AT&T Accidentally Provides Free Wi-Fi To All

SecureThroughObscure writes tells us about a hack broken by MacOSRumors: you can get free Wi-Fi at Starbucks, Barnes & Noble, and other AT&T hotspots if you know how to set your browser's user agent string (trivial on Safari), and know a valid iPhone phone number. ZDNet blogger Nate McFeters gives some more details and links. This can't last.

Security by stupidity.

[LostCluster]

This actually had some chance of working before it was revealed on /. Afterall, you don't usually publish your iPhone number to strangers, and if they ever caught the same user agent showing upo at two hotspots it'd be trivial to shut them both down. Not the best security idea... but it got the system up until they had to come up with better.

Re:

[Hijacked Public]

I have no idea how many strangers know my phone number, but all my friends have it and I suspect most of them know I have an iPhone.

And I'm sure AT&T sees thousands of the same user agent running through their hotspots at any given time.

Re:

[NeutronCowboy]

Security by stupidity, indeed. Because this doesn't even qualify as security through obscurity. What the hell is wrong with people to use PUBLICLY known information to do access control? It's not the worst security idea, it is absolutely no security at all. Your phone number has to be known to people, otherwise it's useless. So why use it as access control? Yes, it allows for quick bootstrapping, but that's about it.

I expect that ATT will lobby in short order for a law that will make it illegal to spoof use

It might last...

[sith]

Even if every /.'er did this, it still would be a drop in a bucket compared to the number of folks who happily pay the fee.

For example, many pay wifi points can be circumvented just by connecting to a VPN over UDP (since they're only filtering TCP requests). I doubt they're going broke due to that issue though..

Re:

[aliquis]

Exactly, I can't see why it couldn't last? What's so bad with offering free network connection at some locations? And as soon as one read that people "logged in" by typing in their phone number this was very obvious. I doubt they will care. And it's not like every person on the planet will know about it or care either (as you point out.)

Re:

[KnightMB]

Even if every /.'er did this, it still would be a drop in a bucket compared to the number of folks who happily pay the fee. For example, many pay wifi points can be circumvented just by connecting to a VPN over UDP (since they're only filtering TCP requests). I doubt they're going broke due to that issue though..

Here's how in Firefox.

Download and install the "User Agent Switcher", then add new user agent with:

Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1C28 Safari/419.3

Go to StarBucks and hit up the wi-fi, you get the standard login screen that the iPhone uses, put in a valid phone number and well free wi-fi I guess. It's also interesting to visit websites to see what kind of iPhone page they have this way (cnn.com for example)

Re:

[rocketPack]

Alternatively (for those who don't want to download an extra program):

• - Go to about:config in Firefox
• - Right click/command click in the list and chose New > String
• - For the preference name use "general.useragent.override"
• - Use any value you wish, such as "Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3"
• - You can verify your change by going to "about:" in Firefox and reading the information from the page!

Can't help you wi

Re:It might last...

[aesiamun]

Here you go [openvpn.org]

Re:

[camperslo]

OpenVPN appears to be for Windows, if that's the case, is there something else that'll work on OS X and Linux?

Re:

[Dog-Cow]

OpenVPN.

Re:

[Shakrai]

IPSec/SSL both require TCP

You realize that IPSec can encapsulate itself into UDP packets, right? In fact this is the primary mode of operation for clients stuck behind NAT.

Next time you might want to fire up Wireshark before you open your mouth. Or read this [wikipedia.org].

Staying Power

[whisper_jeff]

A surefire way to ensure that this hack lasts as long as possible is to keep it super-secret and not let AT&T know they screwed up.

But I'm sure posting the story to slashdot is fine. Nobody reads this site, after all...

Re:

[peragrin]

If AT&T techies actually read slashdot then they would be smart enough to setup the system with more than just a browser user agent tag and a phone number.

how many systems have been setup that way and then suddenly laughed at?

The other option is why bother? Most people who visit starbucks don't know what a user agent string is, or have enough money that they don't care.

Re:

[irc.goatse.cx troll]

If AT&T techies actually read slashdot then they would be smart enough to setup the system with more than just a browser user agent tag and a phone number.

How would you set it up then? Assuming the predefined goal is "Allow iphone users free service with no hassle", what would you do if not sniff user agents?

The only way I could think of to do this more 'securely' would be a full network scan to see how their tcp stack behaves, possibly looking at tcp sequence numbers and timestamps to find any quirks.

T

Re:

[Firehed]

I would set it up just like this, except perhaps some sort of reasonable limit on connection time or frequency to the system ("legit" use should never have more than one connection per phone number, for example).

Will some people abuse it? Yes, though I wouldn't consider it abuse. It's really a long-term value add. People see that iPhone users get free Wifi at these places from their iPhone, and a few know how to get it on their laptop too. That's a tremendous additional value to using AT&T over comp

Re:

[Blkdeath]

If AT&T techies actually read slashdot then they would be smart enough to setup the system with more than just a browser user agent tag and a phone number.

Waitaminute; are you actually saying that reading Slashdot is a benchmark for intelligence in the IT field?

Re:

[aliquis]

Hey, we read the headlines, eventually the summary and then head on to comment and read comments. It's just TFA we skip ;)

Re:

[pak9rabid]

A surefire way to ensure that this hack lasts as long as possible is to keep it super-secret and not let AT&T know they screwed up.

Actually, it was Wayport's screw up, as they're the company that AT&T contracts to provide their wifi hotspot system.

Re:

[Jugalator]

But I'm sure posting the story to slashdot is fine. Nobody reads this site, after all...

Well it *is* just mostly geeks -- a minority.

I rather think the actual problem is when that random blog links to this site, catching the attention of some large general media site, etc... Soon enough it's a story reaching the general population.

Still, manipulating user agent strings is "advanced" work to novices. So in the end, for the shit to truly hit the fan, we'd first need a simple UI with only a textbox for the iPhone number and an OK button (handling the rest itself), distributed on a web site popul

I don't think that's what you meant

[techpawn]

Accidentally providing free wi-fi to everyone... IF they use this hack to work around... That's not providing ANYTHING. It's not having proper security in place.

SuddenOutbreakOfMoralSense

[AKAImBatman]

Maybe it's just me, but am I the only one who's sitting here thinking that using this hack is tantamount to stealing service? Hacks for stealing cable service have existed for decades now, and were very much illegal. And why shouldn't they be? Not everything has to be hacker proof. Sometimes it's just about putting a lock on the door and saying, "This doesn't belong to you."

To use a typical Slashdot analogy, the lock on my front door is pretty flimsy and could probably be picked or forced without much effort. Is that an invitation to walk into my house and use my computer?

This also differs from open WiFi points in that open WiFi points have no security. It's difficult for a passerby to tell the difference between an intentionally shared access point and an access point that has accidentally been misconfigured.

Which reminds me, WiFi security is not all that hard to crack. Does that give people a free license to crack their neighbor's WiFi and begin using it without permission?

Re:

[dissy]

Maybe it's just me, but am I the only one who's sitting here thinking that using this hack is tantamount to stealing service?

No it is not just you. Unfortunately it is still incorrect despite the fact others see it that way too.

Since everyone is different and has different morals, sure, it can easily be morally wrong.
But legally and technically, it isn't wrong at all.

Clearly their service allows iPhones to access for free, and stupidly it asks the users computer if it is an iPhone or not, so lying and saying 'yes' shouldn't be enough for access, but apparently is.

They are just asking the users computer if it is an iPhone, and i

Re:

[AK Marc]

But legally and technically, it isn't wrong at all. Clearly their service allows iPhones to access for free, and stupidly it asks the users computer if it is an iPhone or not, so lying and saying 'yes' shouldn't be enough for access, but apparently is.

I think that lying in order to obtain a fee service for free is illegal in all locations in the US. It's theft of services, fraud, or such.

Also, you separate moral wrong and legal wrong, but you have "technically" in there with legal. I would argue that

Re:

[DarkOx]

To bring this to physical world example, if the Gas Station clerk asks you for ID, and you forge a fake ID to purchase cigarettes, it does not make the act legal all of a sudden.

Hate to break it to you but even if you were otherwise allowed to buy cigarettes, but used a fake ID to it, it is ILLEGAL.
The crimes are FORGERY(creating the fake id) and UTTERING(using the forged document). The harm is that it destroys societies faith in documents. Its a criminal.

In this case your user agent string is probably not something that would be considered a "document" under those laws so its probably not a crime, so your analogy is flawed in that it really does not actually fit and forced as i

Re:

[Nimey]

No worries. AT&T is making up what it loses from this by sharing all its customers' information with the NSA.

Re:

[Vellmont]

Sometimes it's just about putting a lock on the door and saying, "This doesn't belong to you."

Everything in security isn't a lock. There's no personal property being protected here, so stop with the "enter my house" analogy.

This is more like give away a free small bag of popcorn to anyone with a name badge that says "I own an iPhone" on it. In other words, this is more like lying than it is theft. Lying isn't usually illegal, unless you're defrauding someone.

Re:

[Edgewize]

Yes. From the AT&T iPhone service agreement [att.com]:

cannot be used for any applications that tether [...] to laptops, PCs, or other equipment for any purpose

Re:

[mr_matticus]

It's a violation of the law in all jurisdictions, and finding a jury is a cakewalk. The only person that needs luck is a defendant in finding an attorney who can get him out of it.

"Theft of service" is its own special category. Chances are that AT&T will just fix it to something a little more robust than a user agent string and won't bother to sue anyone about it, unless they just feel like being dicks this month.

Re:

[Mister Whirly]

So is jaywalking, but the point the OP was making is that it is a rarely prosecuted crime. I have only read about 1 case where someone was actually charged with this before. Not saying it hasn't happened more than that, just that I don't think it is very common.

Re:

[mr_matticus]

the point the OP was making is that it is a rarely prosecuted crime

No, it's not.

It happens all the time. We're not talking about wardriving or hopping on unsecured wifi. This is bypassing (however easily) access restrictions on a paid service. Also, skipping on restaurant bills, gaming the phone system, and splicing into cable systems are all also theft of service.

Jaywalking, further, in most places is not a crime. It's a citation.

Re:

[Mister Whirly]

If it "happens all the time" as you claim, please cite some references. I seriously doubt that Starbucks or AT&T would risk the negative publicity going after "criminals" like this. For another unsuccessful model of suing your own customers, please see the RIAA strategy.

Re:

[Mister Whirly]

No, I want examples of people who have accessed WiFi by circumventing security, and were subsequently charged. Not interested in all the other "thefts of service" examples, I know they exist but they have very little to do with the conversation. We were specifically speaking of unauthorized access to WiFi at Starbucks.

Re:

[mr_matticus]

No, we were speaking about the existence and application of theft of service as a cause of action. Your bizarre and pointless narrowing of the criteria to force a rarity gets you nowhere.

If you want someone to put together a list of theft of service prosecutions for Internet service, you'll have to pay an attorney to do it (no, I'm not asking). They're out there, and moreover you know they are.

Your query is malformed, to boot. You're hoping to disprove the existence of the cause of action by suggesting t

Re:

[mr_matticus]

If you get a speeding ticket and plead guilty, you have a criminal record in those states.

If you have a criminal record as a result, it's not a citation (irrespective of what the paper says at the top). It's a misdemeanor. It is true that in some places, jaywalking is a misdemeanor and not a simple citation.

This is why some job applications say "please list all felonies, and all misdemeanors committed in the last 10 years except minor traffic violations." If it weren't for the "except" you would have to list all your recent traffic tickets.

Not quite. The "except" part does not apply to e.g. $12 expired meter tickets, infractions of the vehicle code, or jaywalking in most states, because they are neither felonies nor misdemeanors. The "except" part carves out traffic violations that are misdemeanors which you would otherwis

Re:

[Shakrai]

and won't bother to sue anyone about it, unless they just feel like being dicks this month.

Hey, I agree with you that it's theft of service, but how would they go about suing/charging people even if they were inclined to do so? Logs on the Access Points? What are those going to reveal besides the MAC address of the users wireless card?

Unless someone is stupid enough to use their own iPhone number I really don't see how AT&T would go about tracking them down. And no, that doesn't justify stealing their service -- though is it really 'stealing' if you actually have an iPhone and are pres

Re:

[mr_matticus]

but how would they go about suing/charging people even if they were inclined to do so?

Well, let's see...maybe blogs with instructions, photos, and videos of proof coupled with those logs to cross-check equipment. Hell, even just knowing the MAC address might well narrow it down, coupled with security footage if they really needed to nail someone.

It's unfathomable that they'd go through the effort and expense to do so, and it's highly unlikely that they even care that much. Someone will get fired for pushing out a ridiculous access control methodology, they'll put something more sophistica

Re:

[jrumney]

I own an iPhone and have AT&T service. Lets say I use this hack to get my laptop working on wifi using my own number; is it still stealing service?

Yes. The free WiFi is for your iPhone, which while more usable than most mobile phones is still not the kind of device you're going to camp out with all day at Starbucks. It is not for your keyboard equipped, large screen laptop that AT&T makes no revenue from whatsoever.

Re:

[Shakrai]

Yes. The free WiFi is for your iPhone, which while more usable than most mobile phones is still not the kind of device you're going to camp out with all day at Starbucks. It is not for your keyboard equipped, large screen laptop that AT&T makes no revenue from whatsoever.

And what 'revenue' are they losing if you use a different device then your iPhone to access the network? Aren't they getting paid the same regardless of which device you use? I'd agree that it's stealing if you are entering a buddies iPhone number but you'd be hard pressed to convince me of that if you actually have an iPhone and just want to use a different device with a service that you are already paying for.

Re:

[Edgewize]

It doesn't really costs them anything more, but that's not the point - they have a right to charge you more for unrestricted service, and it is theft to take their lower-tier service and hack your way around the restrictions.

Your iPhone comes with unlimited data access for your iPhone. That agreement is based on the understanding that using the internet on your iPhone is not something people will do a lot of, because of the interface and other convenience factors. The data access is tied to the device.

If

Re:

[Shakrai]

Otherwise it's like hacking a cable box that was artificially restricting your channel selection, another time-honored and fully illegal activity.

I disagree. If the restrictions on content (you mentioned flash) are built into the iPhone then it's not like "hacking a cable box". If anything it would be similar to replacing a cable box.

If I pull my SIM card out of my iPhone and put it into a more advanced device that is capable of downloading flash then am I also "hacking" them?

Re:

[Edgewize]

If your "more advanced device" is a computer, you're violating your service agreement. The limitations on what the device is capable of are part of the pricing strategy. A true unlimited data plan costs more than an iPhone data plan.

Re:

[Hatta]

I sort of agree. I'm 100% in favor of letting people borrow open wifi. If it's wide open, the server is giving you permission to use it when you get an IP. But if you have to trick it into giving you an IP, that's not so ok.

But still, having thousands of slashdotters flood their network for a few days seems like the appropriate consequence for AT&Ts negligence. Maybe they won't make the same mistake in the future.

AT&T Intentionally provides free WiFi to all.

[bughunter]

1 - Put your coffee money in a Starbucks Card.

2 - Take your laptop to Starbucks for a coffee.

3 - Profit!

Re:

[Megane]

4 - Drink bad coffee!

Re:

[ivan256]

I find it difficult to believe that you find all of Starbucks coffee to be "bad". They have dozens of types. Some of them suck, and some of them are really good. Which ones don't you like? Did you even realize that there was more than one type?

Re:

[FunkSoulBrother]

Your Starbucks only brews one variety of black regular coffee at a time? They should have at least two.

Re:

[ivan256]

Even Dunkin' has two types of roasts, decaf, and flavored beans. I understand that you were trying to make a joke, but you actually made an insightful comment. How can you bitch that you don't like something, yet refuse to make even a basic attempt to understand why?

Free

[jav1231]

Frankly, Starbucks should provide WiFi free. It's a great tool for them. Many small shops are doing it and I'd go to one of them before Starbuck's, obviously.

Re:

[qoncept]

Starbucks should also start charging 1/3 of what they do for their coffee. I don't think either is hurting them much, though.

Also, in my opinion, Starbucks should just go to hell. Aside from the fact that I think coffee is disgusting, my generalization of a Starbucks customer is a person I'd love to punch in the face. I can't decide if I dislike the yuppie small coffee shop goers more or less.

Re:

[Mister Whirly]

The yuppies ARE the ones that go to Starbucks. Where I live, there are so many small independent coffee shops, no self-respecting person would ever go to Starbucks for coffee.

Also, I think you have some anger management issues. I would tell you to lay off the coffee a little, but...
(I am only jesting here. I generally want to punch yuppies too.)

Re:

[techpawn]

"The more complicated the Starbucks order, the bigger the asshole. If you walk into a Starbucks and order a "decaf grande half-soy, half-low fat, iced vanilla, double-shot, gingerbread cappuccino, extra dry, light ice, with one sweet-n'-Low, and one NutraSweet," ooh, you're a huge asshole." - George Carlin

What's with the Yuppie hate?

[Blahbooboo3]

What is a Yuppie anyway? Someone who has a job and/or business that earns good money after spending a lot of time studing and/or working hard to become successful? Wow, what an awful person!

Oh right, this is Slashdot, where IT folks all work for free for the betterment of society.

Re:

[Mister Whirly]

From urbandictionary.com -

"a very arrogant well put together young urban professional who you more than likely will find wearing gucci and prada with a large bank account which they love to brag about. You can find them drinking Starbucks, living in a one bedroom apartment in a city where they will pay 1000-2000 a month for and spending another 3000 a month on their credit cards. They brag about their designer clothes and love to flaunt them , as well as their wealth. They look down upon anyone who isn't

Re:

[Blahbooboo3]

Wow, good think you're not relying on generalizations ... Shame that is the definition of yuppie, as it looks more like the definition of an asshole :)

Re:

[Mister Whirly]

"Shame that is the definition of yuppie, as it looks more like the definition of an asshole "

Now you are getting it!

Re:

[JerkBoB]

I think I probably hated yuppies too...

Before I became one. And then I hated DINKs, before I became one. And then I was irritated by those annoying people who bring kids to restaurants, before I became one (hey, YOU try getting a reliable babysitter at the last minute!).

At the moment, I'm irritated by those old farts with no kids who want to cut back on taxes because THEY don't have kids in school.

Anyone else detecting a pattern? :)

Re:

[Blahbooboo3]

So true... :)

Re:

[Shakrai]

I think I probably hated yuppies too...

Before I became one

You don't 'become' a yuppie in the same way that you become a parent bringing the kids out to dinner. One can be successful and fairly well off without being a 'yuppie'. Yuppies are the ones that won't let you forget how successful they are and look down upon anyone who isn't living the same lifestyle that they are.

I know lots of well off people that aren't yuppies. I also know some broke people that use credit cards to finance a yuppie lifestyle they can't afford. As with all

Re:

[Jupiter Jones]

"Someone who has a job and/or business that earns good money after spending a lot of time studing and/or working hard to become successful?"

I'd like to think that the letter you left out of the above sentence is a 'd' instead of a 'y'.

It's the romantic in me.

JJ

Re:

[Blahbooboo3]

haha funny :)

Re:

[Blakey Rat]

Where I live, there are so many small independent coffee shops, no self-respecting person would ever go to Starbucks for coffee.

Me too, and yet I go to Starbucks. You know why?

Those small, independent coffee shops are all full of pricks. The baristas are pretentious, the menus are full of Italian gibberish, and the coffee isn't much better than Starbucks' at all. I don't like super-pretentious Italian coffeeshops, I never feel comfortable in them, like I'm not as good as everyone else there because I don't

Re:

[Mister Whirly]

I never said a self-respecting person would go into one of the indie coffee shops either, just that they wouldn't go to Starbucks. Self-respecting people brew their own damn java.

Re:

[Slightly Askew]

Starbucks should also start charging 1/3 of what they do for their coffee. I don't think either is hurting them much, though.

I [msn.com] beg [tmcnet.com] to [google.com] differ [guardian.co.uk].

Re:

[drhamad]

Maybe they should, but that's their choice, not yours. It's their business decision.

In general, companies are afraid of wifi (and legitimately so, I believe) because it causes people to sit around, NOT consuming things. Sure I might go buy a drink at sbux and sit and read a book for 30 mins or something, but with wireless I'll sit there with that drink for 4 hours. I'm not going to buy more.

Re:

[spiffyman]

True story. Where I live, WiFi is ubiquitous. It's more shocking to me when a shop doesn't have it. And in the downtown area, there's pretty wide-area coverage. Apparently the city's doing some kind of experiment in conjunction with Cisco.

All this means that I'm spoiled. I suspect a lot of other /.'ers are spoiled, too. And if I've come to expect free WiFi, I most certainly won't go to a shop where they don't have it. On the other hand - and probably more importantly - if I haven't come to expect such a

Re:

[Lemmy Caution]

That's because the small shops are trying to catch up with Starbucks, and are willing to fill up their tables with people who aren't buying anything to do it.

Having gone to some indie cafes, bought a coffee, looked for a table to sit at, and found nothing but tables full of people sitting at their laptops, not drinking or eating anything, the wisdom of "free wifi for all!" started to seem a little dubious.

Re:

[jav1231]

True. But these shops can also say, "hey, buy another cup or you have to go." I think by and large most people are willing to buy a cup of coffee to sit and have wifi (otoh, could they not just pay for the wifi?). Some shops would like to have the people there as a draw.

Re:

[drinkypoo]

Corollary: a coffeeshop that looks pleasantly busy is more likely to draw business than an empty coffeeshop. Most people have a neurotic need to be around people all the time, or so it seems. Also, a coffeeshop full of laptop users is not a coffeeshop full of people who will bother other customers. So all you have to do is figure out what the sweet spot in population is, and kick out people who don't buy anything, down to that number. If you have half a clue you'll kick out your regulars last and everything

...and a valid iPhone phone number?!

[erroneus]

Are you kidding me?! I'm not quite creative enough to know exactly what to do with it, but a phone number is like part of a person's identity. Using that as a form of identity in this instance can't be good.

Re:

[Dog-Cow]

That's a silly view of a phone number. Have you never looked at say, a NY City phonebook? That's a whole lot of "identity" available to the public right there.

Re:

[Dog-Cow]

The phone number isn't being used to identify an individual. It's being used to identify the type of hardware connecting to the network. If someone asks me for a phone number and I give them yours, how exactly have I stolen your identity?

... always been free wifi ...

[PC and Sony Fanboy]

Maybe its different (okay, it IS different) ... but it is very very very rare to see a café up here in canada that doesn't have free wifi. They limit the bandwidth per connection, and (attempt to) block non http / https requests, but I *never* pay for wifi when I'm at a café ...

It makes you wonder, what the world is coming to... or at least, what is going on in the USA.

Re:

[ColdWetDog]

Maybe its different (okay, it IS different) ... but it is very very very rare to see a café up here in canada that doesn't have free wifi. They limit the bandwidth per connection, and (attempt to) block non http / https requests, but I *never* pay for wifi when I'm at a café ...

Yeah, you commies. Free this, free that. Gonna kill the economy. How is any multi billion dollar company supposed to make a living? Next thing you'll tell me is that you don't have to pay for things like med

Re:

[PC and Sony Fanboy]

yup. free health care. free EEEs too.. Just for opening an account... [rbcroyalbank.com]

I'd have to say that Yup.. canada rocks. We now have the iPhone legally too... but it is way too common for people to just cross the border and buy (and unlock) an iPhone. Seriously. The iPhone has been here so long, it isn't even cool to own one anymore...

what's next

[gEvil (beta)]

Next you're gonna be telling us how to get free wifi from all those "Linksys" hotspots, aren't you?

Re:

[imamac]

I always look for those "belkin54g" hotspots. They're everywhere!

Re:

[SCHecklerX]

Hey! That's the name of mine at home! Well..the one on the DMZ that redirects all http traffic through a proxy that does interesting things with images, anyway.

How does Starbucks get away with charging?

[swb]

Here in Minneapolis we have two other chains competing with Starbucks, Dunn Bros. and Caribou, both starting out locally. Both of the competitors offer free Wifi. Caribou's is limited to an hour, but you can circumvent that pretty easily. I don't frequent Dunn Bros. often enough to know what kind of limit they might have.

Many other indie coffee shops, restaurants and other places offer free wifi.

I'm always amazed when I see people sitting in Starbucks using laptops (maybe they're not online) when they co

Re:

[steveo777]

Yup, there's Panera Bread and a thousand independent coffee shops with free wifi in the Twin Cities and metro areas. Heck, there are even bars with free wifi. Buffalo Wild Wings has free wifi! I've used it with my iPod touch (usually checking team scores and stats), but I don't think I'd get a lot work done while eating 12 mango habaneros. And I imagine the keys would get coated in wing sauce.

I mostly hit Caribou and anywhere but Starbucks. It used to be because Starbucks had bad coffee, but now it's bec

Re:

[Colonel Korn]

I've never seen a Starbucks that charges for wifi, and I've tried in about 20 across 6 states, east, west, and middle of the country.

Re:

[skiflyer]

Tmobile also has a plan where you get all the tmobile hotspots for some flat fee... starbucks is included in the list (or at least it used to be last I looked at the options, I didn't buy the plan).

Re:

[swb]

Caribou and Dunn Brothers combined outnumber Starbucks in Minneapolis. You can't turn around without finding a Caribou, they seem to have better or more visible locations.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[UnknowingFool]

I have confirmed it works and surfing right now and . . . hold a sec there's some guys in dark suits wanting to talk-#%$)(*J*&^!@

[CARRIER LOST]

MAC Address

[suggsjc]

Why couldn't they have just used MAC address (a simple range) filtering? I would guess that there are a few ranges of addresses in use by the iPhones. Even if there was some overlap with other devices, I would think that possibly in addition to a user-agent check would be a lot more secure/efficient.

Re:

[Deagol]

MAC addresses can be trivially spoofed. There's even a database of MAC ranges for manufactured devices, so you can pick and choose which device to masquerade as on the network.

Re:

[appleguru]

Easily circumvented; on os x...

sudo ifconfig en0 lladdr 00:1B:63:00:00:00

Or using one of the other iphone prefixes:

00:1B:63
00:1D:4F
00:1E:C2

Re:

[jrumney]

If someone is going to go to the trouble of spoofing an iPhone with a valid phone number, then they'll just spoof the MAC address as well. It'll be even easier to guess a valid one than for the phone numbers, as each batch of iPhones manufactured will tend to use a corresponding batch of WiFi chips, probably with a consecutive block of MAC addresses. Phone number allocation is more random, since its done at time of purchase, and people can port numbers from older devices or other networks.

The real wtf...

[Grelli]

The real wtf is that the iPhone's number is in the user agent string. How long till that is used to justify an "existing business relationship"?

Re:

[Ioldanach]

I don't see any indication that the phone number is in the user agent string, it looks like the phone number needs to be entered to "log in". Looking for iphone HTTP_USER_AGENT strings elsewhere I don't see any examples with an embedded phone number.

Re:

[Grelli]

RTFA? I'm sorry, but that's just not how things are done around here.

I stand corrected.

McDonalds

[Enderandrew]

Every coffee shop I go to has free wifi. So does McDonalds, truck stops, and a variety of odd places. I can't imagine paying for wifi hot-spot access at Starbucks.

Simple fix, once the API arrives

[nsayer]

Once the API arrives, I can imagine that all they have to do is write an 'enabler' app that does a magic handshake over the cellular interface to pass the phone's WiFi Ethernet interface address to the local hotspot. That would obviate the need to fill out their silly web form and everything.

Of course, if they're silly enough to write the app so that it enables the connection without performing a validation step (assuming that being able to run the app means it's running on an iPhone), then someone will rat

WIFI is becoming free, anyway

[natoochtoniket]

I have a friend who owns a small restaurant, selling smoothies and sandwiches. He has internet access from the back office, and uses it to communicate with vendors.

He doubled his breakfast and lunch business over the last few months by putting up a wireless router and giving away wifi access. The sign says "with any purchase" but there is no easy way to implement that, so he just leaves it unsecured. Most people buy something anyway.

It costs him almost nothing, and helps to sell food by making the location more welcoming to his customers. It won't take very long for other small food and beverage businesses to catch on.

It's kind of like "air conditioned" businesses used to be. Fifty years ago, air conditioning was unusual. But customers liked it, so the businesses that had it got the customers. Now, every business has it. The only real difference is that wifi is a lot cheaper to provide.

Outrageous!

[hacksoncode]

Apple should demand that iPhone users not give their phone number to other people because they might abuse this!

Errrr...

Re:

[imamac]

Twelve dollars?!?!?!?? Are they having a special sale??

Re:

[Hijacked Public]

I don't recall the company names, but lately I've been finding that a lot of places advertising 'Free Wi-Fi' restrict access to 'partner' sites. To receive unfettered access to the tubes you have to pay.

A couple of months ago I tried to connect through a Starbucks and took away that impression, but they could be pay all the way now.

Re:

[pak9rabid]

I don't understand. I't been a good two years since I tried to use wi-fi at a Starbucks, but when I did, I didn't pay anything for it.

T-Mobile used to be the wifi hostspot provider for Starbucks. Within the past year, Starbucks switched to AT&T (which is essentailly just a rebranded Wayport wifi hotspot system) to provide their wifi hotspots. This is probably where the change in price came from.

Re:

[jrumney]

The fact that you have an iPhone does not give you a right to steal their WiFi with your laptop. It does give AT&T an easy method of retaliation against you without dragging you through the courts though. They can simply cancel your contract for T&C violation, leaving you with an expensive but shiny brick.

Re:

[nsayer]

That's a different thing. AT&T DSL customers have been able to log in to Starbucks hot spots for a while now. I'm both an iPhone owner and an AT&T DSL customer and have actually been using my DSL login stuff on the iPhone while waiting for the native connectivity. Actually, at the moment I am using my MacBook in a Starbucks to type this reply, believe it or not.