ISP Caught Injecting Advertising Content Into Web Pages

 

Kat Cosgrove

Kat Cosgrove – RBS Director of Marketing

Last week, ArsTechnica posted this article. An ISP called CMA Communications, providing services in rural areas of a couple of Southern states, is participating in some seriously shady advertising tactics: injecting ads into websites without the owner’s permission or knowledge by adding a line of Javascript to the HTML of each website as it loads.

This is also done without the user’s permission or knowledge – it’s essentially the equivalent of adware, without installing anything on your machine. This is technology that could potentially be used for more nefarious activities, and it’s exactly the sort of thing your ISP would use to filter out content they don’t want you to see.

I wish I could say this is a joke, but unfortunately, it’s not. CMA Communications has entered into business with R66T (pronounced Root 66), who describe themselves as “one of the nation’s leading publishers of targeted content, information and advertising to private Wi-Fi and High-Speed Internet Access (HSIA) networks, conducting tens of millions of individual user sessions—approaching one-billion user-minutes per month.” R66T’s primary customers are private Wi-Fi networks, like hotels and airports, providing free Internet access funded by targeted advertisements.

That’s all fine and dandy, but why are these ads showing up for people who are actually paying for Internet access in their own homes? Apparently, R66T also partners with ISPs. Their privacy policy states that “this greatly enhances each user’s online activity by providing an enhanced Internet services experience with advertisement overlays.” Presumably to avoid legal action, CMA has altered their Terms of Service to include the following blurb, effective immediately:

  1. SERVICES THE SERVICES CONSIST OF, AMONG OTHER THINGS, A HTML SCRIPT CREATED AND DISTRIBUTED BY R66T FOR USE BY THE GUESTS OF CMA. IN EXCHANGE FOR RECEIVING INTERNET SERVICES, USERS OF THE SERVICES WILL BE SHOWN ADVERTISEMENT OVERLAYS ON SELECTED WEBSITES. THESE ADVERTISEMENTS AND ASSOCIATED GRAPHICS ARE NOT IN ANY WAY ASSOCIATED WITH THE UNDERLYING SELECTED WEBSITES. CMA HAS ENTERED INTO A CONTRACT WITH R66T TO PROVIDE THE SERVICES.

Remember, this is the Terms of Service for a residential ISP. These users are already paying for internet access. We’re not talking about the free Wi-Fi at the local coffee shop around the corner.


I have a problem with this in more than one way. Foremost, I’m in the business of data security, and this has all the ingredients to make a massive security breach. Second to that, I work in marketing. These ad overlays are showing up not only on sites like Google, Bing, and Apple, but also on sites like HuffingtonPost – sites already part of paid advertising networks.

Your corporate website is nothing but one very large, detailed advertisement for your product or service, and this ISP is being paid to advertise other products on top of your content, without your permission. If you pay to place ads for your product on other sites, this ISP is being paid to overlay the ad you paid for with ads for another, unrelated product, without your permission. That is pretty upsetting.

Not being a lawyer myself, I can’t comment on the legality of what CMA Communications (and R66T) has done here, or what options their customers have. With any luck, Google et al will decide to throw their weight around to ensure that it stops before some enterprising hacker decides this looks like a good opportunity to do some damage.

For updates and the original story, including screenshots of the offending ads, check out Zachary Henkel’s blog.

 

Kat Cosgrove is Director of Marketing at RBS. She enjoys good craft beer and bad horror movies. Contact her at kat@remote-backup.com

 

About The Author

Avatar
Rob Cosgrove / http://remote-backup.com

Rob Cosgrove is President of Remote Backup Systems, developers of the fully brandable RBackup Online Backup software platform, powering more than 9,500 Service Providers, MSPs and VARs wordwide since 1987. He is the founder of the Online Backup industry and author of several books, the most recent, "The Online Backup Guide for Service Providers", available at Amazon.com and bookstores. http://remote-backup.com