My comment is about something else: net neutrality, as someone already mentioned.
I was teaching English in Laos for school kids. I was amazed that some of their families struggle with providing (nutritious enough) food for their children, yet, everyone had smartphones with always-on 4G,even in the countryside - however, no WiFi almost anywhere.
The brains of these kids are like sponge. They WANT to learn, they're shy, but they want to speak, to read, to practice English. They also like to (constantly) sing (something that is badly missing from western schools), so at one point I referred them to "simple English Wikipedia", where they can research their favorite singers with easy-to-process articles.
Empty stares.
"so instead of Wikipedia.org, you go to simple.wikipedia.org."
Still nothing.
I had to realize later that even if they knew that this free, always available encyclopedia exists, it's NOT included in their 4G subscription.
Yes, you guessed correctly: those subscriptions are sponsored by big US / Chinese corps, so all these kids had were Facebook, Instagram, WhatsApp and TikTok, everything else costs ~10$ which is days worth of meals for whole families there.
That's interesting, inspired me to go down a bit of a wikipedia rabbit hole reading about internet.org, facebook zero, wikipedia zero, and zero-rating generally.
Though many countries don't have any info in the above table (including Laos), and I think the "Zero Wikipedia" column may be obsolete as that project was apparently shut down in 2018.
If you know anyone still involved over there you should let them know about the Kiwix project!
>Kiwix is an offline reader for online content like Wikipedia, Project Gutenberg, or TED Talks. It makes knowledge available to people with no or limited internet access. The software as well as the content is free to use for anyone.
You may try to write an email/better official mail or even visit personally to local cellulars marketing teams to include wikipedia to the subscriptions. You may propose them as PR action: future-care, education-care name it. Trust me it may definetelly works.(I did it many times("tune up" some events) but I worked inside the cellular companies)
The main problem may be is to the break the "first line" of "corporative bureaucracy" defence.
My experience with in-flight message-only WiFi is that they're just really slow and the ping times are long. Some services are actively blocked, e.g. Skype wouldn't work at all even for text messages, but browsing the internet is usually allowed. My VPN wouldn't work, but I suspect it might have if I used an obfuscated connection instead of OpenVPN or whatever the default is (e.g. over SSL). I could load GMail in the browser and Wikipedia probably would have worked. It's strongly website dependent. Hacker News is extraordinarily resilient to lousy connections and generally the index would always load without any trouble. It works even on a 3 second ping over satellite internet. Very few websites are that tolerant.
The flight crew (BA) knew what's up. They specifically warned us to check which package we were getting, because evidently they get a lot of complaints when people buy the message-only bundle and are surprised that nothing works.
Singapore gave out free passes for single devices last time I flew with them. It was possible to rotate MAC addresses by forgetting the connection and then re-joining. The connection was quite good, you could watch YouTube in potato resolution. It's quite fun to chat to people and send them photos out of the window.
I carry one of those tiny wireless routers in my carry on wherever I go. If I have to buy internet on the plane or if I am in a hotel that limits the number of devices, I always connect through the router and use it as an access point for all the other devices.
The other added benefit is that all my other devices already have my AP's wifi creds and will connect to it automatically.
> Hacker News is extraordinarily resilient to lousy connections
It really is. Where I live when you run into the limit of your data package, your network is usually throttled to 100kbps. I changed my plan to just 3GB per month because I was staying at home most of the time due to the pandemic. Now I'm pretty much back to my old routines, but I didn't change my plan yet. I have a 45 minute train commute and 3GB can be used up in a few days just browsing reddit and loading news sites.
Anyway, google search, hacker news and facetime audio work as normal at 100kbps. Google
maps works with a bit of patience. Virtually nothing else will load. 5 years ago most text-based things worked at this speed albeit slowly. Now everything is so bloated and so much content will not load show until fonts and things are loaded.
I was recently on a United flight and the free 1h "text only" option gave me access to the whole internet, and I could reactivate it after an hour. I think maybe they unlocked it because the flight had a delay - or it was a bug. The flight crew didn't inform us about it though. I also didn't notice any other people using it.
The connection was pretty damn good, considering I was somewhere over the Atlantic. It was shocking to me how much more enjoyable the flight was, makes me wonder how hooked I am to being connected. (I also had extra legroom and an empty seat next to me though.)
Many years ago (2012) Delta inflight wifi would allow DNS queries out without paying. Being a very frequent flyer I used to run an ip-over-dns tunnel using Iodine[1]. It was slow but worked. I wonder if they’ve blocked that hole yet.
When selecting my personal use domain I ended spent some time finding a short domain partly because it's convenient but partly because it meant more goodput via Iodine. I ended up on "ds.gy" as ds are my initials and it was the only TLD that domain wasn't sat on by squatters wanting to charge thousands.The ratio of people wanting to sell you short domains vs actually using them in any capacity was surprising.
I did the same on trains in the 00s, but built application specific tunnels which were much faster, funnily enough among them was one that would fetch Wikipedia pages. The client would piece together the replies and render the markup to html again.
I tried Iodine around 3 years ago on a Swiss flight, it worked to read my mails over SSH using Alpine, but was so slow that basically it was unusable. Not sure what was going on, I had the impression that DNS queries were getting throttled after some threshold...
I also used this a lot while travelling to access the internet through captive wifi portals. Especially in asia this worked very well, given the huge amount of telco wifi providers in cities.
I wonder if anyone has stated a general law along the lines of "if you can send and receive a bit, you can send and receive anything."
The only issues ended up being that 1) WhatsApp messages are limited to 1600 characters
Concidentally, that's not much bigger than the MTU of standard Ethernet. I don't know how "transparent" the data channel is with respect to non-ASCII (and probably Unicode), but if you use one of the various binary-to-text encodings that exist, you could probably implement Ethernet over WhatsApp. ;-)
I actually thought that's what this blog was going to be about. Some kind of http encapsulation over Whatsapp. Was disappointed that it's just regular a chat bot
The real, important value of implementing IP over WhatsApp (in a proper, transparent way as other commenters are stating, and not from a chatbot as in the article) is not to avoid paying $5 for WiFi on a plane, but to protest the lack of net neutrality in an effective way.
I've tried this before, it's a fucking nightmare lol it's not full-duplex at all so this severely limits your ability to do things at a reasonable speed for most shit. For me it was because at the time Zuckerbutt was giving out 'free' internet in the third world, but only for whatsapp, instagram, and facebook, so me and my friends wanted to see if this was exploitable, but it was just way too slow. It really gave me an impression of how fast TCP runs at normally which I took for granted before, and ideally bidirectionally fast.
For airport wifi I use a DNS tunnel or simple MAC rotation, for in-flight... well if they could make it quality someday maybe but every time I've shelled out like 50 bucks for an hour or whatever the ripoff deal is it doesn't work well enough to do anything. I hear the DNS tunnel method does work on some of them though, I should try that someday.
As a side note those in-flight screens in the backs of seats are interesting in this 'why the hell would they do this' kind of way. I managed to crash one when I noticed it had a USB port (bad idea on their part)... It was super easy, I tried to read the USB key but then just removed it when it was accessing the thing and the whole thing just went down. Apparently it was running x-windows on some type of *nix because I could see that default background with an X for the cursor. They should really get rid of those because I'm sure that they could be misused for nefarious ends.
Vpn over websocket.. in Indonesia even worked when they "turn" off the internet for nyepi with a simple host file hack as you could browse the isp website was based on name not IP so yes the vpn was unencrypted but you couldn't see it was a vpn
Of all the possible websites to choose as an example, Wikipedia is a strange choice since, unlike most websites, one can download its database and query it offline. For example,
Some other ways to search and read Wikipedia offline:
XOWA: (S: XOWA)
WikiTaxi: S: WikiTaxi (for Windows)
aarddict: S: Aard Dictionary
BzReader: S: BzReader and MzReader (for Windows)
Selected Wikipedia articles as a printed document: Help:Printing
Wiki as E-Book: S: E-book
WikiFilter: S: WikiFilter
Wikipedia on rockbox: S: Wikiviewer for Rockbox
“WhatsApp messages are limited to 1600 characters”
If that is UTF32 we have 51200 bytes or 50kB per message.
“the basic free accounts I was using rate-limit to ~1QPS”
That is 400kbit/s.
Can we have multiple accounts?
40 accounts would give us a theoretical maximum speed of 16Mbit/. Would probably closer to 10Mbit/s in real life, enough to watch movies.
Almost a decade ago a French mobile carrier had their entire domain and subdomains zero-rated - one of the subdomains had a phpBB forum - someone created a little script to tunnel full layer 3 communication over the forum’s private messaging functionality. I’d imagine it would slaughter the DB if you tried to pass any significant traffic though it but as a demonstration it was cool and worked fine.
One thing that would be interesting is scanning for open ports. Once you find an open port, make a Twilio API and text the number (Since most airlines enable texting via SMS/Whats APP) that triggers opening the port on your VPS that is opened on the airplane.
Once you do that, you can tunnel into your VPS through the airlines open port or SSH into the machine. If you create a SOCKS5 proxy, then all traffic in your browser will tunnel through the VPS.
The last time I was on an flight that had WiFi (AA about 5 years ago) I tried 2 ways to get around the captive portal, both successful:
1. Setting my useragent to iOS Safari and trying to download the Gogo Player app to watch one of the free films. If you have Android this just serves the APK but on iOS it just has to dump you to the App Store. This seemed to give me a good half hour of connectivity.
2. I went on the live chat and asked for a free connection. The agent gave it to me.
This reminds me of back in the day when internet cost on mobile phones. An og "hacker" could text a website to some number he had set up and it would MMS him back a picture of the website. Worked in a pinch. This was in 2005-2008ish. I can't remember who did it though. So many years ago.
Wait, is this filtering based on IP or DNS? How do they make sure their whitelist remains up to date? (I assume it's HTTPS, so those are basically the only two options...)
If it's DNS based, there should be simpler workarounds, so I guess it's just IP based?
While this doesn't directly address Delta's captive portal implementation, on many TP-Link Omada wireless APs, there is a feature that allows you to create a captive portal, and when doing this, you can either whitelist a website by its hostname or by its IP address. I was curious as to how it was filtering by hostname, so I ran a few DNS queries, which all resolved normally, indicating that it wasn't a DNS-based whitelist. Seeing as the whitelisting also worked over HTTPS, I assumed it was TLS-SNI. It turns out that anyone can whitelist any IP address by visiting any website while sending the SNI of a whitelisted hostname. This caused the AP's software to create a firewall rule allowing access to the IP address associated with the spoofed SNI. After doing this, it was then possible to connect to any website hosted on that IP address with any SNI hostname.
I worked on the technical side of WhatsApp's special pricing program (aka zero rating) from when it started, through integration with the Facebook Mobile Partner Portal until I left in late 2019. We provided partners IP addresses (well a list of cidr ip/subnet lengths) and email updates when IPs changed. Some partners wanted hostnames, but it wasn't usually effective to manage that way; hostnames seemed to work great for WAP based special pricing, but not for direct tcp. But AFAIK, airline programs were done by the airlines (or whoever does their internet service) without consultation with WhatsApp. (A special plan for messaging without multimedia wasn't within the WA policy, at least while I was there, so we wouldn't have helped them build the product they wanted anyway)
There are lots of possible ways to identify WhatsApp traffic, but I never had a chance to figure out what they were really doing. During that time period, if I was on a flight, I was usually with my young child and it's hard to keep focus for debugging networking on a plane, anyway. What I saw when I was looking was more like what joshvm describes elsewhere. The messaging only plans seem to allow most low bandwidth connections, with high latency, but they'll actively supress some things, and others stall beyond some threshold; sometimes you could get a couple media files to transfer, but then it would stop, etc. WhatsApp was engineered to work with the world's terrible networks, so it will usually work ok for messaging as long as packets get through eventually; connection and ping timeouts are long on client and server, because sometimes it takes a lot of seconds. If DNS doesn't work, that's fine too. Multimedia would usually retry and resume enough to work even if connections didn't last long, so I'd guess there was something actively supressing that, but I don't really know.
FWIW, chat isn't TLS, so SNI isn't the answer there, although at least in the past, the protocol was very identifyable. Been gone for a while and don't regularly tcpdump my connections to WA anymore, so I don't know if that changed though. Multimedia is https, and probably has SNI, although that used to vary by platform.
It is pretty simple... your filter just makes periodic DNS requests to the desired allowed host and updates it's IP restrictions to the returned address. You also need to run the DNS resolver to return that same cached IP to prevent having the upstream DNS server return a different address.
You also need to make sure the DNS server will only resolve the domains you want it to, because if you allow unfiltered dns requests to arbitrary domains, anyone can then tunnel their traffic over DNS, as another comment on this thread pointed out.
I actually had a very similar idea but the twist is in Africa we don't have access to affordable internet for the average student but we have greatest discounted bundles for social media apps like whatsApp, instagram and facebook. I wanted to use whatsApp to send a screenshot of googles first result page for a given query.
For some reason I just eat these kinds of projects up. As a kid I went on a cruise with my parents with very limited internet access and discovered HTTP-over-DNS (using TXT records), which remains my favorite captive portal workaround.
[+] [-] kmarc|3 years ago|reply
My comment is about something else: net neutrality, as someone already mentioned.
I was teaching English in Laos for school kids. I was amazed that some of their families struggle with providing (nutritious enough) food for their children, yet, everyone had smartphones with always-on 4G,even in the countryside - however, no WiFi almost anywhere.
The brains of these kids are like sponge. They WANT to learn, they're shy, but they want to speak, to read, to practice English. They also like to (constantly) sing (something that is badly missing from western schools), so at one point I referred them to "simple English Wikipedia", where they can research their favorite singers with easy-to-process articles.
Empty stares.
"so instead of Wikipedia.org, you go to simple.wikipedia.org."
Still nothing.
I had to realize later that even if they knew that this free, always available encyclopedia exists, it's NOT included in their 4G subscription.
Yes, you guessed correctly: those subscriptions are sponsored by big US / Chinese corps, so all these kids had were Facebook, Instagram, WhatsApp and TikTok, everything else costs ~10$ which is days worth of meals for whole families there.
[+] [-] redeyedtreefrog|3 years ago|reply
It seems mobile wikipedia is zero-rated in many countries, but by no means all, as indicated by the table on this page: https://en.wikipedia.org/wiki/Zero-rating
Though many countries don't have any info in the above table (including Laos), and I think the "Zero Wikipedia" column may be obsolete as that project was apparently shut down in 2018.
[+] [-] McNutty|3 years ago|reply
>Kiwix is an offline reader for online content like Wikipedia, Project Gutenberg, or TED Talks. It makes knowledge available to people with no or limited internet access. The software as well as the content is free to use for anyone.
[+] [-] harias|3 years ago|reply
Facebook tried the same in India but was quickly shutdown: https://www.wired.com/2016/02/facebooks-free-basics-app-is-n...
[+] [-] KermitTheFrog|3 years ago|reply
[+] [-] 867-5309|3 years ago|reply
[+] [-] joshvm|3 years ago|reply
The flight crew (BA) knew what's up. They specifically warned us to check which package we were getting, because evidently they get a lot of complaints when people buy the message-only bundle and are surprised that nothing works.
Singapore gave out free passes for single devices last time I flew with them. It was possible to rotate MAC addresses by forgetting the connection and then re-joining. The connection was quite good, you could watch YouTube in potato resolution. It's quite fun to chat to people and send them photos out of the window.
[+] [-] jjeaff|3 years ago|reply
The other added benefit is that all my other devices already have my AP's wifi creds and will connect to it automatically.
[+] [-] johnwalkr|3 years ago|reply
It really is. Where I live when you run into the limit of your data package, your network is usually throttled to 100kbps. I changed my plan to just 3GB per month because I was staying at home most of the time due to the pandemic. Now I'm pretty much back to my old routines, but I didn't change my plan yet. I have a 45 minute train commute and 3GB can be used up in a few days just browsing reddit and loading news sites.
Anyway, google search, hacker news and facetime audio work as normal at 100kbps. Google maps works with a bit of patience. Virtually nothing else will load. 5 years ago most text-based things worked at this speed albeit slowly. Now everything is so bloated and so much content will not load show until fonts and things are loaded.
[+] [-] sva_|3 years ago|reply
The connection was pretty damn good, considering I was somewhere over the Atlantic. It was shocking to me how much more enjoyable the flight was, makes me wonder how hooked I am to being connected. (I also had extra legroom and an empty seat next to me though.)
[+] [-] userbinator|3 years ago|reply
[+] [-] mmh0000|3 years ago|reply
[1] https://code.kryo.se/iodine/
[+] [-] zamadatix|3 years ago|reply
[+] [-] iforgotpassword|3 years ago|reply
[+] [-] siraben|3 years ago|reply
[+] [-] ale42|3 years ago|reply
[+] [-] Macuyiko|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] kache_|3 years ago|reply
[+] [-] userbinator|3 years ago|reply
The only issues ended up being that 1) WhatsApp messages are limited to 1600 characters
Concidentally, that's not much bigger than the MTU of standard Ethernet. I don't know how "transparent" the data channel is with respect to non-ASCII (and probably Unicode), but if you use one of the various binary-to-text encodings that exist, you could probably implement Ethernet over WhatsApp. ;-)
[+] [-] VWWHFSfQ|3 years ago|reply
[+] [-] mgarciaisaia|3 years ago|reply
[+] [-] jamal-kumar|3 years ago|reply
For airport wifi I use a DNS tunnel or simple MAC rotation, for in-flight... well if they could make it quality someday maybe but every time I've shelled out like 50 bucks for an hour or whatever the ripoff deal is it doesn't work well enough to do anything. I hear the DNS tunnel method does work on some of them though, I should try that someday.
As a side note those in-flight screens in the backs of seats are interesting in this 'why the hell would they do this' kind of way. I managed to crash one when I noticed it had a USB port (bad idea on their part)... It was super easy, I tried to read the USB key but then just removed it when it was accessing the thing and the whole thing just went down. Apparently it was running x-windows on some type of *nix because I could see that default background with an X for the cursor. They should really get rid of those because I'm sure that they could be misused for nefarious ends.
[+] [-] lidder86|3 years ago|reply
[+] [-] anaganisk|3 years ago|reply
[+] [-] 1vuio0pswjnm7|3 years ago|reply
https://en.wikipedia.org/wiki/Wikipedia:Database_download
https://download.kiwix.org/zim/
Some other ways to search and read Wikipedia offline:
[+] [-] ngcc_hk|3 years ago|reply
[+] [-] punnerud|3 years ago|reply
“the basic free accounts I was using rate-limit to ~1QPS” That is 400kbit/s. Can we have multiple accounts? 40 accounts would give us a theoretical maximum speed of 16Mbit/. Would probably closer to 10Mbit/s in real life, enough to watch movies.
Example library for sending/receiving WhatsApp text: https://github.com/open-wa/wa-automate-python
[+] [-] Nextgrid|3 years ago|reply
[+] [-] rschachte|3 years ago|reply
Once you do that, you can tunnel into your VPS through the airlines open port or SSH into the machine. If you create a SOCKS5 proxy, then all traffic in your browser will tunnel through the VPS.
Haven't tried this, but just a thought.
[+] [-] jonathantf2|3 years ago|reply
1. Setting my useragent to iOS Safari and trying to download the Gogo Player app to watch one of the free films. If you have Android this just serves the APK but on iOS it just has to dump you to the App Store. This seemed to give me a good half hour of connectivity.
2. I went on the live chat and asked for a free connection. The agent gave it to me.
[+] [-] xeromal|3 years ago|reply
[+] [-] MauranKilom|3 years ago|reply
If it's DNS based, there should be simpler workarounds, so I guess it's just IP based?
[+] [-] Denatonium|3 years ago|reply
While this doesn't directly address Delta's captive portal implementation, on many TP-Link Omada wireless APs, there is a feature that allows you to create a captive portal, and when doing this, you can either whitelist a website by its hostname or by its IP address. I was curious as to how it was filtering by hostname, so I ran a few DNS queries, which all resolved normally, indicating that it wasn't a DNS-based whitelist. Seeing as the whitelisting also worked over HTTPS, I assumed it was TLS-SNI. It turns out that anyone can whitelist any IP address by visiting any website while sending the SNI of a whitelisted hostname. This caused the AP's software to create a firewall rule allowing access to the IP address associated with the spoofed SNI. After doing this, it was then possible to connect to any website hosted on that IP address with any SNI hostname.
[+] [-] toast0|3 years ago|reply
There are lots of possible ways to identify WhatsApp traffic, but I never had a chance to figure out what they were really doing. During that time period, if I was on a flight, I was usually with my young child and it's hard to keep focus for debugging networking on a plane, anyway. What I saw when I was looking was more like what joshvm describes elsewhere. The messaging only plans seem to allow most low bandwidth connections, with high latency, but they'll actively supress some things, and others stall beyond some threshold; sometimes you could get a couple media files to transfer, but then it would stop, etc. WhatsApp was engineered to work with the world's terrible networks, so it will usually work ok for messaging as long as packets get through eventually; connection and ping timeouts are long on client and server, because sometimes it takes a lot of seconds. If DNS doesn't work, that's fine too. Multimedia would usually retry and resume enough to work even if connections didn't last long, so I'd guess there was something actively supressing that, but I don't really know.
FWIW, chat isn't TLS, so SNI isn't the answer there, although at least in the past, the protocol was very identifyable. Been gone for a while and don't regularly tcpdump my connections to WA anymore, so I don't know if that changed though. Multimedia is https, and probably has SNI, although that used to vary by platform.
[+] [-] cortesoft|3 years ago|reply
You also need to make sure the DNS server will only resolve the domains you want it to, because if you allow unfiltered dns requests to arbitrary domains, anyone can then tunnel their traffic over DNS, as another comment on this thread pointed out.
[+] [-] 5-|3 years ago|reply
also just in case someone is wondering, a more ergonomic solution specifically for reading wikipedia on a plane is https://kiwix.org
[+] [-] Gtex555|3 years ago|reply
[+] [-] quelltext|3 years ago|reply
Google used to have a way to ask for searches via SMS a while ago: https://www.youtube.com/watch?v=J937N9m-XtE
But "tunneling" to me implies some transparent layer allowing you to browse Wikipedia via the same way of interaction.
[+] [-] Egrodo|3 years ago|reply
[+] [-] can16358p|3 years ago|reply
While obviously not super convenient, it'd be interesting to type commands and get results.
Of course any interactive terminal wouldn't work, but for simple commands, executing scripts and seeing logs etc. this should work.
[+] [-] Drblessing|3 years ago|reply
[+] [-] xeromal|3 years ago|reply
[+] [-] turdnagel|3 years ago|reply