Pando

Comcast weakens consumer security by injecting ads through its public hotspots

By Nathaniel Mott , written on September 8, 2014

From The News Desk

Comcast never tires of finding new ways to flaunt its lack of scruples.

The company is now injecting ads into someone's browser whenever they use one of its public hotspots, according to an Ars Technica report, which is both annoying and worrisome for those who don't want companies to use underhanded methods to get advertisements to consumers.

It's a pointless exercise to complain about Comcast for being annoying. It's so core to the company's being, what with its cringeworthy "customer support" practices and its ability to irritate consumers, that complaining about it is like complaining that a zebra has stripes.

But the company can and should be criticized for undermining the security of everyone who uses its public hotspots, which is exactly what this new advertising program is doing. As Ars notes in its report, there are security concerns any time a company injects code into a website:

Seth Schoen, the senior staff technologist for the Electronic Frontier Foundation, reviewed the data pulled by Singel and said that 'there ended up being JavaScript in the page that was not intended by the server.'

Even if Comcast doesn't have any malicious intent, and even if hackers don't access the JavaScript, the interaction of the JavaScript with websites could 'create' security vulnerabilities in Websites, Schoen said. 'Their code or the interaction of code with other things could potentially create new security vulnerabilities in sites that didn't have them,' Schoen said in a telephone interview.

Comcast is no stranger to undermining security with its public hotspots. The company has also left people who use the networks open to attacks -- not intentionally, but because of the way a device connects to a WiFi network -- from anything pretending to be one of its public hotspots.

This means that consumers are once again presented with two options: maintain a modicum of security by staying off public networks, especially Comcast's, or expose themselves in exchange for a few minutes of connectivity. The only problem is that many people don't know about the risks, which means that they're unwittingly compromising their security for convenience's sake.

Unintended security vulnerabilities are an inconvenient truth in the Internet age. But here, Comcast has knowingly compromised someone's security just to put its personal stamp on a public WiFi network. That's not just annoying; it's unacceptable.

[illustration by Brad Jonas]