AT&T Claims Wi-Fi Hotspot Ad Injection Was Simply A ‘Trial’ That Has Now Concluded

It’s interesting to see how quickly a company changes its tune once its nefarious deeds, or rather “public trials,” are brought to light. Earlier today we brought you a story detailing AT&T’s rather sloppy and risky behavior regarding inserting ads into webpages for users that connected to its free Wi-Fi hotspots.

Computer scientist Jonathan Mayer determined that AT&T was using a service called RaGaPa that used JavaScript to inject adds into all non-HTTPS webpages. How AT&T managed to hookup with this small startup is beyond me. As Mayer describer, “Their video pitch features “MONETIZE YOUR NETWORK” over cascading dollar signs.”

AT&T

Mayer went on to describe why such behavior on the part of AT&T (and RaGaPa) is dangerous, stating, “It exposes much of the user’s browsing activity to an undisclosed and untrusted business. It clutters the user’s web browsing experience. And it introduces security and breakage risks, since website developers generally don’t plan for extra scripts and layout elements.”

Needless to say, the backlash against AT&T came swiftly and the company wasted little time responding to its critics with an official statement. The statement is spurious at best, with an AT&T spokesman telling Re/code, “We trialed an advertising program for a limited time in two airports (Dulles and Reagan National) and the trial has ended. The trial was part of an ongoing effort to explore alternate ways to deliver a free Wi-Fi service that is safe, secure and fast.”

Safe, secure, and fast? Using JavaScript injection to place ads on all non-HTTPS webpages flies in the face of all three of those qualifiers. AT&T of course didn’t give any indication of when the “trial” started or why it was concluded (although we have a pretty good idea on the latter).

We have to give a pat on the back to Mr. Mayer for bringing this questionable practice to light; who knows how long AT&T would have continued its trial if it wasn’t caught red-handed.