Virgin Mobile to Throttle Unlimited Service

All good things must come to an end.

When I bought my Virgin Mobile LG Optimus V at Radio Shack last February, I was excited to be getting a genuine android phone as part of a package that promised to give me 300 voice minutes plus unlimited text and web for a mere $25 a month.

Then, of course, Virgin Mobile decided this package was a bit too generous and changed its price to $35 a month.  (Luckily, fingers crossed, I'm still grandfathered in at the $25 rate.)

But yesterday I received a text message from VMFreeMsg:

Your Beyond Talk Plan is about to change. Starting 3/23/12, data speeds may be reduced once you hit 2.5GB. For more info, click http://msg4u.us/th2

And today came the email. The heart of it read:

To make sure we can keep offering our Beyond Talk Plans at such great prices, we're putting a data speed reduction in place for anyone who uses over 2.5GB of data in a month.

How will it work?
Starting March 23, 2012, if you use over 2.5GB of data in a month on your Beyond Talk Plan:

• Data speeds may be reduced to 256Kbps or below for the rest of your month. During this time, you may experience slower page loads and file downloads and lags in streaming media.
• If data speeds are reduced, they will return to normal as soon as your next plan month starts.
• If you'd rather not wait for your new month to start, you can restart your plan immediately through My Account.

Then Virgin Mobile offered me assurances that based on my activity for December it didn't appear the 2.5GB cap would affect me.  And it was quick to reassure me just how much 2.5GB really was:

If you continue to use the same amount of data as you did in your last plan month, you should not see your data speeds reduced. Just to give you an idea, in order to hit 2.5GB, it's about 400,000 Mobile Internet page views, about 90,000(!) emails (without attachments), 91 hours of streaming music
or 20 hours of video clips*.

Uh oh.  An asterisk.  I looked at the bottom of the email for an explanation:

*Data usage per activity is based on an average. Bandwidth varies by website, video, email and other Internet application.

(Yes, I thought.  I believe I'm familiar with the variability of bandwidth, thank you.)

I wondered whether Virgin Mobile had changed the promotional copy on their website to reflect this shiny new limitation, so I went over to their USA store for a look:

Nope.  Nothing there.  How about inside?  After clicking on the Plan Details tab I scanned the page and spotted this:

OK, there was a red flag: "Unlimited does not mean unreasonable use."  (Something told me this disclaimer predates the upcoming 2.5GB cap, but I could be wrong.)

Anything else?  I visited the promotional page for my phone, the LG Optimus V, and looked around.  Nothing jumped out at me, so I clicked on Plan Details for the phone and was sent back to the page where I started, which featured the Plan Details tab and several others.  I clicked on the FAQs tab and saw this:

Now we were getting somewhere.  Those last three questions hit the mark.

Virgin Mobile answered the first question, When and how will data speed reduction affect my Beyond Talk Plan?, this way:

Starting March 23rd, 2012, if you use over 2.5GB of data in a month, your data speeds may be reduced to 256 kbps or below for the rest of that monthly plan cycle. During this time, you may experience slower page loads and file downloads, and lags in streaming media. Data speeds will return to normal as soon as your next plan month starts. If you'd rather not wait for your new month to start, you can restart your plan immediately through My Account.

It answered the next question, How will I know if I hit 2.5GB?, this way:

When you reach that threshold, and your data speeds are reduced for the rest of your plan month, you will receive a text message notifying you of this change. If you are susceptible to data speed reduction, you can check how much data you've used at any time during the month by logging into My Account, and checking Data & Web history.

And that third question, How much data is 2.5GB?, it answered the same way it had that same question in the email Virgin Mobile sent me this morning.  (About those 400,000 Mobile Internet page views, 90,000 emails without attachments, 91 hours of streaming music or 20 hours of video clips.  Mercifully or ironically -- take your pick -- my LG Optimus V's mediocre battery life serves as a built-in brake on this kind of heavy data consumption.)

So to sum up, these details weren't exactly unavailable at the Virgin Mobile website ... but VM wasn't exactly broadcasting them, either.

I admit I'm not really breaking news.  Android Central reported this planned change back on January 18.  And according to them, Virgin Mobile wanted to start throttling data last year but delayed their decision.

Lastly, I suppose the most important question for Virgin Mobile's android phone users is how to measure data usage to avoid getting that fateful text message from VM telling you you've hit the 2.5GB wall.  Logging into your VM account every week to check would be tedious; I don't consider it realistic advice.

Offhand my only suggestion is to try an android app from Android Market called Call Meter NG.  It's pretty useful and lets you measure your usage for Calls, SMS, and Data (2G/3G/4G).  Here's a screen shot showing my usage so far this month:

The app is flexible enough that it lets you set the beginning of your plan month, so it needn't start on the 1st.  (You'll note that mine starts on the 6th of every month.)

But I'm not entirely sure how to interpret the Data (2G/3G/4G) usage.  It looks as if I've used just over 1GB so far (867.05MB In + 170.48MB Out), but frankly I don't know if that includes or excludes SMS data. UPDATE: the numbers to the right of the | separator show lifetime usage; the numbers to the left of the | separator show usage since the beginning of the billing period -- in this case 1/6/2012.  If you know, please comment and enlighten me and the LG Optimus V community.  Thank you.

UPDATE: Just discovered another interesting app that keeps track of your data usage and will actually notify you when you're about to reach a preset cap.  It's called Onavo.  I just installed it and it looks pretty nice -- its setup lets you enter your monthly cap (VM users, please note that the cap field defaults to GB but can be changed to MB, which you'll need to do to enter 2.5GB as 2500MB) and will notify you when you've reached a % of the total you can select yourself.  (The default is 75%.)  It also watches your apps as you use your phone and can tell you which ones are the biggest data hogs.  So far so good.

Is Your WPA/WPA2-enabled Wi-Fi Router Secure?

Quick Summary: If you're looking to secure your router against the WPS vulnerability, the best thing to do is log into your router's web-based setup and disable WPS immediately.  However, as of this writing a number of routers -- notably those manufactured by Linksys -- sport WPS configuration tools that claim to let you disable WPS but actually don't.  To find out if anyone has tested your router's WPS vulnerability (and noted its ability actually to be disabled via the device's software interface), check this crowdsourced Google Docs spreadsheet.  My router, the D-Link DIR-655, appears there and indicates that WPS can be disabled by logging into its setup screen and changing its WPS configuration.  Moreover, D-Link tech support confirms this procedure.  (See below.)  Note: per a recent Security Now! podcast, host Steve Gibson explains that the Wi-Fi Alliance requires that all Wi-Fi Alliance-certified WPS-capable routers have WPS enabled by default.  So even if you've never bothered using WPS you should still check its status via your router's setup interface.

How to log into your D-Link DIR-655 router to disable WPS:

• Fire up your browser and log into your router by entering its default URL: 192.168.0.1
• Click on the Advanced menu item at the top of the home page
• From the Advanced page's left nav, find and click on WI-FI PROTECTED SETUP
• Uncheck the Enable box

That should do it.  If you're a natural-born paranoic and still want to evaluate your router's vulnerability using the current exploit, you can learn more about it by clicking on the Ars Technica article link below.  Please be responsible and use the tool only to evaluate and correct your own router's vulnerability.  Thank you.

*     *     *     *     *

Yesterday I sent the following email query to D-Link tech support:

I just read an online article about a fatal security vulnerability in routers that support WPS (Wi-Fi Protected Setup).  Since my D-Link DIR-655 is one such router, I'm writing to ask that you investigate this vulnerability in all of your WPS-supported routers and assure your customers either that they can and should turn off WPS via the web interface or that you are hard at work on firmware patches that will allow customers to turn off WPS via the web interface.

I read the article on Ars Technica here: http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars

The article reports that the researchers who discovered this vulnerability -- one that makes it possible to crack any WPA/WPA2 password because it circumvents WPA/WPA2 to focus strictly on guessing the WPS PIN -- found that Linksys routers that allegedly permit users to turn off WPS via software were still vulnerable to the exploit.  In other words, WPS was *still* enabled in these Linksys routers even though the software setting showed it was disabled.

I've disabled WPS in my D-Link router and I'm very keen to know whether I have indeed disabled it or whether I'm still vulnerable to this alarming exploit.

Thank you.

I'm pretty anxious to hear what they have to say.  I take Wi-Fi security seriously -- so seriously my WPA2 password comes from Steve Gibson's GRC.com website, which will generate a secure one for you of 63 random printable ASCII characters, 64 random hexadecimal alphanumeric characters, or 63 random alphanumeric characters.  To learn that the length and randomness of my password doesn't matter -- that the backdoor exploits the super-simple WPS feature I've never bothered using -- is deeply troubling.

I'll let you know what I hear.

(In the meantime, I just visited Steve Gibson's Twitter account and one of his tweets includes a link to a "Waiting for the WPS Fix" piece on SmallNetBuilder.com.  While it's already old news [the piece pubbed on 1/7], it does list a number of router vendors, including Buffalo, Cisco [which owns Linksys], D-Link, Netgear, TRENDnet, and ZyXel, and what they've said publicly about fixing the problem on their company's products.  I'm afraid D-Link's response was pretty boilerplate.)

Update #1: Steve Gibson has also tweeted about an open Google Docs spreadsheet where router users who have tested their own router via the exploit can post vulnerability results.  The spreadsheet currently reports that D-Link's DIR-655 router, which has WPS enabled by default, appears to be invulnerable to the current hack when its WPS functionality has been manually disabled.  I did so yesterday as soon as I learned of the problem, so I'm much relieved to think that may be all I need to do.  For those of you with a D-Link DIR-655 router, you may turn off WPS by logging into your router (its default URL is 192.168.0.1), clicking on the Advanced menu item at the top of the home page, and scanning the Advanced page's left nav until you spot and click on WI-FI PROTECTED SETUP.  From that page uncheck the Enable box and that should do it.  And thank you, Steve Gibson, for helping to keep laypeople like me secure from black hat hackers.

Update #2: Got a reply from D-link tech support this afternoon (1/11/2012).  Here's what it says:

Dear Richard,

Your Case ID is [I've deleted this number for publication]

[Critical: Please do not change the subject line of your email when you reply. Leaving the subject line as it is will allow us to review your complete history and help us to better serve you.]

Date of Reply: 1/11/2012 10:52 AM

Products: DIR-655

Our Product Management team is  currently investigating the issue

To disable the WPS function on the router uncheck the Enable WPS box and saving settings.

Should you require further assistance with your D-Link products, please reply to this message, or call toll free at 877-453-5465.

Thank you for networking with D-Link .

Sincerely,

Eric French

D-Link Technical Support

So: pretty much what I already knew.  You'll note that Eric doesn't mention he realizes that I'd already stated in my original email that I'd done what he's now recommending: turn off WPS manually.  And if he didn't read that far, you'll also note that he doesn't bother supplying step-by-step instructions for turned it off, which, since he works for tech support, would be preferable to the terse help he does give.  Many D-Link customers likely won't know how to do what he's suggesting, and by failing to go into any detail he's guaranteeing that a portion of the company's user base will tie up its 800 number, get cranky on hold, and vow never again to buy a D-Link product.  (Or maybe it's just me: 5 years ago I vowed never to buy another Linksys router after that company forced me to wait nearly 6 months to receive a $15 rebate check.)

Update #3: If you've read this far, you might like to check out my post on Securifi's Almond touch screen wireless router.  Its touch screen allows you to set it up without touching a PC or a Mac, and its built-in wizard simplifies configuration so much you literally need no more than 2 1/2 minutes to turn it into a nice range extender for whatever wireless router you already have.  (It's just as easy to set up as a wireless router, too.)

Homage to YouTube's Dan & Dan

As with most interesting stuff on the web, I just stumbled on Dan & Dan's hilarious YouTube videos by following a link posted in a comment about a completely unfunny blog article.

I urge you to check out all of Dan & Dan's work, but the video that inspired me to do my first YouTube video response is this one:

And to understand just how technically difficult it is to pull off this kind of amusing confection, check out my video response:

You needn't bother commenting about what's wrong with my video ... it's painfully obvious.  My Canon SD800 IS Digital Elph exhibits a common problem point-and-shoot cameras have maintaining color and contrast consistency from one shot to the next.  When I edited the movie in my two- or three-year-old copy of Pinnacle Studio Ultimate HD ver. 14 I fooled around with the color and contrast correction plug-ins, but they're not exactly as simple to use as Picasa's red-eye reduction feature.

Still, not bad for a first effort using the cheap, readily available technology lying around my house.

One last thing: Dan & Dan moderate their video responses, so as of this writing my video isn't yet accessible from the "iPad Head" YouTube page.  Will my response be approved?  Stay tuned.

1/10/2012 update: Dan & Dan graciously allowed my video response to appear on their video's YouTube page.  Thanks, D&D!