My comment is about something else: net neutrality, as someone already mentioned.
I was teaching English in Laos for school kids. I was amazed that some of their families struggle with providing (nutritious enough) food for their children, yet, everyone had smartphones with always-on 4G,even in the countryside - however, no WiFi almost anywhere.
The brains of these kids are like sponge. They WANT to learn, they're shy, but they want to speak, to read, to practice English. They also like to (constantly) sing (something that is badly missing from western schools), so at one point I referred them to "simple English Wikipedia", where they can research their favorite singers with easy-to-process articles.
Empty stares.
"so instead of Wikipedia.org, you go to simple.wikipedia.org."
Still nothing.
I had to realize later that even if they knew that this free, always available encyclopedia exists, it's NOT included in their 4G subscription.
Yes, you guessed correctly: those subscriptions are sponsored by big US / Chinese corps, so all these kids had were Facebook, Instagram, WhatsApp and TikTok, everything else costs ~10$ which is days worth of meals for whole families there.
That's interesting, inspired me to go down a bit of a wikipedia rabbit hole reading about internet.org, facebook zero, wikipedia zero, and zero-rating generally.
Though many countries don't have any info in the above table (including Laos), and I think the "Zero Wikipedia" column may be obsolete as that project was apparently shut down in 2018.
If you know anyone still involved over there you should let them know about the Kiwix project!
>Kiwix is an offline reader for online content like Wikipedia, Project Gutenberg, or TED Talks. It makes knowledge available to people with no or limited internet access. The software as well as the content is free to use for anyone.
Also from your comment, I feel that I definitely fail to communicate what the actual problem is.
The problem is NOT that the kids (and their teachers) cannot access certain sites. Although they might not be able to afford it, if they want.
The problem is that they DON'T KNOW that internet sites exist. For a kid who was born into the era where a magical handheld thing can show his friends' life and funny videos, a "website" means nothing. I even didn't want to write handheld television screen, because most of them haven't even seen a television before.
They don't know that wikipedia exists at all.
Another anecdote (maybe I should summarize it in a post somewhere) is that the teachers were using Oxford Press's Headway [1] books. Excellent series, many of us in Europe learned English from these books. It improves your vocabulary a lot, teaches you words like "coin", "train conductor", "mp3 player" and so on.
Now let's see what does NOT exist in Laos, at all:
- mp3 players
- TRAINS!!!
- and, well, coins (Lao Kips start at 1.000 bills (10¢) IIRC and last time coins were issued was 40years ago. In the 2mo I stayed there, never saw a coin, nor the kids I was teaching).
It's really a different world, it took me some time to even start my head wrap around it
This stuff is such a gray area for me. I’m staunchly pro-net neutrality, but depriving people of the internet altogether means losing a huge asset for learning, a platform for financial success that otherwise is unattainable, and more.
But then you read about the success of Facebook in emerging markets in Africa and it becomes even murkier. Basics has caused Facebook to become utterly dominant in many African countries[0], and that’s precisely what net neutrality tries to prevent. That’s so much power. I don’t know what the right answer is.
Is Facebook a "huge asset for learning [and] a platform for financial success"? The utter dominance of Facebook surely prevents competitors that are better suited to these things. I am not at all sure that Facebook-only is superior to no internet at all.
> I am not at all sure that Facebook-only is superior to no internet at all
Insofar as the short term success of their users is considered, it's an unequivocal yes. There are an unbelievable number of African businesses that exist only because of the platform.
As you correctly call out, it's the longer timelines that make it a dubious proposition.
Thanks I'd not heard of internet in a box, I love how it empowers people to determine their own requirements and solve their own issues rather than just be another excuse to form more dependencies on facebook.
You may try to write an email/better official mail or even visit personally to local cellulars marketing teams to include wikipedia to the subscriptions. You may propose them as PR action: future-care, education-care name it. Trust me it may definetelly works.(I did it many times("tune up" some events) but I worked inside the cellular companies)
The main problem may be is to the break the "first line" of "corporative bureaucracy" defence.
It feels like this is a lost case... Since then I spent a couple months in Ecuador (and other SouthAmerican countries), and what I see, was similar:
Less fortunate people, whose (only?) entertainment is TikTok/YouTube/Facebook constantly on their phones. Well, Claro (cell provider with one of the best 3G/4G coverage on Galapagos) greets you with a Facebook(!!!) page explaining that Facebook&sister apps are brought to you for free.
There is zero incentive from any sides to fix this situation. The provider is not interested in ditching Meta, Meta is not interested in promoting anything else, and unfortunately most probably one of them (or both) already paid some gobernadores to shut up and keep the status quo of pointing people to ads, ads, and more ads.
These are solutions for ME and YOU when we are there as tourists (if we really want to chop off that $10 from our travel budget). Probably not a solution for people who have never heard of websites like Wikipedia.
I don't think that's a representation of the full picture. a cheap android phone would undoubtedly also come with google preinstalled, thus cache/AMP access to Wikipedia
I don't think a telecoms company or phone manufacturer could reliably restrict the ever changing landscape of internet access without affecting usability and social media consumption
I don't think they are using customised iPhones where perhaps such limits may be imposed
I don't think any determined Laotian kid would consider a free vpn an obstacle
I don't think it's unreasonable to say where there's a will there's a way
> a cheap android phone would undoubtedly also come with google preinstalled
Plenty of Android phones don't come with Google preinstalled.
> thus cache/AMP access to Wikipedia
Even if you have Google on your phone, that doesn't mean you won't need a paid data plan to actually use it.
> I don't think a telecoms company or phone manufacturer could reliably restrict the ever changing landscape of internet access without affecting usability and social media consumption
But that's the point? If you want better usability, you're expected to pay for full internet access.
I think you are trying to find a technical solution to a social problem. Eventually technical solutions will be needed, yes.
Right now it's unreal to even think about VPNs and proxies and customized phones etc. It's not a technical obstacle for that Lao kid, it's a different universe, they never even heard of, nor their peers, parents, teachers, or anyone in their surroundings.
If they whitelisted only social media rather than blacklisting websites, I highly doubt a VPN or proxy would work unless it was provided by Google, Facebook or Tiktok.
My experience with in-flight message-only WiFi is that they're just really slow and the ping times are long. Some services are actively blocked, e.g. Skype wouldn't work at all even for text messages, but browsing the internet is usually allowed. My VPN wouldn't work, but I suspect it might have if I used an obfuscated connection instead of OpenVPN or whatever the default is (e.g. over SSL). I could load GMail in the browser and Wikipedia probably would have worked. It's strongly website dependent. Hacker News is extraordinarily resilient to lousy connections and generally the index would always load without any trouble. It works even on a 3 second ping over satellite internet. Very few websites are that tolerant.
The flight crew (BA) knew what's up. They specifically warned us to check which package we were getting, because evidently they get a lot of complaints when people buy the message-only bundle and are surprised that nothing works.
Singapore gave out free passes for single devices last time I flew with them. It was possible to rotate MAC addresses by forgetting the connection and then re-joining. The connection was quite good, you could watch YouTube in potato resolution. It's quite fun to chat to people and send them photos out of the window.
I carry one of those tiny wireless routers in my carry on wherever I go. If I have to buy internet on the plane or if I am in a hotel that limits the number of devices, I always connect through the router and use it as an access point for all the other devices.
The other added benefit is that all my other devices already have my AP's wifi creds and will connect to it automatically.
What do you do when wifi has a captive portal though requiring a user name and password?
I use my Samsung S10 for exactly this as it has multiple radios that allows connecting to wifi and hotspotting to share that connection with other devices. Great for Chromecasting.
I used just clone the MAC address across my iPhone and laptop and switch between them, so I guess you could use your phone to get through the captive portal and then connect with a travel router that clones the phones MAC address.
I've been thinking about doing somethign similar and am really interested in what hardware you're using for this and what your setup looks like. Do you run a VPN service directly on your router, for example?
I use the TP-Link TL-WR902AC for this, it's cheap and has a MAC cloning feature that makes it pretty easy. Unfortunately the firmware isn't updated anymore and it's missing a VPN client, but apart from that it gets the job done.
I've been intending to do the same with their Mudi (E750) and between not feeling comfortable trusting their builds and being unable to get my own working (upstream openwrt has stability issues and I guess they have some patches to make the modems work properly; still haven't been able to get a properly working image from working through their repos yet).
It's quite frustrating as it's ideal on paper but they fall on the last mile to make it practically open.
> Hacker News is extraordinarily resilient to lousy connections
It really is. Where I live when you run into the limit of your data package, your network is usually throttled to 100kbps. I changed my plan to just 3GB per month because I was staying at home most of the time due to the pandemic. Now I'm pretty much back to my old routines, but I didn't change my plan yet. I have a 45 minute train commute and 3GB can be used up in a few days just browsing reddit and loading news sites.
Anyway, google search, hacker news and facetime audio work as normal at 100kbps. Google
maps works with a bit of patience. Virtually nothing else will load. 5 years ago most text-based things worked at this speed albeit slowly. Now everything is so bloated and so much content will not load show until fonts and things are loaded.
I was recently on a United flight and the free 1h "text only" option gave me access to the whole internet, and I could reactivate it after an hour. I think maybe they unlocked it because the flight had a delay - or it was a bug. The flight crew didn't inform us about it though. I also didn't notice any other people using it.
The connection was pretty damn good, considering I was somewhere over the Atlantic. It was shocking to me how much more enjoyable the flight was, makes me wonder how hooked I am to being connected. (I also had extra legroom and an empty seat next to me though.)
Satellite is always what you get on planes if you fly over an ocean. If you're flying over land, sometimes it's satellite and sometimes it comes from ground-based cells. Depends on the airline and the plane's equipment.
Yes, it is. One of the biggest providers is called GoGo who in turn use satellites from SES. My comment about satellite was that I've also worked in very remote places using much poorer links and HN still works, amazingly.
Many years ago (2012) Delta inflight wifi would allow DNS queries out without paying. Being a very frequent flyer I used to run an ip-over-dns tunnel using Iodine[1]. It was slow but worked. I wonder if they’ve blocked that hole yet.
When selecting my personal use domain I ended spent some time finding a short domain partly because it's convenient but partly because it meant more goodput via Iodine. I ended up on "ds.gy" as ds are my initials and it was the only TLD that domain wasn't sat on by squatters wanting to charge thousands.The ratio of people wanting to sell you short domains vs actually using them in any capacity was surprising.
I did the same on trains in the 00s, but built application specific tunnels which were much faster, funnily enough among them was one that would fetch Wikipedia pages. The client would piece together the replies and render the markup to html again.
I tried Iodine around 3 years ago on a Swiss flight, it worked to read my mails over SSH using Alpine, but was so slow that basically it was unusable. Not sure what was going on, I had the impression that DNS queries were getting throttled after some threshold...
I also used this a lot while travelling to access the internet through captive wifi portals. Especially in asia this worked very well, given the huge amount of telco wifi providers in cities.
I wonder if anyone has stated a general law along the lines of "if you can send and receive a bit, you can send and receive anything."
The only issues ended up being that 1) WhatsApp messages are limited to 1600 characters
Concidentally, that's not much bigger than the MTU of standard Ethernet. I don't know how "transparent" the data channel is with respect to non-ASCII (and probably Unicode), but if you use one of the various binary-to-text encodings that exist, you could probably implement Ethernet over WhatsApp. ;-)
I actually thought that's what this blog was going to be about. Some kind of http encapsulation over Whatsapp. Was disappointed that it's just regular a chat bot
I once experimented with something like that a few years back, when I was regularly using a WiFi that only allowed HTTP. It’s not hard to tunnel something like SOCKS over TLS over base64 over anything that allows sending text, including HTTP. Latency might be a lot worse than the special purpose chatbot though.
> I wonder if anyone has stated a general law along the lines of "if you can send and receive a bit, you can send and receive anything."
In my country we have a telecom service provider law, which states, among other things:
ARTICLE 57. - Network neutrality. Prohibitions. Service Providers shall not:
a) Block, interfere, discriminate, hinder, degrade or restrict the use, sending, reception, offering or access to any content, application, service or protocol except by court order or explicit request of the user.
You can simply split packets into multiple messages and tag them with a unique code and use base64 (or something more efficient), that's how you can do things like do IP over IRC which has even more restricted character counts.
The problem is always going to be bandwidth as doing any kind of communication across systems optimized for human text will throttle you: you'll trigger spam warnings, rate limits, etc - and the modern web is extremely demanding
I don't think that is necessarily a law. There would be ways to actually restrict access in better ways... you would likely be right if you amended it to the ability to send a bit to an endpoint you control.
> "if you can send and receive a bit, you can send and receive anything."
No, needs work.
Part 1 - No system can be 100%, then you hit the Two Generals' Problem..
Part 2 - Just because you can send a bit, that doesn't mean you can send 8 in a row. So you write a protocol, then they block that protocol, you adapt, they adapt etc etc
Maybe something like ~ any system where you have any control over information flow someone has written a protocol to send porn over it.
That's just jumping of Rule 34, you could change porn to something else
The real, important value of implementing IP over WhatsApp (in a proper, transparent way as other commenters are stating, and not from a chatbot as in the article) is not to avoid paying $5 for WiFi on a plane, but to protest the lack of net neutrality in an effective way.
I've tried this before, it's a fucking nightmare lol it's not full-duplex at all so this severely limits your ability to do things at a reasonable speed for most shit. For me it was because at the time Zuckerbutt was giving out 'free' internet in the third world, but only for whatsapp, instagram, and facebook, so me and my friends wanted to see if this was exploitable, but it was just way too slow. It really gave me an impression of how fast TCP runs at normally which I took for granted before, and ideally bidirectionally fast.
For airport wifi I use a DNS tunnel or simple MAC rotation, for in-flight... well if they could make it quality someday maybe but every time I've shelled out like 50 bucks for an hour or whatever the ripoff deal is it doesn't work well enough to do anything. I hear the DNS tunnel method does work on some of them though, I should try that someday.
As a side note those in-flight screens in the backs of seats are interesting in this 'why the hell would they do this' kind of way. I managed to crash one when I noticed it had a USB port (bad idea on their part)... It was super easy, I tried to read the USB key but then just removed it when it was accessing the thing and the whole thing just went down. Apparently it was running x-windows on some type of *nix because I could see that default background with an X for the cursor. They should really get rid of those because I'm sure that they could be misused for nefarious ends.
Vpn over websocket.. in Indonesia even worked when they "turn" off the internet for nyepi with a simple host file hack as you could browse the isp website was based on name not IP so yes the vpn was unencrypted but you couldn't see it was a vpn
Of all the possible websites to choose as an example, Wikipedia is a strange choice since, unlike most websites, one can download its database and query it offline. For example,
Some other ways to search and read Wikipedia offline:
XOWA: (S: XOWA)
WikiTaxi: S: WikiTaxi (for Windows)
aarddict: S: Aard Dictionary
BzReader: S: BzReader and MzReader (for Windows)
Selected Wikipedia articles as a printed document: Help:Printing
Wiki as E-Book: S: E-book
WikiFilter: S: WikiFilter
Wikipedia on rockbox: S: Wikiviewer for Rockbox
“WhatsApp messages are limited to 1600 characters”
If that is UTF32 we have 51200 bytes or 50kB per message.
“the basic free accounts I was using rate-limit to ~1QPS”
That is 400kbit/s.
Can we have multiple accounts?
40 accounts would give us a theoretical maximum speed of 16Mbit/. Would probably closer to 10Mbit/s in real life, enough to watch movies.
Almost a decade ago a French mobile carrier had their entire domain and subdomains zero-rated - one of the subdomains had a phpBB forum - someone created a little script to tunnel full layer 3 communication over the forum’s private messaging functionality. I’d imagine it would slaughter the DB if you tried to pass any significant traffic though it but as a demonstration it was cool and worked fine.
One thing that would be interesting is scanning for open ports. Once you find an open port, make a Twilio API and text the number (Since most airlines enable texting via SMS/Whats APP) that triggers opening the port on your VPS that is opened on the airplane.
Once you do that, you can tunnel into your VPS through the airlines open port or SSH into the machine. If you create a SOCKS5 proxy, then all traffic in your browser will tunnel through the VPS.
Back in 2019 when Indian government put a city of 8 million into a 9 month curfew including internet blackout, I was anxious yo get online. Then they permitted only dozen of "white listed websites", just ones that did not allow anti India propaganda. Anyways, I found amazon India worked.
I went to aws, set up a vps and simply used ssh tunnel to it.
It worked, for a bit. They closed the default port and I could not spend time on a dedicated public internet terminals to " test" open ports so yeah, I have done exactly that.
HAProxy is also really useful for this purpose, I dare say more-so. For my use-case it solved this problem:
"Using 1 port on the remote server (port 443), how can I serve HTTPS (serve a website) and SSH or SOCKS5 (use the server as a proxy)?". HAProxy was good for the task. It could be used to tunnel SSH through HTTPS too, in the case where a corp firewall is using DPI to block standard SSH. What I'm not sure of though... can it tunnel SSH through HTTPS, and, serve a website at the same time? That's a question for the reader.
The idea of serving a website at the same time was for the purpose of providing a plausible reason for traffic exists from that server. Like, you know, if the admin's see traffic on 443 from an ip/domain with no website, that's got to be a magnitude of suspicion higher than an ip/domain with an actual website being served on it.
Sure. If you run an https proxy that allows CONNECT, that can tunnel ssh, but if you do GET without a fully qualified url, that can serve whatever according to the host header. If you just wanted to tunnel ssh over tls, it's trickier because ssh is server speaks first and http is client speaks first, so as a server, you'd have to guess if your client wants one or the other.
The last time I was on an flight that had WiFi (AA about 5 years ago) I tried 2 ways to get around the captive portal, both successful:
1. Setting my useragent to iOS Safari and trying to download the Gogo Player app to watch one of the free films. If you have Android this just serves the APK but on iOS it just has to dump you to the App Store. This seemed to give me a good half hour of connectivity.
2. I went on the live chat and asked for a free connection. The agent gave it to me.
This reminds me of back in the day when internet cost on mobile phones. An og "hacker" could text a website to some number he had set up and it would MMS him back a picture of the website. Worked in a pinch. This was in 2005-2008ish. I can't remember who did it though. So many years ago.
Wait, is this filtering based on IP or DNS? How do they make sure their whitelist remains up to date? (I assume it's HTTPS, so those are basically the only two options...)
If it's DNS based, there should be simpler workarounds, so I guess it's just IP based?
While this doesn't directly address Delta's captive portal implementation, on many TP-Link Omada wireless APs, there is a feature that allows you to create a captive portal, and when doing this, you can either whitelist a website by its hostname or by its IP address. I was curious as to how it was filtering by hostname, so I ran a few DNS queries, which all resolved normally, indicating that it wasn't a DNS-based whitelist. Seeing as the whitelisting also worked over HTTPS, I assumed it was TLS-SNI. It turns out that anyone can whitelist any IP address by visiting any website while sending the SNI of a whitelisted hostname. This caused the AP's software to create a firewall rule allowing access to the IP address associated with the spoofed SNI. After doing this, it was then possible to connect to any website hosted on that IP address with any SNI hostname.
I worked on the technical side of WhatsApp's special pricing program (aka zero rating) from when it started, through integration with the Facebook Mobile Partner Portal until I left in late 2019. We provided partners IP addresses (well a list of cidr ip/subnet lengths) and email updates when IPs changed. Some partners wanted hostnames, but it wasn't usually effective to manage that way; hostnames seemed to work great for WAP based special pricing, but not for direct tcp. But AFAIK, airline programs were done by the airlines (or whoever does their internet service) without consultation with WhatsApp. (A special plan for messaging without multimedia wasn't within the WA policy, at least while I was there, so we wouldn't have helped them build the product they wanted anyway)
There are lots of possible ways to identify WhatsApp traffic, but I never had a chance to figure out what they were really doing. During that time period, if I was on a flight, I was usually with my young child and it's hard to keep focus for debugging networking on a plane, anyway. What I saw when I was looking was more like what joshvm describes elsewhere. The messaging only plans seem to allow most low bandwidth connections, with high latency, but they'll actively supress some things, and others stall beyond some threshold; sometimes you could get a couple media files to transfer, but then it would stop, etc. WhatsApp was engineered to work with the world's terrible networks, so it will usually work ok for messaging as long as packets get through eventually; connection and ping timeouts are long on client and server, because sometimes it takes a lot of seconds. If DNS doesn't work, that's fine too. Multimedia would usually retry and resume enough to work even if connections didn't last long, so I'd guess there was something actively supressing that, but I don't really know.
FWIW, chat isn't TLS, so SNI isn't the answer there, although at least in the past, the protocol was very identifyable. Been gone for a while and don't regularly tcpdump my connections to WA anymore, so I don't know if that changed though. Multimedia is https, and probably has SNI, although that used to vary by platform.
I always thought WhatsApp published their list of IPs (segregated by standard chats vs media), but it seems they only share CIDR blocks with operators privately: https://www.whatsapp.com/cidr.txt
And you say there's no segregation between chat and media - and I trust your out of date info more than my completely made up guesses.
Yeah, that text file included messaging and multimedia (and verification and the website, etc); there was another one that included those and VoIP relay servers (but VoIP also can do p2p, so it's harder to include in special pricing), until it moved to the private portal. Customer service would sometimes provide the link to that text file, and operators we had an active agreement with would get an email when the file was updated (or sometimes when my scripts broke and did stupid things, sorry operators). (While I was there) We never provided a chat only file, because chat only is not a user experience we wanted to have happen.
It is pretty simple... your filter just makes periodic DNS requests to the desired allowed host and updates it's IP restrictions to the returned address. You also need to run the DNS resolver to return that same cached IP to prevent having the upstream DNS server return a different address.
You also need to make sure the DNS server will only resolve the domains you want it to, because if you allow unfiltered dns requests to arbitrary domains, anyone can then tunnel their traffic over DNS, as another comment on this thread pointed out.
These days with the prevalance of HTTPS, another option is to inspect the TLS client hello packet. To work well with load balancers etc, clients typically indicate the server name that they're trying to connect to (SNI - https://en.wikipedia.org/wiki/Server_Name_Indication). That information is not encrypted. So you have both the dst IP and hostname in the initial packet.
You probably can. But it would require a custom app that doesn't use the same cname for DNS resolution, SNI and then inside follow-up requests in the Host header. A web-browser would e.g. just use the same values for all of those, and then you either get charged or would end up at facebook.com.
It's indeed pretty simple for TLS over TCP, since the whole ClientHello is part of the first packet and relatively easy parse or seek for. With QUIC it becomes a major pain, since it's not obvious anymore for middleboxes which QUIC packet is the first in a connection, and since Crypto data can be fragmented and reordered (Chrome is doing that by purpose even inside single packets). Therefore hardware inspection would require a pretty full-featured QUIC protocol parser and understanding.
I would also assume that Whatsapp might change the servers used with updates of the app. How would Delta deal with that? Just wait for the complaints to come in?
WhatsApp (now, since it moved into FB's infra) connects to g.whatsapp.net, which is a CNAME to chat.cdn.whatsapp.net, which in turn is an A record to a VIP on Facebook's edge network. The A record you're returned can change — it's intended to be one that's closest to you (as determined by your DNS resolver's location and probably EDNS Client Subnet) but traffic engineering policies might cause different responses over time.
Since on a flight it's likely everyone will use the same resolver on the ground somewhere in Delta's infrastructure a simple mechanism to resolve the IP periodically and update a whitelist (or to cache one VIP location and always return that) might work. Alternatively, as other commenters have suggested, it'd be better to identify traffic with SNI or other profiling.
Updates to the app almost certainly won't change the address it connects to.
I actually had a very similar idea but the twist is in Africa we don't have access to affordable internet for the average student but we have greatest discounted bundles for social media apps like whatsApp, instagram and facebook. I wanted to use whatsApp to send a screenshot of googles first result page for a given query.
Maybe it has to do something with WhatsApp also using the Signal protocol, though you'd think generally they'd whitelist IPs or hostnames rather than doing DPI.
For some reason I just eat these kinds of projects up. As a kid I went on a cruise with my parents with very limited internet access and discovered HTTP-over-DNS (using TXT records), which remains my favorite captive portal workaround.
If anyone's looking to reproduce this but in a no-code way then I have a setup to send and receive WhatsApp messages via email[1] using android VM and tasker which could be modified/extended for retrieving other data.
But OP method has lesser moving parts and more easily reproducible if coding is not the barrier.
My first thought was to abuse the Web client. Run a server somewhere which hooks into JS in headless Chrome, parses commands and sends messages (requires a dummy user). The client could be based on the Web client, too. But I'm not sure if it's feasible and it's probably against the Terms of Use.
Telegram has a lot of bots that do essentially this. But because WhatsApp is owned by Facebook, they have more business deals so you zero-rating in these situations.
You'd be surprised what kind of automations people build on top of WhatsApp. Also, you can use free alternatives to the Twilio API to do more than just text-based automation.
I fail to see the practicality of this. Since the reason presented was not to pay for WiFi but you still have to pay a service like Twillio if you want to construct a Whatsapp to whatever gateway.
Also, why not construct a Whatsapp to HTTP gateway, since pictures and other binary data can be transformed with ease into text by something like base64 encoding. Sure, it would still not be practical, but it would be a better proof of concept.
nice project, I've did something like this too, except I tunneled the internet traffic through SMS, so I could access the internet through my feature phone lol
Sure, it's always interesting to investigate vulnerabilities and design deficiencies, and it can be beneficial especially when the goal is improving security for everyone.
But it's hard for me to celebrate someone whose motivation seems to be that they are simply too cheap to pay for something that other, more honest, people are willing to pay for. In this case, it probably doesn't affect anyone else if the author only downloads a few articles, but in general, if internet bandwidth on an airplane is a limited resource, then using large amounts up in this way to the detriment of others would just be stealing.
My comment is about something else: net neutrality, as someone already mentioned.
I was teaching English in Laos for school kids. I was amazed that some of their families struggle with providing (nutritious enough) food for their children, yet, everyone had smartphones with always-on 4G,even in the countryside - however, no WiFi almost anywhere.
The brains of these kids are like sponge. They WANT to learn, they're shy, but they want to speak, to read, to practice English. They also like to (constantly) sing (something that is badly missing from western schools), so at one point I referred them to "simple English Wikipedia", where they can research their favorite singers with easy-to-process articles.
Empty stares.
"so instead of Wikipedia.org, you go to simple.wikipedia.org."
Still nothing.
I had to realize later that even if they knew that this free, always available encyclopedia exists, it's NOT included in their 4G subscription.
Yes, you guessed correctly: those subscriptions are sponsored by big US / Chinese corps, so all these kids had were Facebook, Instagram, WhatsApp and TikTok, everything else costs ~10$ which is days worth of meals for whole families there.