Jonathan Mayer, investigating how AT&T’s “free” Wi-Fi at Dulles International Airport injects ads into all non-HTTPS web pages:
AT&T has an (understandable) incentive to seek consumer-side
income from its free wifi service, but this model of advertising
injection is particularly unsavory. Among other drawbacks: It
exposes much of the user’s browsing activity to an undisclosed and
untrusted business. It clutters the user’s web browsing
experience. It tarnishes carefully crafted online brands and
content, especially because the ads are not clearly marked as part
of the hotspot service. And it introduces security and breakage
risks, since website developers generally don’t plan for extra
scripts and layout elements.
It’s dishonest and dangerous.