BetaNews reports that the issue was noticed by computer scientist and lawyer Jonathan Mayer. Whilst connected to an AT&T free Wi-Fi hotspot at Dulles Airport, Mayer noticed that webpages were becoming covered by adverts in unusual places.
Investigating the cause of the adverts, Mayer found that they were being provided by ad provider RaGaPa. RaGaPa had made its way onto the machine from the AT&T hotspot.
The Wi-Fi hotspot was injecting an extra stylesheet into the web browser which pulled in the advertisements. To ensure that users couldn’t miss the adverts, AT&T used two different techniques to display them. The first JavaScript-based method could fall-back to a version that did not require scripting abilities if the browser did not have JavaScript enabled.
The discovery raises two concerns. The injection of extra adverts onto webpages could obscure content and would certainly further impact browser performance, especially on the low-power devices that people are likely to be using on the go. It could also pose a security risk though, particularly because the user’s web traffic is clearly exposed to the ad provider.
Mayer called on AT&T to “immediately stop this practice”, “regardless of where the law is”. A clause in AT&T’s terms of service states “We may also enable certain technologies intended to improve your experience, maintain network security, and/or optimize network utilization.”
Although no direct reference is made to advert injection, the clause does continue to say that records may be created “regarding the websites you visit and search terms you enter” while using an AT&T wireless hotspot.
Adverts cannot be injected onto websites using the secure HTTPS protocol because it is impossible to tamper with this kind of traffic. Although increasing numbers of websites are switching to HTTPS, many key sites that people are likely to visit while on the go have not.
As such, people using services like news sites – typically already filled with ads – are likely to encounter injected AT&T messages when using a wireless hotspot. Adverts are known to have dramatic performance impacts on web browsers and also consume more battery. AT&T has not yet commented on the allegations.
