So I’m checking my blog on the hotel wifi, like ya do, and I notice something a little off with the style. There’s a dark colored bar at the top of the page that shouldn’t be there. That’s funny. Maybe a recent Firefox update changed how they treat CSS?
<head> tag (reformatted here for readability):
<body> tag (also reformatted):
sshed into my webhost, and did an
svn diff on my WordPress core files. No changes. Hmm, maybe someone mucked with my custom theme files (which are not under version control)? Nope, no dice, everything appeared kosher. It occurred to me to
wget my blog while I was
But the question remains, did the hotel’s wifi access point get hacked, or is something more nefarious at work? Is it possible that the hotel’s internet service provider is doing this on purpose? Could it be that the Courtyard Marriott in Times Square is actually aware of and condoning this type of bad behavior?
In any case, who the heck do I report something like this to?
Sorry, “RGnets RXG Injection Advertising Demo” was deleted at 10:17:28 Fri Apr 6, 2012. We have no more information about it on our mainframe or elsewhere.
Good thing RG Nets still has the video up on their own site! And thanks to The Verge, there’s now a copy of the video up on YouTube that I can embed for your viewing pleasure:
Demo of RGnets RXG Injection Advertising
Here’s a transcript of the video’s hypnotic, robotic voice-over:
The video demonstrates the HTML payload rewriting feature of the RG Nets Revenue eXtraction Gateway. The web browser that you are looking at is that of an end user that is connected to the internet through an RG Nets Revenue eXtraction Gateway. The end user is running stock IE7 without any special plugins or installations. All rewriting is done on the fly in the RXG. The RXG is configured to rewrite all transit webpages to include a banner advertisement for a BMW S1000RR motorcycle. The S1000RR banner can be positioned at the top, bottom, left, or right side of webpages. In addition, the banner may be rotated with other banners to simultaneously support multiple advertising campaigns. Of course the banners may also be linked to any website desired. As you can see the pervasive nature of the advertising banner on all webpages guarantees banner advertising impressions. The RG Nets RXG HTML payload rewriting feature is a tremendously powerful tool, with a broad spectrum of applications for internet marketing programs.
- Hacker News
- TechCrunch (twice!)
- The New York Times’ Bits Blog (twice!)
- The Verge (twice!)
- The Huffington Post’s Gadling Blog (twice!)
- heise online
- Boing Boing
(though they didn’t link to my post!)
As soon as we learned of the situation, we launched an investigation into the matter. Preliminary findings revealed that, unbeknownst to the hotel, the Internet service provider (ISP) was utilizing functionality that allowed advertising to be pushed to the end user. The ISP has assured the hotel that this functionality has now been disabled.
While this is a common marketing practice with many Internet service providers, Marriott does not condone this practice. At no time was data security ever at risk.”
Which means that the optimal solution to this snafu wasn’t simply that “we’ve disabled the functionality”—it has to be “we’ve removed/replaced the offensive hardware”. Nothing less is sufficient. Otherwise, what’s to stop someone from accidentally (or otherwise) re-enabling it later?
Report it first to the Courtyard Marriott’s tech people. If you have difficulty reaching a knowledgable person there, start talking about it on their yelp page and/or twitter. Sometimes negative press is necessary to spur action.
Either this is an intentional revenue generator by the hotel/wifi provider, or more likely, their access point is hacked. It’s also possible that neither of these things is true and you’ve connected to a rogue network set up to mimic official hotel wifi.
Also, have you tried browsing in recent versions of Chrome? There are recent security measures intended to check for certain kinds of SSL-related man-in-the-middle attacks, e.g. http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
It’s kind of tangential and unlikely your certs are being altered, but worth a check.
And finally (really here) a video explanation of the code injection you’re seeing:
And a reference citing that it isn’t unheard of for hotels to inflict this on you:
I’ve seen it before myself, but it’s been a while.
Chrome (Chromium) is affected the same as Firefox.
Also, where in these United States is a Courtyard Marriott $368 a night? (So I can avoid going there)
Classic Justinsomnia post! Internet detective. And great find back to rXg, Danny. The Vimeo poster (where did he get that voiceover?!) links back to: http://www.wlanmall.com/ , heh.
I’ve seen something similar years ago at “free” airport wifi but with an iframe from the gateway that stays persistent with ads, while browsing.
Jackie: NYC, Times Square (and that’s pre-tax).
Hrm, I wonder if you were sue happy if you could use them for false advertising. Is it still internet when you violate end-to-end?
Nick, I definitely feel strongly that this is very bad behavior, but for some reason I feel like bringing attention to the issue and shaming Marriott into changing their policy is far more rewarding than figuring out some pretense to sue them.
My experience with wifi on Southwest Airlines is that they do something very similar. I’ve see this in other hotels in the US as well.
So, this is what you have been up to since you left, schmoozing in fancy hotels!!
I’ve contacted the Marriott and they’re interested in looking into the matter. They’re going to reach out for details.
So you’re using a network that you don’t control and you aren’t using a VPN? NAUGHTY!
Conrad, the wifi was free, however the hotel room was not inexpensive. I saved a copy of the wifi terms of sure, read the whole thing, there’s nothing that comes even close to “we reserve the right to modify the HTML you request en route.”
Ken S, sounds cool. I also reached out (found an email address for to Marriott Corporate Business Ethics group), but like I said, this is the type of issue normal channels of customer support are not set up to handle.
Chris Wilkinson, I have to admit, I’m relatively VPN-ignorant. I tend to associate VPN use with big corporations. Are there inexpensive VPN solutions available for private citizens?
Please keep us informed about this. I think its abhorrent.
Justin: I would recommend privatvpn.se, they have hosts in multiple countries.
Although I am curious if VPN even would work. I feel they might block traffic to force you to view their ads.
i’ve used hotel wifi in New York City that has detected websites as i browsed them, and has done redirects to quasi-lookalike sites, or sites with a similar theme. Presumably, the ad revenue racked up on these sites that i was redirected to is split with the hotel using the service. Dirty … especially since i was paying for the wifi acces.
Sounds like a good use case for lynx.
A VPN would work fine, because they will be using encryption, which can’t be snooped on or altered.
I would never use a hotel network, especially a wifi network, without a VPN. Not only could anyone else be packet-sniffing/injecting, clearly the network provider itself was inspecting your http requests and adding in js that you didn’t want. Sure there is the Https Everywhere Addon for Firefox but that doesn’t help you on non-https sites. There are many VPN services out there. I recommend using one on any network that you do not know the intimate details of.
So… What you’re saying is that the ISP was distributing a unlicensed derivative work of every web page you visited?
Justin, I use the “Ultimate” service from http://www.acevpn.com and it’s exactly what you should be using. They provide multiple servers in different locations. The service is through OpenVPN so you can connect easily from Mac, Windows and Linux. Looks like you’re running Ubuntu??
Let me also recommend the Ghostery Addon for Firefox/Chrome which can block cookies as well as 3rd party tracking beacons as well as those 1 pixel trackers by site/url if needed. When you see how all of these sites track you on the Internet, it’s staggering. I block as many as I can without totally degrading my Internet experience.
Mozilla’s Collusion addon provides a graphic visualization of the trackers in real-time.
(Full disclosure, I work for Mozilla but not on Collusion.)
Pete and Chris Wilkinson, thanks for the VPN info. I’ll take a closer look. Yes, I’m using Ubuntu Natty.
Gen Kanai, thanks for the comments. Ghostery has come up on several occasions lately. I’ll have to check out Collusion as well.
I’ve posted this to MetaFilter.
Good post, thank you Justin, very useful.
I am a co-founder at a startup that does advertising on WiFi networks. We only run advertising before you connect (when you are in a captive portal), without the use of proxying.
The ones that resort to proxied ad injection do so because hotel IT is a thin-margin business. WiFi is considered a cost center but is tolerated because it is the number one amenity requested by guests. Operators will sometimes offer a discounted service fee to the hotel GM in exchange for mid-stream ads, although, in this case, it is just as likely that the hotel GM is unaware of this. It is almost absolutely certain that Marriott is unaware of this. Even if they were made aware, the power balance between the brand and the franchisee is not clearly defined with regards to WiFi.
As much as I dislike ad injection, it is important to note that public WiFi is never safe unless you are using a VPN. It is offered as an amenity, one that GMs would be more than happy to get rid of if they could. Unlike with your broadband ISP, you have logged into a privately operated network. You are probably not paying for it. You are subject to their rules. Furthermore, when you signed onto the WiFi network, you most likely had to check a checkbox indicating your agreement to the terms of their network (which no one ever reads). As such, caveat emptor, etc.
I’ve added the following filter..
Lemme know if that helps with those adverts :)
Turn on SSL =)
I’ll bet if you find an amazon link somewhere you will find it contains a fresh affiliate id attached to this RG Nets company
And this is why you always tunnel your entire computer’s traffic through a VPN or SSH tunnel. Sidestep is great on the MAC, OpenVPN is great on Windows.
Henry L, I appreciate your response, and I understand where you’re coming from, though I think you’re being defensive. Just so you know where I’m coming from, I’m not opposed to online advertising. I spent 4 years working for Federated Media, which placed generally high-CPM advertising on blogs.
So it doesn’t matter if hotel IT has thin margins (or zero-margins) or a major hotel brand uses hundreds of WiFi operators. Being unaware of what is going on in your business is no excuse. Marriott has substantial documentation online about their corporate responsibility and business values. I have no doubt that this is an isolated mistake or an oversight or a very bad decision, but I have no misgivings for calling them out on it.
I would add that calling public wifi “never safe” is also no excuse. Sure, many corporate business guests will use VPN for access to sensitive systems/data, but very few average people know about VPNs, and frankly they shouldn’t have to for non-sensitive, non-HTTPS web browsing at what is effectively a tourist hotel in Times Square. You should be able to read the news or check your blogs or watch a YouTube video without your hotel running craptastic regular expressions over your HTML. End of story.
Go fanboy go! ! Flight fire witth fire! If you have not used the ad blocker filter list from fanboy yet, it’s time to try it.
Justin, I didn’t mean to come across as defensive. I have no reason to be since my company does not engage in this type of advertising. I also don’t condone this. I stand by my comment because I want to bring another perspective to this article.
“WiFi is considered a cost center”
So are washing towels and changing bed sheets, yet in a $300+ room one would expect these services to be included.
And these services alone cost several times what WiFi access costs. Talk about “cost centers”.
Yup, I’ve seen a version of this sort of thing when using wi-fi at the Imperial Palace in Las Vegas. Noticed similar items as did you, though in my case it was more than an additional odd line…it was an entire in-window toolbar, which of course seemed to cripple both Chrome and Safari.
A little digging revealed it was the “r66t bar” supplied by http://www.r66t.com/. Same sort of thing; ad injection and tracking. To add further insult to injury, I was actually paying $20/day for this luxurious internet service; it wasn’t even free with the room.
In my simpleton’s view of life…if a company, be it the hotel or the wifi provider, can’t do business in a clear and up-front manner…there’s usually a reason for it.
This is a really interesting Blog post – Nice job.
I’m a gold Marriott member, and I recently stayed in a (Marriott) SpringHill Suites in CO Springs, where they had tiered IBAHN internet service – around 350K was free, and it was $10/day for higher. The free speed was basically unusable except for what it was advertised at “checking email, casual surfing” – even picking airplane seats for check-in was unbelievably slow. I didn’t pay for the upgrade, but will in the future – if I can’t find a hotel with free (fast) internet.
Yes, changing HTML is even worse, obviously hotels and their providers are getting wise to using HS internet to get more money out of us. I do fully expect that demand is rapidly outstripping the hardware they have for room connectivity – how many of us have more than 1-2-3 internet devices now? And Netflix is a human right?
That and your blog post is my excuse to finally get my company to pay for internet tethering.
I am going to squalk at the dumb tiered service to Marriott corporate, and I’ll keep my eyes open for RXG.
They will probably also find out that the account was payed with a stolen credit card and report that … further up the chain.
Thanks for reporting this.
If its free, then one usually has to go with whatever hotel provides (including ads); unless consumers can demand better ad-free service or find another hotel chain who has not yet started exploiting generating revenue through internet ads (or saving on cost …whatever). And as usual hotel guests would be accepting the lengthy internet agreements.
So this might fall into gray area.
Speaking about ethics, if its not illegal then there is nothing ethical or unethical. Everything is treated as legal or illegal, and then there is customers business which can be leveraged to get what one wants (I will take my business to someone else if you are not changing your xyz service).
Either we consumers show supplier (hotels) that customer is the king and get consumers demands met or we just have to live with it.
And finally a very bad service, if the customer pays for internet service and is still getting same ad enabled internet service like customers with free internet.
I fall in the category of free internet user, if its not free I am not paying it (dont want to give you internet revenue, either have it built in room cost or make it complimentary). And if its not free, I just take a break from internet (anyways hotels are meant to be for resting, but alas we take our work everywhere and we love the internet so much that not having is like …. :)
And its just a discussion and random thoughts
Just wanted to give you props for pointing this stuff out — casual users like me, lacking the knowledge to investigate this sort of trickery (but savvy enough to want it gone), rely on people like you as a kind of consumer advocate. So thank you!
If you can SSH through the WiFi, why not set up a SOCKS5 proxy through your server, and browse/email through the proxy? I would :D
Michael, is it just me, or does R66T connote “root” as in “being rooted” more than Route 66?
Perry, thanks. The funny thing is that in my case, the wifi was complimentary, there was nothing mentioned in the end user agreement about ad injection, and there was no option to upgrade or pay for faster/better/ad-free service.
Adrian, if you or anyone has suggestions about how to contact Microsoft about this let me know.
Mike, I pretty much disagree with your entire comment. Just because an addon service is “free” (nothing is free, the room was not free), does not mean it has to be adulterated. Just because a computer might be insecure to man-in-the-middle attacks does not make hacking legal. (If I leave my door unlocked, does that make it legal for you to steal my stuff?) There is a whole world of legal actions that are unethical: case in point all the political ethics violations we read about in the news. Ethics are about rightness and wrongness. Legality is about whether something is restricted by law.
Nick, you’re welcome. I’m surprised how much this has attracted popular attention. I should have known: internet users don’t like their internet being adulterated.
inactivist, I was sshing into my webhost’s shared server. Not sure I could set up a SOCKS5 proxy in that case. I’m a fairly technical user, but this episode has convinced me that there’s a market need for a VPN/proxy solution for average users.
Answer: leech nearby WiFi or, better, tether your phone. Chances are you’d have no fun at all trying to establish VPN connectivity behind various different hotel firewalls and proxies….
Sounds like a good reason to run a secure (ssl) proxy server at your home and use that from the hotel. Presumably that would be safe.
Out of curiosity, did you try this with the NoScript Firefox plugin? I suppose it wouldn’t stop the injection, but it would stop scripts from doing things that break YouTube, etc. I like NoScript because it is really easy to permit or forbid scripts on a host-by-host basis, etc.
zomg, no, because their injection never resulted in an ad being display. I suppose if I had to watch a YouTube video for work purposes (this was a business trip) I would have been more pissed, and tried some active countermeasures (edit /etc/hosts, etc.)
The more interesting part of this is when residential neighbors jump on ‘unsecure’ wifi and the same business model is at work. http://www.dd-wrt.com/site/index The hotel setup is pretty common in hotels and I don’t consider it as devilish as you suggest. Hotels have to go shopping for some kind of captive gateway. They can’t just open up their wifi nor can they hand out pass words or whitelist MAC addresses. The captive gateway is their solution and the hardware sellers sweeten the deal by offering hotels different ways to recoup the cost of their ISP through ad replacement or first page ads. We already know that the hotel is a business. They are trying to make money off of you.
John G, I have to restrain myself from writing this in all caps: they are already making money off of me. I paid $368/night for several nights. That’s an excellent “captive” way for them to recoup their costs. What do you think?
John G – I agree that hotels are businesses and why not leverage some income via some sort of advertising channel, especially when offering “free” wifi? But they need to be upfront about it. Make it obvious. There are several ways they could do that. But they should never replace advertising on sites that would otherwise benefit from that view/impression and re-route to their own benefit. That’s 100% wrong.
Who’s the ad provider anyway? That’s what I want to know.
Justin, amazing find!
I find myself at the Imperial Palace in Las Vegas and had to check it out.
However, instead of the r66t stuff mentioned previously, I find the exact same stuff that’s in your blog. I would bet that RG Nets gateway was inserting the r66t stuff too, and the hotel just changed ad providers.
The Imperial Palace isn’t associated with Marriott at all are they?
I also checked youtube, and that appears to work here.
A little bit of googling and look what I have found… looks like these RG Nets folks have been at this for years:
Look at the screenshot of the ad. It says … “Exert control over, clearly communicate with and have complete cognizance over your end-user population.” WTF?
Hey Justin are you still at the hotel? Can you check your ARP table. I want to know what the MAC address of the default gateway is. Check this out:
If you search for RG Nets there you will find that they have only a single block of MAC addresses.
I want to see if the MAC address of the default gateway at the hotel is in that range. If this RXG thing is an appliance and if the MAC you have is in that range we know there can’t be all that many of them out there because they only have a single OUI assigned to them.
Check this out:
$10k a pop from what I read. At that price, can’t be that many of these things out there.
Anon, impressive sleuthing. I’m no longer at the hotel, but I’ll probably be back in a month or so, so I’ll be able to check back in.
Justin, if they are doing this and you find it offensive, why go back to them and give them more business? If people didn’t stay there when this happened, the practice would stop.
This is very disturbing. Injecting ads is bad enough, but hijacking the content could be used for a lot worse activity.
Mike, though I’m a strong proponent of voting with my feet, as you recommend, there are some situations that are simply wrong, and can only be addressed by bringing attention to the issue, as I have done.
I don’t think the Marriott is aware of this – I’m not sure they really need the few dollars here and there that they will gain from people clicking on their links. Have you reported the problem to the staff at Marriott? This is a major security issue in my opinion – I don’t think they’re only using it to inject ads, but they are also gathering browsing information as well.
Be thankful the internet is freely accessible where you are as it is.
Nice catch Justin. Wonder if the NYTimes link love will lead to an increase in container ship travel?
This violates the Berne Convention Author’s Moral right to preserve the integrity of their work. And Marriott Hotels have deep pockets. Some content creator should get a lawyer and sue them and RG nets bigtime.
Subversion? Really?!? git with the program, bro
Check out what Marriott in Philly is tracking, your tv viewing thru this company TIVUS. check out their website it states that the hotel will profit from defined advertising from info received from tracking your viewing habits. Kinda creepy to me.
Having discovered this, could one not simply set one’s host file to redirect adsmws.cloudapp.net to 127.0.0.1 thereby disabling it permanently? I’m talking about a Windows device but I assume there are equivalent *nix/Mac options.
ok – thinking a bit more about that obviously they could do more nasty rewriting if they were very clever (probably aren’t) like rewriting every URL to include a proxy so they could randomly replace images on the fly with ads of their choosing based on the image’s dimensions (neat huh); but they aren’t doing that – so presuming they are writing in sources that come from 1 domain, or a small number, it might be worth checking each time you power up in a new hotel and blocking these things out…
It’s ugly, but it will work. And you can’t really get upset at the hotel for trying to make a buck or provide cheap/free internet to its customers.
Count yourself lucky. In many places in Europe you pay that much for a hotel room and then they actually have the nerve to charge you *extra* for WiFi access, and then give you a connection barely better than using 3G!
Will, who knows. In terms of traffic driven to my post, Hacker News sends several orders of magnitude more visitors than the NY Times—though the NY Times readers might be more likely to ride container ships.
To Chris, Jason, and anyone else with the defeatist attitude of: “consider yourself lucky, the internet is much worse in X”. NO. I will not consider myself lucky. I will fight for my right to have the content I request to be unadulterated by internet access providers. Instead, count yourself lucky that I’m willing to take a stand and publicize a small injustice before it becomes a large one. Perhaps it will one day rub off on your countries.
I count myself lucky….
Funny reaction maybe due to it only involving injection of ads into content. Imagine though replacing content Mariott doesn’t like with something they do – say content from the BedBugRegistry. Or what about news content the corporation doesn’t want you to see – rather than censor it wholesale they inject their own FoxNews spin.
This happens more than is reported. The example I use is local BestBuy’s. Some of them proxy out competitors. One actually replaced links from a competitors product page to BestBuy’s online store (I brought this to the managers attention and haven’t caught them doing this since).
Just another layer on top of what ISPs, etc. are doing to adulterate content.
Thanks – I just added their web site to my host file blocked list.
The only correct description of such hidden content changing practices is ‘vandalism’ – it basically always spoils the service and sometimes even breaks it.
Even worse, both providers/producers as well as consumers are not aware of it being in effect and consider any issues resulting out of it as a flaw on the other part or the general underlying constructs rather on the real culprit.
A similar yet widespread technology gone wrong is named ByteMobile (similar technologies exist under other names as well) which “optimizes” speed by rewriting web pages and messing up images by recompressing them. Many mobile network providers use it by default while spreading basically zero information about it, thus basically cheating on their clients by selling them a degraded service as “full internet access”.
Opera Turbo is similar, however it is displayed to the users whether it is applied or not, thus allowing them to opt in or out as desired.
Just got the following via DM from @marriottintl on Twitter:
(Part 1) Mr. Snider, thx for your DM. We exchanged emails w/ Mr. Watt last week & today. As far as the hotel is concerned, as soon as we…
(Part 2) learned of the situation, we launched an investigation into the matter. Prelim findings revealed that, unbeknownst to the hotel…
(Part 3) the ISP company was utilizing functionality that allowed advertising to be pushed to the end user. The ISP has assured the hotel…
(Part 4) this functionality has now been disabled. While this is a common marketing practice with many Internet service providers, Marriott
(Part 5) does not condone this practice. At no time was data security ever at risk. Mr. Snider, we appreciate you taking the time time to
(Part 6) reach out to us. It is feedback from our valuable customers that allow us to improve our service. Have a good week & we hope to…
(Part 7) see you soon!
Just because a hotel is offering ‘free’ internet access doesn’t mean they can hack into content you are viewing. If this is happening a declaration should be made, and give you an option for free hacked pages, or paid for internet with no modifications. This is a serious breach of trust.
I’m curious as to why the extra lines were not in the pages when you fetched them with wget. As far as the router is concerned, isn’t wget requesting the web page just the same as any other browser?
Eric, when I described using
wgetto download my homepage, I was
Thank you…I will be on the lookout now.
Hey Justin, the rgnets device is not specialized to doing the JS injection. It does a lot of stuff more stuff, most of this is outlined in the stuff I dug up. Look at that Florida RFP that shows the $10k price and even on their website.
I am betting that the rgnets machine is the router for the network and is delivering the portal, doing the bandwidth mgmt, etc. If that machine is the main router for the guest network, ripping it out is obviously not an option without putting something else in. Look at their network diagrams and stuff. That’s what I was asking about the MAC address. I want to get some more evidence about how this stuff works.
Anyway, my point is that I don’t think that the Marriott or the Marriott’s ISP bought this device for the purpose of doing this kind of a thing. I think that the Marriott or the Marriott’s ISP bought this device because it is designed to do everything they might ever possibly need for the guest WiFi and that it is probably the core router.
So do get that MAC address and we can try some snooping to see how DHCP works on that network, like who the server, etc… once we get that I think we can better figure out what is going on.
Hey anon, have you seen the RG Nets website, you know, the one with the stock photo of the hand dropping coins, and the tagline: “Got network? Want money? Get rXg.” And the links about “deploy[ing] a profitable revenue generating network!”
You’re being surprisingly conservative, but I feel pretty confident in my assertion that the RXG device was purchased and put in place specifically for this type of malicious ad injection activity. If it also happens to act as a router and bandwidth manager, great—but there are other devices that do that without the evil. You don’t buy an RG Nets RXG thinking, “Hey this will be a great core router for my client’s hotel.” You buy it with dollars signs in your eyes.
Anyway, I’m no longer at the hotel, so I can’t poke around. I’ll definitely be curious to update this post depending on what I see the next time I travel to NYC.
Sorry for the miscommunication. I’m not trying to be conservative in the assessment of what they are doing at all. Certainly they [ Marriot, Hotel Internet ISP, whatever ] have bought this equipment because of the dollar signs. What I believe is happening though, is that the advertising is only a secondary or tertiary thing that they are doing. Look at all the things that they are talking about on the rgnets website. They are talking about profiling people, selling bandwidth and quota upgrades and all sorts of stuff like that.
Anyway advertising seems like it’s an added extra in their literature. You seem to think that this is the main reason why this machine exists or is deployed. It’d be interesting to see which way this really is. Figuring out the network topology I think will shed some light on it. Look forward to working with on mapping out the network at that hotel next time you get there.
@Eric. Perhaps the injection also detect the User-Agent value (it is very possible, because each browser handle JS differently)
SSL Proxy, here I come… ;)
The copyright statement on the HTML Blog specifically prohibits alteration of the user experience. So if anything like that is going on, it’s in violation of our copyright. Class action, anyone?
dk, as I replied to Eric, he misunderstood my description of
wgetin my post. When I used
wgetas evidence. However, the use of
wgetI was describing in my post was after I’d
sshed into my webhost’s server in Los Angeles, and it was there that
However, to your point, I didn’t think to play with the Firefox User Agent Switcher add-on to see if the injection differed depending on what browser I was advertising myself as.
Robert, I’ve informed the ACLU and EFF of my discoveries, but I’ve yet to hear back.
I am at a marriott now. I have a comcast ext. IP in marlton,NJ. I am in langhorne,PA. The ISP is active networks and the gateway is a nomadix ag 3000, that is a legacy product. I’ll walk next door to the courtyard tomorrow and scan them too
What ISP was this injection on? Also knowing Marriott, the 800lb gorilla that forces it’s policies on every vendor, this is something they asked for and may have been testing to deploy.
Also, every solution and piece of equipment on their network has to go through their lab test and be certified for use.
Use Windows Update to check whether you need the service pack and to install it. Click the Start button, click All Programs, click Windows Update, and then click Check for updates.
It is happening here, too, at Carson Valley Inn in Minden, NV.
Screws up my browser sessions while it hangs trying to transfer data from http://adsmws.cloudapp.net.
Select the toolbar (wrench in the top right-most corner of browser window), then choose ‘Settings’.
Then choose ‘Show Advanced Settings…’, then under Privacy, pick ‘Content Settings…’.
Add a new hostname pattern:
Select ‘Block’ in the dropdown. Click ‘OK’ and you are DONE!
No more interference from this stupid HOTEL WIFI Javascipt virus-like INJECTION!!!!
good job bro….
You gave me one more reason to tunnel over an encrypted IPv6 VPN all my traffic when connected to WI-FI.
Since the vast majority of WI-FI admin tools (Nomadix etc…) are easily hackable/crackable the only way is to create a tunnel (if UDP is not voluntarily blocked by ISPs or professionals involved) to your trusted VPN provider….
I’ve been surfing in total freedom even in Cuba (where DNS are strictly controlled and many resources are unavailable through them).
Thanks a lot for your inputs
I’ve been staying at the Marriott Residence Inn in Bloomington MN for the last week. The ‘Free High Speed’ internet is slow as smoke off of dog shit. Firefox alerted me to the adsmws js crapola… Marriott obviously is complicit! Some creative surfing pointed me to your blog. The hotel IT guy blamed the slow performance on my machine being loaded up with malware (duh, not the case). I would love to see the look on his face when opened my email with a link to your blog. Busted!! Bottom line is that Marriott loses customer loyalty when their ‘free internet’ is useless. My Advise to Marriott customers is to use the opt-out,
I am also currently in a Marriot-owned hotel and was having trouble with my internet and noticed something appearing when I tried to go back on a page. This was the first thing that came up on Google when I just searched the name of the page…and then I find Marriot has been doing this for a while.
if it’s disclosed in the ToS of the free wifi, I’m ok with it (ie: i can choose to pay for a level of service without it, or use my own evdo connection, or mifi and pay carrier data rates with Verizon). some folks want free wifi but the truth is there are still costs on the system so as long as it (the ad. injection) not part of a paid system or is disclosed on a free one (ie: it has to be supported somehow), that’s the key.
i’m not sure i buy the copyright infringement, but i don’t like it breaking cloud code or youtube – if it increases tech support load for anyone it needs to be refined or pulled, period.