[traceroute66]

> We affirm our strict adherence to all relevant regulations and service terms throughout this project.

Except if you bypassed payment and used the service in a manner that was not intended, most likely you were by definition not undertaking "strict adherance" to service terms ?

[VladVladikoff]

Yeah I am a bit confused about posts like this. It’s bragging about breaking the law. There was a particularly bad one a few months ago where a kid had hacked Monster’s employee training site, and was sharing all this internal media in the post. I don’t understand how they don’t end up getting in some seriously annoying trouble with law enforcement. Well I looked it up just now and the post was deleted, I guess maybe he did get in trouble. https://news.ycombinator.com/item?id=44997145

[anigbrowl]

I wouldn't go as far as 'breaking the law', and I agree with the author that the contractual terms ($31 for wifi) are a shitty offer to a captive audience. But I'm also tired of pseudolegalism being employed as figleaf for bragging about the ability to bypass access controls and presumably making everything run a bit slower for all the other passengers (the author mentions that they gave up using it after a while because the bandwidth was so limited).

Yes, long flights are miserable and air travel is a bit of a ripoff. I choose to cope by treating it as an internet break and enjoying a dense book.

[Zak]

Laws penalizing theft of services usually work even if they haven't accounted for the exact manner in which someone might steal the service in question.

The author knew there was a fee for the service; the author devised a way to obtain the service without paying the fee; the author knew this action was not authorized by the service provider.

[eps]

> breaking the law

Not law per se. More like contractual obligations taken upon by connecting to the flight's WiFi.

[Aurornis]

Most countries will have laws covering cases of unauthorized access, theft of services, and computer misuse.

The user agreement helps define the service as a paid service with defined access cases. Going around those would put the user in violation of some laws.

An analogy would be showing up to a paid event venue and noticing a back door was left open. Going into the building without paying is not okay, even though you never engaged with the ticket office to agree to anything.

[ballenf]

If the user routed all traffic through a WeChat or other messaging service, they would just be using messaging.

[zem]

I would have had far more positive feelings towards the hack if they had done that - e.g. had their roommate configure a bot to monitor a wechat room and respond to url requests by sending back a webpage. tunneling over DNS feels icky because the reason DNS traffic goes into a separate accounting pool is so that the basic infrastructure of the internet can be kept working smoothly, so this is getting firmly into tragedy of the commons territory.

[nradov]

Intent matters. In US legal jurisdictions that could potentially be prosecuted as a CFAA violation, although I'm not aware of any cases like that yet.

https://www.justice.gov/jm/jm-9-48000-computer-fraud

[DaSHacka]

The U.S. has one of the most overbearing laws in that regard, though. The OP happened on a flight leaving Canada.

[traceroute66]

> Not law per se. More like contractual obligations taken upon by connecting to the flight's WiFi.

Well, being pedantic, you could be said to be breaking Civil Law. :)

Jest aside, IANAL but most western countries have some sort of Criminal Law relating to mis-use of computers.

A brief search for Canada reveals Criminal Code (R.S.C., 1985, c. C-46)[1].

Again IANAL, but from my reading in this scenario it would be (c) -> (a), "uses or causes to be used ... a computer system" to "obtains, directly or indirectly, any computer service".

[1]https://laws-lois.justice.gc.ca/eng/acts/C-46/section-342.1....

[gruez]

Isn't this pretty straightforwardly "theft of service", like "stealing" cable TV service?

[varenc]

If you never clicked "I agree" in the captive portal prompt, and still got free internet via port 53 proxying, could you argue you never broke the contract because you never agreed to the terms? Genuinely curious

[Vespasian]

I would bet a little bit of money that this is still illegal because you cheated yourself access to a service that is clearly meant to be paid and usually requires agreement (as indicated by the captive portal). Sounds like fraud to me.

As far as I know courts in most jurisdictions are allowed to look at a case in its entirety and that won't look good for you.

A defense like "I thought it was just an config error and couldn't possible imagine that someone would want payment" doesn't sound very plausible to me in particular if it comes from an IT expert who just used sophisticated means to surgically circumvent the block.

In this particular cases of course they confessed the "crime" while bragging about it in their post.

Now what if a random person downloaded an app called "Internet anywhere" from their store and it justed worked? Much muddier because they wouldn't even know it was circumventing anything. For all they know it could be a deal between Air Canada and the app vendor.

[hluska]

This is theft. Stealing is illegal. Giving a blueprint for how you stole is the icing on the prosecutorial cake because you can’t claim lack of knowledge if you create a conspiracy to enable the theft.

This may be the dumbest write up I have ever read.

[forgotoldacc]

Theft comes with the connotation of taking someone away from someone and depriving them of their possession.

Using their internet connection without paying is unlicensed usage/illicit access, but nobody is being deprived of it. Mega corps tried, and failed, to get people to think watching a free movie on YouTube was theft. Same logic, very few people agree with the claim.

[int_19h]

This is Hacker News. Hacking has a long history of being, well, not exactly respectful of legalities, especially when dealing with "profiteering gluttons". Phreaking was kinda what the early hacker scene was famous for, for example.

[brailsafe]

The nature of the non-transaction was such that they were given access to a service that was constrained in certain ways. They used the service, and the constraints that AC technically applied still applied. They used what was available to them under the constraints and weren't required to pay for any other service but the removal of the constraints. I don't see how any theft occurred.

Likewise illegality is just a boring and simple way to dismiss someone on moral grounds, but laws are only as effective as the level of agreement people have with them. Drinking in the park is technically illegal, but I don't care, the police don't care, nobody cares, unless someone needs to care, and I'm going to do it anyway, because the law does not make drinking in the park inherently wrong, it just provides a framework for telling you to stop if you're interfering with others in a way that relates to alcohol consumption.

[tempestn]

Courts don't tend to be impressed by arguments like this. It was made very clear what was being offered and what wasn't, and technical barriers were even put in place. The fact that the barriers weren't foolproof doesn't give carte blanche to bypass them.

I agree more with your second argument, though that tends to be strained when the exploit is published.

[brailsafe]

> Courts don't tend to be impressed by arguments like this.

This is a court of casual opinions, but incidentally when all Air Canada employees recently went on strike—grounding and/or rescheduling all flights, including my own, and causing plenty of inconvenience—and were quickly ordered back to work by the federal government, basically everyone supported them continuing to refuse to work even though technically it was illegal because the government just decided it was. The government's move ended up backfiring and turned into a negative mark on their record after the employees basically won and everything went back to normal with more equitable pay. The CEO outright said they hadn't planned for the situation in which the employees just said no to the order.

[jxf]

IMO a certain amount of youthful indiscretion that takes the form of challenging systems and structures feels like it's both tolerable and important. Agitation prevents calcification.

[bigbinary]

Wait till that guy figures out what the hacker in hacker news means

[ohyoutravel]

I didn’t see this, but the monster hacker blog post is up on archive. Honestly the person sounds like a kid:

https://web.archive.org/web/20250823174801/https://bobdahack...

[pavel_lishin]

I was about to correct you and say that bobdahacker hacked McDonald's, but I guess he did both, and bragged about both.

[CaptainOfCoit]

Could also just be lack of knowledge. Weren't we all a bit more risky and playful with other people's websites when we were kids and the internet was still accessed via modems? Remember talking about that with both other kids and adults without getting in trouble, but it was also decades ago. Once I saw others getting in real big trouble (like prison), then I kind of tried to find more beneficial ways of learning programming and computers.

[gus_massa]

> Remember talking about that with both other kids and adults without getting in trouble.

A few kids doesnt matter. A few adults is only a problem if it's their stuff (If they are teachers, they will care more about unautorized changes of the wallpaper in the computer of the school that anything in a remote computer.) And yuo can even later claim they misunderstood or you were exagerating.

But here is an in written report in front of thousands of persons and about planes that is a sensitive topic.

[traceroute66]

> Could also just be lack of knowledge.

Huh ?

DNS tunneling is not exaclty something you do "by accident".

And if the person doing it on the flight "did not know" (which, given the text of the blog, I doubt) , then you can bet your botom dollar that the "roommate" that was summoned for remote assistance knew very well what was going on.

[CaptainOfCoit]

Didn't claim so either, but a lack of knowledge about that it is in fact illegal, hence the parallel to at least my previous experience where I've most surely have committed crimes in the past, because I didn't know it was illegal in the first place.

I don't know the age of the author, but it almost doesn't matter, sometimes people don't know (lack of knowledge).

[anigbrowl]

Come on now. $31 for inflight wifi is a ripoff, but even a 6 year old understands that if there's a price tag it's not an invitation to help yourself.

[CaptainOfCoit]

Say you're on a plane from Canada to Hong Kong (random example), which country's laws would be applicable here? The country where the airplane is registered?

[traceroute66]

> which country's laws would be applicable here? The country where the airplane is registered?

For all intents and purposes it is the country of registration of the aircraft.

There are one or two exceptions to the rule, but they would not be applicable in this scenario. Mostly stuff relating to air safety. For example, if the aircraft did something against the aviaition laws of the country being overflown. Or hijackings etc.

[Traubenfuchs]

Same country that would be responsible if you stab your seat neighbor for taking too much space I‘d guess.

[traceroute66]

> if you stab your seat neighbor for taking too much space

IIRC the way it works is that when you land (destination or forced landing elsewhere) the offender is delivered to the local competent authorities.

They then undertake an initial investigation and decide either to exercise their own jurisdiction or undertake extradition proceedings to send the offender to the country of registration of the aircraft.

In a scenario of (attempted)murder, I suspect that it is highly likely it would be dealt with in the local courts unless there was a specific external push for extradition.

The point of the convention is to ensure there is never no jurisdiction, i.e. the country of registration to the aircraft is always there as the ultimate fallback. The wording doesn't seek to strictly define the jurisdiction, which is why in most cases the delivery country has the option to take jurisdiction.

[jan_Sate]

It depends on which jurisdiction region wants to enforce the law. If someone wants to enforce a law, and it succeed, then the law of that jurisdiction region applies.

[somehnguy]

Counterpoint: who cares?

Wake me up the first time someone gets into legitimate trouble over a little harmless computer fun like this. Until then..who cares?