AT&T's "free" Wi-Fi may be too good to be true. One of the company's Wi-Fi hotspots, in Virginia's Dulles airport, is reportedly using an ad-injection platform to tamper with the web traffic of users and bombard them with more ads. Jonathan Mayer, a computer scientist and Stanford lawyer, says he discovered ad-injecting code while using the AT&T hotspot in the airport. Mayer noticed ads appearing on educational, government, and ad-supported sites such as The Wall Street Journal, and decided to take a look at the web source, discovering that it was adding lines of code that would pull in promotional materials from outside companies.
AT&T's hotspot was reportedly tampering with web traffic
In addition to cluttering web pages and slowing down the browsing experience, Mayer says the code introduces an extra security risk, as web developers don't anticipate their sites receiving additional scripts. For now, such tools exist in something of a legal gray area, with the FCC's net neutrality rules and a host of other legislation and rulings theoretically restricting their use. Last year, Comcast started using a similar tool to inject ads across its 3.5 million public Wi-Fi hotspots, and a number of other companies have followed suit. Many of those found to have been using ad-injection tools appear to have dropped them when discovered, including cable and internet company Mediacom, and hotel chain Marriott. The latter pinned the blame on its own ISP when an ad-injection tool was discovered on its Wi-Fi service in 2012. In a statement, the chain said that it was not aware of the tool, and that it did not condone the practice of inserting extra ads into web traffic.