Let others STEAL your internet ,do not encrypt it!


#1

My Open Wireless Network

Bruce Schneier

Whenever I talk or write about my own security setup, the one thing that surprises people -- and attracts the most criticism -- is the fact that I run an open wireless network at home. There's no password. There's no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

To me, it's basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea. But to some observers, it's both wrong and dangerous.

I'm told that uninvited strangers may sit in their cars in front of my house, and use my network to send spam, eavesdrop on my passwords, and upload and download everything from pirated movies to child pornography. As a result, I risk all sorts of bad things happening to me, from seeing my IP address blacklisted to having the police crash through my door.

While this is technically true, I don't think it's much of a risk. I can count five open wireless networks in coffee shops within a mile of my house, and any potential spammer is far more likely to sit in a warm room with a cup of coffee and a scone than in a cold car outside my house. And yes, if someone did commit a crime using my network the police might visit, but what better defense is there than the fact that I have an open wireless network? If I enabled wireless security on my network and someone hacked it, I would have a far harder time proving my innocence.

This is not to say that the new wireless security protocol, WPA, isn't very good. It is. But there are going to be security flaws in it; there always are.

I spoke to several lawyers about this, and in their lawyerly way they outlined several other risks with leaving your network open.

While none thought you could be successfully prosecuted just because someone else used your network to commit a crime, any investigation could be time-consuming and expensive. You might have your computer equipment seized, and if you have any contraband of your own on your machine, it could be a delicate situation. Also, prosecutors aren't always the most technically savvy bunch, and you might end up being charged despite your innocence. The lawyers I spoke with say most defense attorneys will advise you to reach a plea agreement rather than risk going to trial on child-pornography charges.

In a less far-fetched scenario, the Recording Industry Association of America is known to sue copyright infringers based on nothing more than an IP address. The accuser's chance of winning is higher than in a criminal case, because in civil litigation the burden of proof is lower. And again, lawyers argue that even if you win it's not worth the risk or expense, and that you should settle and pay a few thousand dollars.

I remain unconvinced of this threat, though. The RIAA has conducted about 26,000 lawsuits, and there are more than 15 million music downloaders. Mark Mulligan of Jupiter Research said it best: "If you're a file sharer, you know that the likelihood of you being caught is very similar to that of being hit by an asteroid."

I'm also unmoved by those who say I'm putting my own data at risk, because hackers might park in front of my house, log on to my open network and eavesdrop on my internet traffic or break into my computers. This is true, but my computers are much more at risk when I use them on wireless networks in airports, coffee shops and other public places. If I configure my computer to be secure regardless of the network it's on, then it simply doesn't matter. And if my computer isn't secure on a public network, securing my own network isn't going to reduce my risk very much.

Yes, computer security is hard. But if your computers leave your house, you have to solve it anyway. And any solution will apply to your desktop machines as well.

Finally, critics say someone might steal bandwidth from me. Despite isolated court rulings that this is illegal, my feeling is that they're welcome to it. I really don't mind if neighbors use my wireless network when they need it, and I've heard several stories of people who have been rescued from connectivity emergencies by open wireless networks in the neighborhood.

Similarly, I appreciate an open network when I am otherwise without bandwidth. If someone were using my network to the point that it affected my own traffic or if some neighbor kid was dinking around, I might want to do something about it; but as long as we're all polite, why should this concern me? Pay it forward, I say.

Certainly this does concern ISPs. Running an open wireless network will often violate your terms of service. But despite the occasional cease-and-desist letter and providers getting pissy at people who exceed some secret bandwidth limit, this isn't a big risk either. The worst that will happen to you is that you'll have to find a new ISP.

A company called Fon has an interesting approach to this problem. Fon wireless access points have two wireless networks: a secure one for you, and an open one for everyone else. You can configure your open network in either "Bill" or "Linus" mode: In the former, people pay you to use your network, and you have to pay to use any other Fon wireless network. In Linus mode, anyone can use your network, and you can use any other Fon wireless network for free. It's a really clever idea.

Security is always a trade-off. I know people who rarely lock their front door, who drive in the rain (and, while using a cell phone) and who talk to strangers. In my opinion, securing my wireless network isn't worth it. And I appreciate everyone else who keeps an open wireless network, including all the coffee shops, bars and libraries I have visited in the past, the Dayton International Airport where I started writing this and the Four Points Sheraton where I finished. You all make the world a better place.

This essay originally appeared on Wired.com, and has since generated a lot of controversy. There's a Slashdot thread. And here are three opposing essays and three supporting essays. Presumably there will be a lot of back and forth in the comments section here as well.

http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

http://www.wired.com/politics/security/commentary/securitymatters/2008/01/securitymatters_0110

http://www.boingboing.net/2008/01/10/why-its-good-to-leav.html


#2

I have had a wireless router for years, and it was always unencrypted, I have no issue with other people using it - than a neighbour shifted in with kids who were downloading stuff all day, making the internet unusable for me!

So I was forced to encrypt it, to kick them off.


#3

i am running 3 wireless networks and 2 of them are not encrypted and unsecure,no problem so far,systems on the networks are all patched running updated antiviruses and firewalls

every one should secure their systems rather then encrypting and securing their networks.Wifi should be free,let others steal your internet! more and more use of wifi enable devices(wifi laptops,wifi mobiles,iphones,ipod touch,nokia n,e series) is increasingly becoming a norm


#4

another related article although written in 2005 but still useful

Wi-Fi should be free

By Rafe Needleman

I'm writing this column from the cute Wall Street Cafe in Grass Valley, California, where I've come with my wife for a working weekend (she's playing a concert, I'm catching up on e-mail). The cafe staff is charming, the coffee is excellent, the place is nearly deserted on this Sunday morning, and best of all, the wireless access is free and fast.

Grass Valley is a town of 11,000 people. There's some tech business here but also a lot of retirees and a steady stream of tourists. In other words, it is hardly a high-tech mecca. Yet this little cafe offers free Wi-Fi, an amenity that even the most high-end, technically advanced cities don't offer, and one that many ultraexpensive locations make you pay extra for.

For example, a few weeks ago, on a business trip that landed me in a superlux resort hotel in Arizona, I found myself paying $15 a day for in-room network access, in a room that already cost $335 a night. That's just ridiculous.

And in an ironic twist, a month before that, I was reading a newspaper in the jurors' waiting room in the San Francisco courthouse, across the street from City Hall. I saw an article about how Mayor Gavin Newsom was pledging to bring free Wi-Fi to the city center. But sitting on the table in front of me were instructions for connecting to Wi-Fi in the waiting room--at $9.95 a day.

I could go on with the list of Wi-Fi injustices visited upon us. And that's the problem. While in some places Wi-Fi is treated as an amenity--like air conditioning or indoor plumbing--in other locations it's seen as a luxury. Ultimately, I believe the market will correct this, and Wi-Fi will be free--as it is in my house, in the CNET offices (even for visitors), and in the Wall Street Cafe. But as a person who travels with a laptop a lot and who doesn't like paying multiple dollars per minute for Wi-Fi, I need to accelerate this move. I think we all do. Here's what we can do to help.

1. Make Wi-Fi free where you can

In your workplace--even in your house--open up Wi-Fi access to visitors. It's a nice thing to offer, and your guests might find it useful. And free Wi-Fi doesn't mean totally unsecured Wi-Fi, either. For example, you can get a Wi-Fi access point, such as the D-Link DSA-3100, that lets you offer a portion of your broadband bandwidth to visitors, while locking them out of the rest of your network.

The more free Wi-Fi there is, the less we'll need paid services.

2. Don't patronize places that make you pay

Or if you must, at least complain loudly about it. Cafes, hotels, and other businesses that make you pay for Wi-Fi are missing the point. Wireless access is incredibly cheap to offer, so trying to gouge customers and visitors for access is just mean.

Yes, hotel owners, I understand that you're trying to make up for revenue lost from your usurious telephone charges, now that everyone uses cell phones for all their calls. But come on, those fees were ridiculous, too. When your guests pay for a room, the idea is that they are paying for the infrastructure. Try charging them for running water, air conditioning, or clean sheets and see what happens.

3. Where there's paid Wi-Fi, look elsewhere for free solutions

Many businesses that offer paid Wi-Fi exist in Wi-Fi-dense environments where there might just be a free signal nearby. Get a good Wi-Fi signal scanner (I use Netstumbler) to find open access points. The signal might not be as strong as the one on the cafe's ceiling, but at least you won't have to pay through the nose to use it.

Note that if you use unknown access points, you really need a good software firewall, such as our Editors' Choice pick from Trend Micro. You can also learn more about firewalls in our course, Firewall Basics.

4. Get political

Wi-Fi may soon be supplied by your local municipality. There are strong arguments for and against this proposition. Not surprisingly, local phone companies oppose it, while some city officials feel it's as crucial to an economy's growth as good roads. If you feel strongly about it, educate yourself on the issues (I recommend Muniwireless.com and the Muni Wi-Fi section of Wi-Fi Net News) and take action. Send e-mail--but not from a paid Wi-Fi location.

Wi-Fi has value, but that doesn't mean we should pay through the nose for it. It's up to all of us to help make it ubiquitous.

http://reviews.cnet.com/4520-3000_7-6212563-1.html


#5

I believe the prevalence of wireless devices also plays a part in all of this. I once stood at Islamabad International Airport and turned on my cell phone's bluetooth connection searching for anyone around with his/her bluetooth device on. I found none.

Compare this to a railway station (I can't recall the name right now) in London, UK (from where those Eurostar (?) trains between Britain and France arrive and leave) where I turned my cell phone's bluetooth connection on and searched for any nearby bluetooth devices. I got a list of 35 devices and the search was still going on with more devices being reported before I just quit the search.

In my current neighborhood, there are only two visible wireless wi-fi networks. One is in some office adjacent to my house and the other is mine. Currently, my wireless network is encrypted with WPA2 which is the best available on my particular router. It is not that I worry for external access to my network but for me, it is just a safety precaution for the sake of it. I have been a part of an information security research group at my uni so I am rather conscious about such things.

The crux is that while ignorance might seem safe, it is not guaranteed to be safe.


#6

Thats just ridiculous. Why would you want to do that? Its not considered hospitality, its considered stupidity, and the person stealing your internet would be thinking that exact thing.


#7

^but didn't you red, the title of the topic is "wifi should be free". i guess writer finds this way as the easy and effective way to provide free wifi and it wont be consider stealing if you already know about it. BUT the most obvious downside is the security of your data and you have to be pretty careless to trust others who will be using your bandwidth, other than this reason i think both writer have some solid points.


#8

^ I wasn't focusing on the 'stealing' part. I was saying that sharing free internet is not a smart thing to do, and other people won't use it with an appreciative attitude. They'll think you're stupid, and abuse it till you encrypt your signal.


#9

hey if some goody two-shoes wants to share his/her internet great...

Just don't expect me to do it...after all I am a selfish and greedy Windows user :D

[quote=", post:, topic:"]
The more free Wi-Fi there is, the less we'll need paid services.
[/quote]

no kidding lol...


#10

[quote=", post:, topic:"]

i am running 3 wireless networks and 2 of them are not encrypted and unsecure,no problem so far,systems on the networks are all patched running updated antiviruses and firewalls

every one should secure their systems rather then encrypting and securing their networks.Wifi should be free,let others steal your internet! more and more use of wifi enable devices(wifi laptops,wifi mobiles,iphones,ipod touch,nokia n,e series) is increasingly becoming a norm

[/quote]

I agree, what I want to do is have a smarter router, to which you can connect in both encrypted and unencrypted mode - the authenticated user gets faster service, while the free ones get limited bandwidth.


#11

^^

thts a nice idea


#12

[quote=", post:, topic:"]

Thats just ridiculous. Why would you want to do that? Its not considered hospitality, its considered stupidity, and the person stealing your internet would be thinking that exact thing.
[/quote]

why would I share my internet connection?

if you want wifi to be free ask the government to deploy it everywhere for public use :D


#13

#14

maybe this article is written by someone who uses his neighbor's connection and his neighbor restricted it :D


#15

man i pay for my connection unless other ppl give me money to use the connection they have no right to use it

and that 2 free!!!!!


#16

Wifi should be free, fine but don't make free through us end users. Start some initiative through shops i.e. Coffee shops, book shops, restaurants, airports etc. who can afford all that; not me...


#17

[quote=", post:, topic:"]

Wifi should be free, fine but don’t make free through us end users. Start some initiative through shops i.e. Coffee shops, book shops, restaurants, airports etc. who can afford all that; not me…
[/quote]

Yeah!


#18

I can see the idea behind what he's saying, but I guess I'm not ready to be a pioneer in this regard.

Internet should be 'freely' available to everyone, but opening up private home networks isn't the right thing to do in my opinion - mainly because, like I said, only in Utopia would it not be abused.

[quote=", post:, topic:"]
Wifi should be free, fine but don't make free through us end users. Start some initiative through shops i.e. Coffee shops, book shops, restaurants, airports etc. who can afford all that; not me...
[/quote]

Exactly!

Bruce Schneier is a security guru so I guess he has the know-how to deal with anyone who's trying to mess with this network! :lol:


#19

Meh, although I doubt there are people sniffing or using my network due to the distances and construction styles of housing in my area, i still utilize WPA security between devices and between routers even though there is a slight performance hit. Last thing you want it someone sniffing your packets and getting access to your online banking credentials...


#20

About the first article. The author has basically outlined half a dozen reasons why it shouldn't be an open network and still he keeps it open? What a dumb ass.

Let me add just one more reason. Internet access is expensive. It may not be so for the author but it is expensive in Pakistan. So its anything but free.