Captive Portals

The Dream of Community Hotspots

Meditate a little bit on the explosive success of Wi-Fi in America and you'll come to the same thought: What if everybody had a hotspot-and was willing to share that hotspot with others? Then no matter where you went, you'd be connected. The Internet would literally be everywhere, in the very air.

This is the dream of the community networks movement. Groups all over the country are discussing and experimenting and trying to figure out how to make this dream happen. The movement has arisen primarily in large urban areas, but there have been remarkable efforts in small rural towns to establish 'bandwidth co-ops' to spread the considerable cost of broadband Internet connection where phone or cable companies don't want to do it themselves.

The 'Last Mile' Problem

At the heart of the difficulty with getting broadband Internet into more hands is the simple fact that cable and telephone companies are monopolies, and as monopolies they have no reason to deploy anything broadly unless forced to do so. Telephone service exists in rural areas only because governments forced telephone companies to extend service beyond the cities. No such mandate has been placed on cable TV or Internet service providers, which is why cable doesn't go everywhere (even affluent but sparsely built areas like north Scottsdale, where I live) and broadband remains the near-exclusive province of big cities and their suburbs.

As increasingly unregulated monopolies, cable and phone companies are hiking prices, being much happier to collect $80 per month from a few people than $20 per month from everybody. They have no incentive at all to either lower prices or increase their service area. Until governments force them to extend coverage, coverage will not be extended. As long as they are protected from competition, prices will remain high.

Community networks functioning as bandwidth co-ops solve what industry people call the 'last mile problem': getting bandwidth from high-speed Internet backbones into a multitude of homes. (Some of us wish it were no more than a last mile problem rather than a last twenty mile problem…) In a wireless bandwidth co-op, someone installs a high-bandwidth data line (usually something called a 'T-1') and shares that bandwidth and its cost with others nearby. This often involves putting one or more wireless access points up on poles at the T-1 site, and then having co-op members point directional gain antennas at the access points. Wi-Fi gear has short range inside buildings with tiny omnidirectional antennas, but with highly directional gain antennas pointed correctly across clear air to an access point, that range can increase to as much as a mile, sometimes (with an aggressive gain antenna like a parabolic dish) considerably more.

I cover gain antennas and the associated math in Chapter 8, and in Chapter 16 I cover putting access points in weatherproof enclosures for outdoor mounting.

The wireless bandwidth co-op idea is still in its infancy, and it will be a few years yet before we can be sure the wireless solution to the last mile problem will work reliably. There is the further problem that in many very small towns far from any high-bandwidth backbones, even T-1 service is impossible. Some of the best-documented struggles in this area come to us from the tony wilds of Sonoma County, California, where Robert Cringely and Rob Flickenger have used every Wi-Fi trick in the book to bring high-bandwidth connectivity to their houses in the hills. See the NoCatNet Web site:

http://nocat.net/

There are, of course, a lot of places where the last mile problem has long been solved, and broadband connections are available via cable modem or DSL service. In such areas, the challenge to community networks moves up to the next level: Creating a 'cloud' of wireless hotspots as a means of making the Internet generally available (ideally without cost) from public places.

On the surface this would seem to be easy: Just put an access point outside your bedroom window for the world to use. A lot of people are doing precisely this, but there are two major challenges: Internet service provider usage agreements and the gnarly issue called 'the tragedy of the commons.'

ISPs and Connection Sharing

Ever since Linksys and other companies began offering cheap router/switch combinations, people with broadband Internet connections have been using Internet connection sharing within their homes. A router/switch appliance like the Linksys BEFSR41 allows you to run cables to your spouse's computer and your kids' computers so that the whole family can share the broadband Net connection coming into the house through cable or DSL. Internet Service Providers (ISPs) have often objected to this, since they would prefer to charge 'by the machine' for Net access.

However, the router technology (specifically something called Network Address Translation, or NAT) insulates the computers from outside inspection, making it virtually impossible for ISPs to tell, remotely, how many computers are connected to the broadband link.

With Wi-Fi, you can share a Net connection without the wires. You can share a connection right through the walls of your home. If you do that, your ISP can send somebody up and down the street to sniff wireless signals (see Chapter 18 to get a sense for how easy this is). If they trace those signals to your house, they can demand to 'upgrade your service' (read here, charge you more) or shut your connection down.

Predictably, the larger Internet services are, with great bravado and wringing of hands, calling this 'bandwidth theft.' The problem I have with calling this theft is that people are paying for the bandwidth whether they use it or not. In other words, many of us pay our ISPs for 'goods' (bandwidth) that they never deliver. If I order something from a catalog company, pay for it, and it's never delivered, that's theft. Works both ways, guys.

This is especially true since broadband companies have installed bandwidth caps (more on this shortly) on their broadband modems. A bandwidth cap limits your bandwidth to some maximum value. My sense is that if there's a cap on your bandwidth, you're paying for that much bandwidth, and what you do with it is not the ISP's business.

The ISPs, of course, make subscribers sign contracts, which, having been drafted by company lawyers, cook down to a statement that 'You owe us money and we are not obligated to provide you with anything at all.' (Don't believe me? Go read your contract!)

Given the dominance of corporatism today, and the degree to which large companies buy legislators and legislation, this standoff isn't likely to be solved anytime soon. As I write this the stock market is heading south at close to lightspeed, and we may soon see some re-regulation, especially in the formerly free-wheeling telecomm industry. Anything can happen. In fact it did happen at one point in the early 90's when Congress acted to deal with some issues of cable pricing and practices because consumers had gotten angry enough to make it politically expedient to do something. Keep your eyes open.

Bandwidth Caps

Virtually all broadband ISPs operate on a sort of 'health club model' for selling bandwidth: All subscribers share a limited resource. Instead of a handful of treadmills, this is a certain maximum number of bits that can move across the data channel at one time. As with health clubs, broadband ISPs assume that most people are not online most of the time, and many use the connection rarely and lightly. Only a handful of fanatics make heavy use of the system, and it averages out.

This system assumes; nay, requires that most people are not doing intensive data transfers most of the time. For a long time this was inherent in the way people used the Internet. Querying a POP3 mail box for email takes a few seconds for most people-perhaps a minute or two after coming home from a week's vacation, spam being what it is today. Surfing the Web can require lots of bandwidth, but only in fits and starts: Bringing a 'rich media' page down may take a minute of constant data transfer, but once the page has been rendered, it sits there for awhile so that the user can read it. Download and pause, download and pause; this process averages out over many users to a manageable use of bandwidth.

Things got a little ugly in the heyday of Napster and its peer-to-peer successors. Avid users of peer-to-peer MP3 trading kept their connections completely busy (in terms of bits moving both up-link and down-link) most of the time. In neighborhoods with an abundance of teenagers, the bandwidth well got sucked dry after supper on weekday evenings. This prompted broadband providers to replace their existing cable modems with newer models having bandwidth caps, which enforced strict limits on the number of bits moving through the modem on a persecond basis. Performance might still bog down in the evenings, but the effects of Napster-style constant data transfers were limited by the bandwidth caps.

I personally experienced this at my satellite office outside Chicago, in a peaceful post-WW II suburban neighborhood where most of the residents were retirees, and 'cable' was thought of in terms of TV and not bandwidth. When the provider first installed broadband Internet access for me there, the data rate I was able to achieve was astronomical-over eight megabits per second. Of course, I was one of the few users of the system, and the system gave me whatever slice of the available bandwidth that nobody else was using. In early 2002, a mandatory cable modem upgrade was done, and after that, my downloads were remarkably consistent at about one megabit per second or less, even in the middle of the night.The new modem had a bandwidth cap.

It took some of the cleverer Internet hackers about ten minutes to figure out how to open up the new modems and disable the bandwidth caps, which in many cases were nothing tougher to change than a setting on a DIP switch. (Smarter hackers, who could foresee the inevitable reaction from the providers, didn't disable the bandwidth caps entirely but simply increased them to the next higher level.) The providers responded with fury and even involved the FBI in the search. Eventually, criminal bandwidth theft charges were brought against the malefactors. (Many think-and I concur-that in an era of aggressive terrorism this is a silly damfool waste of FBI resources.)

Community networks are coming to be seen as a new assault on shared bandwidth systems, and broadband providers are beginning to take action against people who share a single broadband connection with their neighbors through a wireless access point. Some providers are even taking action against people who share a connection among machines within a single home. This is virtually impossible for them to discover if you use a completely wired connection and a good router containing a NAT firewall; however, to learn if you have a wireless access point on your system, they simply have to sit out in front of your house in their trucks and run Netstumbler.

My point? Read your contract with your broadband provider and see if sharing a connection among multiple machines is one of those things outlawed by the contract. If so, keep in mind that wireless access points cannot be hidden, and if your broadband provider does a 'sweep' in your neighborhood, you could be caught in their net.

The Tragedy of the Commons

Born of idealism, the whole idea of establishing community networks to put 'Internet everywhere' depends on everybody pulling their weight. If everybody in an area had broadband and everybody shared bandwidth, there would be plenty to go around and there really wouldn't be a problem. The problem of freeloaders does arise, however, especially when broadband coverage is expensive and thus far from universal. People who use a community resource while sharing nothing create 'the tragedy of the commons.'

It's a difficult problem but not an unsolvable problem. The key to finessing the tragedy of the commons is a technology called the captive portal. (More on captive portals later in this chapter.) Briefly, a captive portal is a special entryway to a network that imposes certain restrictions on those who connect to the network. These restrictions are predicated on sharing. Those who share get more privileges than those who do not. People who belong to the network get priority over people who are just passing through, and the bandwidth of non-members is restricted.

Captive portals exist in the wired world, but in Wi-Fi circles they are actually 'muscular' wireless access points. Unlike most access points (which are simple wireless hubs) captive portals contain firewalls that separate the owner's network from outside access. A captive portal 'escorts' outsiders right to the Internet and does not allow them any access to or even knowledge of the owner's internal LAN.

So captive portals mostly solve the problem of hackers getting into a Wi-Fi user's LAN. What they do not prevent is IP impersonation (see Chapter 12) though one captive portal system (Sputnik) has something called 'spam radar' that watches for large volumes of email traffic. All problems with community networks have not been solved, but the movement is extremely new, and I think technology will appear in coming years to make most of the problems manageable, if not entirely solvable.

Table 5.1 lists some of the more active community network projects of which I am aware, and the more people who join them, the faster the movement's goals will be realized. If you want to experiment with community network technology and there is no project underway in your area, I recommend Sputnik for several reasons. (More on Sputnik shortly.) I also recommend starting your own local group. Sharing knowledge is every bit as important to the community networks movement as sharing bandwidth!