Spectator

WiFi Passpoint injects ads, please stop it.

I pay for TWC Extreme internet at home. $60/month. When I connect to a "secure, encrypted" Passpoint WiFi hotspot I'm seeing ads over the top of my pages that clearly are yours. You are compiling a profile on me by reading my http traffic and rewriting the pages I view to inject your own ads over the top. This happens on Apple.com, Google.com and other obvious places.

 

Are you doing this with my encrypted sessions too? My home Internet?

 

It it even worth the couple of extra pennies? I would never click on such an ad! Or are you just selling my profile?

 

AT&T, and Comcast (Xfinity) have been caught doing this. Now it's your turn. Reading all of your customers traffic and compiling a profile is bad enough, but rewriting the javascript query is foul ball. That breaks pages and is really just tampering.

 

You don't even disclose that your service is ad supported! I assume my $60/month is how you get paid.

 

https://www.techdirt.com/articles/20140908/07191228453/comcast-using-packet-injection-to-push-its-ow...

http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/

http://www.dslreports.com/forum/r28179073-Wi-Fi-Messages-injected-into-web-pages-over-Xfinity-WiFi-H...

 

Your refusal to stay merely a pipe and insert yourselves in everyone's web traffic is why everyone is crying for net neutrality. Hope it was worth a few bucks.

 

13 REPLIES
Expert

Re: WiFi Passpoint injects ads, please stop it.

Are you sure you're on a real TWC passpoint site? It takes nothing to create a fake one and steal your identity.

 Wifi 101...

 

Helper

Re: WiFi Passpoint injects ads, please stop it.

agree with MsR, are you sure you are not connecting to just any old open wifi?
Spectator

Re: WiFi Passpoint injects ads, please stop it.

You think that someone set up a hotspot to msquerade as TWC to inject TWC ads into my web pages? Probably they would just be stealing as much info as they could and remaining silent about it wouldn't you say? Right now I'm spreading the news which isn't what the bad actors would want.

 

This is an "Evil Twin Attack" you are postulating.

https://en.wikipedia.org/wiki/Evil_twin_%28wireless_networks%29

 

This hotspot was named identically as "TWCWiFi-Passpoint", and had WPA2 Enterprise encryption. It wasn't an open hotspot or even encrypted a different way, say as WPA2 Personal. It is important to note that to connect to this access point I did not have to re-enter my credentials. This means the rogue access point was able to spoof the TWC RADIUS servers as well, which authenticates in both directions.

 

 

Try it with a spare WiFi router, name the SSID to "TWCWiFi-Passpoint", and set up different (or no) encryption and try to connect to it. You'll see that you get an error message that the type of encryption has changed at the very least.

 

 

TWC should contact me and I will give the exact location of these sophisticated hackers.

 

The most likely scenario is that TWC is doing what many other ISP's have been caught doing, including AT&T, and adding a CSS and an advertisement to my http web page requests. In addition to compiling a profile to sell and to target those ads.

 

 

Expert

Re: WiFi Passpoint injects ads, please stop it.

If they are only TWC ads and at a listed TWC location, and credentials are good, you're correct and yes that stinks. 

However, don't underestimate hackers, We have people openning up gas pumps and ATM's and installing skimmers...

 

Does TWC have any open hotspots? I could see those having intercept ads on them.

 

Spectator

Re: WiFi Passpoint injects ads, please stop it.

They do have other hotspots (without the "Passpoint" part that, after you connect, use a website capture page for inputting your credentials. It says you are the "Resident Wiz" under your name. Are you an agent of TWC? I think you would know about the different kinds of hot spots.

 

And I think that that kind of open hot spot is tremendously unsafe for the reason you said: anyone can set one up with the same name and generate a convincing log in page and take your credentials.

 

The intercept ads are coming from TWC, it is clear now. They are following in the footsteps of the other cable providers and ISP's, some of whom reverse their policy after negative press. Sadly, I'm moving to using the Tor privacy browser, https sites, and watching for and calling out shady behavior such as this.

 

I see no disclosure from TWC anywhere. I see no opt-out. I *pay* for this connection, it should not be ad supported. It also calls into question the possibility that they are doing this on my home connection as well. I am disgusted and finding it hard to trust them.

 

If any representative of TWC is reading this I'd sure like to know if this is a malware hack (unlikely) or if there is a link to somewhere TWC talks about to doing this (also unlikely) with the ability to opt out of the data collection.

Expert

Re: WiFi Passpoint injects ads, please stop it.

You should be able to block some of that in your browsers security settings.

And no, I don't work for them.

As for the hot spots vs, passpoints, the latter is authenticated in a  cookie as far as I know.

 Don't underestimate hackers.

 

Lead Moderator

Re: WiFi Passpoint injects ads, please stop it.

pvt_paz  we would be happy to look into this further.

 

If you will please contact us by clicking this link, we can get started.

 

Please include as much information as possible, including your account number and your 

best contact number for our specialists to contact you with.

 

Thank you for participating in the Forums.
Have a good rest of the day!


Regards,
Julia R.
TWC-Social Media Customer Care
Moderator - TWC Community Forums

Spectator

Re: WiFi Passpoint injects ads, please stop it.

I saw and responded to your link but I would like this discussion to stay public if it confirms my suspicion that TWC is modifying web pages in transit. A simple denial, or link to a privacy page discussing this practice, would be sufficient.

 

Maybe a place to opt-out of this practice?

 

I'm exposing a nasty situation here, in public. One that is becoming more common with public ISP hotspots.

Spectrum Employee

Re: WiFi Passpoint injects ads, please stop it.

We are not aware of any such practices.  However, if you are experiencing this issue on one or multiple legitimate TWC WiFi Hotspots, we suggest reaching our dedicated WiFi hotspot support department to report any issues you are experiencing with our hotspots.  That department can be reached at 888-851-9350.

 

Thank you for your participation in the Forums!

Regards,
Jeremiah S.
TWC-Social Media Customer Care
Moderator - TWC Community Forums

Check out the community guidelines here