Mesh Networks – A Geek With Guns

Building A Mesh Network In New York City

One of the biggest weaknesses of today’s Internet is its reliance on centralized providers. Getting Internet access at home usually requires signing up with one of the few, if you’re even lucky to have more than one, Internet service providers (ISPs). In my area, for example, the only real options are Comcast or CenturyLink. CenturyLink only offers Digital subscriber line (DSL) services so the only actual option for me, assuming I want access speeds above 1Mbps, is Comcast. My situation isn’t unique. In fact it’s the norm.

The problem with highly centralized systems such as this are numerous, especially when you consider how cozy most ISPs are with the State. Censorship and surveillance are made much easier when a system is centralized. Instead of having to deal with a bunch of individuals to censor or surveil Internet users the State only has to make a few sweetheart deals with the handful of ISPs. Another issue with heavily centralized systems is that users are at a severe disadvantage. The entire debate surrounding net neutrality is really only an issue because so little competition exists in the Internet provision market. If Comcast wants to block access to Netflix unless I pay an additional fee there really isn’t much I can do about it.

Many consider to this nightmare proof that the market has failed. But such accusations are nonsense because the market isn’t at work here. The reason so little competition exists in the Internet provision market is because the State protects current ISPs from competition. It’s too easy for a massive regulatory entity such as the State to put its boot down on the fact of centralized service providers.

Does all this mean an uncensored, secured Internet is impossible to achieve? Not at all. The trick is to move away from easily identified centralized providers. If, for example, every Internet users was also a provider it would make it practically impossible for the State to effectively control it. That’s what mesh networks can offer and the idea is becoming more popular every day. Denizens of New York City have jumped onboard the mesh network bandwagon and are trying to make local ISPs irrelevant:

The internet may feel free, but it certainly isn’t. The only way for most people to get it is through a giant corporation like Comcast or Time Warner Cable, companies that choke your access and charge exorbitant prices.

In New York City, a group of activists and volunteers called NYC Mesh are trying to take back the internet. They’re building something called a mesh network — a makeshift system that provides internet access. Their goal is to make TWC totally irrelevant.

The hardest part about establishing a mesh network is achieving critical mass. A mesh network needs a decent number of nodes to begin being truly useful. That’s why it makes sense to start building mesh networks in very densely populated areas such as New York City. If the necessary critical mass is achieved in a few major metropolitan areas it will become feasible to bypass centralized ISPs by connecting various regional mesh networks together.

Looking at NYC Mesh’s map of active nodes it seems like they’ve already established pretty decent coverage considering the organization has only been around since January of 2014. If they can keep up this pace they could soon become a viable alternative to local centralized ISPs.

Embrace The Mesh

Mesh networks are wonderful for many reasons. My primary interest in them is their ability to decentralize Internet connectivity but they also offer a major advantage for those living in areas not currently services by high-speed Internet providers: a more cost effective means of obtaining Internet connectivity.

A lot of people complain that the Internet service providers (ISP) in their area don’t offer high-speed connectivity to their home but offer it to homes only a block or two away. In almost all cases ISPs will connect your home up but they’ll put the cost of expanding their infrastructure on you:

When Cole Marshall decided to buy an empty lot and build a house, one of his top priorities was getting fast and reliable Internet service.

Marshall says he received assurances from Charter, the local cable company, that he could get Internet access to his home in Wisconsin. There was also a promise of relatively fast DSL, with telco Frontier Communications telling him it could provide 24Mbps download speeds, he told Ars.

As it turned out, neither company could deliver. Once the house was built, Charter would only offer service if he paid $117,000 to cover the cost of extending its network to his new home. Frontier does provide DSL Internet, but only at slower speeds of up to 3Mbps downstream and 1Mbps upstream.

Marshall, who works at home as a Web developer, subscribed to Frontier and struggles with his Internet connection daily.

“Cable was always available everywhere I lived, and I never thought moving just a little bit out of the city would mean I’d get hardly anything,” Marshall said.

Whether Charter and Frontier provided those assurances is a case of he said, she said. But the core problem, Marshall wanting access to faster Internet connectivity, exists regardless. In this case Charter isn’t unwilling to provide him cable Internet but it does expect him to pay for expanding its infrastructure to him. The price isn’t surprising since acquiring permits, digging up ground, burying fiber, and covering it back up isn’t cheap. But Marshall also isn’t without choices.

Wireless Internet connectivity is nice because it doesn’t require building a lot of physical infrastructure. You only need two radios to span a gap. And based on the story Marshall isn’t that far from Charter customers with cable Internet service:

Marshall has been told that his home was about 3,200 feet from Charter’s network, or about 6/10 of a mile. But a Charter spokesperson told Ars that an inspection determined it could not build to Marshall’s home from the nearest facilities.

Spanning approximately one kilometer is easily doable with affordable radios. The directional NanoStations we used at AgoraFest can span five times that distance and cost about $40 to $50 per radio. Here is where Marshall could make use of a mesh network.

Were he to offer to pay one of Charter’s customers it’s likely they would have no issue providing him Internet access via wireless radio. After all, most people buy more bandwidth than they need and are happy to receive a little undeclared income. If other people in his housing development made similar deals it would be trivial for his neighborhood to have access to fast Internet connectivity for a very modest price. And because of how mesh networks operate the Internet connectivity could be maintained even if one of the Charter customers canceled a deal.

At Least One ISP Trying to Prevent Customers from Using Encrypted Communications

Once again the centralized nature of today’s Internet is biting us in the ass. In addition to Internet Service Providers (ISP) already throttling traffic we now have one wireless provider actively preventing its customers from using STARTTLS:

But the second example Golden Frog provides is much scarier and much more pernicious, and it has received almost no attention.

In the second instance, Golden Frog shows that a wireless broadband Internet access provider is interfering with its users’ ability to encrypt their SMTP email traffic. This broadband provider is overwriting the content of users’ communications and actively blocking STARTTLS encryption. This is a man-in-the-middle attack that prevents customers from using the applications of their choosing and directly prevents users from protecting their privacy.

[…]

This is scary. If ISPs are actively trying to block the use of encryption, it shows how they might seek to block the use of VPNs and other important security protection measures, leaving all of us less safe. Golden Frog provides more details of what’s happening in this case:

Golden Frog performed tests using one mobile wireless company’s data service, by manually typing the SMTP commands and requests, and monitoring the responses from the email server in issue. It appears that this particular mobile wireless provider is intercepting the server’s banner message and modifying it in-transit from something like “220 [servername] ESMTP Postfix” to “200 ********************.” The mobile wireless provider is further modifying the server’s response to a client command that lists the extended features supported by the server. The mobile wireless provider modifies the server’s “250-STARTTLS” response (which informs the client of the server’s capacity to enable encryption). The Internet access provider changes it to “250-XXXXXXXA.” Since the client does not receive the proper acknowledgement that STARTTLS is supported by the server, it does not attempt to turn on encryption. If the client nonetheless attempts to use the STARTTLS command, the mobile wireless provider intercepts the client’s commands to the server and changes it too. When it detects the STARTTLS command being sent from the client to the server, the mobile wireless provider modifies the command to “XXXXXXXX.” The server does not understand this command and therefore sends an error message to the client.

As Golden Frog points out, this is “conceptually similar” to the way in which Comcast was throttling BitTorrent back in 2007 via packet reset headers, which kicked off much of the last round of net neutrality concerns. The differences here are that this isn’t about blocking BitTorrent, but encryption, and it’s a mobile internet access provider, rather than a wired one. This last point is important, since even the last net neutrality rules did not apply to wireless broadband, and the FCC is still debating if it should apply any new rules to wireless.

The article is arguing from a net neutrality angle but I see this as a technical issue. This is only made possible because Internet access is centrally controlled and end-to-end encryption wasn’t in the original design. Decentralizing Internet access would be a major win because it would prevent any single organization from weakening Internet security by blocking encrypted traffic. And if end-to-end encryption was in the originally design (which, I understand, was not technically feasible at the time) this wouldn’t be possible because blocking encrypted communications would block any communications.

Net neutrality will not save us. After all the government, especially the National Security Agency (NSA), probably has a literal hard-on for this idea. Again I reiterate that the only way to save the Internet is to wrestle control over it away from the state and its corporate partners that are providing our Internet access. I will again point out that mesh networks are a pretty neat idea for accomplishing exactly this. Instead of howling for the government to step in and save us from itself I believe we should be investing our energies in trying to decentralize Internet access as much as possible.

Failing to Understand the Real Net Neutrality Problem

The Internet is up in arms over discussions of the Federal Communications Commission (FCC) endorsing tiered Internet access. Solutions are being offered by many but most of those solutions involve some variation of “We need the government to regulate itself in a way that’s favorable to the people instead of its corporate partners!” Such solutions are pointless. There is an article by Davis Morris making its way around the Internet that offers a slightly different solution:

With the announcement by the FCC that cable and telephone companies will be allowed to prioritize access to their customers only one option remains that can guarantee an open internet: owning the means of distribution.

This is what I’m talking about. It’s time that we the people stood up to the FCC and Internet Service Providers (ISP) by seizing their monopoly on distribution. Viva la revolución!

Thankfully an agency exists for this. Local government. Owning the means of distribution is a traditional function of local government.

Oh, my bad. I thought Mr. Morris was going to propose an actual solution not simply another variation of “We need the government to regulate itself!” The root of the net neutrality problem is the institution of government itself. So long as any central organization maintains ownership of the Internet infrastructure the threat of censorship, tiering, and other undesirable restrictions will loom over our heads. What happens if local government take ownership of the infrastructure? The large content providers, such as Comcast (Comcast plays both sides against the middle by being an ISP and a content provider), will simply buy the local governments just as it has bought the federal government.

Mr. Morris’ basic idea, that we need to own the means of distribution, is correct. But his method is wrong. To defeat net neutrality we must put the means of distribution in the peoples’ hands (I never thought I’d see the day that I started sounding like Karl Fucking Marx). I briefly describe the work I’m participating in to bring mesh networking to the Twin Cities. The nice part about mesh networks is that individuals can own the infrastructure. Each person can purchase and maintain as many mesh nodes as they desire and establish a system of federation with other node owners. In other words we need infrastructure anarchy.

Through this method we the people become the literal owners of the means of distribution. The biggest advantage of this is that buying off many people willing to operate mesh nodes is difficult since they are oftentimes motivated by the desire to maintain a free and open Internet. It’s people with such motivations that we want owning and maintaining the means of distribution.