* Android needs to know if a wifi network is working, since many wifi networks are broken and connecting to them degrades the user experience.
* Normally it does that by connecting to google.com, and if the connection succeeds, assume wifi is good to go.
* Google.com is blocked in china, meaning wifi would be broken in China.
* To fix this, Samsung has replaced google.com with qq.com in china.
* Samsung also needs to add a new DNS server to resolve qq.com, in case the network doesn't provide a DNS server and androids default of Google DNS is used (which is also blocked in China). Adding it last means it won't be used unless other DNS servers are broken.
Overall, this behaviour seems like the simplest and most logical fix Samsung could put in place to enable their users to use phones in China.
They could have run their own servers (but that would also have privacy issues), or they could have removed captive portal/bad network detection, but that probably would have broken some apps and led to unhappy users.
I can't see any other real fix in this case, and I certainly don't see any malicious intent in any of their actions.
This is exactly what Apple does, and they even include some fallback domains in case apple.com doesn't resolve. Samsung's design seems less like the most logical solution than it does the laziest solution.
I mean, Samsung is one of the largest companies in the world and they already run a global cloud infrastructure to support their electronics division. I can't imagine that a PM who really cared would have much trouble getting a couple of endpoints provisioned if he or she wanted them.
The more likely scenario is that they came up with what they thought was a good-enough solution and just moved on without really considering the knock-on effects.
You need really high reliability for that; if those endpoints go down, none of your customers' phones will connect to wifi until you fix them. People would be extremely upset they thought they were on wifi but they were really blowing through their data.
They said "also," and didn't deny that it may be lazy. Since when is the lazy solution, by this definition, also automatically the illogical (or even "bad") one?
Google might be blocked in mainland China, but is it blocked in Hong Kong? This page [0] says that Google isn't because HK is not behind the great firewall, but there are recent reports that the GFW was extended to HK as well [1], so maybe that page is outdated? But if Google had been blocked at a network level, then it would likely have made much larger headlines. Also, the author talks about Google play still being a present thing, not something unavailable to them.
GFW-compatible fallbacks are worth worrying about in HK, though, because in normal times there is a massive amount of cross-border travel between HK and SZ. Combine that with grey market HK phones being smuggled onto the mainland to avoid tax, and it's a pretty good bet that any phone destined for HK will makes its way across the border at some point.
If you roam on the mainland with a HK SIM you actually hop the GFW automatically, but most people swap SIMs at the border so that isn't reliable.
I think the traffic gets proxied (not sure if it's encrypted) back to servers run by your home carrier. So conversely if you use a China Mobile SIM in Hong Kong or overseas your traffic gets firewalled.
It's sad that people apparently see as ok for China to break international treaties related with HK. It's just a matter of time until all our life is controlled by big tech.
I'll half agree. This seems to me to just be a case of incompetent design rather than intentional evil. It's not a good solution but it's a workable solution--but whoever did it didn't realize it didn't need to be applied in Hong Kong.
QQ DNS servers are available in HK and the Mainland, Google servers are available only in HK. A significant fraction of phones bought in HK end up in the mainland so it's prudent to pick the most interoperable option.
Also: any DNS outside of Mainland China may get blocked by GFW later, breaking millions of users in China instantly. Looks like the safest way is to use a DNS in Mainland China.
This sort of large and noisy canary is exactly what the world needs more of. How many more people will scream and protest if their phone stops working due to China's actions, vs the vague and abstract cause of "Privacy"? It will also direct their wraith at the correct target.
You do know HK had an different government than communist China, no? That recently lost its independence but is still mostly functioning. Most Americans I talk to seem oblivious to this
As someone who owns a samsung phone and lives in Hong Kong this is infuriating. I'm glad that at least the first issue is fixed in a more recent firmware but that destroys my trust in Samsung.
Does the use of Private DNS (dns over tls) feature override this behaviour for you? You can try a throwaway account on nextdns.io and if private dns works you can see your dns traffic in their analytics tab
Almost all the early protocols and systems (smtp, bgp, dns...) set up in place relied on the goodwill of people and assumed that they are inherently trustworthy. In a way it's a reflection upon the creators of those technologies themselves that they didn't see their creations being abused or exploited by large tech firms and governments - the creators did it for the joy of tech, their passion and optimism for the future potential of what they were doing. And then we came along and everything got worse.
> it's a reflection upon the creators of those technologies themselves that they didn't see their creations being abused or exploited by large tech firms and governments
The designers of a network built to withstand nuclear bombardment had a wide-eyed view of human nature?
You are merging the reason for the funding of the project (political decision) with the motivation of the people doing the actual job (scientist). That's unfair.
The motivation could be altruistic. But OP implies they were blindsided by human nature. Given the adversarial aim of the project, which was known to them when they built the protocols, and the personal writings of its designers, I question that assumption.
The protocols weren’t naïvely designed. They were designed against the threats of the day. The threat model has changed, making the protocols look childishly optimistic in the way someone walking into a modern battlefield with a wooden shield and sword might .
Still, what you're doing is something like downplaying the entire space program as being merely a happy accident resulting from building a better ICBM.
It's daft, and it oversimplifies the motives, goals, and characters of a hell of a lot of really great people. Sometimes military/defense applications is one of the best ways to guarantee funding. DARPA is even considered "defense" because it was decided that something like "those damn commies" being first to orbit a satellite happening again was unacceptable, and a technological lead was deemed a critical cornerstone of the United State's national defense strategy.
That that lead has been completely sacrificed in the last 60 or so years to foster increasing globalization in the foolhardy belief of winning over the communist bloc through capitalist flexing notwithstanding, the people who have been pushing the envelope have not by any stretch been some sort of series of diabolical Dr. Strangelove's. Quite the contrary in fact. It's just so easy for techies to get caught up in the pedantism of historical record they completely lose sight of the rest of humanity going on around them.
> DARPA is even considered "defense" because it was decided that something like "those damn commies" being first to orbit a satellite happening again was unacceptable, and a technological lead was deemed a critical cornerstone of the United State's national defense strategy
This is factually incorrect. ARPA, DARPA’s predecessor, predates America’s spacefaring ambitions.
>Originally known as the Advanced Research Projects Agency (ARPA), the agency was created in February 7, 1958 by President Dwight D. Eisenhower in response to the Soviet launching of Sputnik 1 in 1957.
--Wikipedia article for DARPA
ARPA may have existed, but was clearly found wanting, and not necessarily under the umbrella of the Department of Defense.
An military or university network is probably much easier to administrate as the university or regiment administrators can be relied on to disable malicious users. www is more of an almost anarchy that works suprisingly well.
Although there have been some less-than-optimal implementations in some protocols, in general the internet protocols were designed by people with their eyes open.
The protocols were designed to resist centralized control, and have been very successful.
You should read specifically about how tcp/ip was developed, not technically, but the people behind it and their motivations.
IP addressing is centralized to make routing easier. Source routing was possible for a while, but got strongly deprecated due to security.
DNS is a singular centralized namespace.
HTTP(s) bakes an authoritative server into the name of every object.
Sure there are counterexamples - TCP doesn't require router state, UDP lets users skip the OS protocol stack, DNS could be even more centralized.
But the basic protocols weren't really designed to resist much of anything. Their decentralization arose out of administrative concerns (site A should be able to administer its own names without coordinating with B and C) and engineering concerns (E2E principle) rather than power relations (powerful C can force its will onto the relationship between A and B). Designing to resist against the latter takes public key cryptography, which was nascent and too computationally expensive prior to the past few decades.
I could pretty much say the opposite of everything you say and be correct as well:
IP addressing is not centralized.
DNS has a distributed common namespace with lots of delegation.
HTTP is peer to peer.
The easiest book to read about the personalities and history of this stuff is probably "the innovators" by walter isaacson.
If I compare the networking we came up with to the other types of networks available in the day the ip protocols were invented, I think what we have is remarkable.
Technology is just a tool. Nothing here was made with authoritarianism in mind and the shape of the tools reflect that. It’s just a shame that they are authoritarian.
As Uncle Ben would say: with great power comes great responsibility. Technology created a lot of power in a short time. Humans haven’t had enough time to gently learn how to be responsible with it yet. Hopefully we don’t blow a hand off.
I often wonder if this is the solution to the Fermi paradox. The assumptions go like this.
* Natural selection works everywhere, on individuals and societies. They compete even after survival is secure
* Intelligent creatures need social order and specialization to become industrial
* There will be administrative/ruling specialties because flat organizational hierarchies work for ants and bees but not when work and global coordination becomes complex
* Social order installed, tech attained
* Absolute power corrupts absolutely
* ET gulag, end of space travel, everyone is busy making war and pleasing dear leaders
So, does non-China android regularly ping google.com, and could that have privacy implications?
My first thought is this could be a non-malicious but perhaps not fully thought out bugfix: wi-fi connection status detection sporadically fails behind the GFW when queries to google don't resolve, let's pick a similarly dominant site on the other side of the firewall as an alternative. Apparently someone at Samsung then noticed and decided to use a Samsung .cn site instead in the latest patch.
* Android needs to know if a wifi network is working, since many wifi networks are broken and connecting to them degrades the user experience.
* Normally it does that by connecting to google.com, and if the connection succeeds, assume wifi is good to go.
* Google.com is blocked in china, meaning wifi would be broken in China.
* To fix this, Samsung has replaced google.com with qq.com in china.
* Samsung also needs to add a new DNS server to resolve qq.com, in case the network doesn't provide a DNS server and androids default of Google DNS is used (which is also blocked in China). Adding it last means it won't be used unless other DNS servers are broken.
Overall, this behaviour seems like the simplest and most logical fix Samsung could put in place to enable their users to use phones in China.
They could have run their own servers (but that would also have privacy issues), or they could have removed captive portal/bad network detection, but that probably would have broken some apps and led to unhappy users.
I can't see any other real fix in this case, and I certainly don't see any malicious intent in any of their actions.