In a move that's bound to raise security concerns, Comcast has started inserting ads on websites you visit while using any of the company's 3.5 million publicly accessible Wi-Fi hotspots across the US.

The matter came to light after Ryan Singel, co-founder of startup Contextly, observed these ads and did some investigation to find out where they were coming from. "When a user requests to view a page, Comcast injects its JavaScript into the packets being returned by the real server," Singel said, adding that the ads appeared once every seven minutes, and lasted for a few seconds.

When contacted, a Comcast spokesperson said the program, that began months ago, is designed to let users know they are connected to an authentic Comcast hotspot, as well as to serve ads that promote the company's Xfinity mobile apps.

While Comcast's intentions may be sincere, as it is certainly possible for hackers to make a Wi-Fi router look like an authentic Xfinity hotspot, injecting JavaScript into a website is certainly not the most proper way of doing it, primarily because it can be used to perform malicious actions like controlling authentication cookies, redirecting where use data is submitted, and more.

The news come at a time when there is already a growing demand to regulate broadband like a telephone utility, something which would have brought Comcast's JavaScript practice under scrutiny. Just yesterday, House Minority Leader Nancy Pelosi wrote a letter to FCC Chairman Tom Wheeler, asking the agency to ban so-called "Internet fast lanes" by regulating broadband under Title II.