Confessions of a Wi-Fi Thief 849
Michelle Shildkret from Time wrote in to tell us about a story about "the ethics of stealing Wi-Fi. Many of us been guilty of the same crime at one point or another — according to the article, 53% of us at least. But how guilty do we really feel? As it is officially a crime to steal wi-fi (Title 18, Part 1, Chapter 47 of the United States Code, which covers anybody who 'intentionally accesses a computer without authorization or exceeds authorized access')."
Not a thief (Score:5, Insightful)
Then, I have never stolen WiFi. I have never accessed without authorization; as I have never cracked a WEP or WPA password scheme.
Everytime I use an available wireless network, I instruct my computer to ask for permission to connect to the router and enter to the wireless network. And most of the time the router gives me such permit and assigns my router an IP. When it does not happen, then I assume the owner has instructed the router to give permission to specific machines (as in, machines with a specific MAC adddress) and hence I do not use such networks.
Seriously, someone must create an interface in which a person is able to send the commands manually to the router (like the AT commants in a modem) to ask for connection permission (i.e., DHCP protocol). That way, when you are in court, you could use that program along the court's wifi to show them how you are indeed asking for permission and the software is granting you the permission.
Re:Not a thief (Score:5, Insightful)
Re:Not a thief (Score:5, Funny)
Re:Not a thief (Score:5, Funny)
Re:Not a thief (Score:5, Funny)
Re:Not a thief (Score:5, Funny)
Re:Not a thief (Score:5, Funny)
Re: (Score:3, Funny)
Re:Not a thief (Score:5, Funny)
Re:You forgot to add... (Score:5, Funny)
Pedant? (Score:3, Insightful)
Pedant.... Pedant.... pedant.pedant.pedant...
Re: (Score:3)
Re:Not a thief (Score:4, Interesting)
Re:Not a thief (Score:4, Insightful)
Reasonable? If every person required one new IP address every millisecond it would still take 1.58444 x 10^18 years to exhaust them.
And I meant it jokingly here. IMO IPv6 gets it right by setting a very unreasonable (-ly high) limit. But, since you didn't laugh, I have to be serious now.
With developments today, I wouldn't be surprised if someone finds a reason to consume huge swaths of IP addresses rapidly. Maybe not by assigning every RFID tag a unique IPv6 address, but who knows how many may actually be in a single product. Or maybe, taking your figure of 5x10^28 IP addresses per person, that's a big address space in which to randomly route packets to prevent their reassembly by an outside party. You may just have to do that to protect your privacy against the ubiquitous microscopic self-replicating cameras floating around everywhere like grains of dust, each with their own IP addresses as well.
There's another phrase, I think it goes, "Programs will expand to fill available memory." If you give a huge space for IP addresses, expect IP assignments to grow to fill that address space. Even to waste it by doing sparse allocation.
There are programmers out there today that think not consuming a processor 100% all the time is a waste of processing power, so they write wastefully inefficient code all the time to utilize the processor all the time, ignoring the needs of other concurrent proceses.
Re: (Score:3, Insightful)
Since nothing was bolted to your floor, I proceeded to help myself to your TV and associated A/V equipment, your PVR, your Playstation 3, and your Wii. Additionally, your study door similarly allowed me to enter your study, where I noticed some computer equipment that wasn't chained to the desk, so I left with that, too.
Since your doors granted me permiss
Re:Not a thief (Score:5, Interesting)
Now, if you use an open network, you only use bandwidth temporarily. If you leave the network, the bandwidth will still be there. So it's more like entering an unlocked house to take a sip from the faucet. The only crime committed is that you didn't pay for bottled water.
Re:Not a thief (Score:5, Insightful)
Re: (Score:3, Insightful)
I wonder if there's a case there for high population areas where there are lots of wifi signals... There are only 14 channels, 3 of which don't overlap... Can you sue for interference? (not that I'm sue happy, just curious..)
Re: (Score:3, Informative)
Re:Not a thief (Score:4, Informative)
Re:Not a thief (Score:5, Insightful)
Except that you didn't enter any house. Your neighbour is transmitting their open-access signal into your own house for you to use. Your analogy is therefore broken.
Re:Not a thief (Score:5, Insightful)
The WiFi, if not secured, is simply private space because there is no sign that prohibits trespassing. Why the hell should I be a criminal if someone penetrates my apartment with WiFi signals that are not secured by password?
By breaking through the encryption, you're obviously doing something criminal. But that's something entirely different, too..
Re:If you really want to pick up this analogy and (Score:5, Funny)
Indeed. I think there may be no way at all to differentiate between a router left open deliberately and one left open purposefully.
Indeed (Score:3, Interesting)
Re:Not a thief (Score:5, Insightful)
That could presumably be false if whoever is paying for the service pays for a limit GB/month allowance
Re:Not a thief (Score:5, Interesting)
Correct. Burglary is the act of breaking AND entering AND committing theft (logical AND; all three must happen). Theft is the intention to permanently deprive someone of physical property. Since accessing open WiFi does not involve depriving someone of physical property (neither permanent nor temporary), it is neither theft nor burglary.
Fraud covers many crimes such as obtaining goods or services through deception. Since there was no deception, there was no fraud.
A door does not reply with a message granting me access; the fact that it is open, closed, locked, unlocked, slightly ajar or otherwise is legally irrelevant - the important thing with burglary is that you had to break something to gain entry and then take something without permission, with no intention of giving it back.
An open WiFi router does specifically reply with a message granting me permission. The fact that it uses a particular protocol or particular encryption is legally irrelevent - the important thing is that it replied back with a message specifically granting me permission. Users are authorised.
(Declaration of interest: I run a deliberately open WiFi hotspot [framptoncottages.com] - albeit heavily firewalled and bandwidth-throttled. )
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
What do you mean you don't have an unlimited gasoline supply? You pay per gallon? What?
Satellite internet providers will throttle a user down siginificantly if their use exceeds so many GB per month. By using their wireless network, you are consuming bandwidth they pay for and causing them to be throttled when they might not be if you hadn't connected. Not to m
Re:Not a thief (Score:5, Insightful)
Did you check your email this morning? If so, did you call up Google or Yahoo or your ISP or whoever provides it and ask them if you had permission to connect to their server?
Did you call the person hosting TFA before clicking on the link asking if you had permission to access their server?
Of course not. That's preposterous. Because the nature of a computer network is DEFAULT ALLOW. If it were not, the internet as we know it today would be impossible. Quite literally, the fact that I _can_ connect to a webserver makes it okay. The fact that I _can_ connect to an SMTP or POP3 server implies I have permission. And the fact that a wireless router grants my laptop an IP address is literally the router saying "Feel free to use me however you want."
Just because people don't realize this fact doesn't make it any less the case. Otherwise, I could set up a webserver, buy a domain, then sue anyone who connects to my webserver for accessing my computer without my permission. I pay per GB of bandwidth the server uses, how dare you connect to _my_ webserver and use _my_ bandwidth.
Re: (Score:3, Insightful)
Obviously not, any more than I asked permission to enter a store. A web server is a lot different than a WAP in function and in intent. An unlocked door at a business and an unlocked door at a residence are similar.
Re:Not a thief (Score:4, Insightful)
During business hours, you're a business invitee to the property. You have tacit permission to enter, but the owner can still ask you to leave.
There is no such license to enter private property. If the owner hasn't expressly authorized your presence, you're trespassing.
The only way these are similar is that if you use an unsecured wifi network, you must take responsibility for the fact that you may be trespassing. Locked or unlocked, it's still their network. You don't get to enter the house just because the door's open. And before anyone complains about "unsolicited radio waves"--guess what? Radio waves aren't actionable as a nuisance, nor are scents (apart from those indicative of health code violations), nor are the damn photons flying into your eyes. If you want to be certain you're not doing anything improper, seek permission and don't use unsecured networks unless you know you've been authorized. Otherwise, you bear the risk of being at fault for unauthorized access, just like when you go berrypicking in the woods.
Re:Not a thief (Score:5, Interesting)
Suppose you bought a used car lot, but not to sell the cars, just to have a nice inventory onhand for your friends and family who live nearby. You want to make it easy and convenient, so you get all the cars rekeyed so the same key will operate them all. You want to announce this service and distribute the keys, but it's too much trouble to look up each person's mailing address. So you get 1000 copies of the key made and bulk-mail them to everyone in the zip code, addressed to "Occupant", with an invitation that says "Feel free to borrow one of my cars!"
Naturally, you assume that only the friends and family you intended will use the cars. Imagine your surprise when you see strangers borrowing the cars!
Is this bad? Well, it's not doing anyone any harm... as long as you have enough cars left over for your friends and family too... as long as the strangers don't run over pedestrians with your cars and get the cops on your ass... as long as the local car rental company doesn't find out and come break your kees for stealing their business... Hmm, all in all, maybe it'd be safer to give the keys out only to selected individuals!
Re:Not a thief (Score:5, Insightful)
Wait wait, better -- you bulk mail out the invitation to "Occupant", but it doesn't include the key. Instead of getting the cars rekeyed, you just have a giant rack of keys, and you hire a guy, Vito Linksysio, to hand out the keys as needed. Now, you *could* give Vito pictures of people who are allowed to borrow the cars, but that's too much trouble. You *could* tell him that people have to know a password to get a car, but that's too much trouble. So you just tell him to hand a key to whoever shows up.
And even though you've mailed the invitation to the entire zip code, you're still shocked, shocked to find that strangers are borrowing the cars. How forward of them!
Re:Not a thief (Score:5, Insightful)
Re:Not a thief (Score:5, Insightful)
That was even worse. More accurate analogy: you have a loudspeaker shouting "HI! COME IN!" to all passersby. I ring your doorbell, and a key to the house and a nametag pops out of the mail slot.
Don't want me in your house? Don't advertise free admission then give me a key and a nametag.
Re:Not a thief (Score:4, Interesting)
By contrast, the purpose of a router is to ALLOW access. Only the encryption routines and MAC filtering are there to filter that access.
Re:Not a thief (Score:5, Informative)
There is a door, in that if you don't have an IP on that WAP for whatever reason, then it's not going to pass traffic with you. Once you associate with it and get a DHCP lease, that door's wide open.
Re:Not a thief (Score:5, Funny)
Three things are certain in life:
1. Death
2. Taxes
3. Increasingly complicated analogy wars in discussions of wi-fi freeriding
Even better analogy (Score:4, Insightful)
Re: (Score:3, Funny)
Re:Not a thief (Score:4, Funny)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Re:Not a thief (Score:5, Insightful)
Re:Not a thief (Score:5, Informative)
Re:Not a thief (Score:4, Funny)
I have GOT to try that! Where do you live?
Re: (Score:3, Informative)
The taking of the stuff is where the analogy breaks down.
Re: (Score:3, Insightful)
The case of wifi is very particular because the user pays a FIXED FEE. Not even plugging your tv on your neighbor's house would be equivalent.
Re:Not a thief (Score:4, Informative)
A door doesn't, it merely opens, after which you still haven't been offered, granted, requested or acknowledged permission to enter the house.
Re:Not a thief (Score:5, Insightful)
In general, laws are designed to work like this: that which is not expressly forbidden is permitted. We're talking about radio waves here; before anyone starts up with some dumb analogy to parked cars and leaving the keys in them, consider this: when you use a resource I have made freely available, you're not denying me access to it. Someone might make the argument that excessive use of my resource would degrade its usefulness to the primary (owning) party, but that's easily remedied using simple protection schemes (either block access entirely, or throttle access to unauthenticated clients). I've done exactly this in numerous cases, using various router packages.
Here's a sad, but interesting article: Man charged with wireless trespassing [cnn.com] from July of 2005. To quote a section:
Broadcast = Permission (Score:5, Insightful)
You could say that a wifi router is different from TV because the activity is two-way: but the wifi router chooses to respond to me. If the owner of the router never bothered to tell their router not to respond to me, then is it my fault that it does? Am I guilty if my computer merely pings their router because it created a response on that router? They are the one who initiated the communication by broadcasting hello packets.
Re:Broadcast = Permission (Score:5, Insightful)
Complicating matters is that certain popular OSes (XP, I'm looking at you) tend to auto-connect to the strongest signal available, no matter how nicely you ask them to stop doing that. If you're closer to your next-door neighbor's WAP than your own, and Windows decides to use his without asking your permission or even telling you, then can you really be considered guilty of anything? And doesn't that mean that the world's largest OS vendor considers "default allow" to be the correct interpretation of WAP etiquette?
As little as I'm a fan of MS, I think "that's the way Windows does it automatically" would be a pretty good defense against criminal intent, even if a jury disagreed with the legality of the actions themselves.
Re:Not a thief (Score:5, Insightful)
Have you ever spoofed a MAC address?
Have you ever connected to an access point that did not broadcast its SSID?
Have you ever connected to an access point that says "private", "stay out", or otherwise?
If 'yes' to any of the above; I don't know about the U.S. law, but in The Netherlands you would still be guilty of "computerhuisvredebreuk"; meaning so much as tresspassing on a computer network
Then again, a great many people seem to think that even WEP encryption is an open invite to use the system, given the easy of cracking it.
Re:Not a thief (Score:5, Insightful)
Those who crack networks by breaking WEP, spoofing keys, or other measures should be held legally accountable. People who merely access an open, advertised resource shouldn't be at risk of going to prison.
Re: (Score:3, Insightful)
I've never been one of those people who feels like an unlocked door is an invitation, but call me old fashioned.
California law (Score:5, Insightful)
California Penal Code Section 502(c)(3) and 502(c)(7).
And for all of the idiots stating that the "router" gave them permission, give me a break. The router isn't a legal entity, and only works in the way you interact with it. Just like the door knob.
I twisted the doorknob (initiated association with the accesspoint), and the doorknob gave me permission to enter by retracting the latch (allowing me to associate and giving me a DHCP lease). The owner of the door could have configured the door differently, by engaging the lock mechanism (using WEP or WPA), so since he didn't I'm free to enter and watch his HBO (use his broadband internet access). I'm not "stealing" from him, because it's not like he has less HBO (internet) now that I've viewed some of his HBO (internet).
A big part of what a lot of people are missing is, even if you had a point regarding associating with his wireless network because it is open (which you don't), that only gives you authorization to access his LAN. You still have no right to use his paid broadband internet services. You don't have that right, because you aren't paying the ISP, and because the owner of the access point doesn't have the right to share or transfer his right to use his internet service with all of his neighbors, just like I don't have the right to share my HBO programming with all of my neighbors. It's called theft of service. Even if you claim the right to access the wireless owner's network, you certainly do not have permission to access the ISP's network. And even if I run coax down my lawn, and put a coax jack at the end of my property so that people on the sidewalk can screw into it and watch HBO, that doesn't mean I have any right to share my HBO or that you have any right to leech service that you're not paying for.
Using someone else's wifi is a crime, because you're not just accessing their network, you're accessing their ISP's network without permission. Giving away your wifi by intentionally hosting open access points is very likely a breach of your contract with your ISP.
Re:California law (Score:4, Insightful)
What if they tell me it's OK? Surely, if I'm visiting someone's house, there's no meaningful difference between them sharing their Internet with my laptop, or inviting me to use their computer.
For that matter, if SSID broadcast, working DHCP, working DNS, and a working gateway aren't enough to authorize someone, is there any technological means by which I can declare a wireless network to be open and legal?
Wrong on both counts. When I go to the coffee shops in this town, they have public wifi set up, deliberately, explicitly as free for their customers -- one of them has a sign in the window from their ISP which advertises it.
And copyrighted music, of course, is entirely legal to share if you have permission of the copyright holder to do so.
Re:Not a thief - depends (Score:5, Informative)
It depends from country to country:
Ahh.. the logic of law.
set geography_mode = typical_American (Score:3, Funny)
Re: (Score:3, Funny)
Then I for one welcome you as our new super giant mega Godzilla-like overlord, and you can use whatever access point you like. Seriously. Whatever you like.
Re:Not a thief (Score:5, Insightful)
How does the law answer the same question about websites?
Re:Not a thief (Score:4, Insightful)
Re:Not a thief (Score:5, Insightful)
Re:Not a thief (Score:5, Funny)
This is apparently some definition of the term "reasonably" of which I was previously unaware.
Re: (Score:3, Insightful)
Many of the latest consumer routers actually disable the wireless option at the factory, requiring the user to click through a simple wizard interface and explicitly
Re: (Score:3, Insightful)
Which is insane, as the DHCP reply packet was actually _addressed_ to the recipient. But why should the law be sane? Much easier to start with the conclusion (Guilty, guilty, guilty! Burn the hacker!) and come up with some plausible sounding justification for it.
Officially a crime? (Score:3, Interesting)
This can be argued, but... (Score:5, Insightful)
But then again, I'm not a lawyer.
Re: (Score:3, Insightful)
An advertised SSID is identifying an available service. Just like a sign that says "bookstore" or "Starbucks" advertises the service available inside.
When I walk up to the door of the starbucks, I pull on the handle. If it's locked, I assume it's closed and I leave. If it's open, I go inside. Same with a wifi access point. If they have an advertised SSID and don't set a password it's the same as putting
Re: (Score:3, Interesting)
Double that for access points in commercial places. You can argue (and I would disagree) that residential WLANs are meant to be private, but I would say that a business's hotspot is exactly as open as their front door. If it's unlocked and there's a sign saying "OPEN", then it's meant for me to use.
Re: (Score:3, Funny)
Authorization (Score:5, Interesting)
Open routers have a policy of allowing authorization by default. As such, using an open router is not illegal under this act. If you have to crack anything, then it is illegal. But a simple open router is no different than an open anonymous FTP site, web server, irc server, etc.
Re: (Score:3, Informative)
How Guilty? (Score:5, Insightful)
Not At All? (Score:5, Funny)
I can neither confirm nor deny... (Score:5, Funny)
This story is stupid (Score:3, Interesting)
So the only way a person *knows* it's not intended to be a public network is by having someone complain about it after the fact. Lots of people leave their WiFi open at home as a "public service".
It's different to intentionally circumvent protections that are in place, like WEP or restriction by MAC address. That's prying open a locked door so to speak.
Sometimes I think these article summaries are intentionally worded to get slashdotters cranked up. Okay, it worked on me.
Not at all? (Score:3, Interesting)
Although I think the answer to that depends on how much (and how) we use it, I'd say that most people don't feel at all guilty about using any convenient access point for short, low-bandwidth activities.
If I need directions while out and about, I'll find an open AP and pull up Google Maps. No guilt whatsoever, and I wouldn't mind if someone used my AP for the same; In fact, I'd consider this one of the greatest side-effects of ubiquitous open WAPs, the ability to share a small trickle of a resource I never need all to myself (and to use it when I similarly need that small trickle of data).
Now, regularly using a neighbor's wireless to avoid needing to pay for your own ISP (unless you have an agreement to split the cost - Of course, the ISPs hate this, but I see no ethical problem with it) or downloading kiddie porn or sucking a large portion of the available bandwidth... That gets into abusive territory, and such people should feel guilty.
Illegal versus Unethical. (Score:3, Insightful)
If we're looking for a "legal" definition, these activities (with the exception of the kiddie porn) are unethical rather than illegal. If someone leaves a
Blame Windows (Score:5, Interesting)
The power went off in my house the other day - and nobody noticed. The four or five laptops in use all silently switched over to a neighbour's network. I can't see that being considered a crime.
If this was wikipedia... (Score:3, Interesting)
If this was wikipedia, "stealing" in this context would be a weasel word...
If a router is handing out IPs, how is that stealing?
Unless we are talking wpa/wep encryption cracking, or possibly abusing the connection, I don't see what the problem is.
Re: (Score:3, Informative)
I have a limited supply of cakes, if I put up a sign saying free cake, then I get home and find there is no cake left for me, I can't cry that they all stole the cake. I foolishly gave away my cake. If the sign reads 'Private cake: only for eating by Oktober and his housemates' and it is locked inside a cage, then that woul
Re: (Score:3, Informative)
Just as I would see a difference between finding a book and finding a book saying 'Free Book'. If I was on my university campus and saw an unlabeled book left on a bench I would take it to lost property. If I saw a book saying 'free book', I might take it if it looked like it might be good.
The cage around the cake is not
Crime (Score:3, Interesting)
Some people actually do live outside the US. This may come as a surprise to you, be we even have electricity and computers.
Also, in many places, the law is quite a bit more reasonable. Where I live, it is only illegal to access a system when a reasonable effort has been made to protect it (so an open access point doesn't count), and even then, they have to prove you intentionally did that.
Does the law really say this? (Score:5, Informative)
http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html
In addition to "intention" there seems also to be a requirement for damage or fraud, or revealing atomic secrets. I don't think it is obvious that using a wi-fi router based on a DHCP reply is improper under the law, although the syntax of the law is complex. Walking up the front walk of a home to ring the doorbell isn't necessarily trespassing, even without permission.
tsoat (Score:5, Insightful)
"Stealing" isn't the right word. (Score:3, Interesting)
At some point, I think society would be better served by everyone leaving all of their access points open. I love the idea of mesh networks and eliminating the need for everyone to have a wired connection to the internet.
The fault is the tech (Score:3, Interesting)
If I want to share my WiFi it isn't easy to make it known of my wishes and my terms and conditions - after all, though I share it, I might say I log access, (mac addresses, urls etc) just in case someone does something illegal, so that if the cops come, I could throw them that bone to chew on, instead of them chewing on me.
If it were well thought out, it would be easy to have secure encrypted _anonymous_ connections:
1) no need for people to enter a password to get encryption
2) people cannot see each other's traffic - snooping is possible in some encryption modes, for example if everyone knows the WEP key, they can figure out each other's traffic, so you'd need some WPA mode, but these require username and passwords, you could give everyone the same username and password, but there's no standard for Windows, Linux, Mac to try "anonymous" usernames and passwords ala anonymous ftp.
And also there would be a standard way to get info about a wifi zone, and to prompt the user if the info/T&C changes, say when you computer connects to a different AP.
So the tech still needs a fair bit of work.
I don't get it (Score:5, Interesting)
I don't see what's the drama with open access. I leave my AP open on purpose, with an essid starting with "free_" to reinforce the idea, and a simple QOS setup to give me priority over my neighbors. I can't even notice when they're using the net, and I counted more than 10 different MAC addresses so far. More people using the net == good. It's not like I need all my bandwidth 24/7...
in b4 "but pedophiles will get you jailed, think of the children!!" -- I'm no more responsible for that than the hot dog vendor in the corner would be if ninja terrorists employed his hot dogs as lethal weapons.
oh boy (Score:3, Interesting)
i don't feel guilty at all and don't you dare start with the "two wrongs don't make a right" crap.
I thought that law was un-enforceable (Score:3, Insightful)
Stop misusing the word "stealing" (Score:3, Interesting)
If you're going to cast "unauthorized use" in terms of robbery, then don't cry about how your rights are being taken away when you get prosecuted as a robber for making use of something that someone else couldn't be bothered to secure properly.
My Ungrounded Lightning (Score:5, Funny)
If those electrons or photons are trespassing in my private property, whoever sent them there is fortunate that I don't take countermeasures, in court or with a lethal focusing reflector.
Re:no theft here (Score:4, Insightful)
Re: (Score:3, Insightful)
In this case, you aren't accessing the computer, you are communicating with it.....you are accessing the NETWORK without (human) permission.....which the law (as stated in the summary) doesn't cover that situation.
Layne
Re:no theft here (Score:5, Funny)
Re:no theft here (Score:4, Insightful)
Accessing a hotspot without authorization may be a crime, but so is smoking pot. Is smoking marijuana "thieft"?
You are correct, TFS is wrong. If I steal your truck you don't have access to your truck. If I hide in its bed and ride downtown with you without your knowledge, it may be wrong and it may be illegal but I didn't steal anything.
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
I bet drinking fountains ruin your day.
Re: (Score:3, Funny)