[mihaaly]

Friendly remark.

Recently the term "consumer-friendly" became the synomym of "we shove it down your throat whether you like it or not!". If you wish to communicate some real user-friendly feature better find some other phrase. Reading "consumer-friendly" statements of providers makes me turn away and never look back.

See the above example. Hijacking the device we use for our daily operations, very important one with sensitive data, already in risk from multitude of origins, hijacking it remotely into some unknown channels along hidden organisational incentives is a very offensive and frightening move. The technology is not new and it is OPTIONAL for very long time. Shoving it down the throat is bad. Very bad.

(I am pretty disappointed with the population of the world that accepts anything from service providers for mostly marginal or never missed gains, accepting the elimination of choice. Providers feel they can get away with anything and became increasingly hostile.)

[jsty]

If the use case is as described (connecting to WiFi APs owned and controlled by the network in deadspots / hotspots - e.g. stadiums and large buildings - and not end-user APs in homes), it's not clear to me that this poses any significant threat above and beyond connecting to the same operator's cell towers. If you don't trust them to run a WiFi network, probably shouldn't trust their cell network either.

Having phones automatically and uncontrollably route via random 3rd party APs is a bad decision, but I didn't read GP as advocating for this.

[blincoln]

The knowledge and equipment to hack WiFi-related systems is a lot easier to obtain on most of the world than the cellular equivalent.

In the US, at least, tampering with cell service risks getting the FCC involved, so very few people do it compared to WiFi hacking.

I'm very curious, for example, if the devices that connect to these APs are vulnerable to the WiFi client isolation bypass that was disclosed about a week ago.[1] That seems a lot scarier when there are potentially thousands of random people's personal phones connecting to the same WiFi infrastructure instead of a bunch of more or less trusted corporate devices in an office.

[1] https://github.com/vanhoefm/macstealer

[JohnFen]

> If you don't trust them to run a WiFi network

WiFi APs are not secure enough unless you're using another layer of security on top (a VPN, for instance). It's not a matter of trusting them to properly run a WiFi network. It's a question of if there's an additional layer of security on top. Is there?

[TheHappyOddish]

Whilst I agree with what you're saying in premise, I think if you told most consumers "hey, when you have bad reception like at a stadium, your provider will connect you over WiFi instead of 4G", they simply wouldn't care and more importantly wouldn't want to know.

This probably is "consumer-friendly" in the sense of "provides the outcome desired for most consumers".

[mihaaly]

Sensibly and originally the consumer-friendly term is desirable, also the obvious and default behaviour from providers selling products to users.

Unluckily it is over and misused for things forced through regardless of wanted or not - but benefitial for the provider for sure -, being a routine misdirection (basicly bullshit) text.

[tengwar2]

To amplify this: a recognised problem with GSM/GPRS was that although the mobile device authenticated itself to the network. This introduced MITM vulnerabilities. As a response, 3G brought in mutual authentication. Do these managed WiFi networks have mutual authentication? As far as I know, no.

[seraphsf]

Yes, WiFi offload uses the Hotspot 2.0 spec with mutual authentication (EAP-AKA or EAP-SIM typically). Both the phone and the WiFi network will mutually authenticate with the carrier’s Authentication Server.

[DougBTX]

> If you wish to communicate some real user-friendly feature better find some other phrase.

The cycle of deception never ends. If a company misuses words, they'll do it again with new ones. We must resist by sticking to the plain meaning of words.

[KyeRussell]

Sigh. Would you to someone this way were they were telling you this story at a conference lunch?

I really hope not.

They have chimed in to provide further context based on their personal experience. You’ve latched onto and have subsequently read way too much into two words that they used, and tried to offset your unjustified browbeating with “friendly remark”.

[mehlmao]

If someone tells me to my face that ignoring user preferences is actually 'consumer-friendly', I will tell them to their face that it isn't. 'Friendly remark' is passive aggressive and can be left out.