Insights For Success

Strategy, Innovation, Leadership and Security

Rogers

Freedom Mobile removes insurance coverage for lost or stolen phones

GeneralEdward Kiledjian

Freedom Mobile's phone protection plan is removing coverage for lost or stolen phones. In exchange, they are reducing the monthly fee by $1 (down to $9). This change was first noticed on Reddit by user Alphalee and you can read messages from upset customers (obviously).

This change will come into effect on August 2nd, 2018. Repair service is now listed at $99 (was unlimited in the past).  It looks like this is an attempt to limit fraud and reduce insurance costs for Freedom Mobile. Their coverage seems to be underwritten by Asurion (same provider used by Telus, Bell, Virgin Mobile and Koodo.

The existing Mobile Freedom coverage still protect's devices from accidental damage (such as a broken screen or liquid damage). 

Fairplay - Canadian media companies want the CRTC to adopt more anti-piracy regulations

Edward Kiledjian

NOTE: I want to say up front that I believe content creators should be compensated for their work but history proves that laws cannot change user behavior. Make content available affordable in a flexible manner and see what happens (e.g. the streaming music model dramatically reduced music piracy because it became affordable and easily available on all of your devices). 

A coalition of 25 Canadian media companies are petitioning the Canadian Ratio and Telecommunication Commision (CRTC) to establish a new piracy review agency called the Independent Piracy Review Agency [FairPlay movement].

Who makes up this coalition? See the list below but it includes : Actra, ADISQ, Bell, CACE, CBCB, Guzzo, Cineplex,Cogeco, Corus, eOne, etc.

 

The recommendation is that media companies want this new IPRA to have the authority to act quickly without needing a court order to block an offending website. 

Understandably many organizations (e.g. OpenMedia & SumOfUs) have mobilized their support base to voice their objections. The first round of comments ended on March  29, 2018, and we can see close to 10,000 comments against the FairPlay proposal. 

The common thread amongst the comments is that Canadians do not want a small group of publishers to have the power of censorship over the internet. 

Supporters believe the case is clear-cut and the government must act to protect rights owners. Other companies (like ISPs Telus, Shaw) are not card-carrying members but have shown their support for the proposed plan. You can read the Telus Intervention document (support document) here

All supporters of this plan know the public may complain of possible "over restrictions" and most supporting documents go to great lengths to convince the CRTC commission that controls will be in place to avoid "censorship".

I am proud that my Internet Service Provider, TekSavvy is taking the side of Canadians and has come out against the proposal. I believe in voting with my money which is why I chose TekSavvy as my ISP when I moved. I want to encourage more companies to defend the interests of everyday internet using Canadians. 

The [...]proposal for site blocking would fundamentally reshape how Internet services would work in Canada,
— TekSavvy

Open Privacy is a not-for-profit group whose mandate is to empower communities through technology. They have come out against FairPlay on the grounds that it will harm the internet's integrity and openness. Open Privacy believes FairPlay regulations will negatively impact internet affordability and online privacy of Canadians. 

NOTE FROM SITE: We know major telcos have deployed deep packet inspection technologies to determine what users are doing online. It is reasonable to assume that these technologies will become more invasive once this change passes. 

The Creative Commons , A not-for-profit that has created a suite of licensing tools to enable content creators to share their content more freely has come out against this proposal. 

It is not apparent why online copyright infringement should be dealt with as a telecommunications matter — as opposed to a copyright matter
— Creative Commons

Even the Canadian Internet Registration Authority, the group behind the .ca domain name system, has come out against this proposal stating that existing copyright protection tools are adequate, effective and sufficient. 

Conclusion

This is a thorny issue with both sides convinced they are speaking the truth. History has shown that piracy cannot be controlled by regulation. The government stopped Napster (back in the day) but they didn't kill piracy. I believe piracy can only be reduced when content is made available easily (without draconian Digital Rights Management arbitrarily determining where and when you can play content you have paid for) and must be offered at a reasonable price. 

Many Canadians feel like they have been beaten with the proverbial stick by Canadian media companies. They feel trapped by expensive content that isn't watchable everywhere. Many see piracy as a silent revolt against the establishment. 

CRTC prevents Sugar Mobile from operating on the Rogers network

GeneralEdward Kiledjian

Canadians don't have a lot of wireless connectivity choices and this sad reality is reflected in the high prices we pay. I have previously written about Sugar Mobile and their not for everyone mediocre but cheap offering.

Today they have been dealt a blow by the CRTC (read the CRTC ruling here). The CRTC ordered Sugar Mobile to stop using the Rogers network (improperly) within 50 days. 

Ice Wireless has improperly allowed the end-users of its mobile virtual network operator Sugar Mobile Inc. to obtain permanent, rather than incidental, access to [Rogers’] cellular network
— CRTC

Obviously Sugar Mobile is disappointed by the ruling and has published this statement on their website.

The Canadian market needs competition to drive innovation and hopefully make the market more competitive. It looks like one option has been taken off the table.

Your phone calls and SMS messages aren't secure

GeneralEdward Kiledjian

Image by Matthew Hurst used under Creative Commons License

In the above 2015 presentation, security researchers broke the secrecy around a protocol called SS7 and explained how a technically proficient user can "break it" and easily compromise your mobile phone call data and text messages. Seeing an opportunity, 60 minutes produced a popular segment  that scared viewers and I still receive emails from readers asking if this is "a real thing".

Let's take a look at this together.

What is SS7?

SS7 is short for Signalling System 7 and is a carrier interconnect technology that allows one mobile carrier to connect to another and send calls and SMS to each other. It allows allows you to roam on another carrier's network when travelling. It is an old (1975) technology developed before the world went security crazy and thus is has much more basic security built in.

What can hacker access?

A skilled hacker can use SS7 to gain a huge amount of insight into the victims use of a mobile device. It will allow him (masculine being used for simplicity) to listen in on phone calls, forward phone calls, collect call metadata, ability to intercept SMS messages and ability to track the phone. 

Think of all sites using SMS as a second factor authentication tool. Any bank, social network or other site using SMS to authenticate users are jeopardizing your security. Always choose another authentication option (other than SMS).

No one would be surprised if a government performed these types of tracking activities but SS7 makes it possible for anyone to do this.

Am I vulnerable to the SS7 hack?

Anyone using a smartphone (anywhere in the world) is vulnerable to the SS7 hack when using traditional mobile phone service (phone calls, SMS messages, etc), 

How can I protect myself from the SS7 hack?

If you don't use traditional mobile phone services, your information can't be hacked with SS7. The only way to protect yourself is to use alternatives (which in most cases are better anyway).

As an example, instead of sensing plain SMS messages, you an encrypted messaging service like WhatsApp, Apple Messages, Google Hangouts/Allo, or any other encrypted messenger. To be clear, each of these has its own security issues which can lead to compromise but they are immune to the SS7 attack. 

What about phone calls you ask? Many of the above text messaging alternatives also provide voice calling services which would also be immune to SS7 hacking because they use an encrypted data channel instead of the traditional mobile phone voice system. My favorite encrypted calling app is still Signal (which was even endorsed by Edward Snowden).

Preventing phone location tracking is more complicated. Anytime your phone is on, a network operator can track your location using triangulation. The only option here is to turn it off and maybe even store it in a Faraday cage bag (like the ShieldSak which I will review). A less abrupt technique (good but not perfect) is to turn off connectivity to the mobile network and only use WIFI.

Review of Sugar Mobile Canadian cell phone provider

GeneralEdward Kiledjian

As a Canadian, I wish we had more mobile phone competition to fuel innovation and drive down prices. Starting a new cell phone provider is expensive. You need licenses, towers and lots of equipment & people.

Sugar Mobile is a Canadian mobile phone competitor that wants to use VOIP technology to "disrupt the mobile marketplace". Sugar Mobile leverages the VOIP infrastructure of its parent company Iristel and the cell phone roaming agreements of sister company Ice Wireless. 

The claim to fame is unlimited North American VOIP calling for $19 a month (which includes 200MB a month of 3G data anywhere in North America). If you use it at home, in the office and coffee shop, you leverage existing WIFI. Anytime you are out an about, your cell uses one of the roaming partners to give you coverage. If you deplete your data allocation for the month, you can buy another $19 card and re-add 200MB or you can use your $19 credit to add 500MB of non expiring data.

Sugar Mobile uses Shoppers DrugMart (Pharmaprix in Quebec) and 7-11 stores accross Canada to sell its credit vouchers. 

How does it work

Unlike US hybrid carriers, Sugar does not offer specially configured mobile phones so you use their service on your unlocked phone via their app. This means you can't use the built in dialer or SMS app on your phone. The app first tries connecting via WIFI then fails back to the cell phone network (you can change this behavior if you want).

Think of Sugar Sync of a amped up Skype or Vyber. Where Skype and Vyber rely on the user to buy mobile data, Sugar leverages its existing relationships with carriers like Rogers to bundle VOIP calling with mobile data. 

The mobile data is too small to stream content, browse data heavy webpages or use navigation regularly. It is enough however (the company believes) to give 80% of its customers more than enough wireless data to make calls until the cows come home.

If you want voicemail and caller ID, you need to pay a one time $19 activation fee.

The app

Considering Sugar Mobile is targeting younger cost conscious pre-paid customers, I chose to conduct my tests on a 2015 Motorola Moto G (which is an entry level Android device which sells for $300 unlocked).

The app installation was fast and easy from the Google Play store and creating my free WIFI only test account took 5 minutes. The app is stable and never crashed during my testing. Any calls made to my Sugar Mobile number reliably rang my phone and allowed me to answer it.

Setting up a conference call is easy and reliable. You dial the second participant, click the join button and voila.

You also have a big red record button.

In the app, you can change these recording settings:

  • ask the service to record All voip calls
  • you can record multi-channel audio (each participant has their own channel in the WAV file)
  • you can choose to have recordings auto-deleted after an elapsed time
  • you can ask the app to make an audible beep when recording is started
  • you can send recordings via email. 

Does it work?

I loaded up the free VOIP only version on a dedicated  Android 2015 Motorola Moto G device (freshly installed Android 6 with no other apps). I loaded and configured the Sugar Mobile app and tested it on a commercial grade internet connection with commercial wireless Cisco gear and a 100MB synchronous internet connection. I wanted to make sure my internet connection didn't introduce any issues.

Before testing Sugar Mobile, I ran a bunch of network tests to ensure the connection was stable, performing optimally and had sub 3 millisecond latency. 

I tested the SMS feature and it worked flawlessly. Messages went back and forth quickly. SMS is easy.

I then made a handful of calls to landlines and cellphones. This is where I encountered the dreaded VOIP calling issues. Skype uses advanced codecs to create a beautiful natural sounding reliable connection (for voice at least). But Sugar Mobile was more like the traditional run of the mill Voip services like Fongo, Whatsapp, Facebook Messenger, Vyber, Telus Extend, etc. 

Sometimes the other person heard me perfectly, other times they couldn't hear me at all. Sometimes the sound was crystal clear other times my partner said I sounded robotic. 

Therein lies the issue with all VOIP providers. Quality isn't a constant. This isn't a Sugar Mobile issue and I experience worse performance from the Telus Extend VOIP app.

Conclusion

I think the concept is good and this makes a decent cheap second line as long as you have regular access to reliable WIFI and have an extra unlocked smartphone. $19 isn't too expensive considering you get 200MB of mobile 3G data a month to use when out and about. Unused data rolls over to the next month and you can always buy more data for $19/500MB.

I have to conduct some more tests but if I want to make a VOIP call and already have access to WIFI then I'll rely on Google Hangouts or Telus Extend (both free). 

I just can't see me using Sugar Mobile as my primary mobile phone service.

 

 

Update 1

Shortly after publishing this article, I started having issues with the app. It started crashing and even after a fresh device reboot, I started having login issues (kept saying registering). After 4 reboot attempts, I gave up and uninstalled / reinstalled the app and it started working again.