Some 12% of Consumers 'Borrow' Unsecured Wi-Fi

alphadogg writes "Despite the fact that it's often considered an illegal act, a sizeable percentage of the UK/US internet-using population 'borrows' unsecured Wi-Fi access. This is according to a study conducted by the group Accenture. 'The Accenture study found that computer users are still engaging in some unsafe computing practices. Nearly half of all respondents said that they used the same password for all of their online accounts, and only a quarter of them have ever encrypted files on their computers.'" My guess is the actual figure is higher than that.

Ideally, no one really cares.

[EricR86]

But if they start borrowing and eating your already limited bandwidth and start choking your connection. Then just use some form of encryption and be done with it (AES).

It doesn't really matter whether or not it's illegal, they put themselves at risk if they transmit wireless on an unencrypted connection

WTF?

[glwtta]

Where exactly is this "considered an illegal act"?

How the hell do you "consider" something to be illegal? It either is, or isn't.

How the hell is 12% a "sizeable percentage"?

Someone's really trying hard to make an article out of nothing.

Re:Gotta Remember, They're Users

[lena_10326]

Everyone started out as a newbie.

Same password?

[Sobrique]

Yeah, I use the same password, for all the sites that require that I 'register'. So I use a fairly generic, almost dictionary word, because that way I actually get to _probably_ log into J random nonentity site that I don't give a toss about registering on, next time around.

Stuff I vaguely care about, gets better passwords, and regular changes.

That's not 'insecurity' that's 'too many places insisting on registration'.

Re:And why is this bad?

[scubamage]

Its only bad because it hurts businesses, thats about it. Look how many public WiFi proposals get shot down on a regular basis. As for why its bad to leave it unsecured, Congress has basically decided that if you leave an access point unsecured and someone uses it to download kiddy porn, or talk to their 'terrorist' buddies overseas, you are guilty as an accomplice because, "you should know better."

More great legislation brought to us by a bunch of old WASPs and a few overzealous soccer moms.

Re:news..

[Anonymous Coward]

Why can't I use a negligible amount of bandwidth when you are not using it?

The same reason you can't use my car when I'm not using it. I pay for it and I don't want to share with strangers.

Maybe that sounds selfish, but it doesn't matter. If you can't afford your own connection - tough. The internet is a luxury, not an entitlement.

Re:news..

[wattrlz]

Same reason I shouldn't use a negligible amount of your money, house, girlfriend, or other stuff when you're not using it.

Same password = throwaway stuff

[fotbr]

I'm guilty of using the same password on a lot things online. Several forums, throwaway email addresses, "register to read the rest of this article" news sites, etc. Basically, the stuff I don't really care about, and I don't give two hoots if it gets h4x0r3d.

I don't particularly see that as an "unsafe" practice, since none of it really matters.

Things I actually care about (personal email, anything work related, etc) get real passwords, and things that can really cause problems (banking, etc) don't get done via the internet at all.

Re:news..

[drsmithy]

Why can't I use a negligible amount of bandwidth when you are not using it?

Because you have no way of knowing whether or not a) it's a negligible amount of bandwidth and b) I'm using it.

Re:And why is this bad?

[plague3106]

No, the network's owner has specified the link isn't encrypted. That has nothing to do with whether or not the owner thinks its ok for YOU to use his network.

Re:Higher figure?

[plague3106]

Trespass is trespass, whether the gate is open or not.

Re:news..

[B'Trey]

No problem. Don't park your car on the street with the keys in it and with someone standing there offering to open the door to passer-bys who want to go for a ride. If your wireless connection is unsecured and offers DHCP configuration to anyone who wants to join, it's an open invitation. Basic security and MAC filtering are easy to configure. They won't stop a determined or knowledgable hacker, but that isn't the point. Anyone who's hacking in knows they're intruding where they aren't wanted and are committing an illegal act. But if you leave it wide open and the welcome mat out, then don't be surprised if someone makes use of your network.

Re:I do, because Sympatico SUCKS.

[Anonymous Coward]

Um, if Sympatico are so bad, why don't you switch to the ISP your neighbour is using? Most of the time when people complain about their ISP, it's because there aren't any other options in their area. Clearly that isn't the case for you.

Re:And why is this bad?

[Mr. Slippery]

Some advocate stealing Wi-Fi links

You cannot steal that which is freely offered.

Re:Gotta Remember, They're Users

[sm62704]

But you know, I see no reason whatever why the internet shouldn't be at least partly a free, mesh network. Set up all the laptops to be both a client and a server.

Of course, some big multionaltional corporations and their stooges will have hissy fits. Too bad fo rthem, hooray for the rest of us. If I get a laptop, I'll have wifi set up on my desktop, and it will be open. Because I'm not a selfish asshole.

Re:Gotta Remember, They're Users

[sm62704]

Sadly only a handful ever progress past that point

Is that twenty years' experience, or one year's experience twenty times?

Bandwith is not a car

[roggg]

Cars have maintenance costs caused by use. If I use your car when you are not, I am costing you money. If I use your bandwidth when you are not, I cant see how that really affects you in any way. Not saying it's right to do so. Just saying the analogy is flawed.

Re:news..

[SatanicPuppy]

Horseshit.

If I left my money, house, or girlfriend available on your property, I wouldn't really feel like I could complain if you helped yourself...That's what these people are doing. If I have a neighbor whose signal is strong enough to cause interference on my equipment, I feel no qualms about using his service.

If the WAP isn't even trivially secured, then that's an open invitation, same as having an FM radio signal crossing my property is an open invitation to monitor it. If you don't want other people to use it, don't leave it wide open.

Re:Higher figure?

[SatanicPuppy]

Blah blah blah. If I go down town for lunch with my laptop, and I open it up and see that there are a dozen available wireless connections, am I forbidden from using them. How about if I know that most of the downtown restaurants offer free wireless?

This is the case where I live, but it ain't all that savvy a town, so a lot of the points aren't well labeled. I can guess that the strongest wireless signal is from the restaurant I'm in, but it could be from one of the dozen loft apartments on the second floor of the building, or it could be from a restaurant across the street.

Am I supposed to not use the internet because I can't tell where the hell the signal is coming from, when I know that at least some of the signals are open on purpose?

This is the kind of crap that people like you want to stick the rest of us with. Open up your laptop, get signal, and then have to wander around trying to find out where the hell its coming from and if it's okay to use! Jesus, it'd be easier if they just provided ethernet cables.

The burden of security HAS to be on the provider of the service. Otherwise the whole system is worthless.

Re:Bandwith is not a car

[spookymonster]

If I use your bandwidth when you are not, I cant see how that really affects you in any way.

And when my ISP cuts off my service because I've used too much bandwidth this month?

And when the government subpoenas me because someone on my account was browsing child porn sites?

And when the RIAA files suit against me for 'making available' copyrighted material (off of your laptop, of course)?

But if those moral blinders are working for you, hey... who am I to disagree?

Re:Gotta Remember, They're Users

[D Ninja]

That is true, but the thing to remember is that everybody is a newbie in something that they interact with day-to-day. Honestly, other than the basics, I couldn't tell you the first thing about how my car works. Living where I do, it's much more convenient to take it into a shop and not worry about it.

Not knowing how to do something doesn't give those people who do the right to look down upon that person. Then again, that's not going to change - everybody wants to feel important. Looking down upon the "computer n00bs" is just a nerd's way of feeling important.

Re:news..

[billcopc]

This knee-jerk debate always comes down to one thing: broadcasting.

If you leave your front door unlocked, you're probably not standing on the porch yelling "Free house, come and get it!" and handing out name tags. If you do, then you can't turn around and claim the guests were trespassing.

If you install an unsecured Wi-Fi gateway with DHCP, the device is yelling to everyone within 100 meters "Free network, come on in" and handing out IP addresses to any takers. It is _YOUR_ responsibility for leaving it open.

The argument against locking routers down by default, is that it's too complicated for the user. Bullshit! People use locks and keys all the time for their home, car, office, filing cabinet, safe deposit box... all things of value they wouldn't want to have stolen. How is your private, personal network any different ? If you don't want people poking around your shared files and internet access, then put a freakin' lock on the thing.

I have no pity for people who fail at common sense. Just because it plugs in the wall doesn't give you an excuse to be stupid.

Re:news..

[mini me]

In the real world the assumption is that you do not touch someone else's property without permission. However, on the internet the reverse is true. It's assumed that you have permission unless the information uses some type of access control protection.

Should I be required to get consent from VA Linux before I try to access Slashdot? Of course not. So why should I be required to do it when it's my neighbour?

Re:news..

[Sancho]

If you leave your front door unlocked, you're probably not standing on the porch yelling "Free house, come and get it!" and handing out name tags. If you do, then you can't turn around and claim the guests were trespassing.

A better analogy is that you buy a home, but the home builder doesn't tell you that there's an invisible man standing on the porch yelling to people to come on in in a voice too high pitched for you to hear, but that everyone else hears just fine. They put that information in the home's user manual, but hey, who reads those things. You just started using the home, and it kept the rain out, let you plug things in and use them, let you cook your dinner and watch your TV, so you assumed that everything was alright.

Bad analogy? Maybe, but if so, that's because analogies really don't work well in this case.

The argument against locking routers down by default, is that it's too complicated for the user. Bullshit! People use locks and keys all the time for their home, car, office, filing cabinet, safe deposit box... all things of value they wouldn't want to have stolen. How is your private, personal network any different ? If you don't want people poking around your shared files and internet access, then put a freakin' lock on the thing.

Doors and locks have been around for centuries. Ubiquitous computing in the home has been around for a little over a decade, and home networks for even less time. People may eventually get to the point where they can figure these things out, but for now, they're still mystified by the pretty colors on their screen.

I have no pity for people who fail at common sense.

The sad fact is that when many non-techie people start using computers, they simply freeze up. It's something so completely alien to them that they don't function well. Most people don't think about security anyway*, except that security which was explicitly drilled into their heads at a young age (lock the doors, keep your keys and wallet with you, don't leave your drink unattended at a restaurant or bar.) Why would you expect people to suddenly develop "common sense," as you put it, when presented with something alien, when they don't even use "common sense" to notice other insecure infrastructure that they aren't explicitly told about?

*Bruce Schneier recently wrote an article on just this topic--the security mindset isn't a part of most people's thinking. http://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html [schneier.com]

Re:And don't paint it just like every other car...

[mollymoo]

WEP will keep out the non-resourceful and the lazy but that's about it.

It'll also keep out the honest who have a machine which defaults to connecting to any open network. It's easy to accidentally connect to an open network if you don't know what you're doing, but breaking into a WEP secured network marks you out unambiguously as a criminal.

Re:And why is this bad?

[CODiNE]

If the network's owner has specified that anyone can use it, why is it bad to do so?

Because the world is slowly moving one step after the other towards a new legal concept "Guilty until proven innocent".

a lot of people don't even know...

[dumbfounder]

when they are 'stealing' wifi access. My former neighbor was very tech savvy and he said that every now and then his laptop would pick my access point to join instead of his. I didn't care, it is my responsibility to secure it if I don't want others on it. But the point is, I am sure that less tech savvy people don't even know a lot of the time when they are using someone else's network. BFD. It's like someone that has a big cannister of oxygen on their property and you get arrested for breathing when you walk by.

Re:news..

[mollymoo]

If you install an unsecured Wi-Fi gateway with DHCP, the device is yelling to everyone within 100 meters "Free network, come on in" and handing out IP addresses to any takers.

It is not saying "come on in". It's saying "here is network X, it is not secured". You can't legally find out if it's running DHCP without being authorised to connect, so that point is moot.

In the spirit of eco-friendliness, let's try a bike analogy. If you left your bike without locking it it would be advertising its presence by bouncing photons and those photons would encode the fact that it is unsecured. That doesn't make it an open invitation to take your bike. It's not advisable to leave you bike unlocked, not because doing so is an open invitation to use it, but because there are vile people like you about who can justify their morally abhorent behaviour to themselves.

Re:news..

[kestasjk]

Why can't I use a negligible amount of bandwidth when you are not using it?

The same reason you can't use my car when I'm not using it. I pay for it and I don't want to share with strangers.

I've got a better reason; ISPs factor in the average bandwidth use when deciding prices. If 1/2 the bandwidth used by the average connection was stolen through WiFi the average person's internet bill would double, whether or not he had actually secured his connection.

Re:news..

[drsquare]

No problem. Don't park your car on the street with the keys in it

So you're equating wireless theft with grand theft auto? I think that's a bit extreme.

If your wireless connection is unsecured and offers DHCP configuration to anyone who wants to join, it's an open invitation.

No it isn't, no more than my front door opening to anyone who pulls the handle is an open invitation to burgle my house.

Good to see that the entitlement complex is still alive on this site though.

Re:news..

[Jimmy_B]

I've got a better reason; ISPs factor in the average bandwidth use when deciding prices. If 1/2 the bandwidth used by the average connection was stolen through WiFi the average person's internet bill would double, whether or not he had actually secured his connection.

No, it wouldn't! Prices would only go up by about 5%. Internet service is not like heating oil or tap water; it doesn't cost more to provide just because you use it more. If everyone suddenly started using twice as much bandwidth, they'd have to upgrade some routers, and that would be it. Routers are cheap. On the other hand, stringing a cable to your house, paying a techie to answer the phone and a lawyer to deal with the town is expensive.

Re:news..

[redxxx]

I didn't think there was anything illegal about Van Eck phreaking and anyone who can see in your window from public property can legally see what is on your monitor.

So, yes, you actually do have a right to see what is on the screen of every CRT in your vicinity, provided you don't break other laws(trespassing for instance) in the process.

Re:news..

[canajin56]

Even in your example, it is the seller of the home who is at fault, and the owner for not reading the manual. Not the person who accepted the invitation. Especially given the fact that Windows XP will automatically use any unsecured WiFi it can find, and its technically difficult to stop it from doing so even if you realize it's happening at all!

MY router had WEP enabled out of the box. On the bottom is a removable sticker put there by the factory. It has a copy of the serial #, the device-specific WEP key, and the device-specific default password. It came with a nice thick manual, and a single sided single page colourful "quick start" card that tells you about the sticker and how to use this WEP key in Windows or on a Mac. Every WiFi router should be this way, and should have been from the start. If you can't read this ONE card telling you how to get started, you don't get Internet. Tough break.

Re:Bandwith is not a car

[redxxx]

Uhh... if you leave your router open, bad people can abuse it and can get you in trouble.

That's a good reason for you to lock down your router. It isn't a good reasons for me to not use it to check my e-mail.

Re:news..

[5of0]

See, the problem with that (and pretty much any other digital=real life analogy) is that if I take your bike for a ride, you can't use it any more, and will most definitely notice that it's gone.
If I take your wifi, you can still use it, and unless I'm downloading movies or running a server, you most likely won't notice anything different.
Trying to fix the bike analogy is an exercise in futility, but I'll try anyway. First of all, your bike isn't any ordinary bike, it's a magical, electric bike. The magic makes it so that if anyone tries to steal it, the bike instantly creates an identical copy of it for that person to have, leaving your original bike untouched. The bikes are powered by a battery that is shared amongst the bike and all its copies, but any bike that's standing still recharges the communal battery.

Now, in this case, you're (almost) no worse off if a bunch of people "steal" your bike. The only disadvantages are:
1. If a bunch of people are using your bike all the time, you'll notice your bike's battery wears out quicker (internet is slower)
2. If someone is using your bike to go up hills all the time, the same thing will happen
3. If someone commits a crime on your bike (maybe they were desperate), you may well get pinned, if they can trace the serial number and such back to you.
Oh, and if you look in the manual for your bike, or ask a friend who has the same kind of bike (since in this analogy they're pretty ubiquitous), either will help you find the button to disable this functionality, or set it up with a passcode before anyone can grab a copy, so you can let your friends and family use it.
In this scenario, I don't see a problem. I'd buy a bike, and hey, if my neighbors wanted to use it on occasion, that's fine with me, it's not hurting me any. If it starts to be problematic, I'll put a passcode on it.

I could go further - viruses and such=damage, but then you would also have an infinite free supply of Rust-Eze and new tires (virus scan and such).