Some 12% of Consumers 'Borrow' Unsecured Wi-Fi

alphadogg writes "Despite the fact that it's often considered an illegal act, a sizeable percentage of the UK/US internet-using population 'borrows' unsecured Wi-Fi access. This is according to a study conducted by the group Accenture. 'The Accenture study found that computer users are still engaging in some unsafe computing practices. Nearly half of all respondents said that they used the same password for all of their online accounts, and only a quarter of them have ever encrypted files on their computers.'" My guess is the actual figure is higher than that.

news..

[thermian (1267986)]

This just in:
People on the internet 'steal' stuff they should pay for.

Re:news..

[Hoi Polloi (522990)]

I lost my original reply when my neighbor turned off his wi-fi router. Some people are so rude.

Re:news..

[by Anonymous Coward]

Why can't I use a negligible amount of bandwidth when you are not using it?

The same reason you can't use my car when I'm not using it. I pay for it and I don't want to share with strangers.

Maybe that sounds selfish, but it doesn't matter. If you can't afford your own connection - tough. The internet is a luxury, not an entitlement.

Re:news..

[B'Trey (111263)]

No problem. Don't park your car on the street with the keys in it and with someone standing there offering to open the door to passer-bys who want to go for a ride. If your wireless connection is unsecured and offers DHCP configuration to anyone who wants to join, it's an open invitation. Basic security and MAC filtering are easy to configure. They won't stop a determined or knowledgable hacker, but that isn't the point. Anyone who's hacking in knows they're intruding where they aren't wanted and are committing an illegal act. But if you leave it wide open and the welcome mat out, then don't be surprised if someone makes use of your network.

And don't paint it just like every other car...

[TamMan2000 (578899)]

...in the area.

I set my parents house up with secured wifi 3 years ago... Last year my parents got a new laptop, and went about using wifi. 6 months pass. They get a new printer... I tell them that they can print from their laptop, over the network, and try to talk my dad through setting it up... After much confusion, I realize they are not on the wifi network that I set up for them, but one of their neigbhors...

My parents are smart, they just didn't grow up using computers, and don't think about the kind of things that most slashdot users think about... typical boomers... I bet 12% (or more) of laptop users steal wifi, without even knowing it...

Re:And don't paint it just like every other car...

[ceoyoyo (59147)]

I have a friend who asked me to set up her wireless router. She lives in a big apartment building. So I connect to "Linksys", configure some stuff, turn on encryption, set the password, all good. Disconnect. Connect. What? No encryption? No password? Stupid thing must be broken. Oh well, try again, maybe it will take. Repeat. Four or five times.

Then I took a look down the list of wireless networks in the building. What do you know... I'd just finished encrypting and setting passwords on all the neighbor's wifi. Whoops. ;)

Re:And don't paint it just like every other car...

[TamMan2000 (578899)]

WEP will keep out the non-resourceful and the lazy but that's about it.

Isn't that almost everyone?

Re:news..

[drsquare (530038)]

No problem. Don't park your car on the street with the keys in it

So you're equating wireless theft with grand theft auto? I think that's a bit extreme.

If your wireless connection is unsecured and offers DHCP configuration to anyone who wants to join, it's an open invitation.

No it isn't, no more than my front door opening to anyone who pulls the handle is an open invitation to burgle my house.

Good to see that the entitlement complex is still alive on this site though.

Re:news..

[Naughty Bob (1004174)]

To me stealing Wi-Fi is a bit like stealing a pizza out of somebody's grocery bag. Silly.

Stealing Wi-Fi is not just silly, it's pointless.

I don't know what it's like where you live, but wherever I need to use wireless, I just use that free and ubiquitous 'Belkin 54g' network.

Re:news..

[billcopc (196330)]

This knee-jerk debate always comes down to one thing: broadcasting.

If you leave your front door unlocked, you're probably not standing on the porch yelling "Free house, come and get it!" and handing out name tags. If you do, then you can't turn around and claim the guests were trespassing.

If you install an unsecured Wi-Fi gateway with DHCP, the device is yelling to everyone within 100 meters "Free network, come on in" and handing out IP addresses to any takers. It is _YOUR_ responsibility for leaving it open.

The argument against locking routers down by default, is that it's too complicated for the user. Bullshit! People use locks and keys all the time for their home, car, office, filing cabinet, safe deposit box... all things of value they wouldn't want to have stolen. How is your private, personal network any different ? If you don't want people poking around your shared files and internet access, then put a freakin' lock on the thing.

I have no pity for people who fail at common sense. Just because it plugs in the wall doesn't give you an excuse to be stupid.

Re:news..

[Sancho (17056)]

If you leave your front door unlocked, you're probably not standing on the porch yelling "Free house, come and get it!" and handing out name tags. If you do, then you can't turn around and claim the guests were trespassing.

A better analogy is that you buy a home, but the home builder doesn't tell you that there's an invisible man standing on the porch yelling to people to come on in in a voice too high pitched for you to hear, but that everyone else hears just fine. They put that information in the home's user manual, but hey, who reads those things. You just started using the home, and it kept the rain out, let you plug things in and use them, let you cook your dinner and watch your TV, so you assumed that everything was alright.

Bad analogy? Maybe, but if so, that's because analogies really don't work well in this case.

The argument against locking routers down by default, is that it's too complicated for the user. Bullshit! People use locks and keys all the time for their home, car, office, filing cabinet, safe deposit box... all things of value they wouldn't want to have stolen. How is your private, personal network any different ? If you don't want people poking around your shared files and internet access, then put a freakin' lock on the thing.

Doors and locks have been around for centuries. Ubiquitous computing in the home has been around for a little over a decade, and home networks for even less time. People may eventually get to the point where they can figure these things out, but for now, they're still mystified by the pretty colors on their screen.

I have no pity for people who fail at common sense.

The sad fact is that when many non-techie people start using computers, they simply freeze up. It's something so completely alien to them that they don't function well. Most people don't think about security anyway*, except that security which was explicitly drilled into their heads at a young age (lock the doors, keep your keys and wallet with you, don't leave your drink unattended at a restaurant or bar.) Why would you expect people to suddenly develop "common sense," as you put it, when presented with something alien, when they don't even use "common sense" to notice other insecure infrastructure that they aren't explicitly told about?

*Bruce Schneier recently wrote an article on just this topic--the security mindset isn't a part of most people's thinking. http://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html [schneier.com]

Re:

[mini me (132455)]

In the real world the assumption is that you do not touch someone else's property without permission. However, on the internet the reverse is true. It's assumed that you have permission unless the information uses some type of access control protection.

Should I be required to get consent from VA Linux before I try to access Slashdot? Of course not. So why should I be required to do it when it's my neighbour?

Re:news..

[kestasjk (933987)]

Why can't I use a negligible amount of bandwidth when you are not using it?

The same reason you can't use my car when I'm not using it. I pay for it and I don't want to share with strangers.

I've got a better reason; ISPs factor in the average bandwidth use when deciding prices. If 1/2 the bandwidth used by the average connection was stolen through WiFi the average person's internet bill would double, whether or not he had actually secured his connection.

Re:news..

[Jimmy_B (129296)]

I've got a better reason; ISPs factor in the average bandwidth use when deciding prices. If 1/2 the bandwidth used by the average connection was stolen through WiFi the average person's internet bill would double, whether or not he had actually secured his connection.

No, it wouldn't! Prices would only go up by about 5%. Internet service is not like heating oil or tap water; it doesn't cost more to provide just because you use it more. If everyone suddenly started using twice as much bandwidth, they'd have to upgrade some routers, and that would be it. Routers are cheap. On the other hand, stringing a cable to your house, paying a techie to answer the phone and a lawyer to deal with the town is expensive.

Re:Bandwith is not a car

[spookymonster (238226)]

If I use your bandwidth when you are not, I cant see how that really affects you in any way.

And when my ISP cuts off my service because I've used too much bandwidth this month?

And when the government subpoenas me because someone on my account was browsing child porn sites?

And when the RIAA files suit against me for 'making available' copyrighted material (off of your laptop, of course)?

But if those moral blinders are working for you, hey... who am I to disagree?

Re:

[drsmithy (35869)]

Why can't I use a negligible amount of bandwidth when you are not using it?

Because you have no way of knowing whether or not a) it's a negligible amount of bandwidth and b) I'm using it.

Re:news..

[SatanicPuppy (611928)]

Horseshit.

If I left my money, house, or girlfriend available on your property, I wouldn't really feel like I could complain if you helped yourself...That's what these people are doing. If I have a neighbor whose signal is strong enough to cause interference on my equipment, I feel no qualms about using his service.

If the WAP isn't even trivially secured, then that's an open invitation, same as having an FM radio signal crossing my property is an open invitation to monitor it. If you don't want other people to use it, don't leave it wide open.

Re:news..

[AlterRNow (1215236)]

Note to self:
Don't forget wallet at this persons house or let my girlfriend visit it alone.

:)

Can someone help

[LiquidCoooled (634315)]

I am trying to connect to "Free Public Internet" but its not letting me.
Do I need a password?

Gotta Remember, They're Users

[Toad-san (64810)]

Had a lady bring her laptop into our computer repair shop. "I can't get the Internet any more."

After extensive questioning (using very small words), I determined:

Her expensive laptop worked fine.

Her TCP/IP settings, web browser, etc. all worked just fine.

The wireless components and setup worked just fine.

What was NOT working fine was her neighbor's wireless access point. Apparently that fine fellow had either turned it off, lost his own internet connection, encrypted his WAP, or whatever.

She never knew she was using his connection, connecting to his WAP. She thought that, since the stick-on on her laptop said it had wireless and could reach the internet .. that it was a godz-given fact that, anywhere she went, she'd have internet access.

"But it works on campus."

Sigh .. more explanations.

Half an hour of my life, gone. And I don't even want to think about the brain damage.

Re:Gotta Remember, They're Users

[lena_10326 (1100441)]

Everyone started out as a newbie.

Re:Gotta Remember, They're Users

[scubamage (727538)]

Sadly only a handful ever progress past that point.

Re:

[sm62704 (957197)]

Sadly only a handful ever progress past that point

Is that twenty years' experience, or one year's experience twenty times?

Re:

[D Ninja (825055)]

That is true, but the thing to remember is that everybody is a newbie in something that they interact with day-to-day. Honestly, other than the basics, I couldn't tell you the first thing about how my car works. Living where I do, it's much more convenient to take it into a shop and not worry about it.

Not knowing how to do something doesn't give those people who do the right to look down upon that person. Then again, that's not going to change - everybody wants to feel important. Looking down upon the "

Re:Gotta Remember, They're Users

[PeterKraus (1244558)]

When I started to work at our Laptop shop, I wondered at all those signs "Microsoft Windows is not OFFICE" and "You need a connection to internet with a wireless router to connect to internet wirelessly."

It's half a year later and, yes, people are stupid.

Re:Gotta Remember, They're Users

[sm62704 (957197)]

But you know, I see no reason whatever why the internet shouldn't be at least partly a free, mesh network. Set up all the laptops to be both a client and a server.

Of course, some big multionaltional corporations and their stooges will have hissy fits. Too bad fo rthem, hooray for the rest of us. If I get a laptop, I'll have wifi set up on my desktop, and it will be open. Because I'm not a selfish asshole.

Re:Gotta Remember, They're Users

[Skater (41976)]

From playing with a friend's WinXP laptop over the weekend, I can see how it happens: Windows will automatically connect to any network it can find, even peer-to-peer. I'm sure this behavior can be disabled, but it's probably set up that way by default by the manufacturers to make it easier for users. I realize this is old news to most people, but I don't use WinXP very often and was a bit surprised to see it connect to a peer-to-peer network.

(My laptop has WinXP on it, but it's an older laptop - 4 years - and it uses Atheros software to connect and only attempts to connect to the network I activate. Under Linux, my usual OS, I set up a script for it to connect to the SSID I specify.)

Plus, people do use others access points intentionally - some friends of mine were doing it over the weekend when we were camping at a spot that didn't have any internet access.

And why is this bad?

[Ed Avis (5917)]

When you set up your wireless network you can choose whether to allow open access or not. If the network's owner has specified that anyone can use it, why is it bad to do so? I have my wireless router at home set up for open access and it does me no harm if others use it for occasional web browsing. The only flaw is that many routers don't have a way to prioritize or cap usage so that my work isn't slowed down by other people's Bittorrenting.

Yes, it's sent unencrypted - just like network traffic over those old-fashioned things called wires. We all know to use https and ssh for secure connections anyway.

Re:

[Chabil Ha' (875116)]

It may be against your terms of service for you to open it up. I remember in one of the contracts that I had with an ISP, it was in no uncertain terms, you were not allowed to share your connection with another. Too bad that it's not very enforceable as that was the sole purpose of having the line--to split the outrageous bill.

Re:

[plague3106 (71849)]

No, the network's owner has specified the link isn't encrypted. That has nothing to do with whether or not the owner thinks its ok for YOU to use his network.

Yeah, sounds like fun

[Burz (138833)]

The Upside-Down-Ternet [daniweb.com] (*evil grin*)

no differentiation- regular or intermittent?

[call -151 (230520)]

This is a pretty inane study- there is a huge difference between occasionally looking for an open wireless when away from home to browse and using a neighbor's open wireless as your main pipe. And the comments about identity theft are ridiculous, as most sensible people adjust their browsing/net use when using unknown networks to reflect their uncertainty in its security.

Re:no differentiation- regular or intermittent?

[bcattwoo (737354)]

And the comments about identity theft are ridiculous, as most sensible people adjust their browsing/net use when using unknown networks to reflect their uncertainty in its security.

Great, now how many internet users fall under the category of "sensible people"? Given the number of people I see on the internet that are unaware of simple things like when and if they will get that "tax rebate", I suspect the number that realize their vulnerability when borrowing someone else's connection to be rather low.

Ideally, no one really cares.

[EricR86 (1144023)]

But if they start borrowing and eating your already limited bandwidth and start choking your connection. Then just use some form of encryption and be done with it (AES).

It doesn't really matter whether or not it's illegal, they put themselves at risk if they transmit wireless on an unencrypted connection

WTF?

[glwtta (532858)]

Where exactly is this "considered an illegal act"?

How the hell do you "consider" something to be illegal? It either is, or isn't.

How the hell is 12% a "sizeable percentage"?

Someone's really trying hard to make an article out of nothing.

Re:WTF?

[BrotherBeal (1100283)]

Someone's really trying hard to make an article out of nothing.

Just wait a while and the editors will make two.

In other news...

[wik (10258)]

Zonk doesn't read past the headline.

Not surprised

[GameboyRMH (1153867)]

I have a Speedstream 6-series-something (6200?) router, and it has this problem where if you disable the wireless, you have to do a hard reset to enable it again. Long story short I was running an open wireless network for a while, and there was never less than two leechers on the network, in a well-spaced neighborhood full of old people in a third world country. I'd hate to see what would happen to an open wireless network in a crowded metropolis.

Other interesting fact: Me and a friend were wardriving with just a regular laptop, no special antennae, speeding down the highway, and we picked up a LOT of networks, often with a good signal. Some of these were in places with no buildings in sight. When I get a working laptop again I plan to implement a setup that leeches off open networks as I drive (mainly for a Google Earth-based navigation system, anything sensitive will either have to be encrypted or left out), and I have no doubt it will work nicely.

MORE than half use the same password...

[rdhatch (1253652)]

"Nearly half of all respondents said that they used the same password for all of their online accounts..." I have statistical evidence (sample size of a little over 5000) that proves that says that the percentage is MUCH higher...more like 80-85%. We talk all the time about privacy, net security, identity theft, etc., but this something that is VERY often overlooked. There are many LAMP projects out there (mostly put together by high schoolers or ambitious university freshmen) that collect an email and a password for their own user authentication and then don't encrypt their users' passwords in database. Dishonest 15 year-old admin + one select query on his own database and then approx 80% of the time you have access to the users' email account. From there, the sky's the limit. Online banking, university login accounts, etc. Troubling to say the least. We need a LOT more education of stupid kids that don't know how to encrypt passwords safely in their DB. Furthermore, we need to remember good old fashion ethics in this stuff.

But you get permission every time

[by Anonymous Coward]

It always seemed odd to me that this was illegal, when in reality you are asking for and getting permission. That is, as everyone here would know, your laptop (for example) has to ask the wireless router for permission to connect. The router then grants permission and allocates an IP, all within its normal operating process (i.e., no trickery or hacking involved). It is not a passive process, like, say, entering an unlocked home, in which the house is passively exploited.

Warned my neighbour

[scsirob (246572)]

I came across an unsecured network with strong signal a while ago. Turned out to be someone across the street. They had 4 Windows systems attached, with C: drives shared, unprotected. I also found a shared printer on their network.

I warned them by printing a page on that shared printer, identifying myself and describing the problem. Next day the access point was secure..

Same password = throwaway stuff

[fotbr (855184)]

I'm guilty of using the same password on a lot things online. Several forums, throwaway email addresses, "register to read the rest of this article" news sites, etc. Basically, the stuff I don't really care about, and I don't give two hoots if it gets h4x0r3d.

I don't particularly see that as an "unsafe" practice, since none of it really matters.

Things I actually care about (personal email, anything work related, etc) get real passwords, and things that can really cause problems (banking, etc) don't get done via the internet at all.

In an apartment.

[WaltherPPK (1267864)]

Living in an apartment, I was actually surprised with the opposite. It appears that there are 20 or so wireless networks with good signal strength in range, and I am in a corner of the building. However, there is not a single network that isn't using some form of encryption. I don't know if this is typical, but all the supposed luddites living in this building (a combination of college/university age couples and 50+ year old singles) have obviously figured their wireless routers out.

The other premise upon which people base a lot of paranoia regarding network and personal computer security is the assumption that they possess something worth stealing. There are many effective credit card fraud methods in use that don't require any sort of computer exploitation, but rather involve "social engineering." What other information does the average person have on his PC that is of value? Of course I would be disturbed if somebody managed to obtain my entire photograph library, but that is of so little value to somebody else, I doubt very much that any significant effort would be put towards obtaining it.

For fun

[scubamage (727538)]

For fun, go to a local mall and turn on a wifi sniffer of your choice. Our local podunk mall had no less than 30 unsecured wireless networks, almost all for stores which held servers with financial data. And thats what I found with a smartphone using totalcommander and wififofum.

Re:

[rrkap (634128)]

It's funny, when I moved to my new apartment complex I could see about 40 wireless networks and every one of them was secure. I think that secure networks are becoming more common as the cable and DSL modems with built in wireless access that they provide come secure by default.

Nearly half of all respondents said that they used

[sm62704 (957197)]

Nearly half of all respondents said that they used the same password for all of their online accounts

Like newspaper registrations? Rather than bother with bugmenot, I just register using bogus data. My password is 111111. Because I really don't give a shit about a newspaper registration. It has nothing whatever to do with security. The Chicago Tribune has no CC#s, SS#s or any other real, personally identifiable information about me; I don't even know why they bother.

Yet this is somehow deemed a "Security risk." And I don't send encrypted data; if it's sensitive information I'll send it snail mail.

Redundancy/Backup Access

[Kozar_The_Malignant (738483)]

I live in a townhouse community, and I can pick up seven wireless networks besides mine. Of those, two are secured. When my Comcast is out, it's nice to have some backup access through one of my neighbors' DSL or satellite service. I don't abuse it, but I do connect for a quick POP mail check or such. I wouldn't dream of doing anything financial over such a link.

Re:

[plague3106 (71849)]

Trespass is trespass, whether the gate is open or not.

Re:

[SatanicPuppy (611928)]

Blah blah blah. If I go down town for lunch with my laptop, and I open it up and see that there are a dozen available wireless connections, am I forbidden from using them. How about if I know that most of the downtown restaurants offer free wireless?

This is the case where I live, but it ain't all that savvy a town, so a lot of the points aren't well labeled. I can guess that the strongest wireless signal is from the restaurant I'm in, but it could be from one of the dozen loft apartments on the second floor

Re:

[Chris Mattern (191822)]

Um, if the cable service is so much better, why don't you get it yourself? I can't believe the cable company told you, "No, that's one floor further up, we don't run coax up there."