October 2, 2022

Shaping Wi-Fi’s future: the wireless-mobile convergence

According to recent news, Comcast is being sued because it is taking advantage of users’ resources to build up its own nationwide Wi-Fi network. Since mid-2013 the company has been updating consumers’ routers by installing new firmware that makes the router partially devoted to the “home-user” network and partially devoted to the “mobile-user” network (a Comcast service named Xfinity WiFi). In fact, the same network infrastructure offers two different kinds of connection: the first one covers a comparatively restricted (local) area and stays under the relative control of the private end-user; the second kind of connection is “shared” between Comcast customers and covers a wider area, compatible with the range of national mobile carriers. In other words: the last mile of data transmission is being made mostly by a group of home based routers (or access points) that offers two different Internet connection services, the local “private” network and the metropolitan “shared” network.

[Read more…]

Annual report of FCC's Open Internet Advisory Committee

For the past year, I’ve been serving on the FCC’s Open Internet Advisory Committee (OIAC), and chairing its mobile broadband working group. The OIAC just completed its first annual report (available here). The report gives an overview of the past year of work from four working groups (economic impacts, mobile broadband, specialized services, and transparency). I highly recommend anyone interested in Open Internet issues take a look.
[Read more…]

Blocking of Google+ Hangouts Android App

Earlier this week, online news sites started reporting the apparent blocking of Google’s Google+ Hangout video-chat application on Android over AT&T’s cellular network [SlashGear, Time, ArsTechnica].

Several of the articles noted the relationship to an earlier controversy concerning AT&T and Apple’s FaceTime application. Our Mobile Broadband Working Group at the FCC’s Open Internet Advisory Committee released an case study on the AT&T’s handling of FaceTime in January of this year. Our report may help inform the new debate on the handling of the Google Hangout video app on cellular networks.

Addendum (5/21/2013): AT&T announces support for FaceTime over cellular under all pricing plans over LTE by the end of the year [MacObserver, The Register].

FCC Open Internet Advisory Committee Progress

Earlier this year, I wrote about the launch of the Open Internet Advisory Committee (OIAC). The committee’s mandate is to, “track and evaluate the effect of the FCC’s Open Internet rules, and to provide any recommendations it deems appropriate to the FCC regarding policies and practices related to preserving the open Internet.” I’m chairing the group looking at the unique issues in Mobile Broadband networks. Our group just issued its first report, a case study about AT&T’s handling of Apple’s FaceTime application:

AT&T/FaceTime Case Study
Mobile Broadband Working Group, Open Internet Advisory Committee, Federal Communications Commission

I spoke about the progress of our working group, and about the open Internet issues facing mobile broadband networks more generally, here at Princeton as part of CITP’s luncheon series on December 13th: “Open Internet Challenges in Mobile Broadband Networks”. See the video below:

How the Nokia Browser Decrypts SSL Traffic: A "Man in the Client"

Over the past couple of days there has been some press coverage over security researcher Guarang Pandya’s report that the browser on his Nokia phone was sending all of his traffic to Nokia proxy servers, including his HTTPS traffic. The disturbing part of his report was evidence that Nokia is not just proxying, but actually decrypting the HTTPS traffic. Nokia replied with a statement (in the comments section of Pandya’s blog post, and to several news outlets):

We take the privacy and security of our consumers and their data very seriously. The compression that occurs within the Nokia Xpress Browser means that users can get faster web browsing and more value out of their data plans. Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner.

Nokia has implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.

We aim to be completely transparent on privacy practices. As part of our policy of continuous improvement we will review the information provided in the mobile client in case this can be improved.

You can find out more about Nokia’s privacy practices at http://www.nokia.com/privacy.

So, it turns out that Pandya was correct: Nokia is decrypting SSL traffic in their proxy servers. This is not disclosed in their privacy policy, and the somewhat vague assurance of things being done “in a secure manner” is not entirely comforting. Beyond that, the statement gave some other interesting clues. One clue was that this is a feature of the Nokia Xpress Browser, an app that is available for the popular Nokia Lumia phones that run Windows Phone 8. These phones are available from the major US carriers, whereas Pandya’s phone (the Asha) is mostly sold abroad. So I tracked down a Lumia phone, installed Nokia Xpress, and did my own investigation. Results after the jump.

[Read more…]