It is those Joe Sixpacks who are so perplexed by the unconventional moves deployed by Mr. Chu who are doing all the booing.
I suspect Jeopardy's core demographic are old people. Old people generally dislike when young whipper snappers change the way things are done.
Compare this to the behavior of Netflix streaming. They do all their business on port 80 using valid http protocol. Blocking their streaming is a simple one line regex expression in Squid's config file. Netflix made it simple to turn their streaming off via a transparent proxy for those of us who don't have the bandwidth to handle that.
Sorry if I harped too much on Skype. Just needed to vent. I'm a long time reader and hardly ever post,. This subject fit into what I have been working on so I thought maybe I could add something interesting.
The pcaps generated by tcpdump are automatically digested after every 5M chunk and used for analytics and stripped of any payload. I have better things to do than to spy on the pictures my users download. The analytics are my research data devoid of any user identification. I probably shouldn't have provided so many details as people on the net like to make assumptions so they can then wax indigent.
As for the sniffing password charge: You'd be surprised how rare that is nowadays. Most every device has been very good about encrypting stuff using SSL on port 443. In the past year I might have seen maybe 3 or 4 unique devices transmit credentials in the clear. I think modern devices have become wise about those things.
Skype is obnoxious because it tries to use port 443 and 80 for non SSL and non http traffic because it knows most every router has those ports open. Since port 80 is run through Squid, Squid rejects it. I ban those users who beat on port 80 like this because I'm not sure if they might be trying to break Squid. It's better to ban people who abuse. As for iCloud. I tried to open up UDP ports 16384, 16385, and 16386 for them but when I do they try and probe ports on my external IP address which might be a way for iCloud to punch holes through the router. I simply drop those UDP ports no big deal except that since those Apple devices pound those ports so frequently I have to place those drops near the top of iptables.
tl;dr Just whitelist port 80 and 443, send 80 through a Squid like proxy and 90% of wifi users will have no problems. You can open up some other ports as you see fit. I hope this makes things more clear.
So far things have worked out and I get around 250 unique visitors per month. The vast majority of users just get on, do some stuff like check mail or train schedules and get off. I have been doing this more or less as a "science project" to see how these modern devices communicate. Plus the neighbors get Internet access. I have found the bandwidth used per month is rather trivial. I just recently got a tablet with just wifi and so far have had no problems with anything not working through my iptables with white listed ports.