Comcast is Manipulating its Customers

Comcast Corp. has once again come under fire due to its shady consumer practices.

Comcast sux

The massive broadcast and cable company provides a unique service to its customers through its 3.5 million Wi-Fi hotspots located around the country. This service is conceptually convenient but jaded in reality. Consumers recently discovered that while they utilize the Comcast Wi-Fi network, the pop-up advertisements flashing across their devices originate from Comcast itself, rather than from the various third party location-based network locations.

Comcast inserts 2 types of advertisements: one reminding users they are using Comcast’s service, and another type reminding users to download Xfinity applications. Xfinity is a signature service provided by Comcast.

xfinityad

Comcast’s ad injections are a big deal.

The advertisements flash across the screen approximately every 7 minutes and last for a few seconds before disappearing. And while these advertisements are rather annoying and seemingly harmless, they actually have the potential to cause serious harm to users’ personal devices.

The ad insertion process uses JavaScript code created by Comcast that users then see on their phones as advertisements. Those in the know within the technology community have fiercely debated JavaScript’s stability for quite some time. While JavaScript operates smoothly across multiple platforms and devices, the code’s nature allows it to conduct malicious actions “including controlling authentication cookies and redirecting where user data is submitted.” (Kravets)

javascreener

In fact, Electronic Frontier Foundation Technologist Seth Schoen reviewed the data’s encrypted code sent to each device and found that “there ended up being JavaScript in the page that was not intended by the server.” And the potential possibilities are much more sinister. In a phone interview with Ars Technica, Schoen said that “even if Comcast doesn’t have any malicious intent, and even if hackers don’t access the JavaScript, the interaction of the JavaScript with websites could “create” security vulnerabilities in websites. Their code, or the interaction of code with other things, could potentially create new security vulnerabilities in sites that didn’t have them [before].”

To be fair, ad insertions are not unique to Comcast. Many Airports practice similar techniques within their Wi-Fi hotspots as well. However, 22 million Americans subscribe to Comcast’s services, leaving millions vulnerable to nefarious outside groups holding dark intentions.

Comcast and other similar service providers have a duty to customers to offer unrestricted, open access to the Internet. This controversial practice has developed during a crucial crossroads concerning open Internet access. With the rising public outrage against net neutrality regulation, the stakes have never been higher.

Sources:

Dixit, Pranav. (2014, September 9). Comcast Is Injecting Ads Right Into Web Pages At Its Public Hotspots. [Web Log Post]. Retrieved from http://gizmodo.com/comcast-is-injecting-ads-right-into-web-pages-at-its-pu-1632327503

Kravets, David. (2014, September 8). Comcast Wi-Fi Serving Self-Promotional Ads Via  Javascript Injection. [Web Log Post]. Retrieved from http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/

 

Advertisements

One thought on “Comcast is Manipulating its Customers

  1. I have Comcast and have personally never seen any of these pop-up adds, but hearing about this makes me skeptical of their service and nervous about the safety of my information, because I know that my computer stores valuable information, such as credit card numbers. I also don’t understand why Comcast would need to advertise to customers using their service if they are putting them at risk. I’m sure this knowledge has made many people stray from using their Wifi.

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s