Comcast WiFi is Injecting JavaScript to Serve Ads

TwitterGoogle+FacebookLinkedInPinterestTumblrStumbleUponRedditShare This

Alvin Bryan

Alvin Bryan is a freelance writer and online privacy enthusiast enthusiast currently contributing quality tips and troubleshooting on personal VPN services, and online privacy and security news. You can also find him on Google +.

Comcast WiFi JavaScriptBack in June, Comcast was criticized for leveraging home WiFi for their public WiFi project. Now they are taking heat again for dangerous Xfinity ad practices. Comcast calls their ads “alerts” and “reminders”. But this does not detract from the fact that they can be dangerous. Comcast WiFi has three and a half million public hotspots all over the country. The Xfinity hotspot ads could assure users that they are connected to Comcast WiFi and not a clone. But injecting JavaScript is a very unsafe and sneaky way of doing it.

Suspicious Comcast WiFi Ads

First of all, Comcast doesn’t need to use JavaScript to tell users that they are on Xfinity WiFi. Many WiFi users are aware of the dangers of fake WiFi hotspots. A simple Xfinity home screen or message to check for genuine Comcast WiFi would suffice. Yet the company defends its practice, calling it a courtesy to Comcast WiFi users. The company says that it started the ad campaign months ago to advise users that they are on Comcast WiFi and to serve as reminders to get the Xfinity apps. The ads show up on a variety of websites every 7 minutes on average, across the 3.5 million available Comcast WiFi hotspots.

Comcast WiFi AdThe injected JavaScript on Comcast WiFi is offensive to website administrators, exemplifies concerns about disregarding net neutrality, and can be very dangerous for Comcast WiFi users. Websites are not aware that Comcast is injecting these Xfinity ads into data packets being returned by servers. JavaScript can break website code and damage secure websites, creating vulnerabilities that hackers can exploit. Anyone still on the fence at this point about net neutrality issues should get off. If the FCC is pushed to strictly regulate Comcast WiFi under Title II of the Telecommunications Act, the company would not be able to carelessly inject JavaScript ads that put websites and subscribers in danger. Comcast, serving over 22 million people, must be held to a higher standard of responsibility to ensure subscriber security. They should not be allowed to inject code or alter packets in any way. They are tasked solely with delivering content and not interfering with it. Net neutrality demands that they observe this.

The only reason Internet users would want to be sure they are on a Comcast WiFi hotspot is for better security. Now with JavaScript being so notoriously dangerous, no Internet user would want unnecessary JavaScript injected into their data streams. JavaScript can intercept and redirect user data and manipulate cookie authentication. Comcast says that they are not doing anything wicked. But why use code that can be exploited by hackers in the first place? JavaScript has already been discovered on web pages that should not have it. JavaScript interacts with web pages and can cause security holes by itself or as a result of its contact with website code.

4 thoughts on “Comcast WiFi is Injecting JavaScript to Serve Ads

  1. Pingback: eBay JavaScript Attack Puts Users at Risk | VPN Express

  2. Whoa. Ok Im never using Xfinity again. It really sucks that they have poor service and now we are exposed to malware because of them? Damn.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>