MIDDLEBURGH, Gngis Khan and the Thunderfart
I have been know to get a wee bit bloody minded when stressed. (Actually it runs in the family.) So imagine.... I have spend 12 hours overnight flying half way round the world arriving in London at 6:30am. I spend the morning rushing around on urgent personal business organising my mothers funeral and then have to kill time in a bar whilst I wait to check in to my room in the Lodge next door. Naturally I partake of a drink or two whilst trying to get onto the free public wifi available in the bar. This no doubt this lowered my tolerance levels and otherwise impaired my judgement - that's my excuse anyway !! .
Now the UK authorities impose a requirement on public WIFI service providers that they capture and retain user data data which may assist in the prevention of organised crime and terrorism .. Totally laudable and I fully subscribe to the general principle. However in this case I felt that the service providers registration process left something to be desired......
Q1: Enter your phone number>
The service provider who is a TELCO was either making the assumption that a new registrant would be accessing the WIFI network using a smartphone (I was actually trying to access from an IBM Thinkpad) or alternatively they were seeking to capture my phone number for future marketing activities. So, I enter my real HK mobile phone number and it's rejected presumably because it has wrong format (and/or presumably they don't want to market to me in Hong Kong - the bastards!!) .At this point I start to get irritable. I displayed and entered the valid UK number on my spare phone ,associated a local throw away Pay-as-you-go SIM card which i had bought a hour before in a corner shop..
Q2: Enter your device type>
Since knowledge of this is unlikely to materially assist in the prevention of crime or terrorism I assume that service provider was attempting to profile me ie phone type/carrier for marketing purposes. I choose to identify my laptop as a THUNDERFART (you can see where this was going !!)
Q3: Enter your name>
I could have gone for Rob Roy or Vlad D. Impaler but on the day I settled for Genghis Khan. Mind I managed to misspell it (Look for a bloke who was very tired, can't type and/or has a PC with a sticky keyboard)
Q4: Enter your eMail>
By now I was in the zone, and focused on overcoming the obstacles on my way to the next level.... . Now I coud have entered a made up email with correct format but I didn't know if the back-end would test the validity of the given address. Fortuitously I just happened to have on my PC a file containing a list of valid email addresses (unattributable one time throw away's) ....as one does in these situations...
Q5: Enter your post code>
In the UK postcodes are very specific covering only a handful of addresses, and they can be used not only for verifying identities and/or addresses but are also used for on line credit checking and marketing. Your socioeconomic group and spending power can be inferred from your post code and used to drive marketing recommendations.. Now I haven't lived in the UK for 20 years+ and although I remember the basic format of the codes I don't know any valid ones ... so I made an educated guess . There are a lot of offices in the city so I chose EC1 and guessed a suffix eg 1PP which was accepted .
Having answered all questions the registration system SMS'd my spare phone with an access code which I re-keyed through my PC and voila I was able to use the WIFI. Do I feel troubled about entering misleading information on the registration. Not really. I'm confident that all internet traffic associated with a "Mr Gngis Khan" of EC1 and his thunderfart, is primarily, innocuous (unencrypted) emails to /from the wife which would not cause any concern at GCHQ should they have felt compelled to check it, other than the fact that the O2's public WIFI registration process seems more to do with harvesting information for marketing purposes rather than securing and protecting the realm.
Its not as though I tried to avoid being identified when i bought the phone SIM card (I hadn't) nor was my spare phone a sanitised untracable second hand one bought for cash in Wan Chai with it's mac address masked (it wasn't) Nor was the list of one time email address totally untraceable.(I hadn't used TOR or equivalent to mask my IP address when setting them up for system testing purposes at work) and nor had I used any of the deep encryption, secure messaging or other masking tools that are so popular in China......to obfuscate or hide any of my communications
On the other hand I don't think O2 are going to get much mileage running any marketing campaigns against the Great Khan....