It didn't take long for computer scientist and lawyer Jonathan Mayer to realize something strange was happening when he found the Stanford website touting jewelry last week.
Mayer discovered ads were being inserted into webpages on a free AT&T Wi-Fi hotspot he was using while waiting to catch a flight at Dulles Airport.
AT&T hotspots are tampering with HTTP traffic and injecting ads. Uncool. https://t.co/1BxQWwPvVv pic.twitter.com/Y4zaoFEb2P
— Jonathan Mayer (@jonathanmayer) August 25, 2015
Even websites already including advertising, like the Wall Street Journal, had more placed on them.
Mayer identified the ad injection platform RaGaPa as the culprit. RaGaPa was intercepting unsecured HTTP traffic over the AT&T hotspot and using JavaScript to insert and overlay advertising.
A video and datasheet promoting RaGaPa's service are unapologetic in promising to, "MONETIZE YOUR NETWORK".
Mayer points out while injecting ads into browsers is a legal grey area, the secrecy in this case is unsettling.
"It certainly doesn’t help AT&T and RaGaPa that the ads aren’t labeled as associated with the hotspot, and that AT&T’s wifi terms of service are silent about advertising injection."
The discovery is not the first time a major U.S. telecommunications provider has been found controversially injecting ads into webpages. Last year Comcast used a similar method on users connected through its Xfinity hotspots, however Comcast only pushed advertising for its own services.
A further breakdown, including portions of the JavaScript discovered by Mayer, can be found at his blog.
Source: Jonathan Mayer via ARN
12 Comments - Add comment