Comcast Wi-Fi ads raise security, net neutrality concerns

Comcast's (NASDAQ: CMCSA) decision to insert self-promotional advertising into its Wi-Fi hotspots "raises security concerns and arguably cuts to the core of the ongoing net neutrality debate," an Ars Technica story maintains.

Comcast's ad insertion program months applies only to Xfinity publicly available hotspots and not to Comcast customers connected to Wi-Fi routers at home, Comcast spokesman Charlie Douglas told the publication. The ads alert consumers that they're contacted top Comcast's Xfinity service and suggest viewers download Xfinity apps, Douglas added.

The security issue came to the publication's attention when Ryan Singel, co-founder of startup Contextly, noticed a small red advertisement saying "Xfinity Wi-Fi Peppy" while using Xfinity Wi-Fi to read Mediagazer at a cafe. Singel learned that Mediagazer didn't place the ad but that "Comcast was injecting its JavaScript into packets being returned by the real server."

That use of JavaScript raised security questions that Douglas dismissed because the MSO has "multiple layers of security to keep out hackers," maintaining the insertions are "a courtesy (that) helps address some concerns that people might not be absolutely sure they're on a hotspot from Comcast," Douglas said.

Seth Schoen, senior staff technologist at Electronic Frontier Foundation, however, questioned any use of JavaScript with websites, noting that it could create security vulnerability and suggested that websites could--although many do not--solve the problem by encrypting and serving their wares of HTTPS.

"(Comcast's) code, or the interaction of code with other things, could potentially create new security vulnerabilities in sites that didn't have them," Schoen said.

Security expert Dan Kasinsky also told the publication that JavaScript can "break all sorts of stuff in that you no longer know as a website developer precisely what code is running in browsers out there. You didn't send it but your customers received it."

It's not as if ad insertion into Wi-Fi is something new. The difference is that Comcast, a strong proponent of net neutrality, is under the microscope as the FCC determines net neutrality policies which could include provisions that broadband providers deliver broadband without putting in any data packets.

"The FCC should be able to say, 'Hey Comcast, don't interfere with Internet connections by injecting these ads into websites,'" attorney and network neutrality activist Marvin Ammori told the publication.

While Douglas insisted Comcast has good intentions, network expert Robb Topolski questioned anything that altered a free and clear broadband signal.

"It's the duty of the service provider to pull packets without treating them or modifying them or modifying them or injecting stuff or forging packets," Topolski said. "Imagine every Web page with a Comcast bug in the lower right-hand corner. It's the antithesis of what a service provider is supposed to do. We want Internet access, not another version of cable TV."

For more:
- Ars Technica has this story
- PC World has this blog post
- Gizmodo has this story

Special Report: The top 5 reasons cable operators are making big bets on Wi-Fi

Related articles:
Arris puts its name on NASCAR; Comcast, TWC, Cox get FCC approval to change Wi-Fi frequencies
Comcast deluded when it says it's competing with wireless broadband, advocacy group says