[jakasto]

Can anyone think of other industries where this is the case? Imagine for a moment if grocery stores injected small amounts of lead into the food, or if gas stations injected water into the fuel (for bulking).

I know this kind of thing happens in China (think about toxic products added to baby milk, for example, to cheat protein tests). But that's at the "website" level, not the "ISP" level. I suppose healthcare (at least in the US) is the most likely industry to see attacker behavior.

[drvdevd]

It's interesting to think of it this way. Clearly, the attackers (being ISPs in this case) don't see it this way or don't want to see this sort of MITM this way. Following one of the links in the article [1], you get some great quotes:

> Comcast injects ads into unencrypted traffic, because "it's a courtesy, and it helps address some concerns that people might not be absolutely sure they're on a hotspot from Comcast".

So maybe someone out there actually feels this way when they find content has been directly injected in their unencrypted browsing session. I sure don't.

[1] https://konklone.com/post/were-deprecating-http-and-its-goin...

[literallycancer]

I'd expect the PR/marketing people to laugh at "the plebs" as they make up press releases like that :)

Maybe I'm just cynical, but I can't imagine anyone believing that ads are a "courtesy".

[mtgx]

Anything can be spun to look more positive, or more negative. But that's BS. There are other ways for Comcast to inform their customers that it's a Comcast Wi-Fi. And even if there weren't, are they even working with the Wi-Fi Alliance to create a "perfect protocol" to do this in a secure way?

[wolfgke]

Let's assume Comcast really thinks it is a feature that many people will like (I personally rather think it is a feeble excuse, but don't want to completely exclude this possibility). But why doesn't Comcast enable people to opt out of this "feature" then?

[jwatte]

Yes, because a fake Comcast hotspot surely wouldn't display Comcast ads to make the fake complete?

Comcast understands that politics works on money and connections, not facts, and had learned to play that game to great profit for themselves.

[scrollaway]

Device resellers will inject a ton of crapware/adware into whatever they're reselling (Laptops, Android phones etc).

TV networks inject a ridiculous amount of ads in and around their content (even natively into the content sometimes), even for content you pay for.

[cm2187]

A closer analogy would be if grocery stores were giving you reward/savings cards that you have to scan on every purchase. It is advertised as providing you a small discount after a certain number of purchases but really it is meant to track you over time.

[grogenaut]

offtopic: how many people don't put fake info on them?

Also why not just track via the CC name? I guess cash / check users?

[tedunangst]

Imagine instead if they injected ethanol into your gasoline to reduce fuel efficiency.

[jwatte]

Actually, the reason they inject ethanol (by law) is to reduce asthma and cancer. So I'm okay with that.

[grzm]

Is this in the States? I've always been under the impression that this has more to do with the corn lobby than anything else, with a nod towards the environment in that it's a biofuel so it's renewable. That's offset by using a potential food source for fuel.

Here's a quote from Wikipedia that indicates ethanol (E85) actually worsens pollution:

A study by atmospheric scientists at Stanford University found that E85 fuel would increase the risk of air pollution deaths relative to gasoline by 9% in Los Angeles, US: a very large, urban, car-based metropolis that is a worst-case scenario. Ozone levels are significantly increased, thereby increasing photochemical smog and aggravating medical problems such as asthma.

https://en.wikipedia.org/wiki/Ethanol_fuel#Air_pollution

[qwename]

One could say that non-cash (debit/credit) transactions are recorded by the devices that enable them, and thus recorded and tied to an identity. The information could then be used by matching your card number when you use it online or elsewhere.

[ThrustVectoring]

This is at least complicated somewhat by PCI compliance. Are you allowed to store irrecoverable hashes of card numbers?

[mcpherrinm]

Yes, you can store tokens representing a credit card number (whether an hmac, database identifier, etc) outside of PCI scope. https://www.pcicomplianceguide.org/how-you-can-use-tokenizat...

[qwename]

I am not familiar with the PCI compliance stuff, but I found this after a quick search: "How Companies Learn Your Secrets" http://www.nytimes.com/2012/02/19/magazine/shopping-habits.h...

[tracker1]

You don't need the card number, the name + zip (+ store location) is enough to correlate enough of the time.

[TeMPOraL]

> or if gas stations injected water into the fuel (for bulking)

Does this not happen in the US? It may be an urban legend, but in Poland, I did hear from drivers that some gas stations do that (usually non-franchise ones).

[jabl]

When I was visiting India roughly a decade ago, I was told that it was very common for gas stations to bulk gasoline with kerosine. Apparently kerosine is heavily subsidized by the state as it's used for cooking by poor people, so it's a lot cheaper than gasoline.

The problem with this is that it reduces the octane rating of the fuel, and as a result cars in India are apparently commonly detuned in order to avoid knocking when running on low octane gas.

That being said, bulking up gasoline with kerosine sounds like a less bad idea than using water, as I'd guess the water phase separates from the gasoline.