At least one AT&T WiFi hotspot is tampering with internet traffic and injecting ads into web browsers. Computer scientist and lawyer Jonathan Mayer was using the free WiFi at Dulles Airport in Virginia when he noticed that websites which he visited regularly had suddenly been invaded by conspicuous advertising banners. Mayer found that the Stanford University website was now hawking discount jewelry with garish banner ads, the Wall Street Journal’s homepage featured an intrusive banner at the bottom of the page and the homepage of the US government’s Federal Communications Commission was advertising discount women’s shoes. 

Mayer investigated the source of the intrusive advertising and noted that AT&T’s free WiFi hotspot was tampering with his HTTP traffic in three different ways. First, connecting to the WiFi source added an advertising stylesheet to the websites he was visiting. It also injected backup advertising content, in case the browser he was using didn’t support the first set of advertising that the hotspot attempted to inject. Then it added two more advertising scripts to control the loading and display of messages. These scripts were then used to import advertising content from additional third-party companies. 

The source of the advertising platform was not AT&T themselves but a third-party company called RaGaPa which specializes in “WiFi Monetization and In-Browser User Engagement Solutions.” Unfortunately, AT&T’s WiFi Terms of Service does not mention the advertising injection technology, an unfortunate strategy for users seeking greater transparency from technology companies. Not only does connecting to the AT&T WiFi network expose user information to RaGaPa without their knowledge, it also discloses browsing activity to any of the third-party advertisers partnered with them. Furthermore, as the injected advertising is not marked as originating from AT&T’s WiFi service, the cluttered web pages reflect poorly on the source organizations and interfere with the legitimate monetization efforts of web properties.