Hacker News new | ask | show | jobs
by abadpoli 706 days ago
> But the experience of using a speical-purpose WiFi network is janky on many common devices so I understand not taking that choice.

Yea, this is my hunch as well as to why this works this way. Consumers are easily confused, and asking them to disconnect from their currently working internet connect and connect to a router that hasn’t yet been set up (and might not be able to provide an internet connection) can get confusing. I know I’ve been in this situation before where I’ve been connected to a special-purpose network without internet connect, need to look up some instructions online, but then remember I can’t because I’m not connected to the internet…
2 comments
SahAssar 706 days ago
> and might not be able to provide an internet connection

But this router has to have an internet connection for this flow to work, right? Otherwise how can the router get the password from the cloud service?

What is needed is the device-to-router connection to work securely but by sending the wifi credentials plaintext that is not secure, so not sure what is won here.

link
abadpoli 706 days ago
The router itself has an internet connection but that doesn’t necessarily mean that all of the other stuff required to actually route traffic or connect other devices is configured (like DHCP).

It’d be possible to have some sane defaults in there to make it work, but I wouldn’t count on them to be 100% out in the field of who-knows-what-crazy-settings-this-consumer-has.

> sending the wifi credentials plaintext that is not secure

If the connection between the app, router, and cloud server are all HTTPS, then it’s probably more secure to do it that way than it would be to send it over an unconfigured, insecure WiFi network (which typically uses HTTP or unsigned certificates for the management interface).

link
xp84 706 days ago
it occurs to me now that the whole recent stuff that Apple has been pushing, where apps are banned from making HTTP requests (HTTPS only) may have been the impetus for this. Their "setup app" can't connect to http:// 192.168.1.1/ (or if if can, does so only after popping up dire warnings in scare dialogs) -- but it can connect to the "cloud" server so just send it up to the cloud and back down the WAN port. I can see how they arrived here. Still this is why "apps" suck for this purpose, but I bet they moved to apps for because there are probably plenty of households without a working computer, who need wi-fi for their phones and Rokus, and this proved to be the friendliest way to do it.
link
SahAssar 706 days ago
Even if all that is true why would you not use a temporary password to then directly set the real password? It seems to me like they have not treated the password as an actual secret in this transaction.
link
ratboy666 706 days ago
The velop uses bluetooth for setup... you use an application on your phone, that sets up the router. Yes, it's janky too.
link