I've just read a really interesting piece by fellow analyst Ian Fogg which highlights how operator customisation & policy can be pushed down to smartphones, even where those devices are bought "unlocked" (or "vanilla") by the end-user.
In a nutshell, the mere act of inserting a SIM into a device like an iPhone can lead to some configuration options being locked-down to the end user - specifically, data connection APNs (the named "virtual" access points on 3G/4G networks such as iphone.operator.com) - or the ability to use tethering.
Tethering has been pretty controversial for several years now - the ability to turn a phone into a WiFi hotspot, to allow multiple devices to connect through one network access subscription. Some operators charge extra for such services, while others allow it for free on certain plans. It's becoming more widely used - I see quite a few Android and a few iPhone SSIDs when I'm in public locations.
There has been a significant push-back from users, who tend to view this as a right ("I've bought 1GB of data, why should someone else determine how I use it?"), but the leading device and OS vendors seem to have bowed to operator demands and helped block unauthorised use. Google has even limited the availability of "unofficial" tethering apps on Android. Various policy tools and DPI approaches to spotting tethering are also available - for example looking for tell-tale IE or Firefox PC browser traffic going through a connection that's otherwise obviously from a phone.
I also take the view that this is one battle that (for now) the handset vendors are fairly happy to allow the operators to win. The availability of tethering doesn't really make Apple much extra profit, but potentially limits the willingness of telcos to subsidise iPhones. Various Android device makers also sell 3G/4G USB modems or MiFi-style personal hotspots, so they'd also prefer you to buy a second device rather than use your phone as a tether. While desired by consumers, tethering is also a battery-drain, so OEMs see it as something they'd rather not encourage huge use of.
There are a couple of important related issues here though.
Firstly, operators would like to use the same control channels (which probably include things like OMA's Device Management standards) to apply to WiFi use more generally - in particular, which WiFi access points the user can log on to. This will fail though - both users and device vendors place "WiFi neutrality" much higher on the utility and importance scale than tethering, and I see attempts to lock-down or force WiFi choice as backfiring massively. This is why I have grave doubts about much of the current hype around Hotspot 2.0, ANDSF and assorted other standards aiming to give MNOs greater control over WiFi.
More generally, tethering is just one use case of a wider phenomenon I first identified a couple of years ago, called "connection sharing". This is the concept of smartphones working together to bond multiple users' data pipes, either to fill in coverage holes collaboratively, or to "multiplex" data connections together for faster connectivity.
Imagine sitting at a table with one person using an iPhone on Vodafone, another with an HTC Android on Orange, and a third with a Windows Nokia on 3UK. If they could discover each other and bolt together their connections, the three users would get much better service acting collectively. But.... the operators' data conections would be both cannibalised and commoditised. It would be impossible to enforce user-specific policy or use the SIM for alternative applications such as Identity Management services, as the networks wouldn't know which of the three people was generating which IP packets. Not only that, but this would essentially lead to an offloading of the weakest network's traffic onto the strongest.
We'd also possibly see secondary markets evolve in selling "unused inventory" of data connectivity - people with good dataplans could try to sell spare capacity to other people. You can imagine an app working out that the user still has 300MB left two days before the end of the quota/billing-cycle, and trying to resell it to nearby users "second-hand". More securely, I've previously suggested the notion of "social tethering", where perhaps you could allocate a certain volume of your data allowance to be shared with your known Facebook or LinkedIn contacts if you're in the same room.
Overall, connection-sharing has the ability to change (or even destroy) multiple operator business models and services. Various operator services tied to SIMs would be completely undermined - most of the IMS/RCS story depends on keeping the link between network/SIM and the application, as do some of the NFC implementations. In the long run, the break between SIM and identity is inevitable in my view (breaking the "Tyranny of the SIM card"), but the operators' attempts to clamp down on tethering may delay it a little longer.
That said, I can see other workarounds emerging - especially WiFi Direct, which is an official WiFi Alliance standard intended to make the old and little-used peer-to-peer WiFi mode work a lot better. Rumours tell me that the telcos are not big fans of this, so it will be interesting to see if it makes it onto smartphones, and how exactly it is implemented.
I've also got a couple of other disruptive next-gen tethering options in mind as well, but I'll keep those to myself for now, or just for those consulting clients that employ me to assist them (either as poacher or gamekeeper).
Overall, I expect the current initiatives to reduce the impact of user-driven tethering by a certain amount. But in the medium term, I expect those controls to crumble - but perhaps by the OEMs themselves. I continue to believe there's a good chance that Apple, Google or another player will suddenly push a really disruptive WiFi play of their own, and are happy to keep the "tethering powder" dry until that point.
In a nutshell, the mere act of inserting a SIM into a device like an iPhone can lead to some configuration options being locked-down to the end user - specifically, data connection APNs (the named "virtual" access points on 3G/4G networks such as iphone.operator.com) - or the ability to use tethering.
Tethering has been pretty controversial for several years now - the ability to turn a phone into a WiFi hotspot, to allow multiple devices to connect through one network access subscription. Some operators charge extra for such services, while others allow it for free on certain plans. It's becoming more widely used - I see quite a few Android and a few iPhone SSIDs when I'm in public locations.
There has been a significant push-back from users, who tend to view this as a right ("I've bought 1GB of data, why should someone else determine how I use it?"), but the leading device and OS vendors seem to have bowed to operator demands and helped block unauthorised use. Google has even limited the availability of "unofficial" tethering apps on Android. Various policy tools and DPI approaches to spotting tethering are also available - for example looking for tell-tale IE or Firefox PC browser traffic going through a connection that's otherwise obviously from a phone.
I also take the view that this is one battle that (for now) the handset vendors are fairly happy to allow the operators to win. The availability of tethering doesn't really make Apple much extra profit, but potentially limits the willingness of telcos to subsidise iPhones. Various Android device makers also sell 3G/4G USB modems or MiFi-style personal hotspots, so they'd also prefer you to buy a second device rather than use your phone as a tether. While desired by consumers, tethering is also a battery-drain, so OEMs see it as something they'd rather not encourage huge use of.
There are a couple of important related issues here though.
Firstly, operators would like to use the same control channels (which probably include things like OMA's Device Management standards) to apply to WiFi use more generally - in particular, which WiFi access points the user can log on to. This will fail though - both users and device vendors place "WiFi neutrality" much higher on the utility and importance scale than tethering, and I see attempts to lock-down or force WiFi choice as backfiring massively. This is why I have grave doubts about much of the current hype around Hotspot 2.0, ANDSF and assorted other standards aiming to give MNOs greater control over WiFi.
More generally, tethering is just one use case of a wider phenomenon I first identified a couple of years ago, called "connection sharing". This is the concept of smartphones working together to bond multiple users' data pipes, either to fill in coverage holes collaboratively, or to "multiplex" data connections together for faster connectivity.
Imagine sitting at a table with one person using an iPhone on Vodafone, another with an HTC Android on Orange, and a third with a Windows Nokia on 3UK. If they could discover each other and bolt together their connections, the three users would get much better service acting collectively. But.... the operators' data conections would be both cannibalised and commoditised. It would be impossible to enforce user-specific policy or use the SIM for alternative applications such as Identity Management services, as the networks wouldn't know which of the three people was generating which IP packets. Not only that, but this would essentially lead to an offloading of the weakest network's traffic onto the strongest.
We'd also possibly see secondary markets evolve in selling "unused inventory" of data connectivity - people with good dataplans could try to sell spare capacity to other people. You can imagine an app working out that the user still has 300MB left two days before the end of the quota/billing-cycle, and trying to resell it to nearby users "second-hand". More securely, I've previously suggested the notion of "social tethering", where perhaps you could allocate a certain volume of your data allowance to be shared with your known Facebook or LinkedIn contacts if you're in the same room.
Overall, connection-sharing has the ability to change (or even destroy) multiple operator business models and services. Various operator services tied to SIMs would be completely undermined - most of the IMS/RCS story depends on keeping the link between network/SIM and the application, as do some of the NFC implementations. In the long run, the break between SIM and identity is inevitable in my view (breaking the "Tyranny of the SIM card"), but the operators' attempts to clamp down on tethering may delay it a little longer.
That said, I can see other workarounds emerging - especially WiFi Direct, which is an official WiFi Alliance standard intended to make the old and little-used peer-to-peer WiFi mode work a lot better. Rumours tell me that the telcos are not big fans of this, so it will be interesting to see if it makes it onto smartphones, and how exactly it is implemented.
I've also got a couple of other disruptive next-gen tethering options in mind as well, but I'll keep those to myself for now, or just for those consulting clients that employ me to assist them (either as poacher or gamekeeper).
Overall, I expect the current initiatives to reduce the impact of user-driven tethering by a certain amount. But in the medium term, I expect those controls to crumble - but perhaps by the OEMs themselves. I continue to believe there's a good chance that Apple, Google or another player will suddenly push a really disruptive WiFi play of their own, and are happy to keep the "tethering powder" dry until that point.
social tethering--interesting idea. It is not dissimilar to the sharing concept that Fon uses. I have two channels: private and public. And, I can decide how much of my bandwidth to allocate on the public channel. Fon sells access and shares the revenue with me 50-50. I like the idea of being to do the same thing with my month data allocation!
ReplyDeletePeople look for exploits wherever they can find them. Good people, bad people, everyone knows someone who does things like this. I'm not even sure if this is against the rules if you know who you are sharing with but it certainly is not an easy thing to control.
ReplyDeleteHi Dean,
ReplyDeleteI'm an avid reader of yours and a Wi-Fi engineer and enthusiast.
I'm pretty certain that Hotspot 2.0 Wi-Fi initiatives are not limited to cellular providers for authentication. I think we will see broader options from Google and Facebook within the year.
I agree with your points in several posts that any attempt by cellular operators to control the Wi-Fi connection will meet with failure.
Great reading!
Andrew vonNagy
http://revolutionwifi.blogspot.com
I just wish they'd sort it all out between them.
ReplyDeleteIt's hard enough trying to work out who does what best and indeed whoi actually does what without all this!
I think the impact on SIM based identity schemes can be mitigated by a FON-like network split. The 'private' traffic would retain the SIM rights and the 'public' traffic would be excluded from these.
ReplyDeleteThanks for blogging - great articles.