Schneier Says 'Steal this Wi-Fi'

apolloose noted Bruce Schneier's latest entry on Wired where he talks about insecured wifi networks, and suggests that you Steal this WiFi. Basically, since insecure WiFi is everywhere, why not? You're helping make the world a little better for someone else.

Beware of strangers bearing gifts

[Applekid]

Sure, everyone please use my unsecured local Wi-Fi access point. I'm giving back to the community... ... and the community in turn will have all traffic filtered through a box that will sniff passwords, private keys, you name it.

So please "steal this Wi-Fi" since I need a few more social security and credit card numbers.

Yeah! But firmware and software changes would help

[presidenteloco]

1. Clients (laptops) default installed wifi software (hint: Steve Jobs are you reading???) need a scanning
mode which does not waste my time telling me about all the password or mac-address locked wifi
basestations, and only advises me about open ones.

2. Basestation/routers need a simple-to-configure mode where they will let others into a separate
subnet that goes straight out to the Internet but does not see my home computers directly.

3. (Brain software/mindset change.) Americans need to stop reflexively calling sharing 'stealing'.
You've been trained into this terminology by those who have already stolen everything and don't
want you to get it back.

Usually not stealing

[totallygeek]

Another side to this is to consider that some people may actually allow access. I used to. I had an SSID of JUMPONFREE. I did this for two reasons: one to give Internet access to people in my apartment complex if they did not want to pay for it themselves, and two because I incorporated transparent proxying and compiled lists of visited sites (as well as port mirroring on the switch to track protocol usage). You don't have to concern yourself with abusers if you set up traffic priorities and/or bandwidth limiters. I am not alone, as I have seen many cleverly named SSID's indicating the owner is not just some non-configuring noob, but rather someone that cares enough to share.

FON and Co

[PhillC]

There are already a number of organisations/initiatives around that actively encourage you to purchase their wireless routing products and then open up access to everyone.

I'm a member of FON [fon.com], which allows you to allocate a specific amount of bandwidth for sharing if you're using one of their routers - say 1MB of your 8MB ADSL, which neatly overcomes the first poster's issue of not having enough bandwidth for their own nefarious purposes. After being a member of FON for 12 months they actually sent me three free wireless routers at Christmas, which I gave away to friends hoping that they too will join and share bandwidth.

There's another company I heard about, US based, that does something similar, but I can't think of their name right now.

However, I wonder about my ISP's stance regarding sharing WiFi for free with others. Does it violate their Ts&Cs? Do I care enough to actually find out? No!

Correct my if I'm wrong

[Seakip18]

But I thought the best way to browse securely was have all traffic sent to your home server, encrypt it, and forward to the laptop. This was because you assume your home network is inherently more secure. With is approach, you are leaving your home network, including your significant others, at risk. Especially those who are not savvy enough to apply updates and maintain anti-virus.

While I understand the anonymity helps his secure network stand out, all those open networks are just waiting for a guy with a little time and knowhow to start doing many bad things, say, man-in-the-middle. Just because you are blending into the pack does not keep the lions from eating one of you.

Now then, it IS his network at home, so he can do whatever the heck he feels like. And I do understand his social aspects of looking at WiFi as another resource for the public. But that does not free you from liability regardless of how little or insignificant it may be or stupidly enforced.

To me, it sounds like he doesn't want to roll up his sleeves and do some dirty work with port-forwarding, SSH-ing, and proxying. With those, you can enjoy quite decent browsing while away AND understand that your weakest point is at home.

On an unrelated note, where does this guy live?

Re:Steal Wi-Fi?

[penguin_dance]

No, it's more akin to: I go to the grocery store and buy a 5 lb bag of sugar. Now I don't need to use that much sugar so I let the neighbors have some. That's not stealing because I paid for it. You're essentially doing nothing more than what a Starbucks or other cafe does.

However, don't be surprised that companies like Comcast freak out because, while they want you to PAY for all that bandwidth, they don't actually want you to USE it!

Re:Car analogy

[Daniel_Staal]

Having recently gotten a speeding ticket from one of those cameras...

The ticket was specifically worded not to be issued to the driver. It was to the owner of the car, regardless of whether they were driving. This did have some implications otherwise: It therefore didn't result in 'points' being added to my record.

So, back to the computer situation, they could just say that you are responsible for that bandwidth, and should have blocked it if the traffic wasn't from you. Don't know which would hold up in court, but there at least is a reply.

Re:Beware of strangers bearing gifts

[Chris Mattern]

You should be able to specify the SSID you want to be using with the iwconfig command; tell the system you want to use your SSID (which will need to be different from your neighbor's, of course). You can automate this (at least in Debian, I don't know Fedora) in /etc/network/interfaces with a pre-up line in the stanza for your wireless interface to have the iwconfig command run before the interface is brought up.

Chris Mattern

Re:Steal Wi-Fi?

[bluie-]

What if you borrow someone's book without asking them?

I don't look at connecting to wi-fi as stealing from an ISP at all. If anything I'd say you're stealing from whoever is buying that bandwidth. At the same time, though, you're not stealing their connection in the same way you're stealing a car. Their router and modem are still there, and if you're just surfing you're probably not causing any noticeable difference.

I say, if there's an unsecured wireless network, you may as well use it. Just don't be a jackass and prevent the poor old grandma who doesn't know what WEP is from googling proon smoothie recipes and using two very capable fingers to mail her grandkids every night at 5:30 right before bed.

Re:Steal Wi-Fi?

[bdjacobson]

No, it's more akin to: I go to the grocery store and buy a 5 lb bag of sugar. Now I don't need to use that much sugar so I let the neighbors have some. That's not stealing because I paid for it. You're essentially doing nothing more than what a Starbucks or other cafe does.

However, don't be surprised that companies like Comcast freak out because, while they want you to PAY for all that bandwidth, they don't actually want you to USE it!

Actually, it's more like "I pay $50/month for unlimited 5lb bags of sugar. Now, since there's little chance I will use 50lbs of sugar, I give it away. In fact, I give away 200lbs of sugar, or ~$200 worth of sugar."

That's how the internet companies see this.

Who is right? Both really. There will be people who share the internet with 20 other users and only pay one bill. The upload and download is always maxed out 24/7. The internet company makes no money from them. In this case, the internet company was right. But there will also be people who simply like to leave there internet open, because it's awfully nice to go to your grandma's house over Christmas (who doesn't have internet, let alone wireless), and bring your laptop, and to be pleasantly surprised that someone left their network open, so you can still check Slashdot instead of spending time with family.

The solution would be to not force this into a box, but qualify statements: "While we the internet company do not approve of users sharing their internet with 20 different users in an apartment, we see nothing wrong with people in neighborhoods leaving their AP open; because most people aren't going to have a desktop with integrated wireless.

Re:He's being an idiot.

[644bd346996]

Schneier isn't being an idiot. Do you think the feds could actually pull off an "investigation" like you describe on him of all people? It would look really fishy, and it would probably hit the mainstream media. I'd say that Schneier is pretty safe from high-level harassment.

Besides, the police probably wouldn't be able to get any useful data off his computers without hiring him to help.

Re:Steal Wi-Fi?

[SpacePirate20X6]

In the case of bandwidth, you aren't purchasing anything, except maybe the modem. You're purchasing a service, and access to the company's network and support resources. Now, if you bought the fiber and servers, maybe you'd have half of an argument there.

Re:Steal Wi-Fi?

[hey!]

No, it's more akin to: I go to the grocery store and buy a 5 lb bag of sugar. Now I don't need to use that much sugar so I let the neighbors have some. That's not stealing because I paid for it. You're essentially doing nothing more than what a Starbucks or other cafe does.

Actually, it's more like ordering the all you can eat buffet and letting your friend eat off your plate.

If your friend says, "gee that looks good," and you say, "here, have a bite," the restaurant doesn't care. You had a good time, your friend had a good time, you'll probably come back for more. On the other hand, if your friends eats a dozen jumbo shrimp and couple of salmon fillets, the restaurant will be ticked off, because they priced the buffet around the probable range of one person's appetite. If everybody starts doubling or tripling up, then they have to raise prices, which mean they can't sell to individual diners.

So the way this works is, the vendor makes rules, and they look the other way at insignificant bits of rule breaking that keep their customers happy. When people get organized about breaking rules to unilaterally drop the price of service, then they start to get a bit tetchy.

Recently Opened Mine

[dcollins]

I used to keep my WiFi router secured. But then there were some days when I couldn't connect from the other end of my apartment, and it was real handy to go through neighbor's unsecured WiFi. This convinced me that it was the neighborly thing to do and opened mine.