cross-posted from: https://slrpnk.net/post/25779751

The intative promises to be privacy-friendly with no tracking. Stating:

Your privacy is important. The WiFi4EU app ensures a private online experience with no tracking or data collection. Simply connect and enjoy free public Wi-Fi without concerns.

Source: https://digital-strategy.ec.europa.eu/en/policies/wifi4eu-citizens

Will be interesting to see how this spans and plays out in reality. Looks promising too, did a quick scan of their builtin permissions and trackers and looks good too. (Scanning tool is called Exodus)

  • Zer0_F0x@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    21 minutes ago

    Honestly nowadays data plans are cheap on most mobile carriers and they’re obligated to have them work accross EU, so you no longer really need Wi-Fi when traveling.

    Also, I can see this being easily and constantly exploited via Wi-Fi attacks where hackers set up fake Hotspots with the same name as the closest legit one.

  • giacomo@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    4 hours ago

    oh dude, they promised to be privacy friendly! maybe I’m just to american to believe in promises.

    • AwesomeLowlander@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      ·
      4 hours ago

      You don’t have to trust them any more than you trust your local Starbucks WiFi. We’re at the point where your traffic should no longer be vulnerable just because you’re on the wrong WiFi network.

      • shalafi@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        30 minutes ago

        I feel like the OP you’re responding to. Explain how I should be comfortable? The idea creeps me out, but I admit I haven’t delved into security for a few years.

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 minutes ago

          HTTPS is used on virtually every site out there these days. That is used to encrypt your traffic from the get go. So specifics of the traffic/request won’t be obvious/known. The EU could be big enough to force manufacturers to inject their certificates into devices… could be a man in the middle attack. But you can always just remove certs you don’t trust from your devices.

          DNS by default is often plaintext. You can setup your device to use DoH or other encrypted versions of DNS.

          That leaves just the raw connection analysis… eg, that your device is sending traffic to some known IP… many site share hosts so that can be hard to determine though often not really… Proxy or VPN services can make it impossible to do this type of analysis… but then those services will be able to tell.

          Ultimately being able to say that “Shalafi sent some packets to an IP that google owns and received a bunch back” could be email… could be youtube… could be any number of things… at some point it become educated guess at best. And what specifically happened (ex: Watched a video about tying shoes) is simply unknown. It would take a bunch of external additional data to actually tie you to anything directly, eg server logs or other sources… which usually means more than one party is already working together against you. At that point you’ve got bigger issues usually.

        • AwesomeLowlander@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          16 minutes ago

          You don’t HAVE to be comfortable. But if you use any sort of public WiFi, this is no riskier than any of those networks. They can grab some metadata unless you use a VPN, but likely less than what your ISP already has on you anyway. Basically, there’s no reason this should be putting up any major red flags. We’re past the days when a malicious access point could MitM most connections due to lack of encryption.

  • Mac@mander.xyz
    link
    fedilink
    English
    arrow-up
    9
    ·
    4 hours ago

    Damn, this is so cool.
    We could have had this in the States too, but, well, you all know.

      • Mac@mander.xyz
        link
        fedilink
        English
        arrow-up
        4
        ·
        39 minutes ago

        Surely that’s unrelated to the billions of dollars that the telecom companies stole from the taxpayer after promising to build out infrastructure?

      • Glitchvid@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        30 minutes ago

        Ironically enough there’s basically a private version of this through Comcast turning their rented CPEs into their own unlicensed wifi mesh, they call it WiFi Pass – they at least have the courtesy to give it to you gratis if you’re already paying for residential service.

  • hisao@ani.social
    link
    fedilink
    English
    arrow-up
    47
    ·
    edit-2
    6 hours ago

    It’s mind-blowing how at the same time some EU government guys pushing stuff like DSA while other do something like this (which is nice, and a complete opposite, if it’s not honeypot anyways).

  • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    6 hours ago

    Thanks to EU roaming rules…

    Not quite. I’ve come across a few plans that don’t offer EU roaming, and also those where there’s far less data offered than the regulation requires, or found a loophole.

    Let’s go for the examples of no EU roaming data:
    T-Mobile CZ Twist IoT CR - IoT card, but it offers up to 500GB of data paid once a year (78 EUR), only usable in Czech Republic.
    T-Mobile CZ 100GB edition - regular SIM, but also CR-only
    Vodafone CZ GIGA 100 + 50 GB - also a regular prepaid, but no roaming
    Swan Mobile (4ka) Sloboda Data - 300GB in Slovakia, but 0.144 EUR per MB in EU.

    For the last example, they’re also the same example that breaches the regulation with other packages. When I did the calculations, they exactly checked out for other 3 MNOs, so I guess I did them right, but they didn’t for Swan.
    Further confirming this is the fact that they have already received at least 2 (as far as I could find) fines for breaching these RLAH regulations, that is 15,000 and 90,000 EUR, but I suppose that just ends up being cheaper for them, as it still isn’t fixed.

    Anyway, perhaps they did in fact fix this, with a loophole.
    For example, take Sloboda Nekonecno+ for 25EUR/month with “unlimited” (300GB) data. 8.25GB of EU roaming does not look right there.
    So what is going on?
    On paper, it’s split up into base and additional package. Base package is 20EUR, and only has 2GB of data. Additional package with unlimited data is 5EUR/month, and as you could guess, cannot be purchased separately.

    So, for base package, you get full allowance, thus 2GB. Additional package is calculated separately, (4.06504065041 / 1.30) * 2 is 6.25. And thus 8.25GB instead of 31.27GB was born.