Comcast using JavaScript to inject advertising from Wi-Fi hotspots

Comcast has begun injecting adverts onto the computers of users who sign up for its public Wi-Fi network, although the company prefers to use the term "watermark" to describe its efforts.

The ISP operates over 3.5 million Wi-Fi hotspots around the USA and people who sign up for home or work internet can choose to add them into their contract to get access when outside their buildings. When they take up the WiFi option, Comcast adds short pop-up messages to the data flow.

"The point of the watermarking system is that it gives the user a little alert that just says 'Welcome to Comcast Xfinity," Comcast spokesman Charlie Douglas told The Register.

He explained that the adverts last for a maximum of three seconds before disappearing and reassuring customers that they are using an official Comcast hotspot, although they can also advise them of apps that can be downloaded.

The ad injection system was created by a third-party provider, Front Page, which calls the system a "powerful location experience." The firm sells the system to retail stores, transit terminals and sporting venues as a way of getting advertising directly onto punters' computers.

Adverts are injected into the data stream using JavaScript from Comcast's hotspots. When we asked about the security aspects Douglas said that Front Page has its injection system regularly audited to make sure it can't be hijacked for nefarious purposes.

This may be so, but as any visitor to the Defcon hacking conference will tell you there's nothing on this earth that can't be hacked if someone is willing to put in the time and effort. Comcast may bill this watermarking system as a handy information feature, but El Reg is willing to bet that someone out there is working on using it for intrusive purposes. ®