It's meant to get around the great firewall in China, so it has to avoid the GFW's active probers that check to make sure the external website is a (legit) host. However a friend was able to get it to work American's in-flight firewall if the proxy SNI is set to Google Analytics.
Thankfully for my blood pressure, whoever had set it up had left some kind of management portal accessible on a random high port number and it contained some strings which led me back to the Xray project.
Hah I was just about to say the same thing! I just got home from a ~3 week cruise. Internet on the ship was absurdly expensive ($50/day). And its weird - they have wifi and a phone app that works over the internet even if you don't pay. Google maps seemed to work. And my phone could receive notifications from apple just fine. But that was about it.
I spend some time staring at wireshark traces. It looks like every TCP connection is allowed to send and receive a couple packets normally. Then they take a close look at those packets to see if the connection should be allowed or blocked & reset. I'm not sure about other protocols, but for TLS, they look for a ClientHello. If preset, the domain is checked to see if its on a whitelist. Anything on their whitelist is allowed even if you aren't paying for internet. Whitelisted domains include the website of the cruise company and a few countries' visa offices. The cruise app works by whitelisting the company's own domain name. (Though I'm still not sure how my phone was getting notifications.)
They clearly know about the problem. There's some tools that make it easy to work around a block like this. But the websites for those tools are themselves blocked, even if you pay for internet. :)
If you figure out how to take advantage of this loophole, please don't abuse it too much or advertise the workaround. If it gets too well known or widely abused, they'll need to plug this little hole. And that would be a great pity indeed.
Don't forget to price in the costs of installing and maintaining a WiFi network that works consistently in a metal ship whose interior is composed from prefab metal modules. (Hint: every cabin, every space, has one or more APs).
I haven't done the math, and I'm sure they profit on the offering, but I doubt it's as egregious as these replies make it sound.
(I thought about this a bit when I was on a cruise that offered Starlink this past summer.)
Edit: also don't forget that everyone gets free WiFi, it's just that internet access is restricted for guests who don't pay. So it does need to support the ship's full complement and passengers.
Starlink hardware (aka community hub) is $1.25M. Actual bandwidth cost is 75k per gbps per month.
I never figured out a way to route internet on my phone through my laptop. But it was probably for the best. It was lovely spending a few weeks with no internet connection on my phone, in arms reach away at all times.
Almost all of these special pricing/zero-rating schemes will include platform push in the zero rated traffic. Can't use anything without it, and most of the platforms have public pages describing how to identify their traffic, because there's lots of networks that want to allow it.
But basically you get to see a bunch of destinations while all your travel is organized for you, you never have to switch rooms and constantly pack/unpack, and the actual travel part is infinitely more comfortable.
A room and sundeck and pool beats a plane seat or train seat any day.
I'm not into cruises myself, but the appeal seems pretty understandable in terms of convenience.
They’re also far less expensive than many other vacations, especially if you have kids and are considering Disney stuff.
Still a human Petri dish.
Go price out hotels and food in any major destination for one week. Now go price out a cruise for one week which also includes entertainment and a travel component. Somehow, the cruise is CHEAPER and offers more.
That's it. That's the whole answer.
Long hours and low pay - Some workers face shifts of more than 12 hours a day, seven days a week, often without overtime pay. Wages can be very low, sometimes below $20 per day, though tips can supplement income. Workers often live in small, shared cabins with limited personal space. Ships often registered in countries with lax regulations. No pay between workers contracts
These are ONLY some of the reasons ....
There is a level of convenience that is hard to get elsewhere.
I went on a Disney cruise 2 summers ago. All restaurants were in walking distance. All of deck 5 was dedicated to child care. They took you straight to excursions. Family was close, but not too close.
There were some downsides, too, but let's not focus on those. I think the "king" reason we went is because the grandparents were paying and they wanted everyone to be "there" and not leaving. I think the main reason we aren't going again is cost.
He discovered that on some airlines (I think American?), they use an advanced fortinet firewall that doesn't just look at the SNI -- it also checks that the certificate presented by the server has the correct hostname and is issued by a legit certificate authority.
My friend got around that restriction by making the tunnel give the aa.com SNI, and then forward a real server hello and certificate from aa.com (in fact I think he forwards the entire TLS 1.2 handshake to/from aa.com). But then as soon as the protocol typically would turn into encrypted application data, he ignores whatever he sent in the handshake and just uses it as an encrypted tunnel.
(The modern solution is just to use TLS 1.3, which encrypts the server certificate and hence prevents the firewall from inspecting the cert, reducing the problem back to just spoofing the SNI).