Opened 3 years ago

Closed 22 months ago

#18285 closed project (invalid)

Etisalat (UAE ISP) requiring users to use certain routers (was: The Arab Gulf Governments Surveillance Project)

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Circumvention/Censorship analysis Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The ISP called Etisalat which is located in UAE (United Arab Emirates) , they are using new strategy of forcing their surveillance on ppl, and they have used trick to lie on ppl, which is:-

they are calling & sending messages to UAE ppl , and telling them you can upgrade your internet speed from X megabits to 20 megabits with free router and wireless-telephone and Tv-satellite or receiver.

now is this problem? no , but here is the deception inside this:-

they will force you to use their router because there will be no internet connection from your own router. and their router is D-Link DIR 850L6 (some got another models but as i know all of them are from D-Link company) with Etisalat firmware (not the original D-Link firmware).

their firmware has a backdoor inside it , which give the ability to any Etisalat employee accessing the router and do/change whatever they like inside it. not to mention the firmware is closed source for sure, and MAYBE contain malicious programs inside it like e.g spyware or ..etc.or executable programs which can attack targeted OS for e.g Windows/Android/IOS...etc

but what is for sure now the firmware has a backdoor inside it.

and also you CANT go back to the original speed that you were using + your own router. and also adding fees about 200$ if will cancel the internet.and if you will use another firmware like the original firmware of from D-Link company or an open source firmware you will loose the internet connection, and you cant download Etisalat firmware and install it again (because the firmware is not available for users) so they will give you a new router & charge you the corrupted router price. (about 50$ to 100$)

and if you ask them why are you doing this? their answer is:-

"we want to serve our customers as we can give them full support when having a problem regarding connectivity with routers."

(as you see very cheap excuse (the perfect bad word for it = bullshit) in order to kill your freedom of choice on routers with high security levels and surfing the internet freely as you like.and)

so the good question would be:-

  • can that effect Tor security/connectivity?
  • how can someone help Tor community to understand the risk on Tor users from this privacy attack? (i know ooni project , but it seems complicated and not really much active)

Notes:-

1- i have sent this message to tor project emails the English and the Arabic one = sadly no response till now from over a month or so.

2- this surveillance project not just in UAE , even in Saudia Arabia and so one..

3- i didnt know which categories (Type,Priority,Severity...etc) i should choose for this topic , so i just put anything randomly

lastly i say , hope Tor community/developers/news warn the poor ppl inside these countries by spreading this article (or any similar to it if available) so that (i hope) those ppl will be aware from these attempts and look for themselves to have a good solution for this problem.

Thanks.

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by teor

Component: BlogCensorship analysis

comment:2 Changed 3 years ago by cypherpunks

Whether the router has a backdoor from the ISP doesn't really make a difference. The ISP has full access to your traffic in any case. (Or the government could simply tap your traffic at the ISP.)

Just assume the router is untrusted/potentially compromised and put your own firewall between the router and your home network.

Most ISP-supplied routers world wide can be fully controlled by the ISP, which effectively has root access:
https://en.wikipedia.org/wiki/TR-069

comment:3 Changed 22 months ago by dcf

Priority: Very HighMedium
Resolution: invalid
Severity: MajorNormal
Status: newclosed
Summary: The Arab Gulf Governments Surveillance ProjectEtisalat (UAE ISP) requiring users to use certain routers (was: The Arab Gulf Governments Surveillance Project)
Note: See TracTickets for help on using tickets.