[HN Gopher] Cox Hotspots with Panoramic Wifi
___________________________________________________________________
Cox Hotspots with Panoramic Wifi
Author : foobarbecue
Score : 48 points
Date : 2021-05-15 15:27 UTC (7 hours ago)
(HTM) web link (www.cox.com)
(TXT) w3m dump (www.cox.com)
| vkdelta wrote:
| It uses same WiFi airtime but does not count towards your quota.
| They use L2oGRE tunneling and authenticate on cloud for hotspot
| users. So there is no risk bad traffic from bad actors but still
| people will use your WiFi time.
| foobarbecue wrote:
| Ugh, quota. I miss the 2010s
| johnklos wrote:
| This is one of several good reason to buy and use your own modem.
|
| The security of sharing your service with others is questionable,
| for starters, and Cox does not have a good security history.
| Every "reset" of the modem (where they remotely check in on it)
| will turn off your preferences, and many people have reported
| disabling this wifi "sharing" only to come back to see it re-
| enabled.
|
| Cox, or any ISP, having access to your internal network by virtue
| of having administrative access to your modem / NAT router is
| problematic. People can be bought or are sometimes evil. People
| click on links and get compromised. It's better that they stay
| outside of your home network, where they belong.
|
| Cox rents this modem / router device for $12 a month. That's $144
| a year. A high end DOCSIS 3.1 modem would pay for itself in less
| than a year, plus you can get a NAT router / wifi access point of
| your choosing, keeping the function of the two devices separate.
| This means that if you want to upgrade wifi later, you're not
| paying to replace everything. Or if there's a security issue that
| the vendor isn't going to fix, or is in hardware, like the Intel
| Puma chipsets, you're only replacing one of the devices.
|
| This is true of all ISPs, really.
| AdmiralAsshat wrote:
| Indeed. I bought my own modem and router when I last moved to a
| new apartment under Cox in 2017. At the time I paid $130 for a
| Netgear CMS500 DOCSIS 3.0 modem and a Nighthawk AC1750 router.
| They paid for themselves in a year, but I'm still here four
| years later.
| mwcampbell wrote:
| How difficult is it to switch from the Cox-owned Panoramic WiFi
| gateway to one's own modem and router? Is it necessary to
| contact Cox technical support, e.g. so they can change the MAC
| address (or equivalent) associated with the customer's account?
| alexjplant wrote:
| I had to mess with some settings [1] to get my OpenWRT router
| to work, but my TP-Link modem works great.
|
| [1] https://alexplant.org/post/openwrt-cox/
| encryptluks2 wrote:
| Yes, usually it is that simple. Sometimes you can just plugin
| the modem and switch it yourself using your browser or their
| mobile app.
| grioghar wrote:
| Just a heads up: if you're asking these questions, you might
| want to reconsider until you understand it more.
|
| You're going to need: A new modem A new router
|
| You'll need to talk to Cox and give them the HFC ID and
| Serial number.
|
| Then, you'll need to connect everything, and configure your
| router so that it's secure.
|
| That's a nebulous word, 'secure,' because my security might
| be different than yours, but you'll want to make sure the
| router is locked down so outside attacks are avoided, and the
| neighborhood isn't using your services.
|
| So, take that in consideration.
| tolbish wrote:
| > you'll want to make sure the router is locked down so
| outside attacks are avoided, and the neighborhood isn't
| using your services
|
| What are some key settings you would recommend to prevent
| these exact things? It's a bit challenging to grok all of
| the advanced router settings, and I don't think mine comes
| with "locked down against outside attacks" presets.
| EvanDotPro wrote:
| In my experience with Cox, you simply plug it in and it just
| works. It _might_ take a little longer to initialize with a
| new MAC, but I 've never had to call or notify them of a
| modem swap.
| lttlrck wrote:
| They have a list of certified modems.
|
| https://www.cox.com/residential/support/cox-certified-
| cable-...
|
| I had a bit of an issue with such a modem. It took a couple
| of support chats calls to get it going but it's been fine
| ever since. I did seem to be related to the MAC, but the
| expectation was that it should have just worked.
| cbsks wrote:
| I just got a new Motorola MB8600 modem which is on their
| list. I swapped modems, called support and gave them the
| model and MAC address. It took about 10 minutes total. Very
| painless.
| dopidopHN wrote:
| Cox started giving the modem away. I pay $65/month and it came
| with a router that I don't have to send back. It works fine.
| It's not a "panorama gateway" tho.
|
| I'm not sharing your reservations on security or sharing your
| personal bandwidth. But I do share your concern over cox
| handling security. Ha.
|
| Are you aware of project like Althea or Helium. Or libreMesh if
| you want to weed out the blockchain aspect.
|
| Anyway, I was surprised how those stack seems ready to "disrupt
| the last mile delivery of bandwidth/broadband." (Sorry for the
| use of "disrupt" )
| londons_explore wrote:
| The giveaway is when you see another network at full signal
| strength right inside your house...
| tolbish wrote:
| Another subtle clue is when the SSID says "CoxWiFi".
| zupreme wrote:
| Comcast has been doing this for years. And unless you get your
| own modem, theirs tend to turn the feature back on (even if you
| turn it off) automatically at various intervals.
| sumthinprofound wrote:
| First thing I did when I signed up for Xfinity was purchase my
| own cable modem. Cost under $50, ROI was less than a year at
| the $5 monthly equipment fee. But the Peace of Mind of not
| having to worry about public traffic on the device is
| priceless.
| easton wrote:
| They give you unlimited data way cheaper if you have their
| modem though. I just check every so often to make sure the
| SSID is off.
| Klinky wrote:
| It's $25 for Xfi Complete vs $30 for BYOD unlimited. It's
| not really way cheaper.
| sumthinprofound wrote:
| Additionally, I feel keeping the cable modem / router
| separate is important because my internal network traffic is
| none of my ISP's business.
| URSpider94 wrote:
| I've noticed this as well - the hotspot just pops back on, even
| after I've disabled it.
| bin_bash wrote:
| https://www.amazon.com/dp/B01I5TJGSE/ref=cm_sw_r_cp_api_glt_.
| ..
| ttul wrote:
| If it shares the same IP, this gives you plausible deniability
| for all kinds of things.
| floatingatoll wrote:
| They can distinguish whether it was your traffic or hotspot
| traffic at the billing layer. That doesn't necessarily mean
| they can at a legal level, but I wouldn't depend on this for
| protection against govt/legal investigations.
|
| > _The Cox Hotspots data stream does not impact your home
| network data stream, so it will not impact your household 's
| data usage or speeds. The usage and activities of guest users
| are associated with the guests' accounts and therefore do not
| impact you._
| ugjka wrote:
| They are not that stupid
| tdhz77 wrote:
| This^^, I've seen thousands of cases in federal court in the
| US. It's amazing how many people think talking in code
| through text will make it so they don't get into trouble. On
| the contrary, they are knowingly committing a crime and the
| evidence usually proves it. "Deniability" of leaving your
| computer open so that anybody can download something is
| within this realm of absurd. Government isn't that stupid.
| thegeomaster wrote:
| Yeah, this happens a lot with programmers who see law as
| some kind of program which is supposed to perfectly
| determine what's a crime and what isn't. Then they come up
| with all kinds of "workarounds" where you're not violating
| the letter of the law directly. Like, no buddy, a judge
| will take one look at that and send you to the clink.
| icedchai wrote:
| It doesn't. There is a Cox hotspot near me (CoxWiFi access
| point) and it's basically a VPN that puts you on an isolated
| network. It is routed to Virginia, if I recall.
| olivierlacan wrote:
| This is also extremely common with Spectrum although you do have
| override control with their supplied modem/router combos.
| Obviously not an issue if you insist on a customer-supplied
| modem, another reason to go with that.
|
| Interestingly Spectrum had two authentication mediums, you had a
| SpectrumWiFi open SSID (which they advertise on a map:
| https://www.spectrum.com/internet/wifi-access-points) and a
| SpectrumWiFi Plus which is not open and requires a mobile profile
| to authenticate. More info here:
| https://www.spectrum.net/support/internet/spectrum-wifi/
|
| Highly recommend you try to find profile-authenticated
| alternatives if you ever find yourself needing a hotspot in the
| wild.
|
| In France, Free has been doing this for years although I don't
| remember if it was something you could disable because IIRC it
| was a big chunk of their mobile cell operator strategy, that they
| had fallback to Wi-Fi hotspots all over cities like Paris, Lyon,
| Marseille, etc.
| bkallus wrote:
| This doesn't help for the modem, but Spectrum's supplied router
| of choice is a rebranding of the Askey RAC2V1K, and it's easy
| to reflash with OpenWrt.
|
| https://forum.openwrt.org/t/askey-rac2v1k-rt4230w-rev6-suppo...
| benbristow wrote:
| ISPs in the UK have been doing this for a while now. BT FON and
| recently Virgin Media.
|
| Virgin's thing never seems to work though.
| gargs wrote:
| Ziggo in the Netherlands has had this for more than a decade as a
| 'free' feature. Yet, I have never run into a public spot that had
| one of these hotspots provide coverage.
| Tijdreiziger wrote:
| > Yet, I have never run into a public spot that had one of
| these hotspots provide coverage.
|
| It's a feature on their residential modems. Therefore, the
| coverage is only there where they have residential subscribers.
| walrus01 wrote:
| There's a _reason_ why south park made the nipple rubbing cable
| tv company guys as a satire of the whole huge regional near-
| monopoly cable operator industry. Comcast, charter (spectrum),
| cox, rcn, Shaw, others.
|
| It's actually even worse if you work in the ISP industry and see
| how the sausage is made.
| imwillofficial wrote:
| This part was hilarious: " By enabling guests to use Cox
| Hotspots, you increase your network security because you won't
| need to provide your private home WiFi network password."
| ihsw wrote:
| Cox should pay its customers for this.
| Reventlov wrote:
| Here in France, the ISP "Free" has been doing this for at least
| 10 years, and they also have a special "hotspot" for mobile phone
| (called "FreeWifi_secure") on which you can connect using EAP-
| SIM.
|
| Nobody cares as we have optical fiber in most of the places.
|
| Main problem: when you're in a public transport in the city and
| your phone tries to associate with the random access point it can
| hear, leading to a potential disconnection as you're too fast
| anyway.
| malobre wrote:
| NB: You can turn off the hotspot but you'll lose the ability to
| use others subscribers hotspot, and unlike some ISPs (according
| to this thread) they won't turn it back on.
| anonymousab wrote:
| A good use case for those paper holders/Faraday cages.
| egypturnash wrote:
| Cox is the only option in my location. Supposedly I can log into
| any of their hotspots. I have never been able to get this to
| work. Ever.
| exikyut wrote:
| Wow, I had no idea this was this much of a thing.
|
| A few months ago I thought of the following crazy idea, which I
| dismissed after realizing it probably wouldn't scale too well.
| Maybe I'm wrong and it's worth pursuing (obviously for free).
|
| Here's how it would work. Is this a good idea?
|
| - A connection request broker functions as a central hub
|
| - Nice users configure their ISP access credentials in a small
| Win32/Linux/macOS daemon that connects to the hub and idles
| waiting for connection requests
|
| - At some point a wild device wants to connect to an ISP-provided
| Wi-Fi hotspot, and starts a companion app
|
| - The app a) initiates a Wi-Fi connection to the network in
| question, which should result in a captive Wi-Fi situation
| requiring a login, b) opens a TCP connection to the captive login
| server, and c) sends a connection request to the broker over a
| pre-existing cellular link, providing a reference/handle to the
| opened TCP connection.
|
| - The broker selects a random daemon then sends a connection
| request event to the selected daemon. The resulting handshake
| provides the daemon with a handle to the TCP socket the app
| opened.
|
| - The broker now functions as an intermediary, passing raw TCP
| packets back and forth between the daemon's socket handle and the
| TCP connection opened by the app.
|
| - The daemon is now able to reach through the just-in-time proxy
| connection that has been established to perform whatever ISP-
| specific magic is needed to get past the Wi-Fi captive login
| page.
|
| - ___IF___ your ISP uses HTTPS for its Wi-Fi login, the daemon
| will thusly be able to send your ISP login credentials directly
| through an encrypted tunnel (the HTTPS link) without even a
| malicious app user ever being able to access your password.
|
| IMHO the connection broker should definitely marshal requests
| between apps and daemons, so malicious app users can't get daemon
| IP addresses (which would only work out badly).
|
| In any case, for something like this to work out scalably, people
| would need reassurance that the risks are low and the benefits
| are high.
|
| And the main problem, at the end of the day, is that you're all
| but running a Tor node if you do this. :/
|
| You probably wouldn't add this to the Raspberry Pi you've already
| got running at Grandma's house for whatever reason, because it's
| simply too open-ended.
|
| But before even that, there's the problem of network effects:
| this would only work if thousands of users provided ISP access
| credentials, either via the daemon approach or by simply
| providing their ISP access credentials to the central hub
| directly (!).
|
| Maybe there are people out there that would be willing to do this
| though...?
|
| Technically this is sadly (lol) one of my better ideas, but
| practically it's.... just a _tiny_ bit... ._.
|
| ---
|
| For completeness, Telstra in Australia also provide a pretty much
| identical feature called Telstra Air. You select the special
| modem option, it creates a Telstra Air hotspot, your account gets
| the "can access Telstra Air on others' hotspots" flag enabled.
| Telstra Air access points also hide inside specially marked
| payphones
| (https://www.google.com/search?q=telstra+air+payphone&tbm=isc...
| - the top is pink and/or has a Wi-Fi symbol on top).
|
| On the OP page, there's a similar question:
|
| > _Is there a limit to the number of devices that can connect to
| Cox Hotspots at one time?_
|
| > _Cox Hotspots is limited to five devices simultaneously
| connected so that users can enjoy a better experience._
|
| FWIW, as per https://crowdsupport.telstra.com.au/t5/broadband-
| nbn/telstra...,
|
| > _only a maximum of 3 devices can connect to the Telstra Air
| Network in Australia at any given time._
|
| (That is _so_ poorly worded :D - sounds like it 's applying to
| the entire nationwide network lol)
| dariosalvi78 wrote:
| Like fon.
___________________________________________________________________
(page generated 2021-05-15 23:01 UTC)