think this is different?
[ link to this | view in chronology ]
A Niche Market Opportunity
So here we have a case where using WiFi adds grime to a service that consumers want, and they are doing it in a way that thwarts previous Y type moves "(in case [where] the user's browser has disabled Javascript)".
So now the ball is in the consumer's court. This is a product or service opportunity. The consumer is ready for an enterprising soul who'll offer a product or service that defeats this practice. If it's good it will make money.
And the fight will continue.
[ link to this | view in chronology ]
Call it alterations!
[ link to this | view in chronology ]
Strictly Hypothetical
Which means that someone could stick a laptop or tablet in any public place with a high population density, use a misleading SSID, and serve up ads of their own. And possibly make enough money for it to be worthwhile.
Or while passing through an airport terminal, add audio files to web pages yelling certain words that upset the local security.
While I would never condone such behavior, I am naturally curious as to what ads and other page modifications people would serve up at various campaign rallies and political conventions next year.
[ link to this | view in chronology ]
Nice newspak you got there, guys.
[ link to this | view in chronology ]
Another argument for HTTPS everywhere
From the link above.
[ link to this | view in chronology ]
Re: Another argument for HTTPS everywhere
It's no different than a ManInTheMiddle attack on the content you're viewing. If they can add Ad's to the content, they can do anything else to it as well.
[ link to this | view in chronology ]
Re: Re: Another argument for HTTPS everywhere
[ link to this | view in chronology ]
Re: "legally muddy area"
[ link to this | view in chronology ]
That's just marketing research!
What's that have to do with anything? They most certainly were considering using it, and in fact used it even if in a limited trial. How many thousands of people per day use that airport finding them subject to this? How many third party web entities were illegally shouldered out of their rightful place by this bullying behavior?
When a department of a corporation does something, it's lying to say it was only the marketing department was trying something out and the rest of the corp. shouldn't be blamed (you know, left hand, right hand). The truth is the corporation was trying something out, and it was being handled by its marketing dept. The corp. is responsible for corp. policy and for all acts perpetrated by its divisions and employees.
Weasling doesn't cut it.
[ link to this | view in chronology ]