Insights For Success

Strategy, Innovation, Leadership and Security

Review of Sugar Mobile Canadian cell phone provider

GeneralEdward Kiledjian

As a Canadian, I wish we had more mobile phone competition to fuel innovation and drive down prices. Starting a new cell phone provider is expensive. You need licenses, towers and lots of equipment & people.

Sugar Mobile is a Canadian mobile phone competitor that wants to use VOIP technology to "disrupt the mobile marketplace". Sugar Mobile leverages the VOIP infrastructure of its parent company Iristel and the cell phone roaming agreements of sister company Ice Wireless. 

The claim to fame is unlimited North American VOIP calling for $19 a month (which includes 200MB a month of 3G data anywhere in North America). If you use it at home, in the office and coffee shop, you leverage existing WIFI. Anytime you are out an about, your cell uses one of the roaming partners to give you coverage. If you deplete your data allocation for the month, you can buy another $19 card and re-add 200MB or you can use your $19 credit to add 500MB of non expiring data.

Sugar Mobile uses Shoppers DrugMart (Pharmaprix in Quebec) and 7-11 stores accross Canada to sell its credit vouchers. 

How does it work

Unlike US hybrid carriers, Sugar does not offer specially configured mobile phones so you use their service on your unlocked phone via their app. This means you can't use the built in dialer or SMS app on your phone. The app first tries connecting via WIFI then fails back to the cell phone network (you can change this behavior if you want).

Think of Sugar Sync of a amped up Skype or Vyber. Where Skype and Vyber rely on the user to buy mobile data, Sugar leverages its existing relationships with carriers like Rogers to bundle VOIP calling with mobile data. 

The mobile data is too small to stream content, browse data heavy webpages or use navigation regularly. It is enough however (the company believes) to give 80% of its customers more than enough wireless data to make calls until the cows come home.

If you want voicemail and caller ID, you need to pay a one time $19 activation fee.

The app

Considering Sugar Mobile is targeting younger cost conscious pre-paid customers, I chose to conduct my tests on a 2015 Motorola Moto G (which is an entry level Android device which sells for $300 unlocked).

The app installation was fast and easy from the Google Play store and creating my free WIFI only test account took 5 minutes. The app is stable and never crashed during my testing. Any calls made to my Sugar Mobile number reliably rang my phone and allowed me to answer it.

Setting up a conference call is easy and reliable. You dial the second participant, click the join button and voila.

You also have a big red record button.

In the app, you can change these recording settings:

  • ask the service to record All voip calls
  • you can record multi-channel audio (each participant has their own channel in the WAV file)
  • you can choose to have recordings auto-deleted after an elapsed time
  • you can ask the app to make an audible beep when recording is started
  • you can send recordings via email. 

Does it work?

I loaded up the free VOIP only version on a dedicated  Android 2015 Motorola Moto G device (freshly installed Android 6 with no other apps). I loaded and configured the Sugar Mobile app and tested it on a commercial grade internet connection with commercial wireless Cisco gear and a 100MB synchronous internet connection. I wanted to make sure my internet connection didn't introduce any issues.

Before testing Sugar Mobile, I ran a bunch of network tests to ensure the connection was stable, performing optimally and had sub 3 millisecond latency. 

I tested the SMS feature and it worked flawlessly. Messages went back and forth quickly. SMS is easy.

I then made a handful of calls to landlines and cellphones. This is where I encountered the dreaded VOIP calling issues. Skype uses advanced codecs to create a beautiful natural sounding reliable connection (for voice at least). But Sugar Mobile was more like the traditional run of the mill Voip services like Fongo, Whatsapp, Facebook Messenger, Vyber, Telus Extend, etc. 

Sometimes the other person heard me perfectly, other times they couldn't hear me at all. Sometimes the sound was crystal clear other times my partner said I sounded robotic. 

Therein lies the issue with all VOIP providers. Quality isn't a constant. This isn't a Sugar Mobile issue and I experience worse performance from the Telus Extend VOIP app.

Conclusion

I think the concept is good and this makes a decent cheap second line as long as you have regular access to reliable WIFI and have an extra unlocked smartphone. $19 isn't too expensive considering you get 200MB of mobile 3G data a month to use when out and about. Unused data rolls over to the next month and you can always buy more data for $19/500MB.

I have to conduct some more tests but if I want to make a VOIP call and already have access to WIFI then I'll rely on Google Hangouts or Telus Extend (both free). 

I just can't see me using Sugar Mobile as my primary mobile phone service.

 

 

Update 1

Shortly after publishing this article, I started having issues with the app. It started crashing and even after a fresh device reboot, I started having login issues (kept saying registering). After 4 reboot attempts, I gave up and uninstalled / reinstalled the app and it started working again. 

Why use Facebook over the TOR secure network

GeneralEdward Kiledjian

When people think about the TOR network, they either think its a means for criminals to buy illicit products or for fugitives trying to hide their online activities from the law. Tor is much more than that. It is a mechanism to protect your online activities when needed.

Sitting at home, my packets bounce through dozens of different routers before they arrive at their final destination. I just performed a traceroute and had 11 hops between my computer and the Facebook site. Facebook has implemented a handful of security tools to protect your communication with it, but ultimately anyone in that chain knows where my packets are coming from and where they are going. Facebook also knows my source IP which allows it to pinpoint my (fairly accurate) location. 

There have been many highly publicized cases where twitter handed over location and IP information to law enforcement. It is safe to assume Facebook is in the same boat. Anything these companies can log could be turned over. 

ISPs monitor what you do on the Internet and sell the information for marketing purposes
— Sans Institute Security Lab

Even if you log into Facebook and they know you are, by using TOR with Facebook, you prevent your ISP or Facebook's upstream ISP from cataloging your behaviour and then selling it for marketing purposes. You also prevent Facebook from knowing exactly where you are (unless you've given them the permission to use your smartphone's GPS). 

Tor can’t solve all anonymity problems. It focuses only on protecting the transport of data. You need to use protocol-specific support software if you don’t want the sites you visit to see your identifying information.
— TOR project

Prior to Facebook implementing a TOR presence (https://facebookcorewwwi.onion/), accessing it usually meant you had a slow performing site that typically didn't render properly. This access issue stemmed from the fact that the Facebook's site management system viewed all TOR traffic as malicious botnet traffic and treated it accordingly. (Accessing Cloudflare protected sites or many Google properties via TOR will see you be given a challenge, to prove you are not a bot trying to attack their systems). 

Cloudflare captcha challenge when you access my site via a TOR enabled browser.

But Facebook understood that there are people that needed to use their service without leaking identification information like IP address, physical location or access route. You could be a Tibetan freedom supporter but still need to communicate with your Facebook community in the diaspora. You are less worried about Facebook knowing you and are more concerned about others knowing that you are accessing Facebook.

I tested the new site and compared it to using the regular Facebook site via TOR and the new purpose built solution is much better. In this case better means faster, more responsive and works as expected.

Facebook supporting TOR also legitimizes TOR and allows others to follow in its footsteps more easily. As an example, it was the first time a major Certificate Authority (Digicert) issued an encryption certificate allowing a site to setup an HTTS connection.

Now to be fair, this generated a tone of debate inside the security community because technically TOR offers secure communication by default without needing a certificate from a Certificate Authority.  Many security researchers saw this as a cash grab by certificate authorities but others supported it as a move towards a more private internet. Since we (the security community finally) have  brainwashed people into thinking https good - http bad, we don't want to start breaking that important habit.

Benefits of a .onion address

A .onion address is the equivalent of a .com on the normal web except it brings with it 3 main benefits.

  1. A TOR service uses TOR circuit technology which makes locating the endpoint very difficult.
  2. The .onion address is a hash of the site key which means it is self authenticating. When you visit a .onion address, your browser automatically authenticates that you are actually talking to the site you think you are talking to.
  3. There is a process called rendezvous which provides end to end encryption for all traffic using a tor service even for unencrypted apps. This is why the communicate had a heated debate when Facebook implemented a TLS certificate for its TOR site.

How did Facebook get its .onion address?

In the above list, item 2 says the .onion address is a hash of the site key. Then how did Facebook manage to get something as memorable as https://facebookcorewwwi.onion/ ?

After all typical TOR hidden service addresses don't look that "normal". The TOR hidden service address for the DuckDuckGo search engine is http://3g2upl4pq6kufc4m.onion/  It isn't as easy to remember as the Facebook one is it?

They didn't bribe anyone and they didn't break the rules. They actually tested thousands of keys. They started testing keys where the hash of the first 40 bits would generate "facebook". Once they found this, they used the remainder to find keys that would generate memorable works (in this case settling on "corewwwi").

So Facebook played by the rules and still got what it wanted, a memorable TOR hidden service address.

    Securely Access Facebook via TOR on Android

    As more and more of Facebook's customers access the site via mobile device, the security team decided to accommodate them and did the unthinkable: Facebook added TOR access to its mobile app using the wonderfully simple TOR gateway Orbot

    To use this feature, download Orbot :

    • from the developer as an APK
    • from FDroid
    • from the Google Play store

    Once it is installed and activated, go back to the facebook app and browser the settings screen until you see App Settings then turn on the TOR functionality.

    Only weirdos would use TOR for Facebook. Right?

    On April 22, Facebook announced that 1M people had used Facebook via TOR during a 30 day cycle. 

    This growth is a reflection of the choices that people make to use Facebook over Tor, and the value that it provides them.
    — Facebook blog entry

    1M users is just a small sliver compares to Facebook's overall user population but it is still 1M people that probably wouldn't have been able to use their service. And use of TOR for Facebook has been increasing steadily since its launch.

    TOR is slower

    The one complaint I hear from TOR users is that TOR is slower than the "normal" web and this is true. When driving from A to B, the fastest route is always the direct one. If you take 12 detours, your trip will be much longer. The same is true for TOR traffic. To protect the identity of the source and destination, every packet is whirled through many different TOR nodes across the world and encrypted/decrypted. This is a necessity but does slow down browsing.

    Donate to the TOR project

    The TOR project is a 501(c)(3) USA not for profit research organization and it depends on donations to keep going. If you believe in what they are doing, why not throw a couple of dollars their way and help them continue making TOR faster, better and more stable

    Donate here

    Images

    Facebook TOR mobile login webpage

    You will still be challenged to validate the browser if its the first time you are using it to log in or you configured your TOR browser to automatically clear all data after each session. Using the mobile app via OrBot on Android prevents this.

    Hey Siri Cheat Sheet

    GeneralEdward Kiledjian

    All digital assistants are complicated creatures that force you to learn a new query language. Siri is no exception. It can do a mind numbing number of activities. How do you remember everything it can accomplish? 

    A new site called Hey-Siri.io currently lists over 480 different commands with all of the different variations and permutations available neatly bundled in 35 categories. You can filter results with IOS or MAC and English or German.

    So far it looks like the site author will maintain the site as Apple adds new abilities to Siri. 

    Microsoft PIX is an AI powered free IOS Camera App

    GeneralEdward Kiledjian

    You can download Microsoft PIX from the Apple app store now for free.  The claim to fame (according to Microsoft) is that it uses artificial intelligence to take the best possible shot every time without forcing the user to fiddle with any settings.

    This computer voodoo is possible because the app takes 10 pictures every time you press the shutter button. Some right before you pressed the button and some right after. It uses data from every shot to build the best possible image (Apple's default app also does this very same thing but it seems Microsoft is pushing the technology a little bit more). Even though it selects the best possible shot and discards the rest, it uses data from app the pictures (even the ones it will delete) to reduce noise, brighten faces and ensure it has captured colours as accurately as possible.

    Another cool trick up its sleeve is motion analysis. If it believes there is motion in the series that could enhance the image then it will animate that worthwhile section and create a "live" photo. It could do this for a sparkler on a cake or hair blowing in the wind or a beautiful waterfall behind the subject. 

    All of the intelligence is hidden from the user. There are no settings to change or configurations to optimize, everything is taken care of for you. It is the kind of app even your mother can use.

    It is smart enough to detect faces and optimize the settings for it/them. It will detect open eyes. I started playing with this app a couple of hours ago and so far like it enough to put it on the first page of my iPhone next to the default camera app.

    You can checkout this Microsoft Research page to learn more about the cool tech behind the app.

    Stop using Self-Assessments in performance reviews

    GeneralEdward Kiledjian

    Image by David Davies used under Creative Commons License

    Research has shown that people can rarely self-assessment accurately. If the person self-assessing has low self-confidence, than this will be reflected on his/her self assessment. Also there are cultures where self promotion is negatively viewed and this too may lead someone to completing a less than positive self review. Lots of characteristics may impact how one self-assesses: race, gender, beliefs, religion, etc.

    On the other side of the coin are individuals raised in competitive environments where self-promotion is not only welcome but encouraged. In these cases an individual may take credit for group work in an attempt to "win points".

    If your company forces you to conduct evaluations based on self-rating then it is important you consciously determine your employees tendencies and use that knowledge to erase over/under self-evaluations in an attempt to be fait, objective and manage with integrity.

    I have spoken to some organizational researchers and have read hundreds of reports, I can find no objective research that shows that sharing self-assessments before the formal manager-employee review contributes to a better or more accurate evaluation outcome. 

    On the contrary, there seems to be research showing that these self-evaluations may actually bias the reviewing manager and that any bias adjustments made (if at all) are inadequate to compensate for the actual gap. 

    Knowing this, I believe these self assessments are a historic relic of days gone by and should be completely abolished as an HR practice. What do you think?