iodine is great for getting free Wi-Fi too. Most captive portals don't block DNS, but just do HTTP redirects. You can pump all your traffic over DNS to an iodine server you have setup on a VM (it's not encrypted, so for the very paranoid, run OpenVPN or Wireguard through your iodine tunnel).
Note: this is most likely illegal .. in every jurisdiction. So .. don't actually do this.
> Note: this is most likely illegal .. in every jurisdiction. So .. don't actually do this.
Sad if true. If a service is providing public DNS access without any service agreement, I don't see how making DNS queries with it could be illegal, especially on a public radio channel.
You might be right, but how?
It's certainly within their right to ban you by filtering out certain queries though.
Remember as abstract as the law can be, the legal system is not going to be amused by contrivances like "they were offering DNS service free and clear, so tunneling youtube over DNS is fine"
The legal system is going to understand that you were trying to circumvent paying for services and treat it appropriately.
How can it be theft of service when they can deny you service at any time automatically by identifying abnormally heavy users and removing them?
This isn't like bypassing the electrical grid by running your own line from somebody else's service.
This is like saying it's theft of service to read a chapter in the bookstore. If you hang out there all day, you might get kicked out, but that's not a crime.
The courts might agree with you, but only because "computers are hard".
There's a world of difference between tunneling over DNS and compromising servers. Or at least, there should be.
"by identifying abnormally heavy users and removing them" - That costs money, ergo, theft. It's like if someone had to hire a security guard for a vending machine.
Or even just let those users alone. Users aren't stealing service if it's not even the same service. It's much slower than buying wifi from the captive portal.
DNS tunnelling is not fast or convenient. Places deploying captive portals have probably looked at the risk to their business from it and have decided not to worry about it.
I can't believe that using a slow DNS connection, intentionally made public, to tunnel traffic would be considered theft or criminal.
How many free samples do I have to eat before I'm a theif? I don't believe I'm a thief until the offer for free samples is rescinded.
Opinion differs, but many ad-supported sites would say yes. I'm not sure if it has every been tested in court. "Fare dodging" might be a better concept to compare this to.
I'm floored that this is apparently how people are reasoning about the world now. Especially on HN.
There is no circumventing of any access control here. If a service is giving a public access point, on public spectrum, and they let you connect, and they allow you to use DNS, you should be able to use DNS however their access control systems allow you to use it.
Now if you find an exploit in their captive portal that allows you access to their service, then sure, that's illegal, because you're breaking into something.
You can't circumvent access controls if the access control list is wide open.
The intent is that you have to pay to use the WiFi. Even if you find a clever technical way to circumvent that that, the judge will see what you were trying to do: avoid paying for the service is offered. The court is not a computer and a judge will use their human brain to make a judgement of your intent.
Is it also theft if I run sshd on udp 53 and I happen to be able to connect?
How about if I run sshd on tcp 22 and it's not blocked?
Is it illegal if I just want to see if a dns change I made has propagated and I query an A record?
It seems obvious (to me) that a judge would say "It's not theft if you're giving it away. If you have a problem with how people are using your free service, add restrictions. Case dismissed."
I would hope that the court uses their human brain to make a judgment of my intent and the intent of the service provider. My intent is to have free DNS access to communicate with my server. The service provider intended to provide a public access point with free DNS and no restrictions on its use. The conclusion should be obvious.
Consider a toll booth without a barrier (commonly known as iPass lanes in some parts). The intention is that you have to pay when passing through. There's no technical measure in place to prevent you from not driving through without paying.
Indeed, sometime I'm also floored about the lack of openness here.
As I often say, self-proclaimed nerds who can't imagine life without a big brother taking care of things love to complain and complain and complain.
The ages of relying on oneself and technology seems gone. Cover-your-ass for 'nerds'
I'll be happy to sell these self proclaimed 'nerds' lessons about how to secure a captive portal with iptables, so that no DNS or HTTP/S or ICMP can go through until the login is entered and the TOS validated.
>>Indeed, sometime I'm also floored about the lack of openness here.
Quite the opposite -- there is complete openness in this thread about the technical aspects of the circumvention or use of the technique, plus open and timely reminders regarding the potential legal ramifications of executing this technique in certain jurisdictions.
As best as I can tell from this thread, if you make use of any service in any way that could be interpreted as unintended by the service provider, you're a criminal.
It makes me wonder if using 1.1.1.1 on my network is a crime. Sure my ISP is letting my DNS queries through, but think of all the analytics that they're missing about me.
Note: this is most likely illegal .. in every jurisdiction. So .. don't actually do this.