While the recent AT&T ad-injection scandal is still fresh on our minds, now is the perfect opportunity to give everyone a simple little privacy tip that can go a long way towards protecting oneself on the Internet. For those of you who aren’t familiar, AT&T was recently caught using one of its Wi-Fi hotspot locations to inject advertisements into devices that connected to the hotspot as part of what the company claims was a “test.” AT&T is far from the only company that does this, but fortunately there are a few simple ways to protect yourself from this kind of thing, such as using HTTPS whenever possible.
AT&T got caught with its hands in the proverbial cookie jar. It was testing injecting advertising at one of its airport Wi-Fi hotspot locations, and one of the nation’s leading privacy advocates with expert technical proficiency was passing through. Jonathan Mayer wrote up his experience on Tuesday; AT&T said on Wednesday it was an “experiment” it’s already discontinued. Mayer’s curiosity was piqued when sites that feature no advertising (academic and government) and that already had some advertising sported more, including a banner stretched across the bottom, and pop-up ads that couldn’t be dismissed before a period of time had passed. AT&T was injecting JavaScript into webpages, intercepting them and rewriting them on the fly, using a third-party ad network’s code to deliver the overlaid ads. In a statement provided by a spokesperson, AT&T said: “Our industry is constantly looking to strike a balance between the experience and economics of free Wi-Fi. We trialed an advertising program for a limited time in two airports (Dulles and Reagan National) and the trial has ended. The trial was part of an ongoing effort to explore alternate ways to deliver a free Wi-Fi service that is safe, secure and fast.” It should never have begun.
