Or you could pay an additional $5/month for a decent VPN. In fact, I have a number of close contacts who work in the industry who tell me that this type of practice is of heavy interest and routine on the wireless end of things. Companies are tracking not just your browsing habits but your location data based on cell tower triangulation.
This is why we need to decentralize the ISPs and move to local mesh networks.
You can certainly expect it -- and not just because technical users could use VPNs to end-run traffic shaping.
You can expect it because VPNs are overwhelmingly used by technologists and 'business' users. In general, these people have an ability to pay (much) more, so ISPs would like to charge them more.
A standard VPN doesn't try to hide, and will look like a VPN to the ISP: all packets contain encrypted material, destination doesn't vary, etc. This is what I mean by "unobfuscated", and this would be easy for an ISP to throttle.
One can imagine ways to tunnel VPN traffic over ISP-approved traffic, but that arrangement might have other drawbacks.
Putting it over HTTPS won't necessarily stop them. The caveat mentioned in the article is that they won't track your HTTPS web browsing. But they can still slow it to a crawl if they don't like you doing it.
No worries! Actually I wonder if just tunneling over TLS would be enough if the ISP were determined. I mean, after they see me pushing and pulling GBs from the same host for an hour, they might just GET it themselves. If they see a "how to configure your VPN" page, that address could go on a slow-list.
This made me smile. I would like to imagine that there were consensus on this point.
Now, let's talk solutions.
I think the effective solution for much of the nation will be wireless, but FCC and affiliated interests have been postponing the liberation of enough unlicensed spectrum to make that feasible. The dominant regulatory scheme creates scarcity where none should exist, and that's how all of these bastards keep the gravy train rolling. They rue the day they decided to just let the microwave ovens have 2.4 GHz, because now that frequency is proof that there is no physical reason to "license" electromagnetic radiation. If we can just pry a few more spectrum slices from their grasp, including those better suited to slightly longer ranges, that's the hole in the dike that will eventually create a market in telecom.
I used to work precisely on the sort of technology that would make this possible, and I support liberalizing FCC regulations, but I think your comment is off-the-wall. At the time FCC licensing was instituted, there were no cognitive radios that could listen for free channels before transmitting. Heck, frequency-agile radios didn't exist. Even today, whitespaces technology isn't so well-developed that we could just get rid of the licensing regime. Remember the wireless mic debacle? http://gizmodo.com/287736/microsoft-google-dell-coalition-wh....
My reading of the "debacle" was more that a fringe industry had been squatting on a particular band for a really long time, and was able to frighten a bunch of churches into complaining to Congress that they didn't want to have to buy new gear. I would understand that sort of excuse for AM broadcast, but why the hell don't wireless microphones run over more modern radio tech anyway?
Of course I don't suggest that cognitive radio could have existed in the 1930s. Instead I suggest that it should be given more room to operate now. So they had a problem demo seven years ago: what has happened since? Is it "off-the-wall" to wonder why licensing hasn't changed in response to the invention of the integrated circuit?
EDIT: I'm talking about opening specific, limited bands ("a few more spectrum slices") to unlicensed use, in precisely the fashion in which 2.4 GHz is currently open, although at higher power. Though I do dream of the FCC folding (in much the way I dream that of the DEA or CIA), I realize that in serious conversation with serious people one must focus on the tenable.
Fringe or not, it illustrates why we have licensing. People bought cheap, dumb equipment, and it was fragile. All predictable. But at the same time, very expensive and sophisticated technology couldn't figure out how to protect the cheap dumb equipment. Its a very hard problem. And "Sucks for them" isn't a practical response when you're trying to change the status quo.
It might have been one bad demo, but it was also a very simple, controlled experiment. The spectrum environment without FCC licensing would be orders of magnitude more challenging. The technology just isn't there yet to replace the FCC across the whole spectrum. The FCC certainly could move faster to allow the technology to develop, but your characterization of the situation and aspersions are inaccurate and unwarranted.
You're also ignoring how expensive this equipment is. Simple white spaces devices are pretty cheap, but the kind of radio that would could freely operate over a large part of the spectrum is still very expensive. Just the analog frontend capable of tuning to a wide range of frequencies is expensive. Retrofitting existing devices with the technology, at the scale that would facilitate deregulation, would be quite impractical right now.
It's a really interesting space, and I think it has tremendous potential, but there is a lot of development to be done before the technology lives up to the libertarian fantasy. I think we're at the stage where it would make sense to have an unlicensed band that allowed "smart" devices only, which followed a minimum set of rules. The challenge here is getting someone to give up their spectrum.
I think we're at the stage where it would make sense to have an unlicensed band that allowed "smart" devices only, which followed a minimum set of rules.
Then we agree on the only point that matters.
The challenge here is getting someone to give up their spectrum.
That is indeed a challenge. In one case, this effort included updating every television in the nation. Yet still, five years after the digital transition, from the WIA Spectrum Policy [0] page:
Rural areas continue to be the most underserved market in terms of wireless reach and innovation. However, the abundance of white spaces in these regions provides a unique opportunity for rural wireless providers to use this unused spectrum to promote coverage through high-capacity service. While the advantages to expanding this expansion remain undisputed, firm action has not been taken as of yet in order to allow the operation of higher powered spectrum in these areas. At present, TV band devices are not permitted to operate at power levels greater than 4 watts EIRP, even though expanding this power limit would pose virtually no threat of interference to current broadcast bands. The delay in the advance of power limits only serves to hinder wireless progress in rural areas of the country.
That seems wasteful: usable white space was one of the selling points of the digital transition, and yet giant blocks remain unusable for no publicly-acknowledged reason. I mean, I hesitate to even ask what the military are doing with all their spectrum while this is still going on.
The "virtually no threat of interference" claim needs to be taken with a grain of salt. Digital TV receivers are pretty dumb devices that aren't very good at rejecting interference.
I'm a big proponent of having minimum interference tolerance requirements for receivers, and there's work happening on that front: http://transition.fcc.gov/bureaus/oet/tac/tacdocs/WhitePaper.... But we'd be talking about another round of updating every television in the nation...
The "virtually no threat of interference" claim needs to be taken with a grain of salt. Digital TV receivers are pretty dumb devices that aren't very good at rejecting interference.
When I enter "Los Angeles CA" on the FCC reception map site [0], there are 23 green/strong broadcasters listed. When I enter the location of my home, there are two. Are we to believe devices that can handle the presence of 22 "competing" signals in one situation will be completely overwhelmed by the presence of one or two extra signals in the other situation?
Those 23 broadcasters are all on different channels. We're talking about devices that could potentially be on the same channel as an exiting TV station. This is not a trivial problem to solve, because you need very sensitive detectors on the "smart" device to ensure that it correctly detects when there is an active station on a given channel: http://www.sharedspectrum.com/wp-content/uploads/2008-10_SSC....
One of the most complex aspects of doing this sort of thing is various permutations of the "hidden node" problem. Essentially, the problem is that a "smart" transmitter may not hear a dumb one, and use an in-use channel, interfering with a dumb receiver, which otherwise could hear the dumb transmitter. This tends to happen because geographic obstacles can cause individual nodes to have a different view of the spectrum environment.
Good point, but devices don't have to be able to sense broadcasts on a channel in order to avoid using that channel. Alternatively, the WISP WAP could just continuously broadcast (on known safe channels, as a part of the normal SSID etc. beacon) the list of currently safe channels, as configured and maintained by WISP personnel, and consumer devices could simply not transmit until they received the list.
Even if we were limited to listen-before-talk, the linked study recommended 10 W rather than 4 W, and that was in the urban context of Baltimore-DC, rather than out here in the hills where we rural people would like a choice in ISPs.
>They rue the day they decided to just let the microwave ovens have 2.4 GHz, because now that frequency is proof that there is no physical reason to "license" electromagnetic radiation.
What do you mean by this? 2.4ghz is used for low-power, short range communication, so of course there are fewer issues with interference. You can't say the same about the FM radio bands, for example.
See sibling note by 'rayiner. FM as broadcast now is really old tech. Car radios would have to be updated to have cognitive radio capability, if this regulatory regime were extended to that band. But that doesn't have to happen soon; the spectrum is vast and could certainly accommodate more unlicensed use without inconveniencing this particular use.
EDIT: In case this is still unclear: I'm talking about opening specific, limited bands of spectrum to unlicensed use. I would not nominate FM radio as the first such band. Just as wifi chips today are capable of not interfering on bands they don't use, super-wifi transmitters would not interfere on bands they don't use.
Everyone run some fiber to your nearest neighbor in each of the 4 cardinal directions. Go to MIT, find one or more of the kids that already figured out to make all that work, and read their theses. Launch an open-source project for the required network hardware and its firmware, and manage to sell as many as you can produce at $30 each.
A five-port gigabit fiber router sounds more like $300 in volume, and most Americans would rather pay $299/month than $300 one time because it's cheaper.
I was actually referring to the [implied] part where the person installing it doesn't need to know anything other than how to plug everything in. You're not going to get a usable network out of this if it requires the people using it to know anything at all about their hardware, or if they have to get their own identifying numbers from ICANN.
It really needs to be something where they plug in a box and hot and cold running Internet comes out when they open the faucets. And if you thought disruptions were bad when some country "misconfigures" their BGP to route the entire Internet through their spy agency's offices for 15 minutes, wait until a thousand Joe Bagadonuts are doing it truly accidentally, all the time.
I don't get why people are pushing folks towards VPN. If you use one, you shift your endpoint from Provider A to Provider B. And you have absolutely no guarantee ever, that the upstream link of provider B or that provider B itself (accounting, user association etc etc) is not rigged...
True, a VPN in hostile environments might be a good idea. If the termination endpoint is secure, is another question.
I think it has more to do with the network peering arrangements of the VPN host more than privacy. At least that would be the benefit from my point of view.
If my ISP has a poor path to (for example) Netflix, but my VPN provider has a good (unsaturated) path, it could be advantageous. But this requires my ISP to have a good connection to my VPN provider.
I have a Plex server in Canada with OVH and on my local connection it worked fine for years to stream movies and TV. Even 1080p stuff worked fine. Then it appears that CenturyLink started shaping port 32400. So I got a 5 dollar droplet on Digital Ocean (SF) and now use that for a VPN. Plex works fine. I can switch the VPN on and off and it makes a huge difference. Without the VPN it is constant buffering.
I had a discussion about this with one of the guys from PIA VPN...you can pay via bitcoin and the info required for sign-up is kinda uhm spartan.
No chance of pushing any serious traffic through a VPN though unless you control it.
Unfortunately, in my case a VPN would probably put me on weaker legal ground. My ISP is not legally entitled to monitor my traffic...once it hits the VPN provider the local laws apply & I can do without US laws on the privacy front.
Personal (non-company) VPN still doens't fully work on smartphones. It needs to be manually activated each time, making 'all-traffic-behind-vpn' impossible for now. It is possible for coporate VPN's so we know iPhones can do it. A choice by Apple HQ?
Works fine for me with OpenVPN on Android (4.4.2 on a Galaxy S4 and Nexus 7). It will only prompt to accept the VPN the first time it's run. If you leave it running in the background it will re-establish the connection whenever it needs to.
That being said, I also have an Xposed module to get rid of the confirmation prompt entirely (I use Tasker to enable the VPN automatically when my phone connects to unsecured wifi networks).
I can't speak to how Apple does it, so maybe it's just an OpenVPN vs IPsec thing. If you setup your own IPsec VPN you could possibly have it activated automatically. There was a post on HN a few months ago with a script to basically setup an IPsec VPN automatically for you.
I don't know how they're accomplishing it technically, but http://getcloak.com manages to auto-enable my VPN on my iPhone every time I connect to a non-whitelisted wireless network.
I'm a Cloak user. Connect on Demand in iOS has a great design, but unfortunately it's buggy. About once a week, I will catch it not using the VPN (and not blocking traffic nor trying to reconnect). I even connected my iPhone to Apple's desktop utility that allows reading the device logs and I correlated the behavior to certain log errors. This problem started in iOS 7.0 and remains up to 7.1.1 (iOS 6 was fine).
As a result of this bugginess, I'm no longer willing to use untrusted wi-fi networks even with VPN. It's really too bad that Apple is not fixing this, because it renders the Connect on Demand feature useless from a security point of view, and it nullifies the functionality of Cloak. Cloak is otherwise an awesome app and service, and it's not their fault as they can't control this code.
iOS 7 opened up some APIs for it. GetCloak's app uses it (and has a lot more niceties, I read), and so does the ugly but generic OpenVPN app. I'm guesses that they're not able to block all traffic before the VPN is set up though. I'm not sure. And I'm certain the OpenVPN app doesn't fail safe/closed.
Anyone know of a portable, travel wifi router that supports VPN and fails closed?
This is why we need to decentralize the ISPs and move to local mesh networks.