Forgot your password?
typodupeerror

Inverting Images for Uninvited Users 277

Posted by timothy
from the beggars-choosers-and-chiropractors dept.
Yesterday's story about a creative approach to dealing with uninvited (and unwanted) users on a private wireless network -- by intercepting and modifying the images received downstream -- provoked some thoughtful comments on open wireless networks, and a storm of analogies about networks and property generally. Read on for some of the most interesting comments in the Backslash summary of the conversation.

Several readers offered comments on the methods of network interference suggested in the examples linked from the story, or offered other creative ways to impede network freeloaders. First, reader blantonl offers some insight into implementing the same image-flipping technique:

For those that are struggling to understand how the author of this article is accomplishing his approach, here is some further information.

The author obviously has a Linux server in his house, that is running DHCPD

To selectively send some clients to some locations, and others to the normal internet, he assigns an IP address on a different network to clients that don't have MAC Addresses that he knows about.

Forwarding on to sites of his choice is done by using IPTables, which is a utility that allows you to configure the packet filtering components of the Linux TCP/IP Stack. In this instance, the Linux box is just functioning as a firewall, and he is selectively sending requests from certain IP addresses to different hosts of his choosing.

Finally, the Up-side-down and blurry-image conversions is accomplished by sending page requests from those before-mentioned IP addresses to a proxy server, which in this case is Squid — and then allowing the proxy server to run a script which calls an ImageMagick command called mogrify which allows you to resize an image, blur, crop, despeckle, dither, draw on, flip, join, re-sample, and much more.

(Writing "I'm paranoid - I work in information security," reader hab136 points out some potential vulnerabilities in the system as described.)

As to the actual methods of annoyance, jpellino writes

Upside down is cute, but blurry is just too fantastic. You know they were on the horn to the vendor after punching every monitor control and several loud screaming matches and an expensive service call for a monitor that then worked just fine on the bench... As a webmaster I can now say April 1 just got very far away...

Reader Sloppy also admires the "blurry-net" approach ("That's subtle and I love it"), but suggests that image manipulation is only for starters

The next step is to spy on them and see what websites they visit, and then insert some fake content one day. For example, if they use it to read CNN, insert a casual story about a nuclear weapon getting used in the Middle-East or South Asia, or a story about the president of USA selecting a new vice-president due to the assassination last week ("What?! I didn't hear about that!"), or the CDC in Atlanta is investigating the recent rash of improbable claims about the dead returning to life to feast on the flesh of the living, etc. If they visit Slashdot, then the jig is probably up, but maybe it would be great to have a story where a security study found Windows98 to kick OpenBSD's ass and then a bunch of comments where everyone agrees that the findings pretty much match their own experience, along with complains about "how is this news for nerds?!"

And perhaps the ultimate in annoyance-as-warning, reader Midnight Thunder writes

I suppose you could also add a frame to every page and then sell advertising space. Since you probably know a bit about your neighbour it is much easier make targeted advertising. Of course you could always make the top frame read:

"This is borrowed bandwidth. Have you thought about getting your own connection."

Oh and make sure it is flashing. Actually you could make it so that the whole content flash.

Not all uninvited users are actually unwanted users, though, at least for some readers. Reader Elektroschock writes

Sorry, I am a supporter of open networks. I think the freifunk olsr-protocol approach of open wireless networks is best. We don't need internet providers and we don't need internet providers which leak our communication data to the governments and endanger the freedom of the net. The net should be a net and wireless technology is great for the creation of a real P2P internet.

I cannot support any action against people who use your network. It is against my understanding of hacker ethics. When you don't like it then close your network. But no childish games please.

I may even say that I find it unethical to exclude your neighbours from using your network but I respect your opinions. When your network is open it means: Be free to use it. Not: You can use it but I will fuck up or intercept your communication.

Similarly, trewornan writes

I chose to leave my wireless network open so that if someone nearby needed a connection it would be available for them. If someone was to impose an unreasonable load on the network I might do something about it but so far (12 months) I've had about half a dozen people connect and download relatively small amounts of data - my guess is they were checking email. Why would I object to that? No . . . why would *you* object to that? The way I see it it's a chance to do something nice for other people, why not get yourself some good karma.

Even without that sort of altruism, many readers feel that, as geekoid puts it,

[By]leaving it open he is inviting other people to connect.

Some computer says to the router "Hey, can I come in?" and the router says "Sure." Now, the moment you put something up, like needing a password, then you are no longer inviting people in.

  • Computer says "Hey, can I come in" router says "Sure, if you know the password."
  • Or you can encrypt it; Computer says "Hey, can I come in?" the router says "KE*jd7638JDEJE*834899(&^&#nd&#&bd*e#"
Not so fast, goes an argument exemplified in another comment from R2.0:

Yes, the computer is "asking" the router "permission," and the router is "granting permission" — the only problem is, the words we use to describe these actions may appear to be descriptive of thinking and volition, but they really mean neither. Computers and routers simply CANNOT give "permission" in any legal or moral sense.

To use the yard analogy that seems to be popular for these threads, lets supposed your neighbor's massively retarded child asks your massively retarded child for permission for his Daddy to use your yard, and your child agrees. Neighbor then comes over and stages a cookout on your lawn, or for that matter just walks across it.

When you confront him, he says "But my kid asked your kid, and he said yes." This is binding? Common sense and the law would say no, yet you would allow devices with an order of magnitude less analytical power than a retarded child to give and receive similar permissions.

Repeat after me folks: devices cannot give and receive permission for human actions without those permissions expressly being granted via some other means.

A traffic light doesn't give you permission to cross the street; the government (that you studied to get your license) gives you permission to cross the intersection when a light is green, and denies it when red.

Your ID badge doesn't ask permission to enter your building, and the security system doesn't grant permission; YOU ask for permission by presenting the badge, and your employer grants it by programming said system to accept your request.

Closer to the typical small-time network admin, perhaps, bennomatic writes

If I leave my bike outside unlocked for 10 minutes, am I giving explicit permission to anyone who sees it that they can take it? No. Am I allowing it to happen through negligence? Sure, but call it what it is; it's still stealing, or at least trespassing.

Even something as amorphous as bandwidth is a limited resource. To paraphrase the head of the commerce committee, an open wireless connection is not a dump truck you can just load up with as much as you like; it's a tube!

Various forms of the same disagreement surfaced in various corners of the discussion: squiggleslash, for instance, writes

[I]t makes sense that no implied permission is given by simply having your router be unsecured, given "unsecured" is the default configuration of most off-the-shelf routers.)

It really isn't an issue in practice. If you want to use someone else's network, all you have to do is ask them. With 802.11, you're close enough to be able to do so. There's no reason not to ask, other than knowing that "No" is likely to be the answer. And I think that's why people tell themselves the myth that somehow they have implied permission simply because the "door" was left unlocked.

The figurative "visibility" of an open wireless network also isn't enough to convince reader R2.0 that it's fair game for passers by. He writes:

So the router is "visible," with an option to make it invisible. Big deal. My garden is visible from the street, but I can put a tarp around it to obscure its existence. What you are saying is that, unless I put a tarp up around my garden, everyone has a right to use it.

Wireless networks may make themselves conspicuous, but that does not confer an invitation to use them. The connection between "visible" and "inviting" is not legally or morally valid. (I am excepting the concept of "attractive nuisance," but I don't think open routers will come under that area of liability)

Reader 4e617474 fired the next volley in this battle of analogies:

No, actually we're saying that if your garden pelts us with carrots and peas as we walk past on the public street, we're at liberty to catch them and consume them. Only if you place anti-vegetable-flight netting around your garden (or stop planting vegetables that lend themselves to comparison to an unsecured WAP) does it become incumbent upon us to behave as good citizens.

Hey! Analogies are fun! Somebody compare Internet privacy law to hunting and fishing licenses!

Readers like ShawnDoc make a case persuasive for discouraging bandwidth borrowing on the basis of enlightened self-interest.

If someone uses your connection for illegal activity (downloading Meet the Fockers, kiddie porn) it will be your IP address that the RIAA/MPAA/FBI will trace. Good luck convincing them it wasn't you. You might be able to do it, but it will take up time and money (lawyers) to clear your name. And in the case of kiddie porn or other criminal act, expect every computer, PDA, and cell phone in your home to be confiscated to be analyzed for incriminating data. The second problem is you are allowing strangers access to not only your Internet connection, but also your LAN. I have multiple computers and put files in shared folders so I can access them from different machines. I don't want some strange to have access to those files, or worse, have their computer be infected with a worm/virus that propagates across the network.


Thanks to all the readers whose comments informed this conversation, and in particular to those whose comments are quoted above.

This discussion has been archived. No new comments can be posted.

Inverting Images for Uninvited Users

Comments Filter:
  • by QuantumFTL (197300) * <justin.wickNO@SPAMgmail.com> on Friday July 28, 2006 @03:27PM (#15801224)
    To use the yard analogy that seems to be popular for these threads, lets supposed your neighbor's massively retarded child asks your massively retarded child for permission for his Daddy to use your yard, and your child agrees. Neighbor then comes over and stages a cookout on your lawn, or for that matter just walks across it.

    This is a very interesting anology, as computer systems are very "dumb," but unlike developmentally challenged individuals, computers are also very easy to control (i.e. they do precisely what you tell them to and nothing else, if you count the code as instructions). It is a simple matter to encrypt a wifi point (and a well reccomended practice), whereas a retarded child is probably difficult to train to restrict lawn access, and that is not generally a well-reccomended practice.

    To be honest, I don't think any analogy quite sums up the situation. If you're on someone's wifi, and you're not causing harm, and they left it open, what is the problem?
    • ...whereas a retarded child is probably difficult to train to restrict lawn access, and that is not generally a well-reccomended practice.
      I don't know. Give a retarded kid a shotgun and put him on your front yard and I'll probably stay off of it....
    • I've got an analogy to try:

      You own a housing complex (internet connection) and decide to hire a doorman (buy and connect a wireless router).

      By default, the behavior for the doorman is to open the door for everyone who wants to enter the building (open Wi-Fi connection)

      You can instruct the doorman to only open the door for tenants of the building or for anyone on a specific list of names (access control list)

      To further add to the analogy:
      The housing complex used to be a hotel and still has all of the origina
    • Because you could be causing harm. It's easy to snoop once you're on the network. Of course, if it's unprotected, you either don't care or don't know.

      To get away from the lawn idea, let's talk about cars. If I leave my car unlocked, not a good practice but something easy to do and to not think about, does that mean anyone can come in and sit? It'd be quite disheartening. Most people think their car is secure and often has data about them (papers, receipts, etc). But you could forget to lock it, for any numb
    • If you're on someone's wifi, and you're not causing harm, and they left it open, what is the problem?

      No problem. Likewise, if I choose to lock my wifi to keep unauthorized users off of my personal network, what's the problem with that?
    • The analogy is very poor for another reason --

      The wifi router's job in life is to route - which means either pass packets or drop packets. That's all it does. A retarded kid is not dedicated to the job of guardian of the lawn. He is not designed, not even intelligently designed, to route people to his lawn or anywhere else.
  • There simply isn't an adequate analogy for this situation, as nothing else is like an unsecured access point. Please stop comparing them as such.
    • by 01101101 (869973) on Friday July 28, 2006 @04:03PM (#15801522)
      There simply isn't an adequate analogy for this situation, as nothing else is like an unsecured access point. Please stop comparing them as such.

      So it's like apples and oranges then?

    • An analogy, in this case, is precident. It is how we are intending to think about the issue. The question is this: Is an unsecured wireless access point assumed to be open to the public or not? An analogy is reasoning for a particular argument: it is or it isn't because we are treating it as if it were a newer version of $foo.

      Personally, I think an unsecured access point should be considered public. There is no seperate flag for 'you are allowed to access this' besides the fact that when you try you can
    • There simply isn't an adequate analogy for this situation, as nothing else is like an unsecured access point. Please stop comparing them as such.

      OK, I'll try.

      Where I live homes aren't more than about 15-20 feet from the street. A neighbor has a bright outdoor light on their house and they often leave it on late at night or all night long. One evening while walking down the street I notice that the light is so bright that I can sit on the curb of the street and read a book by the light. So I do. Is it

  • Analogies Broken (Score:5, Insightful)

    by Anonymous Coward on Friday July 28, 2006 @03:31PM (#15801255)
    All of the locked door, stolen bike, and lawn analogies miss one important fact. 802.11 uses the radio spectrum. In the US we ALL own the radio spectrum, but "trust" the FCC to manage it.
    The FCC says you can transmit on that band within X power. They also say if a a signal enters your reciever you can read it.
    Together they imply you can join an unsecured network, because that person is allowing their equipment to broadcast, and recieve on open frequencies.
    • Yes, but citizens cannot buy a radio scanner that covers the band which cell phones use.


      Also, you may be allowed to receive the broadcast, but in this case it isn't broadcasting, it is communication involving transceivers (transmitter and receiver pairs). I don't think it is fair to say that this implies that you can joint an unsecured network, though my personal belief is that it should be ok. If the provider of the unsecured network does not like it, they should secure it. I think that you should
      • What are you talking about? I have one in my pocket.
        • I'll assume you have a radio scanner in your pocket. By FCC decree in 1994 ordinary joes (I'll call them citizens) cannot purchase a new manufactured scanner which will receive radio signals in the band used by analog cell phones. This was supposed to prevent eavesdropping by those who own said receivers on callers using cell phones who have an expectation of privacy equivalent to that of a wired land line. This set a bad precident in my opinion. I don't care about receiving cell phone calls on a scanne
      • Yes, but citizens cannot buy a radio scanner that covers the band which cell phones use.

        Um... Let me guess?

        Because the FCC said so?

        Why doesn't this make sense to people.

        FCC says these certain frequencies are private and certain frequencies are public. If you want a private frequency, then go talk to the FCC and buy one.

        You sir, are running your routers on public domain. By law (which the grand parent has stated) anyone is allowed to receive these transmissions and send information back to the receiver. If y
        • by KitFox (712780) on Friday July 28, 2006 @06:45PM (#15802724)
          You sir, are running your routers on public domain. By law (which the grand parent has stated) anyone is allowed to receive these transmissions and send information back to the receiver. If you do not want people to be able to use these networks beyond these points then you spend the 90 seconds needed to turn on some minimal security measures.


          Hmm... By Law, the radio waves are public domain; you can and may listen to them. By law, you can and may transmit radio waves of the same frequency. And by law, you may not access a computer network without permission. Just becasue there is a means by which this network 'can' (possible to do) be accessed in a public area does not make it legal to do so. Regardless of how "easy" it is to get this access, the access itself is still illegal.

          Just like an unlocked and wide-open house door makes it 'easy' to break into a house, it does not make it 'legal' to break into a house.

    • Re:Analogies Broken (Score:3, Interesting)

      by aussersterne (212916)
      This is exactly the point that so many "property analogies" miss. If it is in the air I breathe when I am not on your property, then it is mine, period, until the day on which airspace itself becomes private property. Until then, whether you encrypt your signal or not, YOU are FORCING it upon ME even when I am standing across the street. You lose all property rights to it the moment it leaves your property.

      For those who use the bike analogy (if I leave my bike in a public place unlocked, does that make it y
      • Sure, access to the WLAN is in the air you breathe, but access to the internet is not. You are definitely causing potential harm in the form of increased ISP charges by using someone's IP. Many ISPs have bandwidth caps and if you go over your transfer limit you pay fees. Also your actions might not be legal and thus you are exposing the owner of the internet connection to legal risk.

        You can connect to an unsecured WLAN all you want, but to use that connection to go onto the internet is clearly entering i
        • If someone is incuring such fees, they should utilize some form of encryption. Even those that are breakable, like WEP, still give the message that one is trespassing should one access the network. And it doesn't look like anyone has really justified breaking into an encrypted network.
          • What you're saying is now equivalent to "if someone is coming onto your property to use your electricity, you should put up a fence" or "if someone comes into your house to make long-distance calls, you should lock your door". Yes, you should secure your property to prevent people from tresspassing. However, that doesn't change the fact that such tresspass is still unethical. Our society generally has a notion of individual's property rights, and I don't think it's wrong to extend "property" rights to th
      • Remember that wireless networking is two way, so you are also broadcasting onto my property when you associate and I can choose to mess with the signal. Therefore re-directing every one of your requests to blurry pictures of the Care Bears or deleting random characters from the stream is fully within my rights.
      • Sure. You're free to receive the signal and manipulate that data any way you want. No argument.

        And sure, you're free to send any signal out to anywhere, or the original router wouldn't have been free to send out its signal.

        The problem comes when you're starting to access said device and use up resources on it. You're manipulating private property (Even if via free to transmit and receive airwaves). And accessing and manipulating private property is not OK. The device has a limited resource by way of process
    • That implication may or may not be valid in a stricly legal sense due to the way the law was written.

      However, from an ethical sense, it still cannot be argued that using the internet connection of some guy who bought a router at best buy and has no idea about security is "ethical" to do. Most people don't know jack about security, and if the router works right out of the box, why are they going to bother poking around the settings? They're not.

      You can say that it's sad and wrong and stupid for people to d
      • Most people don't know jack about security, and if the router works right out of the box, why are they going to bother poking around the settings? They're not.

        Speaking of which, if Joe Six Pack sees two "linksys" in his available networks, how does he know which one is his?
    • I let you into my house, you dont automatically have permission to use my telephone to call your aunt in China. You can connect to my wifi but nothing short of written or spoken permission from myself gives you leave to use my internet connection.
      • I let you into my house, you dont automatically have permission to use my telephone to call your aunt in China. You can connect to my wifi but nothing short of written or spoken permission from myself gives you leave to use my internet connection.

        FFS man. What part of anologies don't work for this doesn't make sense? Wireless connection implies that there will be an internet connection. It's like saying the person was at your door asking if they could come in to make a phone call. Why else would you connect
      • nothing short of written or spoken permission from myself gives you leave to use my internet connection.

        Where do web servers (or any TCP socket based service) fit into this? My computer sends your computer a request for a connection, which your computer accpets. And I then proceed to "use" your internet connection to send data. Am I required to get "written or spoken" permission for this act? BitTorrent is probably a better example. Lots of people who run BT clients do _not_ fully understand the service the
        • When I invite you into my home after you knock on my door, my phone has no restrictions which stop you from making a call - are you therefor justified in making a call to any number you wish while Im out of the room? How about raiding my fridge?
    • Analogies of all sorts, and yes, it does come down to radio waves. I only know about the US, so let's see...

      Firstly, somebody said "Their radio waves are infringing on my property, so I have the right to use them."
      This is very similar to the "garden pelting passersby with peas and carrots, so they are allowed to eat them."

      Fine. You may eat (LISTEN) to the radio waves. You may NOT send stuff back to the garden to grow, nor may you send radio waves back to the receiver. And of course, actually getting arbi
      • You may eat (LISTEN) to the radio waves. You may NOT send stuff back to the garden to grow, nor may you send radio waves back to the receiver.

        That's just dumb. You're allowed to throw peas at me, but I can't throw the same kind of peas back at you?
        • That's just dumb. You're allowed to throw peas at me, but I can't throw the same kind of peas back at you?

          Ahhh, Tit for Tat...

          Given that the "peas" are radio waves... Simply put, to make the "pea" analogy work,you'd have to have "Ghost peas" that don't actually hit anybody, aren't even SEEN unless you are specifically looking for them, and are available to be eaten or ignored as you see fit. This is why the OP of this thread pointed out that the analogies are broken.

          But again, the important thing is th

  • by jea6 (117959) on Friday July 28, 2006 @03:36PM (#15801309)
    We don't need internet providers and we don't need internet providers which leak our communication data to the governments and endanger the freedom of the net. The net should be a net and wireless technology is great for the creation of a real P2P internet.

    OK, so how exactly are you connecting to Slashdot without using an ISP? Are you standing at a terminal in the cage at SAVVIS where Slashdot's servers are located?
    • What he means by "we don't need internet providers" is that we don't need ISPs. Obviously, we need internet providers in the sense that we need other people in the network to help transport the data.

      The thing is, in that P2P fantasy world where everyone shares their connection and gives back to the community and there are no evil corporations charging us monthly fees, major latency would be the norm and the internet would become much more regionalised than it is now. Online gaming, for example, would all b

      • The thing is, in that P2P fantasy world where everyone shares their connection and gives back to the community and there are no evil corporations charging us monthly fees, major latency would be the norm and the internet would become much more regionalised than it is now. Online gaming, for example, would all but die, surviving only in tightnit local groups.

        I feel there's room for a hybrid approach. You could buy metered long-haul low-latency traffic, and manually route that direction for machines you n

      • Thats where you are wrong, the infrastructure for major international corporations would still need to exist (like google etc are just going to roll over and give up).
        There will still be high bandwidth international pipes around just like we currently do.
        The only difference is that businesses with a vested interest in your custom will be the ones supplying the core bandwidth.

        Once the mesh takes off, home users shouldn't need a specific ISP anymore.
      • not really.
        What id every wirless router talks to all the others in a type of wifi mesh.

        including web sites. Totaly un controllable, completly anonymous, no ISP charges.

        Put ione in every home and automobil and you could cover 90% of the US.
      • Online gaming, for example, would all but die, surviving only in tight[k]nit local groups.

        So I really could go out and smack that griefer? Sounds like a good thing, actually.

      • by mcrbids (148650) on Friday July 28, 2006 @05:16PM (#15802081) Journal
        The thing is, in that P2P fantasy world where everyone shares their connection and gives back to the community and there are no evil corporations charging us monthly fees, major latency would be the norm and the internet would become much more regionalised than it is now. Online gaming, for example, would all but die, surviving only in tightnit local groups.

        The march of technology makes the cost of providing N bandwidth drop every year, following a near exponential curve. Following this trend, it's easy to see how the cost of providing bandwidth drops to the point where individuals can afford to provide quality connections that now cost thousands.

        Perhaps you don't remember the day when a 128k connection cost $1,000 per month or more? Now, such bandwidth is available for under $20/month in many contexts.

        That P4 under your desk probably has more comptational power than existed worldwide in 1980. Certainly true for 1970. Yet, you can replace the Mobo and chip for less than a day's wages. [pricewatch.com]

        Why is it unrealistic to think that long-range, cheap, P2P broadband isn't possible, yet alone likely, in just a few more decades?
        • Actually, I really think you might be onto something there.

          But for the sake of accuracy: we were actually dealing in the present tense, so technically your point is irrelevant.

          An interesting thought though. One that gave me some hope for the future of the internet, in fact.

  • Slashdot Analogies (Score:5, Insightful)

    by linvir (970218) * on Friday July 28, 2006 @03:36PM (#15801311)

    There's something about Slashdot that encourages these terrible analogies, and it's just awful to watch. Sometimes, I see a story, and I can tell beforehand that there's going to be a bunch of these crappy analogies being thrown around, argued over and refined. It's usually around then that I turn my computer off and go outside, so in a sense, they literally send me running.

    • You're right, and it annoys me too. It seemed as if no one really considered to look at how the technology was intended to work as in: APs broadcast SSIDs to advertise their presence, and unless communication is encrypted, anyone can request to join the network. Of course, the reality of the situation is not being conveyed correctly to most consumers. I haven't bought an AP which has said in a really obvious place something like "the default configuration of this device allows anyone to use your Internet co

    • I agree, /. analogies are terrible. It is almost like some invisible force like a magnet is forcing everyone on /. to make stupid analogies, like some giant magnet would force your car hood to stay welded shut, keeping everyone inside clicking refresh...
    • Slashdot has terrible analogoies because it is used by people.
    • There's something about Slashdot that encourages these terrible analogies.

      This is called "People who don't know what they are talking about trying to explain things to people who understand even less." It's a blind leading the blind situation. Too bad so many good comments get hidden in that garbage.
    • Complaning about analogies on slashdot is like picking up chicks at the special olympics...
  • by Anonymous Coward on Friday July 28, 2006 @03:37PM (#15801315)
    Yesterdays story about backslash brought many interesting and insight comments from Slashdot readers.

    For example, an Anonymous Coward said:
    What is this backslash garabage? It's just a rehash.

    Another user commented:

    I hate backlash.

    Many readers readers responded to this comment with a wide range of opionions,
    • Teh ghey
    • This faggotry has go to stop
    • FUCK YOU TIMOTHY GODDAMNIT.

    etc
  • by Anonymous Coward on Friday July 28, 2006 @03:37PM (#15801321)
    If so, then you're giving your neighbors cancer and they're entitled to take some of your bandwidth as retribution / reparations. Do not mod this funny.
  • Added Bonus (Score:3, Insightful)

    by ndansmith (582590) on Friday July 28, 2006 @03:38PM (#15801330)
    Having an unsecured wireless network provides plausible deniability for p2p downloading and what-not. Unless of course you live in Wyoming and have no neighbors for miles.
    • Re:Added Bonus (Score:4, Informative)

      by IflyRC (956454) on Friday July 28, 2006 @03:44PM (#15801377)
      Actually, most of Wyoming is on fiber optic and wireless networks. One of the first broadband offerings in Gillette, Wyoming was from a company called Visionary Communications [visionary.com]. They placed towers all around town for their wi-fi subscribers (no, its not open).

      One of the interesting things about Wyoming is that within the boundaries of the towns, subdivisions and neighborhoods are closely packed in together. Sure there are the folks that live out on their own ranches but the trend is to live closer to town.
    • > Having an unsecured wireless network provides plausible deniability for p2p downloading and what-not.

      Yeah, but it sucks when all the songs are backwards.
    • Nope. Precedent in court says that you are responsible for what happens on your network. Besides, your IP is enough evidence to have your computers seized and checked for evidence of filesharing, so it'd be hard to get away with.
  • The second problem is you are allowing strangers access to not only your Internet connection, but also your LAN. I have multiple computers and put files in shared folders so I can access them from different machines. I don't want some strange to have access to those files, or worse, have their computer be infected with a worm/virus that propagates across the network.

    I recently got a Nintendo DS and decided to set up a wireless network so I could play online with it. I have never previously needed a wireles
  • by twiggy (104320) on Friday July 28, 2006 @03:46PM (#15801395) Homepage
    I'm amazed at the amount of people insisting that an open wireless router is an implicit invitation to join, and the number of people saying "if you are doing no harm, what's the problem?"

    I love the idealistic vision of information being free, of internet access being free, etc - but the "hacker ethic" is no excuse for stealing.

    Problem 1: Your average person is not very tech savvy, so your average internet router comes unsecured so that it works straight out of the box for your average version. This means that the vast majority of wireless routers are open unintentionally by people who don't read instructions or know anything about security. And why read the instructions if they don't have to? If it works right out of the box, why spend time reading the damn booklet? This means that the majority of unsecured wireless connections are likely that way because people don't know any better, not because they're Just Like You(tm) and want to share.

    Problem 2: Even if these people left them open for convenience, sharing, etc - their terms of service with their ISP almost always have a clause saying that service is to be used only be residents of the billing address. By using their connection, whether they want you to or not, you are aiding them in breaking their TOS.

    Problem 3: No, seriously, get it through your thick skull - that network isn't open because the guy who owns it reads slashdot and agrees with you. It's open because the guy doesn't know any better. However, his "stupidity" (reality: lack of interest in technology to the degree of yours) does not give you the "right" to steal.

    Problem 4: You can say "if it doesn't hurt his bandwidth usage, it's fine", but that becomes a slippery slope. How many people get to borrow Unsuspecting Bob's internet connection then?

    Problem 5: If you were to win the argument that people should be free to share their connections with the world, you would kill ISPs as a business. It's tantamount to arguing that it should be perfectly legal for one guy at the top of an apartment building to pay for cable internet, and for every resident of that building to mod a Linksys router and get the whole building on a WDS mesh through one connection. I'm no fan of the cable company, believe me, but doing this is still not fair to business.
    • 2WIREs come with WEP enabled by default, right? I haven't seen any that aren't encrypted. How is that working out?
    • If you were to win the argument that people should be free to share their connections with the world, you would kill ISPs as a business.

      This is not evilness on the part of people, it's a weakeness of the ISP model. If we could give net access to everyone managing networks ourselves, it means the market has outdated ISPs (much like old-style telephony and elevator operators). I'd go as far as guess that wireless mesh networks will be the key to breaking telecoms monopolies over Internet access.

      As for the o

    • Something that really bothers me, and goes well with what you're saying:

      A lot of people say "Well, they should learn how these things work and secure them properly!". Why? Are wireless routers as simple as they could be to set up? Is it unreasonable to assume that the defaults are sane? How about, rather than this current mess, someone adds a way of describing wireless networks, to DHCP. So:

      Average user plugs new router into wall. It auto-generates a WEP (because it's well supported, and so a good default)
    • 6. If you're in a non-poor neighborhood, there are going to be several wireless nets in range of any given spot. Even if Bob Niceguy decides to share his bandwidth and tells his friends it's okay, they might not know which access point is his, and just link up to any random place. ...and if you're living right next to (for example) a coffee shop, you could get a dozen random freeloaders on at any given time who all think it's okay, since the "free wireless" sign is right there for all to see.
    • by Anonymous Coward on Friday July 28, 2006 @05:01PM (#15801970)
      > Problem 1: Your average person is not very tech savvy

      Not my problem. We shouldn't have to work around other people's incompetencies unless legally obligated to do so. As an aside, I think people will eventually become more tech literate as technology is required for more day to day things. At some point wireless will be ubiquitous and consumers will demand security. Perhaps at this point, selling an AP without security on by default will be about as common as selling cars without locks/keys for the ignition.

      > Problem 2: Breaking TOS

      Not my problem. Probability aside, I have no way of knowing if they are breaking their TOS by sharing their internet connection. Even if they are, why would the burden of guilt fall to the person who never agreed to the TOS in the first place?

      > Problem 3: No, seriously... that network isn't open because the guy who owns it reads slashdot and agrees with you.

      Counter example. And I've known other counter examples who don't read slashdot.

      > Problem 4: You can say "if it doesn't hurt his bandwidth usage, it's fine"

      Rationalizations would seem to be irrelevant. It's legal or it isn't.

      > Problem 5: Killing ISPs

      Not my problem. It's not my job to protect someone else's business model. If it were, we'd all be in serious trouble.

      I think there is one and only one question here. Does an open access point imply consent for usage? What if it is a random coffee shop? What if it is a private residence? What if it is a business, a museum, a hotel? What if you don't know the source of a the access point but you are sitting in a coffee shop? What if you are sitting down in a park and on the right is a sign that says free wireless but when you go to connect you find three wireless networks, which ones can you connect to? If you assume consent is not implied by openess, then you greatly restrict the availability of intentionally open wireless networks. Perhaps more importantly, if you make it illegal to access an open AP without human consent, for every one clueless AP owner you "protect", you will criminalize a hundred clueless laptop owners. Furthermore, that protection isn't real protection because it would be virtually unenforceable. The only real protection is the technological security the devices come with.

      Of course, none of these are really legal arguments. As of right now, I don't think anyone knows whether or not access implies consent legally. It has not yet been determined. There have been one or two cases of incidents being prosecuted, but these have not really put much of anything to the test.
    • by vertinox (846076) on Friday July 28, 2006 @06:09PM (#15802495)
      Problem 3: No, seriously, get it through your thick skull - that network isn't open because the guy who owns it reads slashdot and agrees with you. It's open because the guy doesn't know any better. However, his "stupidity" (reality: lack of interest in technology to the degree of yours) does not give you the "right" to steal.

      So if I setup a web server and connect it to the net, leave port 80 wide open, and people connect to this server and read the content on the webpages and maybe download a few pictures... Well... Is that stealing?

      Seriously it is the same thing as what we are doing here with bandwidth if we try to make it a tangible thing.

      Now, if I wanted my web server to be only accessible to myself and I put up an .htaccess page with a firewall that only limits connections from certain IP addresses you can be sure as hell if someone still downloads the webpage that is stealing.

      Why? Because you violated a security measure.

      But you would say "But if I leave my house unlocked and you come in that is still tresspassing!"

      Well... No... Because the internet and the wireless networks is considered open and public by default

      Could you imagine the pain it would be to contact every free wireless operators or web hosts and go "Hey guys... Mind if I use your free service?"

      Just as a web server is on the internet with port 80 anything on the FCC public wireless network is by default considered open and free to use unless you specifically make it so they can't connect.

      Think of it like having an adult webserver that people pay to connect to get that information... Thats fine and dandy and heck... You could do the same with wireless technology so unless you specifically say... "Hey! Don't connect to my network! Provide me some authentification first!" then this is the case.

      Its kind of like running a web server from your cable modem or DSL... Even if you didn't publicly submit the site to Google or even register the DNS for it, if someone connects to an open port 80 then that is not stealing your bandwidth because you are saying "here! have it for free!"
    • by identity0 (77976) on Friday July 28, 2006 @07:30PM (#15802933) Journal
      Okay, I would not have butted in, were it not your use of the word "stealing" to describe people who connect to an open wireless AP. WTF?

      Solution 1: If the guy doesn't care enough to even read the documentation of his AP, most of which are configurable from your webbrowser, then I don't see how he can complain about people connecting to it. It's easy enough that it's described in a little booklet, you do not need a CS or IT degree to do it.

      Solution 2: That is legally true. However, ISP TOSes are really not something I hold with great respect. Most will forbid the use of uploading on P2P even if the content is legal, and I've seen RoadRunner TOSes that said "no servers", which if interpreted strictly enough could mean no dedicated game servers.

      Solution 3: It's pretty funny hearing people complain about "stupid people" running open APs, because the only open wireless APs I've run into were either from FreeGeek, the college, or some Slashdot-reading friends who wanted to share their connections. Yes, believe it or not, there are people who believe in not being assholes about their connection.

      Problem 4: As many as Bob wants to, duh. There is no point in arguing about "how many people" get to connect to Bob's connection, because the more concurrent users you have, the more each person's connection gets slower. It's a self-regulating system, with a maximum usage limit based on Bob's connection speed.

      Solution 5: There will always be a market for ISPs, the only question is how many, and how much do they charge. I would hope that the inefficent, poorly thought out ISPs would go out of business. In your example, if an entire apartment building can be served by one cable modem, there is clearly underutilization of the infrastructure, and the ISP deserves about one household's worth of revenue. Wiring up all the apartments to get them to use the equivalent of one cable modem would be wasteful, excessive infrastructure, just for the purposes of billing more. If the company requires that kind of ineficcency to operate, they should go out of business, and be replaced by either:
        - A more efficent private company with slower individual connections, who will sell to more households
        - A neighborhood co-op with group bandwidth purchases or peering agreement
        - Publicly-owned utility

      I've seen all three kinds work with utilities (gas, water, electric), so I don't see it as unreasonable that an extortionist ISP go out of business.

      Again, if the entire apartment block requires just one cable modem's worth of bandwidth, then that's all they should have to get. Your solution would be like forcing everyone to buy an SUV for their commute, and banning carpooling, because "It's not fair to the auto industry."

      I believe that we should charge by data use, not households served as ISPs do now. I know my water and electric bill are charged by usage, and if I let my neighbors use my hose or electricity, the utility doesn't care as long as I'm willing to foot the bill for their usage.
  • Suppose that you redirect all content requests to an illegal download that is not stored on anything that is associated with you. Who then would be legally at fault? You're doing nothing illegal, its your routing equipment, you can do with it what you damn well please. Is the freeloader suddenly guilty of breaking whatever laws the download or its contents violate?
  • Hypocrisy (Score:5, Insightful)

    by Captain Sarcastic (109765) * on Friday July 28, 2006 @04:14PM (#15801591)

    What bugs me about this is how some people spend time writing up bitingly barbed and highly satirical screeds about the monumental stupidity of common users. "Imagine this bozo trying to set up a home network like he was a real sysadmin," they sneer. "And the whole time he doesn't realize that the brand of router he's using has a vulnerability somewhere deep in the firmware. If I'd been him, I'd have spent more money and more time, but instead this poor sap gets to deal with what his ignorance has unleashed...." and so on, ad nauseam.


    The reason it annoys me is because, when these people are caught piggybacking onto their next-door neighbor's wireless, they then post that "this whole debate is silly, anyway, because the airwaves are free to everybody, and it's unfair to expect someone not to take advantage of such an unexpected bounty, and anyway the neighbor wasn't using that much of it in the first place, and he had it coming for not securing his network...."


    But then again, I guess that's different.


  • You don't want anyone using your wireless network, yet you want to leave it open? I have the perfect solution for you! Enclose your property in a Faraday Cage, and be done with it. Quit griping, quit saying "If this, if that, balh, blah, blah," and DO SOMETHING. Either drop some serious money on having your connection and network set up how you want it and secured how you want it, or don't complain and gripe when someone else accesses your shit. - PERIOD.
  • the bottom line is that the router invites people to connect. That is what it does, that's it's purpose that is why it was designed.

    As for his retard analogy, that was just in poor taste; however as soon as the owner of the property came over and told the other people to leave then they would be obligated to do so.

    And stop light do inform you when it is legal to cross the road.

    He seems to be nuder the impression that 'polite' = 'moral' or 'legal'.
  • by tthomas48 (180798) on Friday July 28, 2006 @04:30PM (#15801721) Homepage
    I live in Austin. There are hundreds of businesses here with free WiFi. The city has free WiFi blanketing downtown. This isn't really a trespass issue. How exactly do you know which networks are free to use without using encryption as a clue? If anything the issue of trespass is only an issue because WiFi is public in much the same way as a large green space and includes no way to provide a "No Trespassing" sign.
  • I have a contract with my provider that in multiple places in the contract/TOS/AUP prohibits me from doing so. Here's one:

    6.c. Multiple Users: The Service and the ______ Equipment shall be used only by you and by members of your immediate household living with you at the same address. You acknowledge that you are executing this Agreement on behalf of all persons who use the ______ Equipment and/or Service by means of the Customer Equipment. You shall have sole responsibility for ensuring that all other us

    • Therefore you should encrypt or MAC-filter your connections, to satisfy your TOS with your ISP.
  • Your ID badge doesn't ask permission to enter your building, and the security system doesn't grant permission; YOU ask for permission by presenting the badge, and your employer grants it by programming said system to accept your request.

    Your laptop doesn't ask permission to enter the network, and the wireless router doesn't grant permission; YOU ask for permission by requesting an IP address, and the network owner grants it by programming said system to accept your request.

    • So if the connection is open, that implies that the OWNER of the connection doesn't mind that you connect.
      Just like advertising you are having a garages sale implies you are inviting people over to look through your stuff. Of course barriers are set up so you don't wander into lother areas. If not a physical barrier, then certianl; a social barrier.
      No such social berriers exist with a computer, so you need a physical barries, like asking for log in.
      Now if someone goes around your barrier, then it is 'wrong'
  • by Guy Harris (3803) <guy@alum.mit.edu> on Friday July 28, 2006 @06:01PM (#15802429)

    Not only does it tweak your neighbor, it also produces a high-pitched whining noise from people who choose to find it offensive to their moral sense.

    One of the best responses to the "But no childish games please." bleat was the note that "Pranks are a big part of the hacker ethic." [slashdot.org] , which indicates that Electroschock's "understanding of hacker ethics" is a bit off. (Note that the prankster explicitly referred to this as an alternative to securing the network [ex-parrot.com]:

    My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun.

    I.e., the network is "open" in the 802.11 sense, but isn't "open" in the sense that he wants people to be able to happily surf normally using his connection, or in the sense that you can expect your traffic through the network to be unmolested at any protocol level. Think of it, if you will, as a form of encryption. Yes, you can choose to view the act of not securing a network at the 802.11 level as an invitation to use the network as you please without any obligation on your part either to compensate the person providing the network or to provide a network others can use. You can also choose to view the act of not locking a bicycle as an invitation to use it as you please without any obligation to return it when you're done, compensate the person providing the bicycle, or provide a bicycle that others can use, but, if you do, in neither case would I take your moral views on that subject very seriously, and I suspect most other people - including, perhaps, even fans of free networks [freenetworks.org] or bicycle-sharing programs - would do so, as moral views of that sort leave some people free of moral constraints on the issue in question.)

    Electroschock's speaking of "P2P" in this context was also a bit off; he said "The net should be a net and wireless technology is great for the creation of a real P2P internet." [slashdot.org] "P" in "P2P" stands for "peer"; unless your neighbors are letting you use their wireless network, what's going on isn't peer-to-peer, it's somebody deciding that they're entitled to your bandwidth but they don't have to provide any bandwidth of their own.

    In an ISP-less world of free networks, I think it'd be inappropriate to muck with the network access of people whose packets happen to be traversing your network if it's part of a free (inter)network. That's not a world people use ISPs to route their packets to the rest of the Intarweb, and in which some people use other people's ISP connections to route their packets to the rest of the Intarweb, however, and that's the world the prankster is speaking of.

It is contrary to reasoning to say that there is a vacuum or space in which there is absolutely nothing. -- Descartes

Working...