skp51443 Posted August 26, 2015 Report Share Posted August 26, 2015 Good article discussing something that ATT is doing to folks that connect to one of their hotspots using non-secure HTTP connections instead of secure HTTPS ones. http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ A snip: AT&T has an (understandable) incentive to seek consumer-side income from its free wifi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user’s browsing activity to an undisclosed and untrusted business. It clutters the user’s web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don’t plan for extra scripts and layout elements. Recent experience with advertisement injection is telling. When a Marriott property was spotted deploying similar technology, it immediately reversed course. The handful of U.S. ISPs that have dabbled in advertising injection appear to have backed off. Earlier this year, Google conducted a comprehensive study of advertising injection, and yanked nearly 200 misleading extensions from the Chrome Web Store. The closest common practice, to my knowledge, is injecting hotspot status indicators—and that’s also proven extraordinarily controversial. The legality of hotspot advertising injection is a messy subject. There are a number of colorable arguments against, including under the FCC’s net neutrality rules,4 the FTC’s unfairness and deception authorities (and state parallels),5 wiretapping statutes,6 pen register statutes, tortious interference, copyright, and more. It certainly doesn’t help AT&T and RaGaPa that the ads aren’t labeled as associated with the hotspot, and that AT&T’s wifi terms of service are silent about advertising injection.7 Regardless of where the law is, AT&T should immediately stop this practice. And if websites needed (yet another) reason to adopt HTTPS, here’s a good one. Bottom line use HTTPS if it is available! Link to comment Share on other sites More sharing options...
champ_49 Posted August 26, 2015 Report Share Posted August 26, 2015 Understand Stan on the HTTPS thing, but even our lifeline like Escappees isn't available that I know of. Or is it? Dave Link to comment Share on other sites More sharing options...
skp51443 Posted August 27, 2015 Author Report Share Posted August 27, 2015 Not on the forum but the main Escapees.com site is HTTPS. There are some options for getting an inexpensive certificate and the HTTPS doesn't add a lot of overhead so maybe they could switch it on here at some point. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.