Some Hotspot Operators Secretly Intercept, Insert Ads In Web Pages 273
An anonymous reader writes with this excerpt from the NYT's "Bits" column: "Justin Watt, a Web engineer, was browsing the Web in his room at the Courtyard Marriott in Midtown Manhattan this week when he saw something strange. On his personal blog, a mysterious gap was appearing at the top of the page. After some sleuthing, Mr. Watt, who has a background in developing Web advertising tools, realized that the quirk was not confined to his site. The hotel's Internet service was secretly injecting lines of code into every page he visited, code that could allow it to insert ads into any Web page without the knowledge of the site visitor or the page's creator."
Hasn't this been going on for a while? (Score:5, Insightful)
Yep. So use HTTPS-Everywhere. (Score:5, Informative)
Well, if you use Firefox that is.
If the connection between you and the website is encrypted, no one can add code to it.
Re: (Score:2, Interesting)
Re:Yep. So use HTTPS-Everywhere. (Score:5, Informative)
More than just porn sites do this. Many others, like LinkedIn, are more benign, just using your contacts list from your web email provider(s) to push you to find more people you know within LinkedIn. They don't spam or auto-add anyone. But it's still a concern. I use separate browsers for every signed-in site I visit, so LinkedIn can't get to my Gmail account, for example. I was prompted by LinkedIn to enter my password for those sites (I'd never do that). I don't know if they would prompt if the same browser instance was already logged in (I'd never do that).
Browsers should, and maybe FF now does, firewall JS code and data by hostname. Of course that would break using alternate servers for things like static images. But that's fixable by using the base name (remove the "www" part if that's on the name), and allowing access to hostnames that have name components added in front. So site slashdot.org could access images.slashdot.org. But tech.slashdot.org cannot access images.slashdot.org but can access images.tech.slashdot.org (so all sites just need to make their auxiliary servers named as child hostnames of the base hostname). The same wall should apply to Java and Flash, too (in addition to walls blocking access to the filesystem except as configured to be allowed into specific areas).
I've not done any tests of such security in FF, Chrome, or any other browser. Have fun.
Re: (Score:2)
"Many others, like LinkedIn, are more benign, just using your contacts list from your web email provider(s) to push you to find more people you know within LinkedIn. They don't spam or auto-add anyone."
Never touched LinkedIn in my LIFE and that shit site is spamming my gmail account CONSTANTLY.
HTTP Policies (Score:2)
This is why websites need to publish policy files a bit like ABE (Application Boundaries Enforcer) [noscript.net]. This would mean that a website would publish what resources that site can request and destinations that are not in that policy are not loaded. Unfortunately if they can intercept anything that you are served then the injector can just modify the policy file too. Perhaps signed policy file could solve this?
Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection
Re:HTTP Policies (Score:4, Interesting)
Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection is between the endpoint and the real site and then serve you a different SSL certificate with the adverts included. (Although I doubt they can make a certificate look like the legitimate website.) Alternatively they could just drop everything down to HTTP...
They might be able to pull this off, but the revenue they could earn off of such a scheme would never pay the lawyer bills. One could argue this would be a DMCA violation. (In fact, they seem to be on shaky legal ground altering un-encryption streams. It is after all, a form of scraping and perhaps copyright violation [wikipedia.org].)
The drop everything to HTTP would certainly be noticed.
Re:HTTP Policies (Score:5, Insightful)
It isn't so much scraping as it is simply taking somebody's website content and copying it for their own profit.
Plain and simple copyright violation where the website owner is the victim.
Re:HTTP Policies (Score:5, Interesting)
Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection is between the endpoint and the real site and then serve you a different SSL certificate with the adverts included. (Although I doubt they can make a certificate look like the legitimate website.) Alternatively they could just drop everything down to HTTP...
I've seen some novel approaches to working around SSL but most will tip off the end-user. I run a throttled honeypot on my home network with some ad-injection. I get a couple dollars a month from it, the neighbors get free internet, and it seriously cut-down on the number of auth-attempts against the secured side of my router. Most of the injectors just catch and sniff packets for webpages (trying to inject into, say, SSH would bork everything) and inserts an ad frame. I'll have to test how my setup handles a secured session but I've seen instances of SSL sessions being wrapped in a framed unsecured page (mostly at hotels and airports). Newer browsers (Firefox and Chrome anyway, no Windows box to test on) will pitch a fit about this but if you're connecting to an unsecured network, I doubt security is much of a priority.
Re:HTTP Policies (Score:5, Insightful)
"A weird box just popped up! IT says something about certificates and signing, whatever that means. If I click 'accept' I'll get to see the website, so I'll do that."
Re: (Score:2)
"A weird box just popped up! IT says something about certificates and signing, whatever that means. If I click 'accept' I'll get to see the website, so I'll do that."
My point exactly. SSL (and a handful of other techniques) will alert the user to something untoward going on, but the lion's share of those users will ignore/not understand the threat.
Re:HTTP Policies (Score:5, Insightful)
if you're connecting to an unsecured network, I doubt security is much of a priority.
Congratulations, you are an idiot!
The whole point of encryption is that it allows secure communications over insecure network.
Re:HTTP Policies (Score:4, Informative)
While they couldn't insert code into an encrypted session, they COULD perform a man in the middle attack and accomplish the same thing, provided the user decided to override the certificate warning (which I'm guessing most people would). A more secure solution would be to do all the browsing over a ssh tunnel. That too could be intercepted, but it's less likely, and ssh will catch such an attempt provided the tunnel was first initiated over a trusted connection, so at least you'd be able to avoid using the service if you know it's going to be insecure.
What's ironic is the fact that the cheap hotels that are out in the middle of nowhere have great, highspeed, well covered wifi with mostly unrestricted or completely unrestricted hotspots (most of the time, all you have to do is agree to a clickthrough agreement, and you're good to go). But go to a big hotel in the city for a convention or something and they want to charge $15 a day for it. I'd just grown accustomed to tethering my cellphone in those instances since I got higher speeds from that than I did from the hotel wifi.
-Restil
Re: (Score:2)
How is that ironic? Big hotels in the city pay outrageous prices for land, and operating costs are much higher. Everything costs more in a big city because everything costs more. And people will pay because they are used to paying for little things like that.
This is how big cities work. Let me guess, you were expecting prices to be based on cost? Oh, well that's not how the world works.
Re:HTTP Policies (Score:5, Insightful)
You say that big-city hotels have higher costs, and that they charge more for wifi because of those higher costs (maybe not of bandwidth, but other stuff). You then criticize the GP for expecting prices to be higher based on costs? Hmm. . .
Re: (Score:3)
Bull. Shit.
Different hotels in the same town, next door to each other, have wildly different policies. Budget hotels offer free WiFi almost universally, along with other freebies in EVERY CITY. The more you pay for your room, the more likely it is you will be nickel and dimed for every little thing you use. It's been this way forever. It makes no damn sense to me either. I get free shit with my $80 room, but with the $200 room they tack on surcharges for wiping my ass with the window open.
Re:HTTP Policies (Score:5, Interesting)
Without exception, in traveling to >30 hotels each year for the past [wayyy too many years], the higher the per-night rate for the hotel, the more the nickel-and-dime charges for what should be included as part of the accomodations.
< $100/night usually includes:
- FREE wifi, unspecified throughput, non-public IP
- FREE incoming phone calls
- FREE incoming faxes
- FREE outgoing phone calls up to 30 min
- FREE computer near lobby for guest use
- FREE document printing for reasonable # pages
- FREE microwave oven in the room
- FREE mini-fridge in the room
- FREE pillows & linens on the bed
- FREE pull-out drying line for laundry in the bathroom
- coin-op laundry for hotel guests
> $100/night often imposes charges for:
- WIFI: $12.95+tax per day
- public IP: additional $10+tax per day
- incoming faxes: $.50/page
- outgoing phone calls: AT&T Operator rates + 200% surcharge
- document printing: $.50/page
- fridge in room: $25 per night, special request
- microwave in room: $25 per night, special request
- linens: changed every 3 days at no charge, no discount for multi-day stay
- laundry: 24-48 hr turnaround; $5.00 per shirt, $10.00 per pants, don't even ask about other items!
Re:HTTP Policies (Score:4, Informative)
Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection is between the endpoint and the real site and then serve you a different SSL certificate with the adverts included. (Although I doubt they can make a certificate look like the legitimate website.) Alternatively they could just drop everything down to HTTP...
The SSL layer already knows the hostname of where it wants to go. The signed certificate received from the connected server should have a cert for the Certificate Authority, identifying which public CA key to get from the collection the browser or SSL library has. The CA signature of the web site's cert is decrypted by that public CA key. If that works, it is then known the site cert is signed. If the site name also matches (maybe with wildcard enabled), and today's date is in the range valid for the signature, then the site cert is valid. Otherwise not, and you get that annoting security popup.
For the proxy to insert anything, it would have to act as the end point for the SSL stream. But that setup would fail unless the proxy has the web site's certificate signed by a valid CA. If you add a new CA the proxy server used (its own), then it could do that. Otherwise they would have to convince some CA to sign certs for ALL the major sites, for use in this proxy. A bad CA could do this. You can then defeat that by removing the bad CA cert from your browser. But the hotel could defeat you by convincing you to add their local CA cert to your browser (and then the proxy can dynamically generate a fake signed cert for any site you visit if they know the name in advance, which can be done with a name server injection). You can defeat that by not allowing any of their stuff into your computer.
If you have the means, a VPN to your own trusted network can help, though you then have slower responses. Test their network to see if you can access secured services you normally do have access to, like SSH, IMAPS, Submit/TLS. Also check to see if they have IPv6 and complain if not. Tell them "the FREE porn sites are on IPv6 only".
Since 2007 or earlier (Score:3)
I posted a comment below regarding Meraki wireless boxes that did this in 2007. I never experienced an actual deployment, but there must have been some.
Re: (Score:2)
without the knowledge of the site visitor (Score:5, Informative)
Of course this is in no way limited to hotels, even ISP's have been shown to do this. Using Client-Server encryption like SSL should easily bypass that.
Re:without the knowledge of the site visitor (Score:5, Interesting)
Of course this is in no way limited to hotels, even ISP's have been shown to do this. Using Client-Server encryption like SSL should easily bypass that.
And that is easily bypassed by the ISP. For example when I try to login to slashdot and it changes from http to https, my ISP serves me their self-signed cert instead of Slashdot's real one. This way they are capable to intercept secure communications too.
Re:without the knowledge of the site visitor (Score:5, Insightful)
Care to tell me which ISP carries out such a man-in-the-middle attack on a secure web site so I can permanently blacklist them and any entity even remotely connected to them?
That should fail. (Score:3)
Unless you have specifically trusted whatever certificate authority server the ISP put up to do that.
Re: (Score:3)
And what if they own one of the large CAs?
Let's just be clear about that. (Score:5, Informative)
Just to be clear about that ...
You're postulating a situation where:
The ISP
is owned by a certificate authority
that is, by default, trusted by your browser vendor
and that certificate authority
is creating certificates for 3rd party websites
without the 3rd party websites' permission
in order to facilitate man-in-the-middle attacks
so that the ISP can inject ads into your session.
I would imagine the backlash would kill both the ISP and that certificate authority.
Re: (Score:2)
Re: (Score:2)
I would imagine the backlash would kill both the ISP and that certificate authority.
No, because fraud charges against everyone involved will do it long before that.
Re: (Score:2)
How can you ever get /.'s cert if the ISP keeps switching it out with the ISP's cert? Just go without /. and all other secure sites while at home? That sucks!
Re:That should fail. (Score:4, Informative)
Re: (Score:2)
"Changing ISP isn't really an option, every ISP in the country does it "
Citation needed. I've had no inline ad injection from Charter.
Re: (Score:3)
Occasionally ISPs do this legitimately as well. My ISP keeps trying to inject a message into HTTP traffic when we reach 75% of our monthly download limit. This is especially amusing when it injects into steam or the web page previews in opera (and in neither case can you accept it, and move on, so it keeps trying to inject until eventually it hits a web page you're actually viewing).
Re:without the knowledge of the site visitor (Score:5, Insightful)
Hmmmm, no... intercepting and changing internet packages is evil.
Re: (Score:2)
My ISP keeps trying to inject a message into HTTP traffic when we reach 75% of our monthly download limit.
Why screw around with that instead of just sending you an email? If you block it and get cut off, no skin off their nose.
Re: (Score:2)
My isp gives me a page saying "Your bill is late" when for some reason the automated charge didn't go through. Click ok on that page and I'm back online again... at least for several days when they put up a more permanent message, but it gives me time to figure out what went wrong with the process. However, that's the only
attempt I've seen at hijacking the internet connection by my ISP. Not that they don't suck in a variety of other ways.....
-Restil
Re: (Score:2)
Re: (Score:2)
Spam made email an undesirable option for a lot of people when alternatives existed. So if you used to use email, you still do. If you used instant messaging before you used email, you probably never saw the need for it.
-Restil
Re: (Score:3)
Some ISP's do stuff like this as well (Score:2)
Some ISP's do stuff like this as well
Yay a New Arms Race! (Score:2)
Re:Yay a New Arms Race! (Score:5, Interesting)
Re:Yay a New Arms Race! (Score:5, Interesting)
There's a simpler solution - if I write a web page and somebody copies all of my text and graphics as part of an advert (without my permission) then it's a fairly clear copyright infringement. So if you find a hotspot doing this just navigate to one of your own web pages and then sue the operator for copying your work and serving it up as an advert.
Or, better yet, send an email to each significant site you've visited while at Marriott and tell them what's going on. It's likely they've got deeper pockets than you do. Most probably won't bother to go after the hotel; but it only takes one.
Re: (Score:2)
Re: (Score:3)
Yes, I'd love to see the bastards sued over this! And I think the Grateful Dead might be a great organization to launch such a suit. They have a couple of advantages: 1) for their "free" music, they have a license similar to CC-NC, but it predates CC-NC by many years, and explicitly forbids Internet advertising (some people claim that the CC-NC is a little vague about this), and 2) one of their songwriters is a lawyer and, moreover, not just any lawyer--he's one of the founders of the EFF (John Perry Barl
HTTPS everywhere (Score:2)
Use HTTPS Everywhere extension (currently for FireFox, I don't know about chrome equivalents).
This will make everything coming to you as an encrypted stream, by passing the Hotspot's rewritting.
Or the Hotspot will attempt to Man-In-The-Middle Attack your encrypted stream (decrypt it itself, as if they were a normal client like you, and then re-encrypting it before sending it to you, as is they were a server. Except they don't know the original private encryption keys, so they will need to use another priva
Captive Portals Do That You Know? (Score:4, Interesting)
Re: (Score:3)
DD-WRT has had this for a while now.
http://blog.anchorfree.com/news-events/ad-supported-wi-fi-network-launches/ [anchorfree.com]
"Consumers on an AnchorFree hotspot are presented with a display ad that remains at the top of the screen with every Web site they visit, and those ads can be contextually matched to the content on each page, according to Mark Smith, EVP strategy and product development for AnchorFree."
Re: (Score:2)
Usually a captive portal is a combination of server-router-software solutions and they don't exactly come cheaply irregardless what you might've been led to believe. Its an interesting side business if you have the time and witherwhal.
Actually pfSense does that (at least most of it) for free. So does DD-WRT, I've heard.
Re:Captive Portals Do That You Know? (Score:4, Informative)
Hint, that is a word. From Merriam Webster
http://www.merriam-webster.com/dictionary/irregardless [merriam-webster.com]
"The most frequently repeated remark about it is that âoethere is no such word.â There is such a word, however."
Just because you choose to not recognize it, even though you understand perfectly what he meant by it, shows your ignorance. By the way, ain't is a word too, well a contraction at any rate.
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
Shit like this leads to "I could care less" or "I literally ..." (meaning figuratively) and other bullshit. No. Use the words correctly, and drop absolute abominations like "irregardless". Sure, you might think it's OK, but I and many like me will judge you to be likely a drooling imbecile if you do.
I literally could care less if you think I'm a drooling imbecile
Re: (Score:2)
"Shit like this leads to "I could care less"
Except that's a proper sentence and statement, you 9th grade English failure.
Re:Captive Portals Do That You Know? (Score:4, Interesting)
So you're asking him to learn how language works because he objects to people who make up contradictory words as a consequence of apparently not understanding how the language that they're using works. I don't generally have a problem with new words to explain new concepts, or even new words to explain existing concepts, but making up a new word consisting of an existing word with the same definition, preceded by a prefix that typically serves to negate the following word, that's just.. well.. dense.
Wouldn't it be easier if people just used the right words?
Re: (Score:2)
Yes, it would, but did you really have that much difficulty understanding TemplePilot's post with a nonstandard word in it?
Re: (Score:2)
No. Am you haveng truble anderstending dese werds? Probably not. Should those words go in the dictionary and be acceptable use? Probably not.
Re: (Score:3)
So you're asking him to learn how language works because he objects to people who make up contradictory words as a consequence of apparently not understanding how the language that they're using works.
Count yourself in that group that apparently doesn't understand how language works.
Languages are dynamic. New words come into being when enough people start hearing and reusing slang or phrases that have developed as part of a dialect. Sometimes a person will simply make up a word, but it'll catch on for whatever reason and become part of the official lexicon.
"Irregardless" has been in use for about a century - it's now a word in the dictionary, just like "regardless" is a (somewhat older) word in the dicti
I'm sure he agreed to this in the TOS. (Score:4, Informative)
Re:I'm sure he agreed to this in the TOS. (Score:4, Interesting)
Whether it's free Wi-Fi or paid Wi-Fi, read those Terms of Service. I'm sure this activity was disclosed in theire either explicitly or with ambiguous language. As the saying goes: Don't like it? Don't use it.
Where would you draw the line?
Adding adverts for their hotel?
Switching adverts for other hotels to theirs?
Removing negative reviews of their hotel, or changing the rating?
Removing news items supporting a political party the owners don't favour?
Adding fictitious negative news stories about a political party the owners don't favour?
In my view as soon as you start delivering content that has been changed from that the original author intended (except under complete control of the user such as adblock) then you are on dodgy ground.
Re: (Score:2)
Here here!
imho, a business would not, in good faith, offer 'free' services under the legalese shroud to actually modify and distort what a client would faithfully consider to be happening....
in other words, this is dishonest business practice, even if its in a ToS or EULA.
Re: (Score:3)
It's not really free if I pay USD200 a night at the hotel, is it?
Re: (Score:2)
I think the line is drawn at the addition of content, versus modifying or removing content from the sites you visit. It's analogous to television; produced programs don't have control of the timing or content of the ads *added* during broadcast, but they know that their show's content won't be modified or edited out (simplification, of course, since networks obviously have ultimate editing power behind their own shows).
If (when?) ISPs at any level (since the hotel in this fashion is operating as an ISP to i
Re: (Score:2)
At some point, it's not really worth the trouble. I can see the reasoning behind trying to make an extra buck off the customer, but in the end, they need the customer or nothing else matters, so anything that involves making the customer's stay an uncomfortable one is going to make them a non-customer in the future. Anytime you screw around with a webpage, you're greatly increasing the chances that the page will not display properly. It's hard enough as it is to code a page so that it works identically w
Re: (Score:2)
"Dodgy ground? They own the hotspot, they can provide whatever they want. They can replace all the images with cats if they really feel the internet would be better if all images were cat pics. The hotspot does not belong to you, you have no right to dictate its configuration. Not yours."
THE WEBSITE IS MINE AND MODIFYING ITS CONTENT WITHOUT MY EXPRESS PERMISSION AND KNOWLEDGE IS A VIOLATION OF MY COPYRIGHT.
Get your head out of your ass.
Re: (Score:2)
As the saying goes "protect yourself with awareness, but let your neighbors burn in the fire of ignorance".
'the market' isnt the answer to everything.
Re: (Score:2)
Re: (Score:2)
Whether it's free Wi-Fi or paid Wi-Fi, read those Terms of Service. I'm sure this activity was disclosed in theire [...]
Even if that lets them off the hook so far as the user is concerned, the website owner is not a party to those terms of service.
Copyright infringement? (Score:3, Interesting)
Wouldn't this be copyright infringement? The web page as you intended is your creative work, they are altering and distributing your work. I don't think you are allowed to do that.
No. (Score:2)
2. The websurfer proceeds to request pages from a remote webserver. The ISP injects ads as the customer consented.
No where in this was the remote webserver compromised or hacked. The website still loads as the content owner designed on computers accessing the website through ISPs that have not adjusted the content. Since the customer is agreeing to allow the ISP to alter his web browsing
Re: (Score:2)
Re: (Score:2)
So, I can make a TOS that you agree to which allows me to violate the copyright of CNN.com and send that to you?
Re: (Score:2)
By inserting the ads without telling the site owner (and obtaining approval) the ISP is creating an copyright-infringing derivative work.
Re: (Score:2)
Wouldn't this be copyright infringement? The web page as you intended is your creative work, they are altering and distributing your work. I don't think you are allowed to do that.
I don't think so. Alteration by itself is not infringement. Redistribution by itself is infringement. So take the derivative work part out of the equation and you have what every caching proxy in the world does and that does not appear to be considered infringement.
Re: (Score:3)
Great idea (Score:3)
I think this is a business model in use (Score:3)
I can't tell if you are joking or being sarcastic here. I'm pretty sure that you have just described a business model in actual use. It seemed to be promoted by Meraki as a way to make money with their wireless boxes.
I also believe that there was a dispute some years ago regarding television broadcasts inserting advertisements as if they were posted on the fences at baseball stadiums.
I would greatly appreciate reliable pointers that anyone could provide to these behaviors. I will try to find some later. For
Re: (Score:2)
It's a copyright violation. (Score:5, Insightful)
IANAL, and I don't play one on TV, but it seems pretty clearly a violation of a web site's copyright to do this. A web page
is a visual work, and at least for any country that is party to the Bern Convention (this includes the US and most or all of Europe),
a page is copyright even if it doesn't say so. So for the hotel or ISP to modify the page, especially when it is being paid to do so,
seems a clear violation. Some web site should make a big stink (lawsuit!) about this and put an end to the practice. I think it wouldn't
be a difficult case to win, particularly with all the other copyright enforcement actions going on (MPAA, etc.).
I wonder if a similar case can be made for organizations like health clubs that show TV programs at the wrong aspect ratio, making
people look as if they're 20% fatter (wider) than they actually are...
Re: (Score:3)
Actually I think you'd use an MPAA case as a precedent. Wasn't there a case from the MPAA against a company that was creating a side editing track to cut out the bad(good) parts of a movie to reduce it from R to PG-13?
those clever bastards! (Score:2)
Re: (Score:2)
Inject ads for porn sites. That'll get some attention.
VPN (Score:4, Insightful)
Re: (Score:3)
Re: (Score:2)
So set up an encrypted tunnel to your home machine and set it up so you can browse the web through the tunnel as if you were at home. Slower perhaps, but worth it. If they are injecting stuff, then what else are they doing? Looking at your traffic?
FireFox + QuickProxy [mozilla.org] FTW!
I use that combo when traveling. You just have to set up a machine at home to accept a ssh tunnel.
Not exactly news (Score:2)
Having said that, as a consumer, I wouldn't care if someone providing free WiFi inserted ads to offset the cost of providing bandwidth as long as the ads weren't too egregious. If you are providing a service that I value for free, then I don't care if you throw a few ads up to generate some revenue to
HTML modification going on since 2007 or earlier (Score:4, Interesting)
In November 2007, I bought a wireless box from Meraki (http://www.meraki.com/). I intended to use it to provide a free wireless hotspot for my neighborhood, and to be ready to peer with any neighbor who chose to work on the grassroots network. These were primarily symbolic acts, since neither service is likely to get much use in my neighborhood.
In most respects, the Meraki box appeared to do a good job of exactly what I wanted. But I noticed a little blank stripe at the top of Web pages. I found that Meraki hacked HTTP packets to add that stripe. As owner, I was able to set the contents of the stripe (e.g., to advertise myself as the provider of the free hotspot, or to ask for payment if it's not free). But, I was not able to eliminate the stripe. I called support, and they confirmed that the stripe is not optional, but its contents are owner controlled. I sent the box back for a refund. I understand why Meraki provided the feature (I don't like it, but I understand). I don't understand why they made it impossible to turn it off. They were very good about delivery, support, and refund in all other respects.
I think that Open Mesh (http://www.open-mesh.com/) provides something like the Meraki box, but cheaper and transparent to all Internet traffice. I have not tried their products yet.
For the time being, I just leave my Tomato (http://www.polarcloud.com/tomato) box unprotected, and I think that people occasionally park in front of my house to use the network. But there's no chance of peering to help avoid the last-mile bottleneck.
Re: (Score:2)
people occasionally park in front of my house to use the network
Or they are casing the house, as since you are 'above' the average end user out there they know you have some electronics in there they might want to steal..
Re: (Score:2)
Two quick things:
- Thanks for the Open Mesh link, I hadn't heard of it before and I'll definitely check it out.
- I'd be wary about running an open AP for the purposes of distributing a connection to your neighborhood; you may be violating your own ISP's terms of service (although not ethically an issue to me), and, far worse, you may open yourself up to people attempting to do illegal/unethical things, something that could fall back to you.
To me, access to my wireless AP should be treated like my own home
Open AP is politeness for me (Score:2)
Thanks for the advice, but I studied the issue quite a bit, and read the careful insights from Bruce Schneier (http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html), and I decided that I don't want to treat any portion of the world-connected IP network as my personal domain. I carefully chose an ISP (Speakeasy) who allows, and even caters to, sharing.
I have no interest in convincing you to take my attitude. But you should be aware that it isn't necessarily a matter of naivety.
Never seen before? (Score:3)
I guess this speaks to inexperience of the web developer. It was not long ago that ISPs were trying to do this. It was not that long ago that web developers put third content within a frame along with ads that generated personal revenue. AFAIR, this idea of pushing personal ads over third party content is as old as the mass advertising on the web. And I know some ISPs specifically did this.
This is a negative practice. It is one of the primary reason used to justify web blockers. While one might trust the website, there are many ways to inject other ads and content into a web page. As such, it is best, from a security perspective, not to load ads.
Re: (Score:3)
And I know some ISPs specifically did this.
So, would this work? (I realize that it might make "page delivery" take twice as long; although, I just made it better, here it is.)
After the page completes, have a JavaScript routine that runs which calculates the page's MD5 sum (or similar) and sends it back to the server. The server can then determine whether what it sent is what the user saw.
This of course might also be a way for the server to violate ad blockers. If it didn't match, then the server could negotiate with the client as to which parts o
Remember free Dial-Up Providers from the 1990s? (Score:3)
I'm sure these frames and banner ads "violated" the design of websites that were browsed by these users, but since the websites themselves were not hacked or damaged and displayed correctly on the computer screen of those not using ad-managed ISPs/web browsers, there is probably not a tangible copyright issue.
Hotel Wi-Fi is just the modern version of this same model, albeit without using software or requiring ad clicks.
Re: (Score:2)
In the 1990s, there used to be tons of free dial-up ISP providers that gave you free access so long as you agreed to surf the web through their branded version of Internet Explorer that framed websites in ads. Some providers required you to click the ads so many times within a certain interval of time or get disconnected.
I'm sure these frames and banner ads "violated" the design of websites that were browsed by these users,
No, because the ads were in a frame around the webpage. It's not any different than having two browser windows open on your desktop where a few inches of a background window is visible below/beside the frontmost window.
Hotel Wi-Fi is just the modern version of this same model, albeit without using software or requiring ad clicks.
Except the ads are being added in a way where the viewer cannot distinguish what is an original part of the page with what has been added by the service provider. What if a site dealt with a certain political viewpoint or sensitive topic and the ads being added were in a contrary viewpoint or
Nothing is free (Score:2)
They have to pay the bills somehow. A bigger deal would be if they were removing others ads..
Don't like ads, don't use their service or block them.
"Web Engineer?" (Score:3)
Justin Watt, a Web engineer, was browsing the Web in his room at the Courtyard Marriott
C'mon editors - "Web Engineer?" What the hell does that mean? It's amazing how engineers allow their title to be attached to every job under the sun these days. You certainly don't hear about 'Web Laywers' or 'Web Dentists.'
Re:"Web Engineer?" (Score:4, Informative)
I fail to see the problem here
From http://en.wikipedia.org/wiki/Engineer [wikipedia.org]
In the US and Canada, engineering is defined as a regulated profession whose practice and practitioners are licensed and governed by law.
Goose and Gander (Score:2)
Re: (Score:2, Funny)
Obviously posting with the complimentary Hotel wifi.
Re:Insert this: (Score:4, Funny)
Contrary to popular belief, a recent study has found that, 'First,' actually comes before second, and is generally regarded as something that should not be mistaken with second.
Remember, One comes before Two comes before 60 comes after 12 comes before Six Trillion comes after 504.
Re: (Score:2)
What about the resort fee that is forced and has the internet as part of it.