AT&T Caught Injecting Ads Into Webpages Via Its Wi-Fi Hotspots
As with many things, there are both good ways and bad ways to go about advertising. Unfortunately, far too many opt for the latter - especially when your options are limited. The latest culprit is AT&T, which has begun taking advantage of those using its free Wi-Fi hotspots by injecting ads into websites they visit.
Right now, some of you might be thinking, "Well, you're using AT&T's free service. It has a right to monetize it.", and that's true. But if there's one thing we've learned from corporations in recent months (or years, for that matter), user security and experience tend to not weigh that heavily on their lists.
In this particular case, ads can be injected both at the bottom of a page and over top as a pop-up -- a pop-up that requires users to wait before they can close it, no less. It doesn't matter what website is being viewed, these ads can appear anywhere. In some cases, they risk the chance of breaking a site's template, simply because it's not designed to support such intrusive advertising.
AT&T's move here was discovered by Jonathan Mayer, a computer scientist and lawyer at Stanford who decided to browse the Web while waiting for his delayed flight at the airport. He notes that the ads wouldn't be seen if HTTPS was used, but as many websites still don't use the secure protocol, it means most websites would stand the chance to suffer these ad injections.
Mayer traced the ads to a service called RaGaPa, which means that AT&T itself isn't even handling them. It's risking user security by outsourcing it to an unknown third-party. Again, how many times has this gone wrong in the past?
If you're concerned with AT&T's actions here but need to make use of its free Wi-Fi hotspots, your best bet is to simply stick with websites that offer HTTPS support. A fairly useful way is to use a browser extension that forces HTTPS for sites that offer it -- but again, those sites are a relative rarity. Ultimately, AT&T should take the route most free Internet providers I've used do: show an ad before Internet access is granted, and then lay off.