Karl Bode is a freelance writer living in New York that has been babbling, jabbering and prattling about technology, politics and culture professionally for more than fifteen years. Follow me on Twitter @KarlBode
Canadian cable and wireless operator Videotron is hoping to see just how far Canada's net neutrality rules will stretch. The company last week was the latest to experiment with a new zero rated usage plan that exempts the biggest music services from the company's usage caps. Dubbed "Unlimited Music," Videotron's new effort will initially exempt services like Stingray, Rdio, Google Play, Deezer and Spotify from usage limits. Depending on popularity, additional services will be placed on the company's usage-allotment whitelist in the coming months. According to Videotron, this is about "getting ahead" of consumers' needs:
"We want to get ahead of our customers’ needs once again by bringing them a unique, innovative service: Unlimited Music will help make the connection between fans of music from Québec and around the world, and the major music streaming players."
On the surface most users initially like the idea of cap-exempt content. Indeed, carriers have tried to frame such a concept as "1-800" or "free shipping" for data, where the content company bears the brunt of the cost of delivering the content to the end user. Consumers pay less for data and select companies gain a marketing advantage. It's a huge win for everybody involved, right?
Well, no. Remember that usage caps imposed by carriers are utterly arbitrary and are barely bound to any real-world economics or engineering. These are artificial limitations carriers then charge consumers and companies to navigate. By letting the biggest companies be exempt from these arbitrary limitations (sometimes for pay, sometimes not), you've immediately put small businesses, independents, and non-profits at a massive disadvantage. This has been a huge issue overseas where Facebook and Google have faced fierce opposition to their dreams of turning the Internet into a zero rated, selectively curated, walled-garden advertising kingdom.
"The pernicious thing about zero rating is that it is marketed as a consumer friendly offering by the mobile carrier – “we are not charging you for data when you are on Spotify." But what all of this zero rating activity is setting up is a mobile internet that looks a lot more like cable TV than our wide open Internet. Soon a startup will have to negotiate a zero rating plan before launching because mobile app customers will be trained to only use apps that are zero rated on their network."
For some reason, many people can't see the threat posed by zero rating. Stop by any Reddit thread on the subject, and you'll usually find most users utterly clueless to the potential pitfalls of letting carriers inject themselves as middle men in this fashion (free Spotify, bro!). Even T-Mobile, currently the US wireless industry consumer darling (whose "Music Freedom" idea Videotron is copying), doesn't understand the pitfalls of zero rating. Regulators too have gone out of their way to avoid seriously addressing zero rating, meaning that companies can dance over and under net neutrality rules, just as long as they're clever about marketing the violations as a boon to consumers.
In Canada, zero rating is supposed to be a subject the CRTC examines on a case-by-case basis. But when the CRTC can be bothered to enforce neutrality, they've only taken action against the most obvious offenses (like phone companies exempting their own video services from their caps, but not competing companies' traffic). Though they'll fumble in admitting as much, North American regulators see caps and zero rating as "creative" pricing experimentation.
With regulators napping and many consumers cheerfully and obliviously rooting against their own best self interests, it's pretty clear we intend to collectively discover just how stupid and slippery the zero rating slope can be. Perhaps real-world experience will be educational in a way that warnings about zero rating couldn't be. But it's kind of like the boiling frog anecdote; once you're fully aware of the temperature of the water, you've already traveled beyond the point of no return. Once we've accepted the carrier meddling and unlevel playing fields inherent in zero rating, it may be too late to backtrack.
For a few months now a rumor has been circulating that the FCC is intentionally planning to ban third-party custom router firmware. Wi-Fi hobbyists (and people who just like a little more control over devices they own) have long used custom, open source firmware like DD-WRT or Open-WRT to bring some additional functionality to their devices, with the added bonus of replacing clunky router GUIs. Custom firmware is also handy in an age when companies like to force firmware upgrades that either eliminate useful functionality, or add cloud-features and phone-home mechanisms a user may not be comfortable with.
But at last July's BattleMesh 8 event, Wi-Fi enthusiasts noticed the clunky wording of an FCC NPRM (notice of proposed rulemaking) discussing the FCC's plan to modify the rules governing RF devices. The NPRM in question (pdf), like all NPRMs, is basically the FCC's way of fielding questions about potential rule changes. It's important to understand no rules have actually been passed yet before committing gadget-nerd seppuku.
It's also important to note the FCC's motivation here is primarily safety, not to be a bureaucratic hardware-enthusiast buzzkill factory. The FAA found some illegally modified equipment operating in the unlicensed bands was interfering with terrestrial doppler weather radar (TDWR) at airports, and pushed the FCC to update its rules governing radios accordingly. But with many routers having systems-on-a-chip (SOC) where the radio isn't fully distinguishable from other hardware, Wi-Fi hobbyists are worried that a ban on modifying a device's radio could result in a blanket ban on modifying the device:
"Like all government regulations, the law of unintended consequences rears its ugly head, and the proposed rules effectively ban Open Source router firmware. The rules require all relevant devices to implement software security to ensure the radios of devices operating in this band cannot be modified. Because of the economics of cheap routers, nearly every router is designed around a System on Chip – a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device.
And these concerns aren't entirely unjustified, thanks to a few troubling phrases buried in both the NPRM itself, and previous FCC guidance (pdf), which asks vendors questions like:
"What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from “flashing” and the installation of third-party firmware such as DD-WRT.
So yes, it's understandable that sloppy FCC engineer wording has some people nervous. But as folks like Stanford lawyer and software engineer Jonathan Mayer have noted, shitty wording during a conversation about potential rules does not automatically equate to shitty rules. Meanwhile, one needs to apply some common sense, and ask if an agency on a uncharacteristic pro-consumer tear -- fresh from a battle over one of the most important open platform fights of our time (net neutrality) -- would seriously think that banning all personal hardware freedom is a nifty follow up.
Curiously nobody seems to have asked the FCC what they think about all of this. So I asked, and the FCC offered me this admittedly clunky statement (note the underlined bit):
"(FCC rules) require that the devices must ensure that under all circumstances they comply with the rules. The majority of the devices have software that is used to control the functionality of the hardware for parameters which can be modified and in turn have an impact on the compliance of devices. Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC's) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented. We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified."
So in essence the FCC is saying that third-party firmware is just fine, just as long as it's not pushing the radio outside of legally-mandated parameters and causing a safety hazard. I also talked a little bit about the FCC's plan with Public Knowledge lawyer and FCC wireless policy guru Harold Feld, who spends more time wading through FCC NPRMs and telecom policy wonkery than any expert I know. Feld agrees that killing custom firmware isn't the FCC's intentional goal. That said, he's also quick to note there's still reason for concern if the rules aren't crystal clear:
"This is, of course, why the FCC does notices of proposed rulemaking and seeks comment from the parties and affected stakeholders. Especially on technical engineering matters like this, it isn't a matter of something being baked already. The FCC is responding here to a real world issue: we had problems with illegally modified equipment interfering with terrestrial doppler weather radar (TDWR) at airports. Naturally the FAA freaked out, and the FCC responded to this actual real world concern.
But at the same time, we don't want the FCC to accidentally write rules that are over-broad or subject to misinterpretation by companies. The real concern here is not some government conspiracy to wipe out open source or mandate encryption. The real worry is that major chip manufacturers will respond by saying "the easiest thing for us to do is lock down all the middleware rather than worry about where to draw the line." That would potentially kill a lot of innovation and valuable uses."
Update: It appears the FCC decided to begin Labor Day weekend backend system upgrades shortly after this story was posted, meaning their public comment system is offline until next week. Fortunately it appears that the comment deadline had previously been extended, and users concerned about the FCC's upcoming rules regarding third party open source firmware have until October 9 to make their voices heard.
Like so many industries, the telecom industry employs a literal army of paid "consultants," fauxcademics, fake consumer advocates, ex-politicians and other talking heads to parrot industry policy under the pretense of objective analysis. Usually this sockpuppet army is used to build a sound wall of illusory support for shitty policy. This practice has worked for decades, in large part, because very rarely can newspapers or websites be bothered to disclose the fact that these individuals are paid to spew total and absolute nonsense by anybody interested in hiring their services via a third party (usually a law firm or lobbying group).
Case in point: the Boston Globe apparently has declared that it will no longer allow former New Hampshire Senator John Sununu to proudly shill for telecom companies within the publication's hallowed halls. Sununu is on the board of directors for Time Warner Cable, and has been paid $750,000 to be an "honorary co-chair" for broadband industry lobbying group Broadband for America. As a loyal hireling, Sununu can often be found repeating broadband industry dreck in media outlets everywhere, whether that's the claim that net neutrality rules will destroy the Internet, or that Netflix is a vile monster getting a "free ride" on ISP networks and must be punished.
Historically, when Sununu parrots writes for the Globe, the paper has simply described him as "a former Republican senator from New Hampshire, (who) writes regularly for the Globe," without bothering to disclose that somebody's often paying for Sununu's time. Despite years of this, only recently has the Globe come under fire for its flimsy-to-nonexistent transparency policies for Sununu and other freelance contributors.
"In the interest of more transparency, we’re posting bios for our regular freelance op-ed columnists online and linking those bios to their bylines. John Sununu has told me he will avoid writing about issues pertaining to cable and internet access because of his seat on the Time Warner Cable board."
Note Clegg's primary worry appears to be Sununu's seat on a cable company board, not the fact that he's been paid by a lobbying group since 2011 or so. Sununu can, of course, still write on other issues where his conflicts of interest are at least marginally obscured in some half-assed fashion. Clegg goes on to make some ambiguous promises in regards to shoring up any transparency gaps moving forward:
"It’s safe to say that few freelance columnists make their living solely from writing for newspapers these days, so most have other jobs or consultancies. We want to be more transparent with our readers about the nature of columnists’ work and affiliations. When appropriate, we’ll include relevant details in the text of the print edition of the column, as well as the link for our digital readers."
Great, except it's not entirely clear that just posting a bio is enough, since those bios often intentionally obscure direct financial relationships. Take a recent Sununu piece in the San Francisco Chronicle, for example, which actively helps Sununu and friends confuse customers by pretending the telecom lobbying group that pays Sununu, "Broadband For America," is actually "a coalition of 300 Internet consumer advocates, content providers and engineers."
It takes about twenty minutes of research to discover "Broadband For America" is primarily a big-telecom lobbying vessel, funded almost solely by the cable industry, whose broader roster of members are included to create the illusion of diversity (often to their own surprise). These connections don't require back-breaking journalism to make; the money trail and faux objectivity is usually only obscured by the thinnest of veneers. Yet apparently, it took the Globe the better part of five years to decide it might be a good idea to highlight their purportedly objective telecom-related editorials were being written by a paid lobbyist.
And Sununu's just one of thousands of discourse-polluting mouthpieces employed by the telecom sector. Former Senator and fair use champ Rick Boucher now works for Sidley Austin's "Government Strategy Group," one of countless AT&T lobbying vessels for policy regurgitation. When Boucher gets paid by AT&T to argue that CISPA would be good for privacy or pretend the broadband industry is ultra-competitive, you'd be hard pressed to find a single news outlet willing to highlight the umbilical cord that affixes him to the AT&T mothership.
And that's just two former politicians. There are thousands of other academics, consultants, politicians, think tankers and freelance telecom editorialists happy to regurgitate any and everything for pay, whether that's cheering Comcast's latest merger or insisting the broadband industry is secretly, wonderfully competitive. While this lack of transparency is common across the board in media, you'd think that journalism-lecture-happy newspapers in particular would be the first in line to proactively highlight dubious editorial funding relationships.
from the protectin'-innovation-through-obstinance dept
For years now regulators have tried fruitlessly to bring a little more competition to the cable set top box market. While CableCARD was supposed to be a revolution on this front, regulatory enforcement was messy and inconsistent, and to protect set top box rental revenues and overall market control, cable companies rarely advertised the technology and made installations frequently nightmarish and expensive. When lackluster CableCARD stats then emerged annually, the cable industry just shrugged and apathetically declared that gosh -- nobody really wanted choice anyway.
Senators Ed Markey and Richard Blumenthal recently collected data from ten cable companies and found that things haven't really improved when it comes to set top box competition. Their data found that 99% of cable customers still rent a cable box, and pay $231 in fees annually for hardware that's usually not even worth a single year's payments. As a result, the cable industry generates $19.5 billion per year in rental fees, and has every incentive to keep things as they are.
Last fall, Congress passed the Satellite Television Extension Act Reauthorization (STELAR), which effectively killed the CableCARD and the FCC's sloppy attempt to crack open the set top market. However, STELAR's passage included the creation of the the Downloadable Security Technology Advisory Committee (DSTAC), tasked with advising the FCC on how to move forward on a CableCARD replacement that actually works. That's no small feat given the cable industry desperately wants to maintain the status quo, and the copyright brigades want hardware to be as locked and crippled as possible.
Among the DSTAC proposals released last week (pdf) is the idea of a "virtual headend," where network security functionality is performed in the cloud, leaving the end user device flexible for an array of hardware and software solutions. It's an evolution of the "Allvid" proposal the FCC considered in 2010, intended to create a single, unified standard for a set top gateway that's open to all forms of video competition, software and hardware alike.
Not too surprisingly this idea has the support of companies like Google, Apple, Sony and Microsoft, but has faced stiff opposition from the cable industry. With reports suggesting DSTAC will be pushing such an open platform (even if more flexible than the original Allvid proposal), the cable industry's chief lobbying apparatus (the NCTA) is of course once again trotting out the safety, privacy and security bogeyman:
"Regrettably, the report veers off course by including a controversial proposal to place a burdensome technology mandate on MVPDs known as AllVid. This approach could jeopardize consumer protections including privacy, emergency alerts, parental controls, and inhibit innovation by allowing the government to dictate the way video content is delivered to consumers. Fortunately, the report reflects substantial opposition to the idea of a new, government-imposed technology mandate and extensively describes the proposal's shortcomings."
Yes, and we wouldn't want to "inhibit innovation," would we? Opening up the locked-down cable set top box not only would open the door to greater set top hardware competition, but it would ultimately threaten the cable industry's stranglehold over cable itself. As such, it's highly unlikely that any proposal worth its salt will see NCTA approval. It's also probably unsurprising that Allvid has the support of consumer advocates like Public Knowledge and the New York Times editorial board, which this week tried to soft sell the idea to the cable industry at the bottom of an editorial on the subject:
"Cable and satellite companies will surely resist change or try to water down the new F.C.C. regulations. After all, they stand to lose billions in rental fees. But it is in their long-term interest to give consumers more choices. A growing number of Americans are giving up cable-TV because it costs too much. Consumers might be more inclined to pay for cable if the industry stopped trying to nickel-and-dime them."
Except it's not really in their long-term interest to give consumers more choices. Open set top gateways and open, competing platforms would only further usher in increased Internet video options, incurring a mass realization that people pay the cable industry far too much, for far too little. As such, expect the cable industry to scratch, piss and moan until it has ensured that whatever standard emerges from the FCC committee is a scarred and bastardized shadow of the original intent. And should this shadow actually survive the lobbying gauntlet and see real-world adoption, the cable industry will surely work tirelessly to ensure the same level of dysfunction consumers enjoyed with the CableCARD.
On the bright side: none of this really matters longer term. Neither incompetent regulators nor terrified legacy giants can stop the Internet video revolution from threatening traditional cable television. And as traditional cable's power wanes, its all-too-comfortable walled-garden authority over the set top box market becomes utterly irrelevant. As such, the cable industry needs to stop focusing on swimming upstream, and start battening down the hatches ahead of what's going to be a particularly nasty storm.
Last week we noted that while Windows 10 has generally seen good reviews in terms of spit and polish, there's growing concern that the OS is too nosy for its own good, and that the opt-out functionality in the OS doesn't really work. Even when you've disabled a number of the nosier features (like Windows 10's new digital assistant, Cortana), the OS ceaselessly and annoyingly opens an array of encrypted channels back to the Redmond mother ship that aren't entirely under the user's control.
Now some of the information being transmitted is purportedly harmless, and some of the problems appear to be overblown (like Windows 10 being banned from some BitTorrent trackers for fear of it reporting user piracy activity), but an operating system you can't fully control is still undeniably stupid and annoying. And it's a curious choice for a company intent on moving beyond the fractured Windows adoption of yesteryear and encouraging the lion's share of Windows users to hop on to a new platform.
Making matters worse, Microsoft now seems intent on retro-fitting its older operating systems (specifically Windows 7 and Windows 8.1) with many of the annoying, chatty aspects of Windows 10. GHacks has noticed that four updates to the older operating systems, described as an "update for customer experience and diagnostic telemetry," connect to vortex-win.data.microsoft.com and settings-win.data.microsoft.com. These addresses are hard-coded to bypass the hosts file, and ferry all manner of personal information back to Microsoft.
Fortunately, it appears that users in this instance can configure Windows firewall and routers to block the traffic, and users can avoid much of the snooping by opting out of the Customer Experience Improvement Program (CEIP):
"The concern with the new Diagnostic Tracking service is much the same as with Windows 10's tracking: it's not clear what's being sent, and there are concerns that it can't be readily controlled. The traffic to Microsoft's servers is encrypted, sent over HTTPS, so it can't be easily examined. While the knowledge based articles describing the new service list the DNS names of the servers that the service connects to, there are reports that the service ignores the system HOSTS file. As such, a traditional and simple method for redirecting the traffic doesn't work.
However, we're not sure just how big an impediment this is in practice; in our testing of Windows 8, the builtin Windows Firewall, for example, is more than capable of blocking the traffic, and this appears to be working entirely as it should. Disabling the service is also effective for those who don't trust its behavior."
Still, it's annoying that Microsoft continues to insist on expanding this kind of OS behavior, without making opting out simple and comprehensive. And it certainly doesn't exactly deflate arguments by folks like Richard Stallman, who consistently argue that Windows is effectively malware. More than anything though, it's a continued advertisement for Linux and operating systems that the end user actually has some degree of control over.
Comcast has slowly but surely been expanding the company's usage cap trials since around 2012, largely focusing them on less competitive markets where annoyed users can't vote with their wallets. In these seventeen (and counting) trial markets, Comcast broadband customers face a monthly usage cap of 300 gigabytes. After that, users need to shell out $10 for each additional 50 gigabytes of data consumed. The trials have expanded slowly but surely in the hopes of minimizing user backlash. Basically, Comcast is the hot water slowly coming to a boil, and you're the frog.
It appears that Comcast has now added a new wrinkle to the mix, and has started charging these trial users an extra $30 if they want to bypass usage caps. The company's FAQ for the new option tries to argue that the change is being made to provide consumers with greater "choice and flexibility":
The Unlimited Data Option provides additional choice and flexibility for our customers who may make heavier use of the Internet. Enrollment is optional. The Unlimited Data Option costs the current additional fee of $30 per calendar month, regardless of actual data usage. The 300 GB plan will not apply to customers who enroll in the Unlimited Data Option.
Yeah, that's bullshit. Back in 2012, users in these trial markets used to get uncapped Comcast broadband service as a matter of course. They now get to pay $30 more a month for the honor of avoiding Comcast's totally arbitrary and unnecessary usage restrictions. And it's all thanks, of course, to the painful lack of competition in most Comcast markets. While this "unlimited" option is currently only being tested in the Florida cap markets, Comcast has made it clear for years it hopes to impose this kind of punitive pricing system in all markets.
You'll recall the cable industry used to claim usage caps on fixed-line networks were necessary due to congestion (fear the Exaflood!). But as bandwidth costs dropped and intelligent network gear offered far more sophisticated ways of managing network load, the cable industry finally admitted that congestion had nothing to do with it. And while the cable industry now tries to argue that usage caps are necessary due to "fairness," they're really about one thing and one thing only: taking advantage of limited competition and protecting legacy TV revenues from Internet video.
If you peruse the Comcast usage cap FAQ you'll notice that Comcast doesn't even really bother with an explanation or justification as to why the caps are necessary, since even the nation's least-liked company knows any defense of this position is futile. This is about as close as Comcast gets to delivering a coherent explanation as to why these limits were imposed:
As the marketplace and technology change, we do too. We evaluate customer data usage, and a variety of other factors, and make adjustments accordingly. Over the last several years, we have periodically reviewed various plans, and recently we have been analyzing the market and our process through various data usage plan trials.
So yeah, we're not a massive incumbent telecom exploiting uncompetitive markets and lazy regulators, we're just experimentin' and changin' and what have you! Comcast has made it abundantly clear that it plans to keep expanding these usage caps (and charging you to avoid them) until either the competition fairy somehow materializes better broadband options out of the ether, or regulators wake the hell up and realize that usage caps on fixed-line networks are a predatory assault on captive customers, an affront to innovation, and an aggressive abuse of monopoly power.
For years now we've noted how some people are absolutely positive that Wi-Fi is making them sick, despite a lack of any substantive evidence on that front. Still, schools have repeatedly found themselves on the receiving end of lawsuits for simply installing and using Wi-Fi, and in some cases have been forced to remove the technology for the supposed benefit of the "electromagnetically sensitive." The majority of double-blind studies conducted indicate that, contrary to claims of the afflicted, these individuals cannot accurately state when they're in the presence of stronger electromagnetic fields.
Regardless, a lack of science hasn't stopped parents in Massachusetts from suing their local private school, claiming the school installed new Wi-Fi gear in 2013 that triggered "headaches, nosebleeds, nausea, and other symptoms" in their thirteen-year-old child. The suit hopes to have "Electromagnetic Hypersensitivity Syndrome" classified under the protections of the Americans with Disabilities Act. According to the lawsuit (pdf), the child's mother, after "much research and study," concluded that it was the Wi-Fi making the child sick, something family doctors were willing to substantiate.
Justifiably, the school brought in EMF analysis experts to document the specific EMF hazard being posed (spoiler, there wasn't any):
"Isotrope found that the combined levels of access point emissions, broadcast radio and television signals, and other RFE emissions on campus ‘were substantially less than one ten-thousandth (1/10,000th) of the applicable (FCC) safety limits."
The family was also annoyed when the school district wanted to use their own doctors, who in about ten minutes (at least according to the parents) came to the conclusion that whatever is ailing the kid, it wasn't Wi-Fi radiation:
"The family was also unhappy after officials at Fay asked them to have G see another physician, who after speaking to G for 10 minutes and not conducting any tests “pronounced that in his view there was not enough study yet done to link Wi-Fi emissions to symptoms such as those G is experiencing at Fay School,” they say in the complaint. "This doctor stated in essence that he does not believe in EHS,” the lawsuit says. “Yet he made no alternate diagnosis."
All told, the parents demanded the school run Ethernet to classrooms their child attends, lower the overall power of Wi-Fi transmissions in the school, and provide $250,000 in settlement funds. A new, updated report suggests that a preliminary settlement with the school may have already been reached. Maybe it's just me, but it seems like these disputes could be settled very easily (and without hindering the school's coffers or other student's capacity for learning) by having the electromagnetically-sensitive participate in a blinded study requiring they clearly illustrate their ability to detect electromagnetic fields.
While there are countless diseases that constantly illustrate we certainly don't know as much as we think we do (Lyme Disease, for example), if EMF exposure really is having that dramatic of an impact on certain individuals, this is surely reproducible and provable, right? Right?
not limited; unrestricted; unconfined:
boundless; infinite; vast:
the unlimited skies.
without any qualification or exception; unconditional.
While carriers have long insisted they offer "unlimited" data, they go to great lengths to avoid offering said advertised product when the gluttonous masses inevitably come calling to partake in the all-you-can-eat buffet. Countless companies have had their wrists slapped for the failure to disclose that their "unlimited" plans are in fact quite limited. Verizon settled a lawsuit from NY's AG back in 2007 for advertising capped and throttled services as unlimited. When Verizon and AT&T later ditched all unlimited plans, they both still waged a quiet war on unlimited users, again throttling or otherwise restricting their data consumption.
In recent years T-Mobile has taken advantage of this shift and marketed itself as one of the last companies that truly embraces unlimited data. Well, sort of. If you sign up for an unlimited T-Mobile smartphone plan, T-Mobile's website will quietly inform you that by "unlimited" T-Mobile actually means 21 GB, after which (provided you're on a congested tower), you'll have your speeds "de-prioritized" for the remainder of your billing cycle. Customers that sign up for unlimited data are also greeted with this notice, usually down below the advertisement:
So under T-Mobile's "unlimited" plans, unlimited smartphone use may actually be somewhere around 21 GB, while data consumed when tethering the phone as a modem or hotspot is throttled after 7 GB of consumption. Now to be fair, those allotments are pretty generous. And as carriers are quick to argue, the fact that you can still use data beyond those limits (albeit at reduced speeds) still technically means the connection is "unlimited." But the industry's still playing it a little loose with what is a clearly-defined term (I've underlined the key synonyms above if any confused carriers are reading).
"...These violators are going out of their way with all kinds of workarounds to steal more LTE tethered data. They’re downloading apps that hide their tether usage, rooting their phones, writing code to mask their activity, etc. They are “hacking” the system to swipe high speed tethered data. These aren't naive amateurs; they are clever hackers who are willfully stealing for their own selfish gain."
According to Legere these "clever hackers" only comprise around 1/100 of a percent of the company's 59 million customers, and a few of them have been eating as much as two terabytes a month of data. So why is T-Mobile making so much noise about a small number of customers it could easily shove to metered plans privately? T-Mobile's trying to get out ahead of media criticism for imposing limits on "unlimited" data, and to avoid the FCC's net neutrality and transparency rules by clearly stating intent (even if the T-Mobile FAQ on the issue doesn't really offer technical specifics).
It should be noted that every ISP on the planet has to deal with a small subset of extremely heavy users. This is nothing new, and if T-Mobile had said nothing, people probably wouldn't have given a damn. But after insulting his userbase, Legere proceeds with false bravado to pretend that the perfectly ordinary practice of protecting the network from gluttons somehow makes T-Mobile an industry leader:
These abusers will probably try to distract everyone by waving their arms about throttling data. Make no mistake about it – this is not the same issue. Don’t be duped by their sideshow. We are going after every thief, and I am starting with the 3,000 users who know exactly what they are doing...I won't let a few thieves ruin things for anyone else. We’re going to lead from the front on this, just like we always do. Count on it!
Good job I guess?
To be clear: outside of its wishy-washy net neutrality stance I like T-Mobile, and think the company has done some great things to nudge the industry forward (like killing subsidies and reducing overseas roaming costs). I also think these allotments are more than fair for the price being paid, and T-Mobile has every right to police its network, since two terabytes of mobile consumption is gluttonous by any standard. That said, acting like it's the pinnacle of "clever hacking" and villainy to modify a device you own to get a service advertised as unlimited is a tad specious and theatrical. And Legere's decision to subsequently bicker with users on Twitter for the rest of the day wasn't the "uncarrier's" finest PR hour:
@LEVST3R as I said the abusers will try to confuse the issue and this is one of the ways..nice try
Snark, fanboys and fisticuffs aside, the core of the problem continues to be the use of the word unlimited to sell products that simply aren't. Since the first time the term was marketed it has confused the hell out of users who don't understand that in the age of finite spectrum, intelligent network management and hungry bean counters, there really is no such thing. If you're not willing to offer truly unlimited data (and frankly no spectrum-constrained wireless carrier truly is), stop advertising unlimited data, put your next-best offer clearly on the table, and stop molesting the god-damned dictionary.
As the government continues to play Whac-a-Mole with darknet drug bazaars, one of the Silk Road's leading darknet market replacements says it has temporarily suspended service over Tor vulnerability concerns. In an encrypted post to the site's buyers and dealers (copied over to PasteBin and over at the /r/darknetmarkets subReddit), Agora's administrators say the darknet market is nervous about law enforcement's ability to take advantage of recent Tor vulnerabilities, and as such are pulling the market offline for an undisclosed amount of time to protect the site:
"Recently research had come that shed some light on vulnerabilities in Tor Hidden Services protocol which could help to deanonymize server locations. Most of the new and previously known methods do require substantial resources to be executed, but the new research shows that the amount of resources could be much lower than expected, and in our case we do believe we have interested parties who possess such resources. We have a solution in the works which will require big changes into our software stack which we believe will mitigate such problems, but unfortunately it will take time to implement."
While the post doesn't specify which Tor vulnerability the market's responding to, a paper recently published by researchers from Qatar University and MIT (pdf) argued that it was possible to use a Tor vulnerability to identify Tor hidden services with as much as 88% accuracy. Tor director Roger Dingledine responded to these findings in a blog post back in July. Dingledine downplayed the ability of the vulnerability to be exploited in the wild, while pointing out that researchers have long over-estimated the ease of such fingerprinting methods in the real world.
To succeed in the fingerprinting process, the attacker needs to control the Tor entry point for the server hosting the hidden service, and have previously collected unique network identifiers allowing for the fingerprinting for that particular service. Still, Agora itself strongly hints that they've seen some (presumably law enforcement) behavior in the wild already attempting to take advantage of the vulnerability, and wasn't willing to take the risk:
"...We have recently been discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on and we decided to move servers once again, however this is only a temporary solution. At this point, while we don't have a solution ready it would be unsafe to keep our users using the service, since they would be in jeopardy. Thus, and to our great sadness we have to take the market offline for a while, until we can develop a better solution. This is the best course of action for everyone involved."
"We noticed the strange happenings early on. We KNOW that TOR devs are the best of the best. This is only theoretical paper from MIT students. TOR updates daily on a development level, they would fix any vulnerabilities from any theoretical paper. Emphasis: Theoretical Paper, Not Successful Tests. We have covered all bases."
While the Agora shutdown combined with dropping Bitcoin value (due to the potential forking of currency development by those concerned about scalability) have Bitcoin advocates and Darknet market users sweating a bit, Agora's shutdown would seem to be only a temporarily bump in the road to future darknet opsec skirmishes. Agora already had survived last November's Operation Onymous, which took down Silk Road 2 and 400 other websites. It's still debated whether those seizures were thanks to a Tor vulnerability or old-fashioned detective work (law enforcement obviously isn't keen on being illuminating).
Even if Agora doesn't return, there's a half-dozen or more already established Darknet markets happy to fill the void and satiate the globe's inexhaustible supply of drug buyers and dealers, those entertained by the endless game of opsec cat and mouse, and the government's insatiable need to fill its mole-whacking quota.
Earlier this year AT&T and Verizon were caught modifying wireless user traffic to inject unique identifier headers (UIDH). This allowed the carriers to ignore a user's privacy preferences on the browser level and track all online behavior. In Verizon's case, the practice wasn't discovered for two years after implementation, and the carrier only integrated a working opt out mechanism only after another six months of public criticism. Verizon and AT&T of course denied that these headers could be abused by third parties. Shortly thereafter it was illustrated that it was relatively easy for these headers to be abused by third parties.
While the fracas over these "stealth" or "zombie" cookies has quieted down since, a new study suggests use of such stealth tracking is increasing around the world as carriers push to nab their share of the advertising pie. Consumer advocacy group Access has been running a website called AmiBeingTracked.com, which analyzes user traffic to determine whether or not carriers are fiddling with their packets to track online behavior. According to a new study from the group (pdf) examining around 200,000 such tests, about 15% of site visitors were being tracked by the carriers in this fashion all over the globe:
Globally, the report notes that AT&T, Bell Canada, Bharti Airtel, Cricket, Telefonica de España, Verizon, Viettel Peru S.a.c., Vodafone NL, and Vodafone Spain are all now using stealth headers. In many of these instances there's no opt-out mechanisms in place for users, or the opt-in mechanisms that exist don't actually work. Most regulators meanwhile don't even realize this technology exists, much less have any plan to protect user privacy via hard opt-out requirements. The practice itself, and the stored data, the group's authors note, makes a delicious target for hackers and the intelligence community alike:
"Using tracking headers also raises concerns related to data retention. When “honey pots” of sensitive information, such as data on browsing, location, and phone numbers, are collected and stored, they attract malicious hacking and government surveillance. This kind of collection and retention of user data is unsustainable and unwise, and creates unmanageable risks for businesses and customers alike."
The W3C Consortium recently agreed, noting that stealth carrier tracking header injection is basically a privacy nightmare in the making that undermines user trust in the entire Internet:
"The aggregate effect of unsanctioned tracking is to undermine user trust in the Web itself. Moreover, if browsers cannot isolate activity between sites and offer users control over their data, they are unable to act as trusted agents for the user. Notably, unsanctioned tracking can be harmful even if non-identifying data is shared, because it provides the linkage among disparate information streams across contextual boundaries. For example the sharing of an opaque fingerprint among a set of unrelated online purchases can provide enough information to enable advertisers to determine that user of that browser is pregnant — and hence to target her with pregnancy-specific advertisements even before she has disclosed her pregnancy.
This is what has been happening while the marketing, tech and telecom industries bickered, prattled and grandstanded over do not track protections -- that this technology makes irrelevant anyway. And while companies like Verizon have repeatedly claimed that no privacy or transparency guidelines are necessary because "public shame" will keep them honest, keep in mind that it took security researchers two years before they even realized that the telco was doing this. It took another six months of pressure for Verizon to heed calls for basic opt-out mechanisms most Verizon users don't know exist. It makes you wonder: just how long will it take the press and public to realize future iterations of stealth tracking technology are being used?
While Windows 8 annoyed many users for its attempt to duct-tape two disparate computing styles (traditional Windows and a touch interface) together while demanding you stand impressed by the genius of such a move, Windows 10 initially appeared to be seeing some positive responses (at least among those who use Windows). That was, at least until people started to realize how nosy the operating system is, how frequently it feels the need to phone home to Redmond, and some of the more obnoxious language buried in the terms of service.
"Unfortunately for privacy advocates, these controls don't appear to be sufficient to completely prevent the operating system from going online and communicating with Microsoft's servers. For example, even with Cortana and searching the Web from the Start menu disabled, opening Start and typing will send a request to www.bing.com to request a file called threshold.appcache which appears to contain some Cortana information, even though Cortana is disabled. The request for this file appears to contain a random machine ID that persists across reboots.
While much of this phoning home appears to be innocuous, it's obviously annoying to users who expect an OS that operates quietly and securely on the network. Other ingrained features of the OS may or may not be more troublesome, depending on how seriously you'd like to take the Microsoft's fine print. One provision in particular appears to have caught the eye of numerous news outlets: namely that Microsoft has the ability and reserves the right to disable first-party (aka Microsoft) titles should they be found to be pirated. The TOS also notes that Microsoft reserves the right to block "unauthorized hardware":
"We may automatically check your version of the software and download software updates or configuration changes, including those that prevent you from accessing the Services, playing counterfeit games, or using unauthorized hardware peripheral devices. You may also be required to update the software to continue using the Services."
Comforting! It's possible Microsoft will never utilize this particular portion of its TOS, but its inclusion is understandably troubling all the same, and with the capability embedded, it's hard to think our friends at the MPAA and BSA won't urge Microsoft to include their products. Update: one commenter points out the TOS in question that has everyone in a tizzy refers to Windows services, not necessarily Windows 10. Windows 10 is covered by Microsoft Software License Terms. In short, while Microsoft could declare Windows 10 as a service, it still seems highly unlikely that the company is going to invite the wrath of millions by using Windows 10 as a piracy and device nanny, especially if they want the OS to succeed.
If you're looking for some additional bright side, Windows 10 at least blocks some of the more obnoxious, invasive flavors of DRM that have made the rounds over the last few years, including SecureROM and SafeDisc. Unfortunately, that means titles that used this DRM simply won't work on the new OS without a patch.
Either way, worries about Windows 10's spying and reporting habits appear to have freaked out a few BitTorrent trackers. One tracker by the name of iTS has decided to block all Windows 10 users entirely, redirecting them to this YouTube video explaining the perceived dangers of the new OS. In a post over at Reddit, tracker admins explain why they're not particularly welcoming of Windows 10 users:
This is likely somewhat of an overreaction, since Microsoft has been working with MarkMonitor for many years now, in some instances to protect customers from phishing attacks. Still, it's understandable that Microsoft's decision to embed Windows 10 with all manner of chatty behaviors would raise a few eyebrows. If Redmond wants to avoid the fractured adoption issues that plagued earlier versions of Windows, hopefully executives there can be publicly pressured to ensure that opting out of the more chatty and invasive aspects of the new OS actually works.
Did you know you can occasionally find people discussing narcotics on the Internet? Russian Internet regulator Roskomnadzor (the Kremlin's "Federal Service for Supervision in the Sphere of Telecom Information Technologies and Mass Communications") is pretending to have only recently figured this out, and is working tirelessly to purge this naughty behavior from the Internet. Of course, they're ingeniously doing so in a way that breaks the Internet for everybody else, often taking entire websites offline simply because of one yahoo's heady pontifications on dope.
"Wikipedia refused to comply with the request and instead made a small change to the URL of the charas hashish article, technically putting it in compliance with Russian law. The old page now features a list of seven different Wikipedia entries on the various meanings of the word “charas,” while the original text about charas hashish is completely intact, but is now accessible at a new URL on the encyclopedia's website."
As of yesterday, Roscomnadzor wasn't satisfied, saying it would (re-)ban all of Wikipedia. Unless, of course, the site was willing to make one notable change:
"Roscomnadzor's press-office also said they didn't intend to block the whole website, and would be able to only block the offending content and pages, provided Wikipedia's management “cooperated” and removed the HTTPS encryption protocol that puts the whole website in danger of being blocked."
So yeah, this isn't just another government being stupid and filter happy. Russia is filtering these websites under the authority embedded in a 2012 censorship law, whose purpose was purportedly to protect the children from the Internet's naughty bits. The bill's real purpose, of course, was to create an intentional, obfuscated slippery slope, designed specifically to aid in expanding control over the Internet. So Russia's sudden interest in playing pointless drug content Whac-a-mole is actually an attempt to reduce the overall use of encryption and make snooping easier:
"This is an important case because it’s part of the general offensive against https. Roskomnadzor and the FSB [security services] don’t know what to do with it,” said Andrei Soldatov, a journalist and author of Red Web, a book about the Russian internet. Soldatov said SORM, the system Russia uses for internet surveillance, does not work with the more secure https protocol, also used by sites such as Facebook and Gmail...
Soldatov speculated that the move against Wikipedia could be part of a test of another strategy: by threatening the site with bans over single pages, the site could be forced off https to ensure that the whole site is not affected when only one page is banned. Soldatov said: “There are two options for https: the first is to have access to the data before encryption, which explains the demand to store servers in Russia. The second is to try to force services to give up on https, which is what is happening with Wikipedia.”"
So basically, the Russian government is assaulting encryption, expanding Internet surveillance power and cracking down on critics -- under the pretense of protecting the children from bonghits. Remember, though, killing journalists, encouraging violent homophobia and pumping the Internet full of propaganda twenty-four hours a day are still on the recommended hobbies list in Putin's Russia.
from the the-man-in-the-middle-is-a-bit-of-a-jerk dept
Everybody wants a piece of the Internet advertising pie, and many are willing to sink to the very bottom of the well of stupidity to get what they believe is owed them. For years now ISPs, hardware vendors and even hotels simply haven't been able to help themselves, and have repeatedly been caught trying to inject their own ads over the top of user browsers and data streams. This is a terrible idea for a number of reasons, ranging from the fact that ad injection is effectively an attack on user traffic, to the obvious and inherent problem with defacing other people and organizations' websites and content with your own advertising prattle.
Still, companies like Comcast, Marriot and Samsung have all been caught trying to shove their ads over the top of user data streams. When pressed, most companies are utterly oblivious (or pretend to be utterly oblivious) as to why this behavior might not be that good of an idea.
AT&T's hotspots (or at least the one in Dulles) appear to be using technology provided by RaGaPa, a startup that promotes itself as an expert in "Wi-Fi Monetization
As already noted, this type of injection is highly problematic and sets an awful precedent:
"AT&T has an (understandable) incentive to seek consumer-side income from its free wifi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user’s browsing activity to an undisclosed and untrusted business. It clutters the user’s web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service. And it introduces security and breakage risks, since website developers generally don’t plan for extra scripts and layout elements."
As Mayer also notes, this is a legally muddy area, and, worried about regulatory wrist slaps, most busted ISPs have very quickly and sheepishly backed away from the practice for fear of legal repercussions. I reached out to AT&T to see whether this is a one-off instance of stupidity on the part of AT&T or somebody else (like Dulles), or if aggressively and idiotically injecting itself into the user browsing experience is now going to be AT&T's standard operating procedure across the company's network of 30,000+ Wi-Fi hotspots.
Update: AT&T has sent us a statement indicating that this was part of a limited trial:
"Our industry is constantly looking to strike a balance between the experience and economics of free Wi-Fi. We trialed an advertising program for a limited time in two airports (Dulles and Reagan National) and the trial has ended. The trial was part of an ongoing effort to explore alternate ways to deliver a free Wi-Fi service that is safe, secure and fast."
The sometimes blisteringly-inane hype surrounding the "Internet of Things" appears to be on a collision course with the sophomoric security standards being employed in the field. As we've seen time and time again, companies were so bedazzled by the idea of connecting everything and anything to the Internet (your hat! your pants! your toilet!) they left device and network security as an afterthought -- if they could be bothered to think about it at all. The result has been smart TVs that share your personal conversations, vehicles that can easily be used to kill you, and a home full of devices leaking your daily habits.
The latest example comes again via Samsung, whose "smart" refrigerators aren't so smart. While Samsung's shiny new refrigerators connect to the Internet, can display your Google Calendar and implement SSL, hackers during a challenge at the recent DEFCON found the refrigerators fail to validate those SSL certificates. That opens the door to all kinds of man-in-the-middle attacks, potentially allowing your neighbor to steal your Gmail login information while sitting on his couch next door:
"The internet-connected fridge is designed to display Gmail Calendar information on its display," explained Ken Munro, a security researcher at Pen Test Partners. "It appears to work the same way that any device running a Gmail calendar does. A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on."
"While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentication and fake Wi-Fi access point attack) can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbours, for example."
On the plus side, this vulnerability was found after Samsung invited hackers to try and find vulnerabilities in the system, showing some proactive thinking. On the flip side, this is the same company whose "smart" TVs were found to be happily sending living room conversation snippets unencrypted over the Internet -- so it's not always clear Samsung listens to feedback, or how many bugs and vulnerabilities go unnoticed. Regardless, the researchers' blog post has a little more detail, noting they may have also found some vulnerabilities in the app's encrypted communication stream with the refrigerator.
These endless IOT security issues may have the opposite effect of that intended: actively marketing the need for many devices to be dumber. And those dumb devices are getting harder to find. Many of the latest and greatest 4K television sets, for example, simply can't be purchased without intelligent internals that integrate functionality the user may not want. So while Wired magazine's endless 1990's obsession with intelligent refrigerators may have finally come to fruition, they may be unwitting pitchmen for how sometimes it's better for things to simply remain utterly analog -- and beautifully, simply stupid.
While Google is still seen as (and proclaims to be) a net neutrality advocate, evidence continues to mount that this is simply no longer the case. Back in 2010 you might recall that Google helped co-write the FCC's original, flimsy net neutrality rules with the help of folks like AT&T and Verizon -- ensuring ample loopholes and making sure the rules didn't cover wireless at all. When the FCC moved to finally enact notably-tougher neutrality rules for wired and wireless networks earlier this year, Google was publicly mute but privately active in making sure the FCC didn't seriously address the problems with usage caps and zero-rated (cap exempt) content.
As India has been exploring net neutrality rules it's again apparent that, if not at least leaning into the anti-neutrality rule camp -- Google sure as hell is not helping. Both Google and Facebook have come under fire recently for their zero rating efforts overseas, which include exempting some select partner content from usage caps, and setting up walled garden fiefdoms under the banner of selfless altruism. Critics charge that these plans create vast inequalities in connectivity and violate Internet openness, and that if the companies' really want to help the poor, they can help subsidize truly open Internet access.
While Facebook has responded to this criticism by insisting that all of its critics are extremists should they dare question Facebook's noble intentions, Google's again chosen a more subtle route; staying mute on the subject publicly but quietly working behind the scenes to weaken the final rules:
"Google joined hands with Facebook to try and prevent the Internet and Mobile Association of India, which represents some of the largest Internet companies in India, from taking a stand that counters Zero Rating. According to emails exchanged between IAMAI’s Government Relations committee members, of which MediaNama has copies, Vineeta Dixit, a member of Google’s Public Policy and and Government Relations team, strongly pushed for the removal of any mention of Zero Rating from the IAMAI’s submission, as a response to the Department of Telecom’s report on Net Neutrality. Please note that Google hasn’t responded to our queries, despite multiple reminders...
Apparently Google was preparing to launch its own zero-rated effort in India but put those plans on hold once it saw Facebook taking a public relations beating. And while Google's been very careful to even avoid having any of its positions on the record, these e-mails show it pushed India's wireless carriers to make sure they all were on board supporting zero rating:
"Dixit’s email to the IAMAI government relations committee, while reasoning that there is no consensus on Zero Rating, asked for its removal from the submission, saying: “We would like to register strong protest against this formulation and would request you to remove this (Zero Rating) from the submission."
So yes, this is basically Google's net neutrality modus operandi now: publicly say as little as possible (while harvesting press and public acclaim for being a net neutrality "supporter") while privately undermining real neutrality. As we've discussed with both AT&T's sponsored data and T-Mobile's Music Freedom, such a model gives preferential treatment to larger companies while making life immediately harder for smaller outfits, independents and non-profits. And Google's ok with that. Worth remembering the next time Google (or a press outlet) proclaims that Google's still a noble champion on the net neutrality front.
We've long discussed how game downloadable content (DLC) can be done right, but more often than not it's done very, very wrong. On the positive side you have CD Projekt Red, who recently decided to offer two free pieces of DLC for The Witcher 3 every week for months, helping to build a positive relationship with fans while keeping the game consistently in the public (and media's) eye. More often than not however you have efforts like Bungie's recent flubs with Destiny, or Ubisoft's pretty but incredibly shitty DLC approach to Assasin's Creed, Unity.
And then there's EA, whose quality control issues, treatment of employees and obsession with low-value microtransactions are now legendary in the gaming industry. The company has made nickel and diming DLC high art, at times stuffing $60 launch titles with dozens of pieces of DLC at $5 or more a pop -- already embedded on the disc. Whether you like this idea or not, there's little debate that EA has quite often pushed the idea of microtransactions too far.
But what you might call obnoxious and greedy, EA COO Peter Moore continues to call "innovative value proposition." Speaking recently to Gamespot, Moore quite-proudly proclaimed that it's "nonsense" to believe publishers sell incomplete titles in order to make money off of missing content:
"A lot of that resistance comes from the erroneous belief that somehow companies will ship a game incomplete, and then try to sell you stuff they have already made and held back. Nonsense. You come and stand where I am, next to Visceral's studio, and you see the work that is being done right now. And it's not just DLC, this is free updates and ongoing balance changes."
Well, one, things like "free updates" and "balance changes" are part of routine maintenance for a title, and since they often involve fixing bugs -- aren't really part of the conversation. Still, Moore would prefer it if gamers thought about future EA DLC as if it were "APIs," not content already on the disc that customers should have gotten with the original game:
"Think of them as APIs," he said. "Knowing down the road that something needs to sit on what you've already made, means you have to put some foundations down. What people are confused about is they think DLC is secretly on the disc, and that it's somehow unlocked when we say."
And sure, Moore's not entirely wrong. Many are quick to point out that in modern game development, DLC quite often runs parallel and separate from core game design, and the core structure of DLC developed at a later date often exists on disc to make integration easier. Few deny that, and DLC can certainly be done well. But DLC did in fact start with many developers shaving core content off of the original game to make an extra buck, and there's little doubt that many titles are left intentionally sparse so users need to acquire pricey DLC to fully flesh them out. Moore also ignores the unholy atrocity that is pre-order DLC bonuses, which involves only being able to get a vast array of content if you pre-order from select vendors.
Cumulatively, the frequency of poorly-implemented microtransactions is still annoying, and it's certainly not "nonsense" if the modern gamer feels that the value proposition of many modern titles from AAA developers has slowly been circling the toilet. On the flip side, it has been interesting to watch the resistance to poorly-implemented DLC slowly erode over the years. Back in 2011, gamer disdain for nickel and dime DLC was utterly palpable. During the first quarter of this year, "extra content" generated roughly $921 million out of EA’s total digital revenue of $2.2 billion, meaning there are plenty of people who now either think DLC offers a great value position or have more disposable income than brains. I personally ignore 99.7% of all DLC.
Granted Moore is the same guy who tried to argue that EA won Consumerist's "The Worst Company In America" poll simply because it's big. And EA is the same company that consumes talented developers and shits out broken dreams as a matter of course. As such, EA's probably the last one gamers should ask when trying to differentiate value from a heaping $5 pile of nonsensical, supplementary horse excrement.
As we've noted, AT&T and Verizon are working hard to dump all of the DSL customers they're too cheap to upgrade to fiber, so they can focus on much more profitable (read: capped) wireless broadband service. A company by the name of Frontier Communications is doing the lion's share of the acquisitions, recently acquiring all of AT&T's customers in Connecticut, as well as all of Verizon's fixed-line broadband customers in California, Texas, and Florida. Unfortunately for these acquired users, Frontier is exhibiting the kind of steep, sustained incompetence that should probably be making these customers very nervous.
As we noted back in May, Frontier recently had to stop selling broadband service via the company's website -- because it apparently couldn't figure out how to get the technology to work. If that didn't make new Frontier customers nervous, last week the company made headlines again after it was discovered the company apparently has no idea how to automatically reset user e-mail passwords or what cryptography is. Apparently, the only way for Frontier users to have their e-mail passwords reset is to e-chat with a support rep named Shawn, who is happy to share your password with you in plain text:
"Silverman had forgotten the password to this little-used account but found that the Frontier e-mail website provides no self-service method for resetting the password. The only option was to chat with a Frontier employee. And that employee, Shawn from tech support, had access to Andrew's password in plain text and was ready and willing to share it."
That the company isn't salting and hashing stored passwords is obviously a red flag, but it gets worse:
"I'm not comfortable giving out passwords. Is there a password reset page?" Silverman asked.
"I'm sorry there isn't," Shawn replied. "Are you OK with me posting the password in chat? It is a secure network and I have the password in front of me."
Silverman pointed out how ridiculous this system is but accepted Shawn's offer and received the password. Before ending the chat, Shawn tried to sell Silverman antivirus software, computer tech support, or "identity protection." Silverman declined. The Frontier system then e-mailed Silverman a full transcript of the chat, including the password in plain text. The only information Frontier obscured was his account number."
So to recap: Frontier isn't capable of building a website that can sell broadband service, or one that allows for automatic e-mail password resets. It also apparently stores the password in plain text making it easy for any Frontier employee to see, and is happy to both post said password into an e-chat platform (which at least uses HTTPS) and over unencrypted e-mail. For good measure, the company will then upsell you on security and "identity protection" services and software. Amusingly, Frontier still insists that its systems are secure:
"Frontier insisted that its password practices are secure but was stingy with details...Frontier also said that it only provided Silverman a password after "we verified identity first through security questions." But as Silverman told Ars, "the only security challenges they posed were to provide the account number OR the landline service number in combination with the last 4 of the social security number."
Of course these kinds of security questions aren't remotely secure either. Earlier this month "The Martian" author Andy Weir noted on Facebook that it was incredibly trivial for his Comcast e-mail account to be hacked after the ISP gave up his password after simply being given the last four numbers of his social security number and his street address. Regardless, the Frontier user proceeds to wonder just how secure Frontier's billing systems are. It also obviously raises questions about the quality of the company's quickly-expanding broadband empire.
So yeah, pro tip: if you're one of the six people still using your ISP's e-mail services, it might be time to stop, since security is pretty clearly a distant afterthought. And if you're one of the millions of monopoly victims customers getting gobbled up by Frontier as AT&T and Verizon sever their ties to unwanted DSL customers, you may want to think about either moving, or building your own broadband ISP with at least a rudimentary understanding of cryptography.
If you still watch traditional TV chances are you've increasingly been accosted with blacked out content and annoying ticker warnings as cable operators and broadcasters bicker over programming contracts. Whether it's Fox News's ugly fight with Dish, DirecTV's feud with The Weather Channel, or the Cablevision - News Corporation fight that blacked out the World Series a few years back, these obnoxious disputes have only gotten uglier over the last few years as programming costs have soared and the cable and broadcast industry works tirelessly to ensure its looming irrelevance.
For the consumer, these fights usually go something like this: you're bombarded with on-screen tickers and ads from both your cable operator and the broadcaster telling you the other guy is being a greedy villain during a contract standoff. After the programming contract expires, content you're paying for gets blacked out (which you're of course never given a refund for) by one side or the other in the hopes of pushing negotiations along. After a month or two the two sides then ultimately strike a confidential new programming deal. A few weeks later your cable bill sees a price hike -- potentially your second of the year.
It's kind of a lose-lose scenario for consumers, who get used as public relations pinatas (call your cable operator to complain!), lose access to content they're paying for, and then get accosted with an endless series of rate hikes. For the last few years, the FCC has generally had a hands off approach to these disputes (boys will be boys, and all that), but as they've gotten uglier and consumers have increasingly been railroaded, pressure has mounted for the regulator to at least do something. According to a new blog post by FCC boss Tom Wheeler, the FCC head says he's looking at a number of ideas that could help ease the pain of these idiotic standoffs. Maybe.
One, the FCC is considering lifting rules that prohibit cable companies from simply piping in another region's local broadcast affiliate, allowing them to at least provide customers with some version of ABC, NBC, Fox or CBS while negotiations continue. The agency also suggests it's going to look more closely at the very definition of "good faith negotiations," since these blackouts make it clear there's not much of that actually going on:
"The NPRM currently before the Commission undertakes a robust examination of practices used by parties in retransmission consent negotiations, as required by Congress. The goal of the proposed rulemaking is to ensure that these negotiations are conducted fairly and in a way that protects consumers."
Since these are private business contracts, the FCC injecting itself into these negotiations is going to piss off free marketeers and the cable and broadcast industry to no end, but the industry brought it upon itself by behaving like absolute jackasses for the last few years. Not only have they consistently held traditional TV customers hostage, some broadcasters have even blocked access to online content in petulant responses to contract feuds.
In its fight with Cablevision in 2010, News Corporation went so far as to get Hulu to block Cablevision broadband customers from accessing all Fox content. Viacom did something similar in 2014 when it blocked all CableONE broadband customers from accessing Viacom content online, even if those broadband users were paying for TV from another provider. Let that sink in a little bit: you pay for Viacom content through, say, DirecTV, but you can't access that content through your broadband provider because the cable arm of your ISP is engaged in a TV content contract dispute.
And while broadcasters do deserve the lion's share of the blame for soaring programming rates, the cable providers aren't faultless since they're quick to impose rate hikes of their own (modem fees, broadcast TV fees, set top rental charges, charges to pay over the phone) as often as possible. Layer this lost content and annoyance on to existing high prices and the industry's absolutely legendary reputation for atrocious customer service, and you've uncovered the industry's ingenious plan to more efficiently dig its own grave on the eve of the cord cutting revolution.
The FCC has fined yet another company for blocking user Wi-Fi access in order to drive customers to the company's own, ridiculously-expensive Wi-Fi options. According to an FCC announcement, regulators have fined Smart City Holdings, LLC $750,000 for blocking user access to Wi-Fi at a number of convention centers served by the company. More specifically, Smart City was caught using common technology that sends de-authorization packets to user devices, kicking them off of their own personal hotspots or tethered smartphones while in Smart City business locations.
This was done, says the FCC, so that users would have to use Smart City's own service, which according to this brochure for the Charlotte convention center (pdf), is provided at pricing that's downright comical. Smart City offers convention center exhibitors access to 24 hours of blisteringly-fast (1.5 Mbps) Wi-Fi for $80, three days of Wi-Fi for $160, or five days for $360. If you're just a conference center visitor your options get even slower, with the company providing 768 kbps Wi-Fi service for $13 per 24 hours.
Obviously most users would rather just use their own phone as a hotspot to avoid these charges, and the FCC reminds everyone that acting like a jackass and preventing this from happening to make additional money simply isn't ok:
"It is unacceptable for any company to charge consumers exorbitant fees to access the Internet while at the same time blocking them from using their own personal Wi-Fi hotspots to access the Internet,” said Travis LeBlanc, Chief of the FCC’s Enforcement Bureau. “All companies who seek to use technologies that block FCC-approved Wi-Fi connections are on notice that such practices are patently unlawful."
This is the second time the FCC has had to step in and slap some wrists. The company fined Marriott $600,000 last year for the same thing, though Marriott was blocking local Wi-Fi to drive users to even more expensive, $1,000 per device Wi-Fi service. Marriott originally tried to fight the agency by arguing this was all done to protect the safety and security of their customers, but sheepishly backed off of the practice once they realized the court of public opinion was very clearly not on its side.
Like Marriott, Smart City apparently couldn't help itself, and felt it necessary to issue a bullshit statement pretending the practice was about network security:
"As recommended by the Department of Commerce and Department of Defense, we have occasionally used technologies made available by major equipment manufacturers to prevent wireless devices from significantly interfering with and disrupting the operations of neighboring exhibitors on our convention floors. This activity resulted in significantly less than one percent (1%) of all devices being deauthenticated and these same technologies are widely used by major convention centers across the globe as well as many federal agencies."
So yeah, uh, we weren't being anti-competitive asses, we were simply worried about network security (the irrelevant DOD reference is a nice touch though). Fortunately, Smart City's statement also makes it clear they see the futility of fighting the FCC on this issue:
"While we have strong legal arguments, we’ve determined that mounting a vigorous defense would ultimately prove too costly and too great a distraction for our leadership team. As a result, we’ve chosen to work cooperatively with the FCC, and we are pleased to have resolved this matter. We are eager to return our energies to providing leadership to our industry and delivering world-class services to our clients."
Yeah, it's probably a good idea to get back to what you do best: charging outrageous pricing for pathetically-slow Wi-Fi service.
As we've been exploring, whistleblowers have been exposing Putin and the Kremlin's use of "troll factories" to fill the internet with propaganda. The efforts run amazingly deep, with employees paid 40,000 to 50,000 rubles ($800 to $1,000) a month to create proxied, viable fake personas -- specifically tasked with pumping the internet full of toxic disinformation 24 hours a day. One of these employees, Lyudmila Savchuk, spent two months employed by the operation and was so disgusted that she quit, launched an anti-propaganda social activist campaign, and decided to sue the Russian government.
Amazingly enough Lyudmila Savchuk is not only still alive, but she has won her case. A Russian court has awarded Savchuk symbolic damages of one ruble, her requested damage amount after suing the disinformation barn for non-payment of wages and for failing to give workers proper contracts:
"I am very happy with this victory. I achieved my aim, which was to bring the internet trolls out of the shade," said Savchuk, 34. The Kremlin has claimed that it has no links to the operations of the Agency for Internet Studies. Authorities in Russia have intensified a propaganda campaign as the crisis over Ukraine has sent tensions with the west soaring to their highest level since the cold war.
So yes, Savchuk managed to bring a small portion of one of Putin's companies involved in propaganda (Agency for Internet Studies, or Internet Research) out of the shadows briefly. But the Russian government continues to deny they've any connection to the operation, and the company itself continues to operate unfettered, as do the myriad other similar companies the Kremlin employs to pollute the global discourse mud puddle.
Case in point: as Russia waits for the report on what caused the crash of Malaysia Airlines flight MH17 over the Ukraine last year (investigators believe the downing missile was Russian made, and the report is expected to show it was fired from territory held by pro-Russian rebels), a rather ham-fisted attempt to blame the CIA for the crash has been circulating online ahead of the report's release:
"A Russian newspaper posted an audiotape on its website that purports to reveal two US spies plotting to bring down Malaysia Airlines flight MH17 over Ukraine last year. One hitch: The conversations are so stilted and oddly worded that they have been widely dismissed by native English speakers as obviously fake. "If you wanted to believe the CIA is responsible for downing MH17, now you've got the 'proof,'" the self-exiled Russian online newspaper Meduza headlined its report pointing out the awkward language used by the purported spies.
The recording itself certainly sounds as if two sad actors are simply reading from a poorly-translated English script:
Of course any Russian internet propagandist worth their salt will probably conclude that this ham-fisted attempt to frame the CIA was cleverly devised by the CIA itself as a sort of reverse head fake (and since the CIA has done numerous stranger things, many might even believe it). Either way, the point stands: while Savchuk may have bravely succeeded in winning one small battle against Putin's propaganda army, it's only the tiniest of dents in what's now a well-established Russian internet disinformation apparatus.
"In Québec, where Vidéotron operates, if you're using Bell Internet as your ISP, you can remove all caps for an extra $10/month (depending on you 'services package' (TV, Phone, etc)."
Yes, having a normal, unrestricted connection as a premium option is every ISP exec's pipe dream. Comcast here in the States is now testing an option whereby you pay a $30 premium if you want to dodge a 300 GB cap (with $10 per 50 GB overages).
Well but everybody uses caching for efficiency's sake. It's what Netflix's Open Connect CDN is all about. But I'm not sure that automatically economically justifies imposing an entirely new system of carrier middleman where this traffic becomes cap exempt.
Understand that many people (especially those whose primarily interactions is with the nastier agencies like the NSA) want to believe the government is ALWAYS acting with malicious intent. So to them, that sentence says the exact opposite, and suggests the FCC could be pushing manufacturers themselves to ban the firmware.
It's tomato, tomahto depending on your political beliefs and what part of the government you're used to dealing with.
"I take issue with saying this is being blown out of proportion."
Yeah I'm really not saying this is being blown out of proportion.
I'm only taking issue with websites that reported that these rules were final (when this is an in-process NPRM), and those claiming the FCC is INTENTIONALLY trying to ban all third-party custom firmware.
Totally agree that the vague wording could be a HUGE problem.
People still believe the FCC is intentionally being malicious here, though I've been picking the brains of FCC-focused lawyers who claim that's conspiratorial thinking. If the FCC is engaged in a Machiavellian plot to intentionally ban all third-party firmware, I imagine that should make itself apparent pretty soon.
At which point I'll write up a follow up post admitting I'm a total sucker.
Yeah, it appears that they've shuttered their back-end systems to do a labor day weekend upgrade. Fortunately it looks like I missed the fact that the deadline for comment had previously been extended to October 9.
"As far as I'm concerned, I see no problem with T-Mobile going after these users, because chances are, they're the bots we all hate sending out spam texts everyone gets."
I have no problem with T-Mobile going after them either, as I think the article makes clear.
My problem is in marketing a limited product as unlimited (speed versus data consumption is irrelevant) and in Legere's specific approach in announcing what otherwise wouldn't have been that big of a deal.
The false bravado that they're being an industry leader by cracking down on heavy users is frankly just kind of stupid. Every ISP in existence is playing this cat and mouse game daily without a blog post patting themselves on the back for it.
Your data is unlimited except when you are on a congested tower and consume more than 21 gigabytes of cellular data per month at which point you'll be de-prioritized and oh did we also mention that if you use the device as a modem an entirely different set of rules apply at which point you are limited to 7 gigabytes of data before being deprioritzed unless you install a custom ROM at which point ignore this last bit.
"How dare you impugn the reputation of Russia dear sir, are you aware that (laundry list of countries) ALSO do ridiculous and horrendous shit?"
"Why no, thank you for this information good sir. As someone who spends the other nine hours of every day criticizing the United States government, this information had somehow escaped my clearly lagging attentions."