

Save money on wifi using user agent switching - jclouds-fan
http://cld.sg/wxHfyR

======
drostie
I was staying with my brothers at a hotel in Amsterdam and I had brought my
laptop; the hotel offered free unencrypted WiFi for guests. Since it's in a
big city, as you might imagine, you don't want the neighbors stealing all of
your bandwidth, so even though it was free for us, there was a sign-in page --
you had to go downstairs and request that the desk official give you a token,
then use that token to register with the system.

So I thought that, since I had permission to access this network anyway, I
would break in -- just to see if I could. And I'd tell them about my results
the next morning as we turned in our keys and headed off.

Actually since there wasn't any encryption there isn't much to say after that
-- it was obvious that their system wasn't too sophisticated, so I just
guessed "they check MAC addresses, don't they?"

Using the airotools-ng package for Ubuntu, I set my wireless card into
"monitor mode", which (I'm not an expert) I guess is a fancy way of saying "it
stopped ignoring everything it saw flying through the air in my hotel room."
Normally your computer treats all of these other signals as noise relative to
its own goal of connecting to the Internet -- but it's absolutely trivial to
start listening to it. With the tool airodump-ng, I was able to see all of the
routers at my hotel and MAC addresses of real users connecting to those
routers. So I put one of those into my "Connect to the Internet" dialog box
under "Cloned MAC address," and hey look, I just saved the desk clerk some
time.

I mentioned that I'd done it the next day to the desk clerk as I checked out
-- that any competent neighbor could steal their wireless access. I'll never
forget his response: "yes, but they're all incompetent."

A similar experience: when I first came to live at my present household, I
knew that we had shared WiFi but I didn't know the password -- and the guy who
did know had just stepped into the shower. But it was using "WEP", a very old
encryption policy which is vulnerable whenever you are transmitting data. So I
fired up these same tools, found out that I was lucky -- he'd left a download
running when he stepped into the shower or so -- and I captured a couple
thousand data transactions. I didn't have to wait for him to finish showering
before I had broken into my own Internet.

I'm always surprised by this sort of thing. The other day I had accidentally
clobbered my sudo permission when reconfiguring Wireshark (something which can
also listen to Internet traffic) to be more secure, and suddenly had no more
root permissions. In about half an hour I had downloaded a live CD and burned
it and broken into my own box with chroot magic to usurp root permissions to
re-add myself to that group. (I have an encrypted disk, and I couldn't have
done this without being able to decrypt it. However, most people that I know
don't use disk encryption, so the point still stands.)

The lesson to take away: If some half-geek amateur like me can do these
things, the professional inbreakers must have absolutely terrifying skills.

~~~
lamby
> [I] suddenly had no more root permissions. In about half an hour I had
> downloaded a live CD and burned it and broken into my own box with chroot
> magic to usurp root permissions to re-add myself to that group

Except the difference here is that there is nothing to "break into" as there
is no pretense at security..

~~~
jiggy2011
Very true, if you don't encrypt data (with a strong algorithm + key) then it
will always be accessible to anyone with hardware access.

I remember with Windows XP a friend had a failing hard disk that would no
longer boot Windows and they asked if I could try and recover some data from
it.

I plugged the disk into my tower and booted my own copy of Windows and tried
to access the "My Documents" folder of the broken disk from there. It gave me
some theatre about not being allowed to access the files there because I
didn't have permission.

Then I rebooted my computer into Linux and mounted it with the NTFS drivers
and of course all the files were there to be accessed. As an experiment I
rebooted to my Windows XP again and logged into my local administrator
account, this also let me access the files.

I can't help but feel that some of these measures perhaps give an illusion of
security.

I also wonder with say computer forensics whether something like a file
timestamp could be used as evidence in court since these could be easily
tampered with by someone using a non standard FS driver.

------
patio11
Word to the wise: "circumventing the access restriction was easy to do, Your
Honor, so I assumed it was OK" is not something you ever want to have to say.

There exist wifi systems where setting a cookie "paid=1" will save you $15.
You might think there are no legal consequences for "writing a text file on
your own computer." I strongly suggest not testing that.

~~~
wladimir
I don't think those cases are even comparable. Lying that you paid (through
whatever means) is different from using a different user agent, which has no
(direct, expected) relation to money.

But if you think changing the user agent is somehow wrong, you could also go
all the way of emulating the iPad browser on your laptop, and use that to sign
in for the service.

~~~
bryanlarsen
You'd still have trouble explaining that to a judge. The hotel has a
reasonable expectation that if the traffic says it is coming from an iPad,
it's actually coming from an iPad, and you don't have any non-infringing
excuses to be using an iPad browser on your laptop.

~~~
Joeri
If they advertised the plan as an ipad plan, there would be a point. But if
the plan is advertised as all-purpose, but only offered to certain user
agents, i don't think there's any legal issue.

------
CWIZO
I'm looking forward to the day when I stay in a 100$/night hotel and I don't
have to pay for my fricking internet. Every motel/hostel has it for free as it
should. To me charging for internet (in hotels/resturatns) in 2012 is the same
as charging for using the shower or lights.

~~~
darklajid
I run iodine[1] on my server. Maybe it's illegal, maybe it's a grey area - I
don't care.

Here in Israel free wifi access is the norm, but in DE? They charge an arm and
a leg. Switzerland (if we're talking about Swisscom anyway)? They are
_insane_. The hotels already rip you off with prices like there's no tomorrow
and charge for internet on top.

I fire up iodine on my client. If it works: Great. The network was obviously
created by morons (it could easily be prevented). Morons won't be able to
track me down the short while I'm on their network, on a trip, with a mac
address like 'deadbeef' or somesuch nonsense.

If it doesn't work? I don't go online and leave to have a couple beers..

1: <http://code.kryo.se/iodine/>

~~~
tripzilch
> but in DE? They charge an arm and a leg.

Strongly depends on where you are, apparently. When I was in Berlin, there was
free Internet all over the place. In our hostel, the hotel across the street,
just about any coffee bar, pub, sandwich stand, pizzeria ... Sometimes you had
to ask for a password, other times you could just connect, and other times you
had to catch some air network from the place next door.

Or maybe that was just Berlin Mitte?

Though I went to some places near Cologne and I didn't have to donate a kidney
to get online either.

Connectivity in the more rural areas can be pretty bad though.

~~~
darklajid
I've to admit my experience in DE is limited to certain ~weird~ places. I
_lived_ in CGN and rarely needed wifi outside of my own home. Got no
experience w/ Berlin, but I might move there in a year.

My problem in DE was usually related to trips to customers, to the ~end of the
world~. In CH it was more prevalent: I stayed in roughly 20 different hotels
in Bern so far and most of them, ignoring the decoration from 50 years ago,
were charging for internet access. On top of a very high room rate.

------
dfc
Ugh, a bit.ly link? Can someone change the URL to point to the actual address
of the page?

[http://viktorpetersson.com/2011/09/25/how-to-
get-50-discount...](http://viktorpetersson.com/2011/09/25/how-to-
get-50-discount-on-swisscoms-hotspot-and-possibly-also-others/)

I love that people get up in arms about the change to google's privacy policy
but have no trouble funneling traffic through bit.ly and other link
shorteners...

~~~
allenbrunson
it is actually _not_ a bit.ly link, which is unsurprising, because bit.ly
links are banned here. try submitting one, it will immediately go dead.

this is some other link shortening service, which the admins haven't gotten
around to banning yet. but it's just a matter of time.

~~~
dfc
It _actually is a bit.ly link._ Did you do anything other than look at the URL
before saying I was wrong?

I will help you out. What happens when you go to cld.sg? Or what happens when
you append a plus sign to the link above?

------
donall
I had a similar experience on a US Airways flight last December. The Kindle
Fire browser allows the user to choose whether to optimise for mobile or
desktop, and this resulted in two different prices.

In relation to the legal questions raised elsewhere on this thread, I'm
guessing that it's a non-issue when it's a built-in feature of the device. I
think the argument could be logically extended to using plug-ins that switch
user agent strings?

~~~
eli
I wonder if that was segmenting potential customers or if it was an A/B test

------
rb2k_
When I feel particularly nerdy, I try to go the DNS2TCP[0] or iodine[1] route.
DNS is pretty much always open in those networks.

[0] <http://hsc.fr/ressources/outils/dns2tcp/index.html.en> [1]
<http://code.kryo.se/iodine/>

~~~
Drbble
How does that work, when DNS always resolves to the paywall IP?

~~~
icebraining
Not always. The three captive portals I've tried resolved DNS just fine, but
then redirected any HTTP requests to their web server instead.

~~~
rb2k_
I've never encountered one that didn't have working DNS resolution

------
Tichy
wouldn't it be cheaper to get a mobile router and a mobile flatrate for the
country? Where I live 15€ would buy 1gb for a month.

I have wondered about easily obtaining prepaid cards for travel, might be a
business opportunity if there is no good solution yet?

~~~
cstross
If you know of any source of such SIM cards, please post it here!

I've seen plenty of international-travel SIM cards that give cheap[er] texts
and voice calls, but none that include any data. And trying to set up a pre-
pay data SIM from a foreign ISP in a language you don't speak/read is a
nightmare ...

~~~
rwmj
I found this wiki(a) site useful:

<http://prepaidwithdata.wikia.com/wiki/Prepaid_SIM_with_data>

------
jiggy2011
I'm surprised there's still much money in selling wifi internet access.

People who want to use their internet on the move are very likely to have a
smartphone or at least a dongle and 3G is usually fast enough.

Here in the UK the train services used to provide free wifi to travelers but
recently they decided to charge for it and give the option of a free trial.

On my last journey I tried the free trial and found that it was just as slow
as it had always been but was now £5 an hour.

I would have been seriously disappointed if I had paid for that service.
Luckily I could just use my mobile phone tethering and get nice fast access.

Surely a better model would be to provide access for free but use some DNS
redirection of the popular ad services to redirect the ads to ones of your
choice and reap the benefits of those clicks.

I also let a lady in the carriage use my connection for a few minutes to check
her emails so it's not like you necessarily need your own connection either.

------
davidchua
Isn't this fraud and an open admission of guilty?

~~~
MattBearman
The wifi network never asked him what device type he was using, it just made
an assumption based on something as unreliable as a user agent string. How is
it fraud?

~~~
Fizzer
He knowingly manipulated their device detection system. Yes, it's true their
device detection system is trivial to manipulate, but that doesn't change the
legality. If a bank forgets to lock their vault, you still wouldn't want to
clean them out and admit to it on your blog.

~~~
luca-giovanni
What if you just choose to change your user agent to something different
because you prefer the experience? If you then get different offers as a
result you can't be held liable.

~~~
ugh
It's plausible deniability, nothing more. Illegal stays illegal.

~~~
ktizo
If there were an expensive nightclub which had a cheaper bar round the corner
that only admitted people with the first name of "Dan", who then get full
access to the nightclub and cheaper drinks all night, would it be criminal
fraud to lie about your name to the doorstaff?

~~~
no-downloads
As someone named Dan I feel compelled to point out that such policies are
really good and absolutely fair :-)

------
wazoox
I'm using regularly the same trick to use free tethering with my phone. As I
didn't buy some incredibly expensive option that explicitly allows it, simply
declaring my firefox as a mobile browser allow to bypass the artificial
limitation.

I certainly don't abuse it; simply from time to time you need some internet
access (to check an email, to download some piece of software, to google for a
technical problem) and I wouldn't pay 39 euros/month for a 3G "key" that I'd
use maybe once a month, no thanks.

------
pornel
I'd suggest using Opera with Turbo proxy instead — it'll compress all textual
content and re-encodes images as WebP. That's likely to give you bigger
savings than just a UA switch.

And if you can't trust Norwegian folk with your data, then you can roll your
own "Turbo" with Ziproxy or at least SOCKS proxy over gzipped connection.

------
apaprocki
Airlines which offer wi-fi connections usually offer a cheaper rate when
signing in with a phone-based browser user-agent as well.

