Posted on 01/07/2008 10:46:22 AM PST by SubGeniusX
Network security firm Sophos recently published a study on what it terms WiFi "piggybacking," or logging on to someone's open 802.11b/g/n network without their knowledge or permission. According to the company's study, which was carried out on behalf of The Times, 54 percent of the respondents have gone WiFi freeloading, or as Sophos put it, "admitted breaking the law [in the UK]."
Amazingly, accessing an unsecured, wide-open WiFi network without permission is illegal in some places, and not just in the UK. An Illinois man was arrested and fined $250 in 2006 for using an open network without permission, while a Michigan man who parked his car in front of a café and snarfed its free WiFi was charged this past May with "Fraudulent access to computers, computer systems, and computer networks." On top of that, it's common to read stories about WiFi "stealing" in the mainstream media.
It's time to put an end to this silliness. Using an open WiFi network is no more "stealing" than is listening to the radio or watching TV using the old rabbit ears. If the WiFi waves come to you and can be accessed without hacking, there should be no question that such access is legal and morally OK. If your neighbor runs his sprinkler and accidentally waters your yard, do you owe him money? Have you done something wrong? Have you ripped off the water company? Of course not. So why is it that when it comes to WiFi, people start talking about theft?
The issue is going to come to a head soon because more and more consumer electronics devices are WiFi-enabled, and many of them, including Apple's iPhone and most Skype phones we've used, come ready out of the box to auto-connect to open WiFi networks. Furthermore, as laptop sales continue to grow even beyond desktops, the use of open WiFi is only going to grow along with it.
Steal this WiFi connection!
When you steal something, there's typically a victim. With WiFi, Sophos thinks the ISPs are the victims. "Stealing WiFi Internet access may feel like a victimless crime, but it deprives ISPs of revenue," according to Sophos' senior technology consultant Graham Cluley. Furthermore, "if you've hopped onto your next door neighbors' wireless broadband connection to illegally download movies and music from the 'Net, chances are that you are also slowing down their Internet access and impacting on their download limit." In Sophos' view, then, both ISPs and everyday subscribers can be victims.
In one fell swoop, "stealing WiFi" gets mentioned in the same breath as "illegally" downloading movies and music. The fact is, people join open WiFis for all manner of reasons: to check e-mail, surf the web, look up directions to some place, etc. Those don't sound like nefarious activities, however, and certainly not activities which are likely to get someone in trouble. Of course if you run an open WAP (wireless access point) and it is heavily used for just e-mail, you could still hit your bandwidth cap (if you even have one), but that has to happen only once for that user to figure out what's up, and fix the problem. And let's be honest: it is their problem. No one forced that user to install a WAP or to leave it wide open. We'll get back to this in a minute.
The argument that using open WiFi networks deprives ISPs of significant revenue is also a red herring. Take the case of public WiFi hotspots: official hotspots aren't that difficult to find in major cities—every public library in Chicago has open WiFi, for instance. Are the public libraries and the countless other free hotspot providers helping defraud ISPs? No, they're not. There's no law that using the Internet requires payment of a fee to an ISP, and the myriad public hotspots prove this.
Really, there's only one time when you could argue that an ISP is being gypped, and that's when someone is repeatedly using his neighbor's open WiFi in lieu of paying for his own service. Is this really wrong? Let's consider some parallel examples. If the man in question were given a key and told that he could enter his neighbor's house whenever he wanted to use a PC to access the Internet, would this be wrong? Of course not. They key here (pun intended) is the "permission" given by the owner of the home. Our leeching friend would clearly be in the wrong if he were breaking into the house, of course, because he would be sidestepping something clearly set up to keep him out. If he has permission, I suppose one could argue that it's still not right, but you won't find a court that will punish such a person, nor will you find too many people thrilled at the idea that someone else can tell them who they can and can't allow into their homes for what purposes.
Some people leave their wireless access points wide open deliberately. A friend of mine and recent seminary graduate lived in a campus-owned apartment building. In addition to being a man of the cloth, Peter is a longtime Linux user and open-source advocate. While living here in Chicago, he got his DSL from Speakeasy and shared the connection with others in his building... and anyone else who needed a quick Internet fix (Speakeasy even encouraged this). He even positioned his router so that anyone in the church across the street could pick up a signal. Obviously, not everyone is like Peter. But despite easy-to-read instructions and a plethora of warnings about the need to secure your WAP, some people just can't be bothered to enable the most basic security settings.
To the person with a laptop and a sudden need to check e-mail or surf the web, it's not possible to tell who is leaving their access points open deliberately and who just plain doesn't care. The access point is there and the virtual doors are unlocked, so why not take advantage of it if you're in need?
A couple of caveats: be familiar with the law of the land. As the examples at the beginning of this story show, it's illegal to access a WAP without permission—even if it's wide open—in some places. Also, you should never use an open point for anything illegal or even unneighborly. Don't log onto the first "linksys" WAP you see and fire up a torrent for your favorite, just-released Linux distro.
And as always, don't leave your own 802.11b/g/n router wide open unless you're comfortable with random surfers using your 'Net access for their own purposes.
Open WiFi is clearly here to stay.
Shouldn't we handcuff air for improperly transmitting music?
Anyways, it’s almost all done. Over. Fini.
Google is buying the old over the air TV spectrum from the FCC. Around 4.5 billion dollars.
Next five years, everything will be a data cloud, on line, networked out there, some where.
You won’t be able to tell where your phone starts and your computer ends.
Anyways, until then, lay low, move often, have others pick up your mail. Leave chalk marks on telephone poles. Avoid dark stairwells and small midgets gangs.
Bruce Schneier, one of the world’s most famous cryptographers, wrote an RC2-cracking screen saver. (The original WEP is based on RC2.)
Actually...
As a ham radio operator, I can operate WiFi at higher power levels than the normal routers come with, and I can NOT use encryption to prevent others from using the system.
(I COULD lock out all but my given MAC addresses, and there are a few other things I can do)....But I MUST ID my wifi with my callsign for connection and identification purposes.
So, theoretically, if I open mine up like that for Ham use, I can’t BLOCK it (to other hams) and I can’t encrypt it to prevent NON hams from using it (if they can get in).
That’s in the FCC regs. So, it isn’t stealing if I leave my stuff open. On the other hand if I leave my car unlocked and someone takes the car, then... it’s a stolen vehicle.
Are you the type that folds toilet paper four times before using it?
I am out of my league here, as I have never had a laptop and never used a WiFi connection, but there are many WiFi
systems set up to serve the public at large.
How is one to know which is which?
Here in Bratislava, many cafes advertise free WiFi, and in the same block, the city offers Wifi in the center square.
I see as many as 15 users on park benches with laptops.
I assume that one’s private WiFi can be secured so it should be up to the owner of the network to secure it.
If a neighbor shoots fireworks on the 4th of July, is it against the law for me to watch?
Not really..
Using commercially available encryption schemes or MAC Filtering will secure your network from the vast majority of would-be pilferers but it is no more a guarantee of security than is say, locking your car and setting a car alarm, that your car won't be stolen.
Any hacker worth his salt can break WEP or WPA encrpytion schemes within a few minutes.
You made my morning, darlin’ - thanks!
It’s really hard to know what the state of the law is, isn’t it. I’m in my car, checking Safari (no, not driving, honest) and I get router options for the WiFi. It’s confusing. I just want to check something - maps, weather, quick peek at current Freeper headlines! But, of course, I want to keep things correct - I don’t want my neighbors’ connections to suffer because my iPhone latches onto their WiFi connect.
I have no idea how that works, as a matter of fact. When it prompts it - there are some WiFi options that have what looks like a little “lock” and all ask me for a password. However, they put me through without it.
Don't ever leave your house unlocked , I might just help myself, after all, it's not really stealing, is it?
This could all be fixed with small, simple steps. The government and law-enforcement should not be wasting time and money on this.
jw
“...if you leave your front door accidentally unlocked, you should not complain when your stuff is stolen.”
I don’t think that’s an apt analogy. It’s more like - if you throw 10,000 pennies up in the air and they scatter in all directions and fall into others’ backyards, don’t complain if they get picked up.
The owner of the wireless router is transmitting. So, if anyone is trespasssing first, it’s him. But these analogies from the world of physical property and physical access just don’t work that well for the issues surrounding intellectual property, information assets, bandwidth, etc...
re:#31
ditto
Packets destined for your particular router are for all users of that router’s subnet and are addressed to the router. The packets contain your individual machine’s MAC address, though, so assuming no black hat shenanigans sorting router traffic by machine is trivial.
How about I just piggyback on your cellphone account and use your minutes instead of mine?
That works for me if you have no problem with other people hi-jacking your paid-for communications transmission services.
Thanks, What’s your number?
Great point. Some people seem to assume two things.
1. The wifi hotspot owner doesn’t want you to use it.
2. Using it has caused the owner some harm.
These two conditions are by no means universal. It’s ISPs that really have an interest in creating this new ‘crime’ and then cracking down on it.
WPA encryption weaknesses rest in weak passwords, not in the inherent security of WPA.
A person actually owns the house, but no one owns the medium that wi-fi travels through.
It would seem to me it is covered under the 1930’s laws that the airways are free and belong to the people on receive mode only. When you broadcast out it might be different.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.