←back to thread

A story about bypassing air Canada's in-flight network restrictions

(ramsayleung.github.io)
134 points samray | 1 comments | 10 Oct 25 07:50 UTC | HN request time: 0.219s | source
Show context
ogurechny ◴[10 Oct 25 11:40 UTC] No.45537758[source]
Limiting availability of third party services based on local service provider fee can only be done 100% reliably on a service side through an agreement with that provider, i.e. WhatsApp needs to disable certain functions to users coming from certain dedicated links or IP ranges, or even based on live user status metadata. There's an obvious size mismatch, and lack of incentive to implement compartmentalisation only needed for some other company. It also creates enormous shared responsibility and potential circular finger pointing clown shows, all for relatively tiny number of affected paying users.

Therefore, it is either done with least amount of work that is “good enough”, and can be done on a cheapest router (rate limit to the absolute minimum, ban connections to ports 80 and 443, maybe cut the traffic to most stable IP ranges of biggest services, and regular person is going to state that “nothing else works”), or trough very extensive commercial DPI with lots of guessing and ad-hoc rules (if this feature is important for the income, and many will try to game the system). So it's either going to be as simple as in this example, or you'll compete with the global army of detection rule authors.

Though I do like the wink-wink, nudge-nudge choice of proxy software.

replies(1): >>45539794 #
1. toast0 ◴[10 Oct 25 14:56 UTC] No.45539794[source]
FWIW, WhatsApp does (or did) support special price networking. I used to be the engineering side of that. But the supported offerrings were for special priced everything (text+mms+voip) or just text+mms if real time voice and video was not to be special priced. Text only was not a supported offering while I was there. And you needed to be a mobile carrier to get the information about IP ranges (the IP ranges were public but not directly linked early on, but got limited later).

That said, many networks did these sorts of things without communicating with WhatsApp. Even without knowing IP ranges. WA traffic is easy to spot. Chat has a destinctive protocol that's neither http, nor https; mms is https with obvious hostnames in SNI; voip looks like voip.

You might be able to trick in-air wifi by looking like WA chat, but I've never been interested enough to check while on a plane. I'd rather use the time to watch awful movies on a tiny screen with terrible audio conditions.