Comcast has begun serving Comcast ads to devices connected to one of its 3.5 million publicly accessible Wi-Fi hotspots across the US. Comcast’s decision to inject data into websites raises security concerns and arguably cuts to the core of the ongoing net neutrality debate.
A Comcast spokesman told Ars the program began months ago. One facet of it is designed to alert consumers that they are connected to Comcast’s Xfinity service. Other ads remind Web surfers to download Xfinity apps, Comcast spokesman Charlie Douglas told Ars in telephone interviews.
The advertisements may appear about every seven minutes or so, he said, and they last for just seconds before trailing away. Douglas said the advertising campaign only applies to Xfinity’s publicly available Wi-Fi hot spots that dot the landscape. Comcast customers connected to their own Xfinity Wi-Fi routers when they’re at home are not affected, he said.
“We think it’s a courtesy, and it helps address some concerns that people might not be absolutely sure they’re on a hotspot from Comcast,” Douglas said.
The Comcast advertising campaign came to Ars’ attention after Ryan Singel, the co-founder of startup Contextly, was reading Mediagazer at a café in the North Beach neighborhood of San Francisco on Labor Day.
A small red advertisement saying “XFINITY WiFi Peppy” scooted across the bottom of the Mediagazer page and disappeared into the ether. It happened a few times, he said. Singel took screen shots of the advertisement loading and as it appeared on his screen. He captured some code, too.
A Comcast served house ad.
Singel’s suspicions were correct that Mediagazer didn’t place the ad there, and Mediagazer is none too happy about it. “Indeed, they were not ours,” Gabe Rivera, who runs Mediagazer and Techmeme, said in an e-mail. In another e-mail, he said, “someone else is inserting them in a sneaky way.”
Comcast’s Douglas says Comcast has nothing nefarious up its sleeve. What’s more, Comcast has multiple layers of security “based on industry best practices” to keep out hackers wanting to exploit the Xfinity network, he said.
One way to prevent this from happening, he said, is for websites to encrypt and serve over HTTPS. But many sites do not do that.