1. Use VPN
2. Regardless of free Wi-Fi, it's illegal in many countries to tamper with traffic. Net neutrality anyone?
3. Kudos to WaPo's editorial integrity. Despite being a Jeff Bezos entity, it isn't afraid to publish items Amazon doesn't want you to know about
FTA:
"When that happens, Amazon may take one of several actions. It may block access to the competitor’s site, preventing customers from viewing comparable products from rivals. It might redirect the customer to Amazon’s own site or to other, Amazon-approved sites."
How is blocking and redirecting traffic NOT tampering?
It's standard operating procedure for network filters - redirecting inappropriate content requests to a "this site is not allowed" page.
As long as you're not being deceptive (e.g., inserting your own content, changing other content, changing prices), blocking and redirecting is probably fine.
I think it's reasonable to think "tampering" means surreptitious modification of traffic. If they're up-front about what they're doing then it's just the cost of using their service.
I disagree. Blocking isn't tampering because you are informed of what happened. And that's moot, in this context, because blocking sites is absolutely legal in the US.
AFAIK net neutrality doesn't make it illegal to tamper with traffic (only to apply discriminatory QoS/throttling), and only applies at the telco/ISP level.
Internal routers rely heavily on traffic blocking and manipulation. Many corporate networks inject their own HTTPS certificates so that they can still analyze/detect/block HTTPS traffic, for example. Most public wifi access points in the US will hijack traffic until the user agrees to a Terms of Use or something ("captive portal").
There is a need for a VPN. Most public access points perform some traffic manipulation and I absolutely believe that some intentionally block and/or modify data to obscure some data from people who are in-store. In fact, I believe Best Buy was already caught doing this with their own site; in-store APs wouldn't reflect the price that was really shown on bestbuy.com. ...
Ah, it seems that Best Buy did this but only on internal workstations, so that when the employee would access bestbuy.com, the discounted price online wouldn't show up: https://consumerist.com/2007/03/02/best-buy-confirms-the-exi... . However, they could trivially do this via wifi.
While searching for this, I also found this: http://adage.com/article/digital/retailer-jo-ann-aims-retarg... , which registers the device MAC on the backend and uses it to track how many times a user has entered the store (that is, connected to the store's wifi). Even VPN wouldn't stop this from happening, you'd need to randomize your phone's MAC address.
Public wifi is convenient but we shouldn't be naive about it. Companies are using it for their own purposes.
HTTPS wouldn't prevent this, just harvest the CN and SNI names from the presented cert and use those to match. And as far as changing DNS servers, those can easily be MITMd, or they could just ignore DNS altogether and use a transparent proxy to block/redirect traffic.