Jump to content

ATT - Advertising injection at hotspots


Recommended Posts

Good article discussing something that ATT is doing to folks that connect to one of their hotspots using non-secure HTTP connections instead of secure HTTPS ones.




A snip:



AT&T has an (understandable) incentive to seek consumer-side income from its free wifi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user’s browsing activity to an undisclosed and untrusted business. It clutters the user’s web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don’t plan for extra scripts and layout elements.

Recent experience with advertisement injection is telling. When a Marriott property was spotted deploying similar technology, it immediately reversed course. The handful of U.S. ISPs that have dabbled in advertising injection appear to have backed off. Earlier this year, Google conducted a comprehensive study of advertising injection, and yanked nearly 200 misleading extensions from the Chrome Web Store. The closest common practice, to my knowledge, is injecting hotspot status indicators—and that’s also proven extraordinarily controversial.
The legality of hotspot advertising injection is a messy subject. There are a number of colorable arguments against, including under the FCC’s net neutrality rules,4 the FTC’s unfairness and deception authorities (and state parallels),5 wiretapping statutes,6 pen register statutes, tortious interference, copyright, and more. It certainly doesn’t help AT&T and RaGaPa that the ads aren’t labeled as associated with the hotspot, and that AT&T’s wifi terms of service are silent about advertising injection.7
Regardless of where the law is, AT&T should immediately stop this practice. And if websites needed (yet another) reason to adopt HTTPS, here’s a good one.



Bottom line use HTTPS if it is available!

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

This topic is now closed to further replies.
  • Create New...