EE Auto Wi-Fi - what you really ought to know

Has anyone given any thought to the "auto" bit in the name? Anyone thinks it's to do with Google's Android Auto (functionality and) app, or is it just a coincidence? 

O2, for example, call theirs "Extra"... but that could be its parent company (and one of EE's parents was German, so Auto would make sense)

Or, perhaps, it is just that, automatic. In fact, so automatic thwt I, for one, find it extraordinary how EE Wi-Fi - which now, by the way, formally encompasses BT Wi-Fi, the UK's largest public Wi-Fi network - should be so very excellent at connecting to the nearest and farthest BSSID regardlessly, no matter how strong, more often poor, the signall. As long as it can find one, it will try really really hard to connect. 

Why it would do that, of course, is open to debate and even speculation. EE's "never run out of data" pledge springs to mind. The other reason, of course, is 5G, a velvet revolutuon which largely involved the (put simplistically) repurposing of LTE masts and equipment for 5G purposes. 5G must be and be seen as strong and stable, but that comes at a cost (there is only so much free mobile spectrum, esp for voice, in densely populated urban areas with ever larger and taller buidlings)

Over the past few months, I have regularly caught both my iPhone and Pixel red-handed, having latched onto one of the ubiquitous EE (ie, BT) WLANs even when Wi-Fi was turned off (whether or not mobile data was on). In fairness, I should say it wasn't the devices' fault; well, not entirely at least, as I traced the issue to the managed Wi-Fi profiles embedded in the EE physifcal SIM vendor configuration. 

In the old days, mobile operators would lock the devices they sold for exclusive use on their own networks on grounds they had subsidised your puchase in some way (not really, since they would invariably make a margin on any handset sold through retail channels). Nowadays, as the various and varied historical reasons for locking handsets fully paid for by consumers disappeared and were not replaced by any new clever excuses, many may be under a misapprehension that mobile network operators simply gave up. In fact, they never did, but have simply moved their activities to the back of the shop, where customers can't see it.

For a year now, I have been putting up with EE's generally abusive conduct towards customers (individual, non-business), exemplified by the lack of regard (to more or less overt contempt) routinely demonstrated by every single EE member of staff with regard to personal data, and more generally, privacy as well as (cyber) security. The conduct was observed on a number of interactions, in person and over the 'phone, with various departments and on a range of matters (which were invariably presented as, ultimately, a privacy and security concern of the customer.

The "Auto" Wi-Fi profile - malware in all but name, as any unconsented for and stealth piece of code is - is so far the most extreme example I am able to report with reasonable confidence (NB paper not peer-reviewed yet). Despite six specific requests, EE ultimately refused to remove the managed Wi-Fi profile from my contract (physical) SIM card. Worse, EE doubled (if not tripled) down on it by actively blocking my return to an eSIM (this latter, not without its own issues) first, then proceeding to block my ability to log on online account (bills all paid, no unfair nor improper use of services, no breach on customer's part)

7 years ago, as a brand new BT Broadband (landliine) customer (on the BT Smarthub 5 router), I really struggled to opt out from BT Wi-Fi (which BT Broadband customers are automatically enrolled in) despite discovering (to my horror) that the BT Smarthub was logging the MAC addresses of BT Wi-Fi users connecting through BT Openzone/WiFi etc, ie the various SSIDs carved out by the router from my WLAN for public Wi-Fi use (the only type which may be open, yet legitimately purport to accept your card details should you wish to puchase access). I could see when a specific device had attempted to log on, when it got kicked off the WLAN (BT Wi-Fi was a master in the disconnection game), when it reconnected. whether it had or had not been authenticated. This was from the BT Smarthub admin events log, so it is likely that far more could have been garnered with the aid of widely availble (open source and free) software.

At the time, BT claimed not to be aware of the issue: tech staff at the telecoms giant's dedicated Wi-Fi department feigned varying degrees of ignorance, and ultimately concluded not to be concerned about what I very much iprotested were significant privacy and security implications. I finally gave up when a BT member of staff, claiming to be a senior manager working in technology, asked me how I could possibly know which of the half dozen different BT Wi-Fi routers I connected to from my mobile. In light of the fact that only one or two octets from the BT Smarthub's real MAC address are "spoofed" to virtualise the various BT Openzone/WiFi routers and BSSIDs, and also that SSIDs from any given hardware router continue to have near-identical attributes (the 5GHz publlic SSID could be switched off from the router admin settings available to users), the senior manager was either incredibly naïve (some may say incompetent), just daft or possibly knowingly dishonest.

Ofcom, as ever, was asleep at the wheel - the watchdog's remit does appear to be about keeping ISPs happy, BT in particular - a leaf through some of the consultation submissions by BT and competitors on a random selection of topics revealed a tendency by BT to kick up an unnecessary fuss whenever its (still) vast comparative and uncompetitive advantages over other providers was in any way threatened. For example, BT campaigned relentlessly against the current PAC procedure, making various and implausible submissions to Ofcom in which it expressed concerns customers would be at risk of being diconnected from network services and left without mobile - and possibly landline, and even emergency services (!) - cover as a result of other operators failing to port them through; it went as far as claiming that customers were at risk of being disconnected without their knowledge, nor consent (presumably, by some unscrupolous competitor). 

Of course, let us not forget that Ofcom is hardly a consumer-focused organisation and free from conflicts of interest. It certainly is not independent of the Government, as we are periodically reminded when Ofcom performs its formal role of spectrum auctioneer with a view to raising as much revenue for the Treasury it can, without severely, and definitely never visibly damaging the situation consumers, while tending to network operators' every whim and exaggerated concern.

Where does that leave consumers? On their own? Your thoughts, views and comments welcome. 

LL

PS sanitised logs supporting matters set out in this post available to bona fide consumer and public interest researchers, analysts etc, exlcusively on a no liability basis and subject to terms and conditions to be agreed