Security Firm Sophos Calls WiFi Piggybacking 'Stealing'
from the mischaracterizations dept
It should come as no surprise that a security firm, in this case Sophos,
is casting the act of using a neighbor's unsecured Wi-Fi access point as
a crime. The bigger the threat, the more money there is for security
solution vendors and consultants. In the latest research, Sophos found
that 54% of wireless users surveyed had "stolen" access at one time or another. The report then frames these casual users as thieves by
lumping them in with the epithet "cybercriminals". Techdirt's position
has been steady: If a hosting Wi-Fi owner transmits a signal into your
property or public area, and that signal proactively announces an SSID
which functions like an invite, yet the host has left the network
unlocked, then the host's DHCP server actively accommodates the guest
and offers an IP address for them to use... then why would any casual
user suppose the host's intention is not to share that Wi-Fi? Certainly
the host's actions indicate an intent to share. There is no lock
breached, there is no violation of private property. There is no
trespass. But forget these technical arguments, let's look at the Sophos
data: a 54% majority of Wi-Fi users have shared someone's Wi-Fi (and I'd
say more have but weren't aware). Are the majority of people really
cybercriminals? Also, if victims need to be told that they were "robbed"
by Sophos research and a press release, and sensationalist news stories,
just how victimized were they? Yes, there are real risks to offering an
open AP, so we advise most people to lock down their Wi-Fi. That doesn't
make criminals of cybervisitors.
Obviously, the situation can be very different if just a few parameters
are changed:
- If ANY kind of hack or bypass is needed to get through some form of security, then the innocence of the visitor is highly dubious. Even the easily hacked WEP is 100% functional as a signal that the host does not want "visitors".
- Any kind of viewing, or messing around inside the host's LAN, PCs, and other equipment is illegal through existing laws. Doing so is no longer a victimless activity.
Reader Comments (rss)
(Flattened / Threaded)
Separate VLAN
I have a separate VLAN that I leave open. The speed is throttled pretty far back, but I figure sometimes my neighbors need internet and theirs is down, or some passerby needs to check their email. I don't see a bunch of hackers camped out on my lawn "stealing" my internet while I sleep.
Not since I installed the automated turrets and minefield, anyway.
(reply to this comment) (link to this comment)
Packets should be allowed to roam freely
I leave my WAP open and separate home lan via a FreeBSD box I hand out IP addresses on one interface and restrick the internal network via another range and MAC add. there have been many a night lost in an unfamiliar area that I wished some one had left access open so I could find my way home
(reply to this comment) (link to this comment)
STEALING????
Ok first regarding Sophos, is there such a lack of real security issues that they have to resort to finding the absurd to "patrol"?
Second, By their "definition" of "theft" being using a un-secured signal, and "belonging" to the person which paid for it; Then (by their definition) Listening to radio that is playing somewhere besides on the radio YOU paid for, is a crime and we should all report immeadately to our local police departments, and turn ourselves in. (the beach, a car going by, a bar, a friends house, the grocery store, on hold to Sophos) I mean, the radio signal you hear is being played on a radio you DIDN'T PAY FOR! Not to mention, these mediums BOTH pay for their operating expenses and then PROFIT in the same manner, advertising! When you use a Wi-FI signal (the signal in question may just have invaded your private living space for you to "use" in the first place, but that is a separate argument) you are subject to the same advertising as the person for which it was directed, same as radio. If SOPHOS, or anyone else for that matter, cares so much about air waves and who paid for what, then CB's, radio signals, T.V. air signals, sound waves, light beams, birds traveling, bugs and anything else that uses the air to travel, MUST pay the rightfull owner their due, only god or mother nature, intended this to be free and unrestricted travel, and plus, they don't accept credit cards :(
(reply to this comment) (link to this comment)
Yup.
I leave my wifi wide open. Not that it matters...I can barely get a signal two rooms away, let alone out on the street. But I do it for three reasons:
1) I live in the middle of nowhere pretty much. Who's gonna steal my wifi?
2) It's easier for me...I don't have to keep typing in the damn WAP key.
3) Why the hell should I care if someone else wants to use my wifi? My computers are well enough locked down that it doesn't matter to me who's on my network.
(reply to this comment) (link to this comment)
WiFi Piggybacking 'Stealing'
Look at the bright side, they didn't call piggybackers terrorists.
(reply to this comment) (link to this comment)
any HAMs on here that actually understand this iss
I agree with TD that there are extremely absurd reactions and overreactions to WiFi insecurity: we both agree that shooting the casual freeloader does nothing to fix the overarching problem - insecure wireless systems caused by a combination of careless wifi vendors, a generally uneducated consuming public, and equally clueless law enforcement and legislation.
What I have to disagree with is the incorrect classification of WiFi as "broadcast"-type signals. The simply cannot be classified in the same category as TV, radio, and flashlights. WiFi, cellular, etc are all TWO-WAY mediums. In order to even get an IP address from the system in question, you must have a TWO-WAY radio conversation with the Access Point station in question. You simply cannot do anything besides passively "eavesdrop" on wifi without transmitting a signal back to the AP. This whole return transmission path is an ACTIVE engagement of the AP.
Please, please, please stop comparing wifi usage to passive interception of a broadcast, as it is not. This fallacious argument confuses the real issues at hand with wifi laws and security in general.
Do focus on how that if no steps are taken to:
1. secure with a password, mac filter, or some other method,
2. announce that the system is only meant for authorized users (i.e., paying customers) via splash page, etc,
3. otherwise limit undesired access,
then it must be assumed that the system is "public"
(reply to this comment) (link to this comment)
Stealing?
So your front door is open and someone walks inside and says hello? Isn't that the essence of an AP that's not secure?
(reply to this comment) (link to this comment)
Re: Stealing?
Yes. Using someone else's wireless connection without asking is stealing. You didn't pay for it, you were not granted permission, and probably you are not telling the owner about it, so yes, you are a criminal. You are a casual criminal, but a criminal none the less.
Here we have a problem with the culture of the so called "hacker", especially these pathetic specimens who piggyback people's connections for fun. Oh sure, it's totally acceptable to use someone's access because they didn't bother to secure it properly. Fuck you. Most people don't know who to do these things, and they will never understand things like WEP or WPA. That doesn't mean they're stupid, it doesn't mean they're lazy, and it doesn't mean they deserve to be exploited.
"Oh but, they could take the time to learn, afterall, I did". I can just hear the nerd saying it. Once again, fuck you. A lot of people do not have the time to learn, or don't care to. No one wants to spend they're life trying to figure out wireless security just to prevent some asshole from dropping by to steal their connection. Show some fucking decency. If you didn't ask for it, don't take it, because it's fucking stealing.
(reply to this comment) (link to this comment)
laws
I've always though that laws were supposed to reflect what society considered 'acceptable behavior'. If more than half of the population thinks it's acceptable to steal/leach/piggyback open wifi, any law against it is probably due for some serious reconsideration.
The same logic probably also applies to sharing mp3's, circumventing digital media restrictions restrictions, etc...
(reply to this comment) (link to this comment)
Next thing ya know
They will be calling it "making available".
(reply to this comment) (link to this comment)
check out the demo to see somthing scare about wirless security
http://www.offensive-security.com/
(reply to this comment) (link to this comment)
Re: Re: Stealing?
just one thing RTFM and nice of you to include a name guy
(reply to this comment) (link to this comment)
"without permission"
"without permission" is rather an interesting statement.
I have permission from the government to transmit and receive digital signals on the 2.4GHz spectrum, as long as those signals comply with certain technical restrictions.
YOUR access point is broadcasting a "Free WIFI available here!" announcement on those frequencies about 20 times a second iirc. You could turn that off, but you have not.
I transmit a reply asking to use your connection, and YOUR access point replies giving me all the information I need to make that connection. You could turn that off, but you have not. At no point has your access point even hinted that it isn't intended for public access.
It would be trivially easy for you to 'deny' permission at any point, in any number of ways. Turn off SSID broadcasting; filter unknown MAC addresses; require a WEP or WPA key and I would accept that the access point is 'no longer public' -- but you haven't done any of those things.
Car analogy. Your car is not merely unlocked with the keys in the ignition; that would still not imply that it's OK to borrow it. Your car it unlocked with the keys in the ignition, on the roadside, with a flashing neon sign on the roof that reads "Free public transport"
(reply to this comment) (link to this comment)
Can I sue a wifi operator for beaming low level microwave transmissions into my apartment ? Causing abnormal brain activity and mild hallucinations ?
(reply to this comment) (link to this comment)
Re: Re: Stealing?
With so many ways to easily block access to your AP it's really hard to say that any simple use of an open AP is criminal. As mentioned before it's nice to be able to check your e-mail or something else real quick while you're about. There are HaX0rz (children who can't actually hack and failed any and all grammar and English classes) who leech off of their uneducated neighbor's connection a good 8 hours a day to whet their WoW appetites. And that I would legitimately consider stealing and ethically wrong.
But we can't criminalize all open AP usage. As for the uneducated not being capable of blocking their WiFI AP I can only say 'too bad.' If they really care enough about their AP they can spend a few minutes to set up a simple WEP lock. And if they don't care enough to do that, well, they quite simply Do Not Care. The owner of the WiFi has to have a bit of responsibility of their own, it's clearly printed in their operating manuals how to set up some simple AP locks. After all the only excuse for ignorance is apathy itself. I understand that people may not have the time to figure out how to protect their AP, but again it does not take that much time; and for those who do not care enough to take that time, again, Do Not Care enough about others accessing their open AP to take that time.
And for future argument's sake don't attack others with offensive language. It really does not help to get your point across and only makes it weaker.
(reply to this comment) (link to this comment)
I have noticed a sad trend lately, the excuse "I do not have time" seems to be becoming an acceptable excuse for more and more problems. While I can understand some people do have a very full schedual either with school or a high pressure job, we still need to put all this into perspective. Installing a new router nowadays takes maybe 5 minutes for someone not tech minded, setting up security is part of that 5 minute operation, the actual installation is explained step by step when you run the installation CD using rather simple English that would be easily understood by any person with a basic reading skill level (English is my primary language so I cannot vouch for other languages) so from my perspective if a person has the time to hookup the router they therefore have te time to setup at least basic security. Just my 2 cents.
(reply to this comment) (link to this comment)
Re: Re: Stealing?
It isn't stealing if the person has their wifi totally unlocked and reaching out of their property. As someone said before, if someone walks into your house because you have left all the doors unlocked, it's not breaking and entering.
(reply to this comment) (link to this comment)
Finally! A Techdirt Mistake!
According to your hypothosis, my Grandma, who unknowingly let her antivirus subscription expire, "invited" those those trojans that crashed her machine.
Your viewpoint suffers from the same fundamental error as all libertarian ideologies: Assuming that the public has perfect knowledge is crazy and leads to erroneous conclusions. Just because someone buys a wireless box doesn't mean they know how to use it. In innocent ignorance, they may turn on their box to their detrement. And since the time has long passed (with Ben Franklin) that any human being could possess all current knowledge, it is unreasonable to expect people to know that the box comes to them in an unsecured state.
(reply to this comment) (link to this comment)
Re: Re: Re: Stealing?
No, it's not breaking and entering, but it is illegal entry, which is subject to the same penalty: imprisonment. You supporters of such crimes as these miss the point: It is unreasonable to assume that every individual knows everything. The mistake lies not in people's ignorance, but in your assumption that ignorance is not inevitable and that it should be punished.
(reply to this comment) (link to this comment)
Re: Finally! A Techdirt Mistake!
If you bought the box, it came with a manual. And like it was just said, setting up the router with security takes only 5 minutes.
And people, stop with the stupid analogies. You're not seriously comparing someone who's just casually using the the WiFi connection for their own casual use to trogans that are actively seeking to do harm.
There's no justifiable reason for anyone that owns a wireless router or other access point to not have it set up according to their needs. They can read the step by step instructions or call tech support or whatever.
This may be a case where "stealing" your neighbor's bandwidth may be considered morally wrong, depending on just how much of it you're taking; but from an ethical standpoint, no harm is being done, you aren't even running up any bills, and you're still within your own property.
This can't be criminalized. Sure, any malicious access to the network or actual harm is still a crime, but the grand majority of people that "shared" WiFi weren't doing that in the first place.
(reply to this comment) (link to this comment)
Mike didn't make this one? Wow. I was beginning to think he purchased Techdirt or something.
(reply to this comment) (link to this comment)
If i need internet in a pinch, and its around, I am going to get it. Think most of us are the same way. I have homebrew apps on my Nintendo DS and Tmobile SDA that map and remember open wireless points as I walk/drive, so that it can be online anytime i am in the area of an open wirelss
(reply to this comment) (link to this comment)
Re: any HAMs on here that actually understand this
The argument that because I 'broadcasted' my wifi signal is an implicit invitation to use it without my explicit permission is simply wrong. Is it theft? Maybe, but I think you could more accurately describe it as trespass. Your signal is using my router, my ISP connection and other equipment - that's use of property without the owners permission and that is trespassing.
I don't have to have a ten foot fence covered with no trespassing signs to have legal standing to accuse you of trespassing if you are caught sitting on my back porch swing. However, if I fail to put up the fence and signs I shouldn't be surprised if I am taken advantage of by those who have no respect for personal property.
But, regardless of my carelessness to protect my property doesn't mean I can't have you arrested if I catch you trespassing.
(reply to this comment) (link to this comment)
All of this reminds me of the man who owned the house next to me in down town Washington, DC.
Nobody had a drive or garage so the only parking was on the street. And the street was PUBLIC property.
Yet, because the parking space on the street was in front of his house he believed it to be HIS. I parked there once and he came to my door and read me the riot act. Ass hole.
My point is, the air waves are PUBLIC property. If you are broadcasting on PUBLIC airwaves, without a license, and make no effort to secure your transmission. You can have NO expection of ownership.
(reply to this comment) (link to this comment)
Re: Re: Finally! A Techdirt Mistake!
The reason for the majority of "unintentionally" unsecured wifi isn't stupidity or apathy; it's uncertainty.
When your granny connects to her router for the first time, she's so happy to have a connection of any sort at all that she'll stop there rather than risk losing the connection again by fiddling with any of that "security" mumbo-jumbo. That way they can brag to their friends that they set the system up themselves without having to ask their grandchildren for help.
Again, the only solution to this lies in the hands of the companies who make the wi-fi routers. They should amend their installers in such a way that they demand a WPA key by default, and only after that is set up should they allow access to a control panel that gives the option to reduce the security settings, complete with stern warnings about why you might not want to do that.
That way, people who want to leave their connection open will still be able to do so, and those seeing an open connection would have a reasonable expectation that it was a deliberate invitation to use it.
(reply to this comment) (link to this comment)
wow...the US gov is slipping !! and losing money
and the states are too...they need to pass a law requiring a license to use wifi and make users provide proof of training
maybe they arent criminals, but the least is they should be called scum...bottom feeders...whatever
i passed on 2 free wireless routers this year:
1 from vonage [i opted for wired] and another from Verizon
i only keep the router for its firewall and have been using a free anti-virus prog for years..i have a very tight and secure system for no yearly cost
(reply to this comment) (link to this comment)
Re: any HAMs on here that actually understand this
"Please, please, please stop comparing wifi usage to passive interception of a broadcast, as it is not. This fallacious argument confuses the real issues at hand with wifi laws and security in general."
The FCC doesn't distinguish between a two-way communication and a standard broadcast in the law itself. If you have the right to broadcast on a band and you receive an unencrypted signal on that band, you have full rights to send a response. Period.
This arguement is used because we have to deal with the signal itself and not the "active communication"(that is strangely not-so-active for the humans in the picture if you didn't notice). Someone invariably brings up that it's "their signal" and that others don't have the right to respond to it even if it's not encrypted. That's like saying that you can talk on a CB(a public band) and other members of the public can't respond. It doesn't work that way because it's a public band.
(reply to this comment) (link to this comment)
Re: Re: any HAMs on here that actually understand
"I don't have to have a ten foot fence covered with no trespassing signs to have legal standing to accuse you of trespassing if you are caught sitting on my back porch swing."
Better check your laws because that's not the case in most states. I had a guy open my car door on my property and start going through my stuff. When the cops arrived(after he left) they told me I couldn't do ANYTHING to him because I didn't have signs posted for no trespassing and it was my word against his regarding whether he was in the car.
(reply to this comment) (link to this comment)
Exactly echrichweiss,
Hams position is that of the man next door to me saying I was "stealing" his parking space, because it was in front of his house, when in fact it was a public street.
(reply to this comment) (link to this comment)
Re: Re: Stealing?
"You didn't pay for it, you were not granted permission, "
Wrong, any AP broadcasting a default SSID is not only granting permission but promiscuously asking you to join.
"Most people don't know who to do these things, and they will never understand things like WEP or WPA. That doesn't mean they're stupid, it doesn't mean they're lazy, and it doesn't mean they deserve to be exploited."
First of all, if you bought wireless to keep from having to plug in to e-net, you already have the lazy tag. If you did so without reading the manual, doubly so.
A lot of people don't understand how gunpowder explodes either but are we going to treat the dumbass who looks down the barrel of a loaded gun and pulls the trigger as a *victim*!?!?
We need REQUIRED tests for purchases of a WAP that way we can get rid of this "I'm too lazy to setup my router securely and I need a nanny state to protect me from my own stupidity" attitude that I see so prevalent. Darwin is weeping. We have drivers licenses to ostensibly keep the dumb drivers off the road so it's time for a WAP license so that people can be held accountable for their own actions.
(reply to this comment) (link to this comment)
Re: laws
And we have a WINNNER!!!!
(reply to this comment) (link to this comment)
Re:
No.
(reply to this comment) (link to this comment)
Re:
I've stated repeatedly in the past that this exact attitude you speak of is likely going to propel us to the point that a test or license will be required to buy/use any wireless networking equipment because the user is too lazy to do the proper setup AND is more than willing to play the part of a victim when their shiny new "gun" blows up right in their face. In short, our society has lost all sense of personal responsibility; sure we play the blame game and hold OTHERS responsible for their actions but heaven forbid that we look at ourselves through those same glasses.
(reply to this comment) (link to this comment)
dont use "public parking"
it only works in theory
there is no on-street parking on my side
my landlord paved the front yard for the buildings dumpster and a parking space for me [tenant]
it is posted, private parking..can be towed
but it isnt private and the threat is worthless
i cant just call a tow truck and have a vehicle removed, i have to call the police first.
i can say someone is stealing my parking space and have no recourse.also, i would have to pay to have a vehicle towed myself, and have no means to recoup the fee.
(reply to this comment) (link to this comment)
Re: Re: any HAMs on here that actually understand
Oh, btw, those "no trespassing" signs are also required on your network as well. If you think that's a lie then what stops me from setting up a web page and then having everyone arrested who accesses it "illegally"? The law requires some form of sign, like authentication for computers.
(reply to this comment) (link to this comment)
Re: dont use "public parking"
You've confused me here. Did your landlord create you a spot on his property, or is it just a sign on the street? If it's on his property, that sign *does* work and you can have cars towed at the owner's expense.
BTW, I can't see that your story here has any bearing on the analogy Public Parking asserted nor does it have anything to do with this story.
(reply to this comment) (link to this comment)
Re: Stealing?
It's more like leaving a note outside your house telling everyone who passes that there are goodies inside (cookies and a coffee, not jewels!); wecloming people in and showing them around; offering them a snack and letting them use the toilet; politely waiting for them to leave and then calling the police.
(You can just imagine the police reaction, can't you? Quite right too!)
(reply to this comment) (link to this comment)
Re: Re: Re: Finally! A Techdirt Mistake!
I got a new wireless router recently. It came preconfigured for WEP - all I had to do was type in the supplied unique key and I was on. It would have taken more effort to make it insecure! :)
Of course, I did spend the extra hour learning about security; and then 10 minutes reconfiguring for WPA2/WPA-PSK. It's not rocket science, but the WEP would probably have been adequate!
(reply to this comment) (link to this comment)
Re: Re: Stealing?
" . . . it doesn't mean they're lazy . . ."
-> Yes it does. The manual that comes with the product even tells you how to do it. Hell, if you use a Linksys the setup CD tries to get you to use some form of it. There is no excuse for not learning how to use a tool. Next you'll be saying that someone who accidentally shot their neighbor shouldn't be punished because he didn't learn how to use a firearm.
""Oh but, they could take the time to learn, afterall, I did". I can just hear the nerd saying it. Once again, fuck you. "
-> Ah so that's your angle. Upset that someone knows more about a subject than you, and is telling you you are wrong.
"A lot of people do not have the time to learn, or don't care to. No one wants to spend they're life trying to figure out wireless security just to prevent some asshole from dropping by to steal their connection. Show some fucking decency. If you didn't ask for it, don't take it, because it's fucking stealing."
-> What work? What life time? Its a one time setup. The only requirement is remembering the password in case you need to change anything. It will take only 5 - 10 minutes longer to setup your AP and you'll essentially have a put a lock on it, or some flag that your connection isn't public.
Some people DO provide public WiFi and you can't tell the difference unless someone has some sort of security to prevent access.
Furthermore, what of my neighbors? From my room there are 17 AP's, 4 of which are secure, 1 of them being mine. The rest are wide open and useable from MY property. Can I sue them for pollution or some such bullshit?
You sir are an ignorant bigot. I suggest you throw out your AP and stop polluting the websites you troll like you apparently are 'polluting' your neighborhood with your open-but-you-can't-use WiFi.
(reply to this comment) (link to this comment)
Re: Finally! A Techdirt Mistake!
"According to your hypothosis, my Grandma, who unknowingly let her antivirus subscription expire, "invited" those those trojans that crashed her machine."
-> That's a bit different. Malicious intent is a key focal point of most laws. Hell for some its required to be proven. Someone using anything maliciously, and you can prove it, is guilty of a crime. Severity depends on the action.
BTW that's another thing that takes less than 5 minutes to setup, logging.
(reply to this comment) (link to this comment)
Follow-Up
We have licenses for driving cars.
We have classes for baby-care.
We have lessons and qualifications for handling firearms.
We have helmet laws for riding bikes.
Ham radio users need a license to use shared spectrum, to be assured they know how to use it correctly.
Even GMRS 2-way radios that you can buy at Costco require (by law) that you register for a license.
Did you know that even FRS 2-way radios, that they sell in kid's watches now, require that you follow several federally mandated rules of usage? There is a lot of precedent for requiring people to understand the risks, protocols, and courtesy of using shared radio spectrum.
Some comments here suggest that we are at the least rude and discourteous for "stealing" their Wi-Fi, but I retort that you are in fact rude and discourteous because you failed to learn the protocols of use before you started transmitting on shared radio spectrum.
Just try keying up a CB radio in a trucking area and not following protocols, and see how welcome you are. If you spend a little time listening in and learning the correct way to use the shared spectrum, you will be welcomed. It is those that are ignorant of the protocols that are being rude, presumptuous, and wrong. This has consistently been the case in radio spectrum, and probably applies equally well in the non-tech world.
That's why hams tend to side with us on this issue. So ignorance, apathy, etc. is not a great excuse. If you want to play, learn to use the toy.
In the case of a Wireless AP, the training is in the form of the manual or install CD. Your Wireless AP usually defaults to inviting visitors. If you choose not to read the manual, and remain ignorant, then that does not make a criminal out of someone who accepts that invitation.
Read comments 1 - 4. Those people choose to share their Wi-Fi, as do I (in a controlled way). How can I discern an ignorant person, who would choose not to share if only they knew how, from someone who is deliberately sharing? I can't. You need to turn on some security to signal me that I'm not welcome.
And the bottom line is this: nobody is making anyone use a wireless router. Like a firearm, if you are too lazy, busy, important, or ignant to spend the 5 minutes turning on WEP, then get a wired router instead.
Now here's a funny anecdote: I used to work in sewage. Yep. We cleaned pumping stations with a massive vacuum and a pressure washer. The guy down the hole in full SCUBA gear and rubber zoot suit wore a two-way FM radio that used a microphone that contacted his larynx on his throat to communicate with the crew on top. No, we were not swimming in the soup, only thigh deep, but there was a lot of spray and it wasn't pretty. The guy down the hole gave instructions to those above about where to position the big vacuum and when to pay in and out more hoses. Up top, we gave back information on how much air was left in the tank. It was pretty important not to let the air line be compromised, and to keep all hoses just right so they don't trip the guy in the hole. I worked both top and bottom depending on how the lead hand felt that day.
One day I was on the radio topside and Bill down in the hole was giving me instructions, but he cut out and instead I was listening to a mommy changing her baby's diaper with all associated coos and giggles. The baby monitor was on the same channel as Bill and I. Cute, for sure, but Bill was definitely not laughing - he couldn't hear the mommy so didn't know what was going on. It was a sort of comedy with him pantomiming all sorts of obscenities with his hands and face, all zooted up down in the s#$t, with an overdub soundtrack of baby tickles. Pointing to my radio and giving him the "no-workie" sign didn't seem to appease him.
Anyhow, back on topic, was I "intruding" on the mommy's house by listening in on her private time with her child? Was I spying by using her transmissions without ringing her doorbell and asking if I could listen in? Or was she in violation because she was intruding on our ability to use the radio channel for our city work related communications. The answer is neither. She was within her rights, we were within ours. That's the way it goes on shared spectrum. She can have no expectation of privacy, and I can have no expectation of exclusive use of the channel. I needed to change channels. At least that would have been the solution, but Bill's radio was under three layers of zoot suit. In the end, he came up the ladder, and was extremely pissed. I kept clear...the guy was a mess! He figured out it was funny the next day, but had to cool off first. So, now I do telecommunication consulting instead. It's cleaner.
(reply to this comment) (link to this comment)
It is stealing
If you are using my wifi connection you are stealing my bandwidth that I pay for. This is akin to siphoning gas out of my car because I don't lock my gas tank. There is a limited amount of bandwidth that I have. Both bandwidth in data per second and also bandwidth as in monthly cap. If you are using my internet connection to download/upload data you are taking away from both the data per second that I can use and also the monthly total. This is stealing.
(reply to this comment) (link to this comment)
Re: Stealing?
NO
If I walked on to their property to use their wifi it would be the same thing. If their signal goes into my home I'm going to use it.
So to use a similar analogy to yours, if their door extends on to my property and they leave it open I will walk in and say hello
(reply to this comment) (link to this comment)
Re: It is stealing
jack, saying something doesnt make it so, its not stealing, secure your network and leave the rest of us alone. 30 seconds later your bandwidth wont be used by others and everyone wins. your router is broadcasting to my computer that it wants my computer to use it, stop being promiscuous and stfu
(reply to this comment) (link to this comment)
Permission given
In order to connect to any wireless network, the user's computer sends a request to the network to connect. If the network was secure, the user has to prove identity by a password in order to access the network. If, however, the network has been left unsecured, then permission is given to anyone who requests access.
Therefore at this level, permission has been given to use the network and it is not (in both senses of the word) technically stealing.
(reply to this comment) (link to this comment)
my not so simple setup...
I live next to my parents (they're getting old, but can still use their PC) in a small town with lots of tourists. I've set up 11g networks in both houses that fail-over to each-other with simple WEP encryption. In addition I've set up open 11b networks with external antennas for the tourists to use. So far, no-one has tried to hack into my 11g networks -- and when big ships come in I can see visitors popping into and out-of my open network as they walk from the boat to downtown. Makes me feel all warm and fuzzy inside :-)
(reply to this comment) (link to this comment)
Re: Re: Stealing?
Quote [A lot of people do not have the time to learn, or don't care to. No one wants to spend they're life trying to figure out wireless security just to prevent some asshole from dropping by to steal their connection.]
And a lot of people who have cars don't have the time to learn, or don't care to drive them properly, but we should let them on the road anyway?
If you plan to use a technology, you need to learn how to use it properly.
(reply to this comment) (link to this comment)
Re: Re: dont use "public parking"
Unfortunately, in most locations, you have to call the Landlord and have him call the Police. Tow operators will not tow a vehicle without either the Vehicle Owner's permission or the landowner's permission.
Sorry: i know it's off topic, but I found this out the hard way living in a university town, and coming home from work at 8AM and being unable to park in my Marked Space in the parking lot.
(reply to this comment) (link to this comment)
Re: Re: Stealing?
Using someone else's wireless connection without asking is stealing.
No. Actually, this is wrong for a variety of reasons. First of all, you say "without asking," but your AP broadcast out a message saying "Connect to me!" No asking is needed, since your AP did the inviting.
You didn't pay for it, you were not granted permission, and probably you are not telling the owner about it, so yes, you are a criminal
According to this definition, you have stolen Techdirt.
* You did not pay for it
* I did not grant you permission to visit.
* You did not tell me you were going to use it.
Thus, according to your definition, you are a criminal. Now, you may say that I granted you permission in setting up this open web page. But what we're saying is that's the same thing as setting up an open WiFi AP. That person has granted permission.
(reply to this comment) (link to this comment)
Re: Re: Stealing?
uh so then when I take a penny from the jar that says take one leave one, that would be stealing? By broadcasting an ssid and a nonsecured AP that is an invitation. It is simple to turn off the broadcast.
(reply to this comment) (link to this comment)
sure....
About this time last year, my friend's car was stolen, and the cops refused to help -- why?? Because they left their doors unlocked and the engine running. The police department's stance on the issue was that my friends negligence was what led to the theft of the vehicle. If you're stupid enough to have a Wi-Fi network without any security because you're too lazy to type in a password (only once on most computers), then it is no crime for someone else to use your Wi-Fi network. It's exactly like calling the cops because the neighbor kids walked through your yard, even though you never built a fence to keep them out. They did you no harm, and you did absolutely nothing to keep them out -- And setting up a WPA password on your network is a helluva lot easier than building a fence.
(reply to this comment) (link to this comment)
Re: Yup.
umm... it's WEP, not WAP, and you can save the key and only have to input it once.
(reply to this comment) (link to this comment)
Let's just say, for a moment,I agree that the airwaves are entirely public, is the information contained on those waves public? Who owns the information?
Most of the unsecured communication I do over wifi is chat and web surfing. (I use otherwise secured media for other uses). If I happen to be doing some web shopping and don't realize that I am providing my visa number to an unsecured server, does my number now belong to the public?
I think not. I may have been stupid but using it is still a crime. Being stupid may well invite crime, but, it neither excuses it, nor, makes it legal.
All sorts of radio transmitted data is done so with the assumption of ownership. You cannot redistribute broadcast television, for example.
The HAM argument only goes so far. HAM radio is meant to be open -- and non-commercial -- communication. WiFi doesn't have those requirements, and, it's reasonable for a non-technical (say someones grandmother as used in an example previously) to assume that, like many other areas they see as protected radio communication, their WiFi protected against unauthorized use. (like their radio, television, cell phone, etc.)
Also HAM operators may not use their gear until they are licensed to do so -- and such licensing implies agreement on standards and rules. WiFi doesn't have that arrangement. I would caution, however, that requiring WiFi users to be licensed, another medium would replace it.
In my state you can be arrested for using unsecured wifi (and it has been done) as "Theft of Services".
To use the open door analogy, the open door doesn't authorize use of the stuff inside.
But the problem is not going to be solved by legislation and law enforcement alone, nor is it going to be solved by waggling a finger at people who know the technology.
The problem, and it sounds like this is happening, needs to be addressed by the hardware mfgrs, by making their devices default to, at least, WEP.
(reply to this comment) (link to this comment)
Open Wi-Fi
I have the WRT54GS router with the DD-WRT firmware, and I PURPOSELY leave it open for my neighbors to use it. The woman that lives behind me is a school teacher, so her school gives her a laptop for her duties. I provide the connection for her. There's a family across the street from me. I set up their connection. I have fiber optic here, so all three of us using it at the same time won't slow down anybody.
Anyway, my point here is simple regarding the headline about "piggybacking open Wi-Fi is stealing". I call complete bullsh** on this one. Let's compare an analogy of this, shall we?
If I put my old couch out on the curbside with a "FREE" sign sitting on it and someone takes it without asking me, is that stealing? Of course not! I WANT someone from the public to take it. That's what the free sign is for. Now, if I make my SSID on my router to "OPEN" and don't use any kind of encryption and someone from the public takes my signal and uses it, (because Wi-Fi is also being broadcast outside my home) is that stealing? Of course not! But the story makes it appear that way. I WANT the public to use my Wi-Fi. That's what the "OPEN" is for. It's open to the public.
Now, anyone with any sense at all that has a Wi-Fi router, has to configure it in SOMEWAY in order for it to work with their setup at home or at the office. Somewhere in those settings is the encryption setting, whether it be WEP, WPA, Pre-shared key, channel number, Access Point or Client, the MAC address(es) and so on. If they skip the encryption settings and leave it open, how in the WORLD is the general public supposed to know if the user has made it open (like I have) or they're just too damned lazy to secure their connection? If I see something that someone has purposely left in their yard with a free sign on it, and I want it, I'll take it. Why? Because I want it and it's free, that's why. Same with Wi-Fi. If I see an "OPEN" or "PUBLIC" SSID when I search my neighborhood connections, (that's a feature with DD-WRT firmware) and there's no encryption, I'll take that connection. Why? Because I want it, and it's free. That's why! As long as I'm not using some software or hardware to circumvent the security of the router at the access point trying to get a free connection, how in the world is this stealing???
I see no difference between an open Wi-Fi connection and the "free" couch I mentioned earlier. If the owner takes no steps to protect their own property and convinces to public that it's free, it'll be used or taken by someone. Take my word for that.
I'm sorry here, but if a person that buys a piece of hardware and doesn't RTFM (Read The Freekin' Manual) to learn how this contraption works, I guess it's our fault and not theirs. (sarcasm)
It's just a sad, sad world we live in. (sigh)
(reply to this comment) (link to this comment)
Stealing WiFi?
The issue of WiFi piggybacking is multifaceted. First you have the pay connections who are the real losers when the public does not secure their connections.
If I go to my local $5 cup of coffee house and want to check my email I am given the opportunity to use a pay connection. However, if the business next door or the guy in the flat above is making WiFi available for free I know which hookup I am going to use. The coffee house loses a couple of bucks on this.
The second loser is the individual who is paying for the connection I am using.
Most WiFi routers are capable of supporting a lot of computers, however the more users the slower the connection. Now, if I am paying for the subscription I want to get everything I am paying for. If you are using it and slowing it down I am not a happy camper. I need to take responsibility for my connection and let anyone trying access it know they are not allowed.
Obviously there are concerns about security for the person who leaves their door open, but that is not what scares me. I have not heard of it yet, but I am sure it will not be long before we hear about some computer geek who sets up a wireless internet connection in a high traffic area and hacks into unsuspecting piggybackers. How long would it take to figure out that all of your personal information was stolen while you were sitting outside your favorite coffee house? Long enough that the real thief would be long gone.
I would caution anyone who is piggybacking to remember that nothing is free.
(reply to this comment) (link to this comment)
Stealing? I think not...
At the end of the day, who owns what airspace?
U.S. law says everything above my property line is MINE, but they exercise eminent domain for airplanes and satellites. I don't recall similiar legislature that says that wi-fi users can trespass on my property whenever they please. Even airlines have to pay taxes for the privilege of using my airspace. Even though it is, in fact, 'trespassing', it seems very silly to object to such a thing. It's as silly a concept as wi-fi 'theft'.
So, even though I'm not using that airspace and I haven't tried to stop you from using it in any way shape or form, you are 'stealing' my airspace when your wi-fi signal travels through it to get to your home.
So calling me a thief is like standing in the street and yelling, 'All wi-fi users are dirty trespassers! Spread the word!'. Sounds pretty idiotic, huh?
(reply to this comment) (link to this comment)
If your neighbor is talking to you over the fence - they are invading your space with their sound waves. Whether wanted or not, they do it. If you reply to them, you are doing exactly the same, invading their space, except they came in and asked you to respond by saying something. So simply responding to what they have already said, is not illegal. Same with wifi - they are sending an ACTIVE signal into your house, what if you don't want this? What if you want your house signal free? should you coat it with a cage blocking out the signals? no, that's absurd. So if someone sends your computer an active invite (which is what an open wifi signal is), then saying "Why yes, I would like some of that internet you're offering", can't be a crime. For what the signal does is infact ask you that question, "Hello, any computers out there? I have some internet here, my name is xxxxx, if you want some internet, just tell me, and i'll give it to you" (Actual words may vary slighty) Now this would be different if you actually had to ping the routers and ask them to respond first. If you could make a router that doesn't BROADCAST an SSID (to deal with zerojj said above about wifi not being broadcast - yes, certain parts of the connection are broadcast, like the SSID, etc)
Quick & Dirty summary,
Responding to a message already entering your home in an unrequested manner, is not and should not be a crime.
(reply to this comment) (link to this comment)
Re: Open Wi-Fi
In many cities, technically, yes. Items left at the curbside(sic) automatically become the property of "the city" and no amount of attached notices can negate that.
(reply to this comment) (link to this comment)
part of the problem is also ISP's
i want to change the program i am on....but by doing so, i am required to surrender my cable modem and take a 4 port wireless job.
i had a wireless a few years ago, a netgear wgt624 802.11g
but it was given to me and i decided it was too much aggravation. i put it out with the garbage.
my system sits within 4 feet of the entry point in the wall, and i never move it.
i'm not gonna RTFM. i shouldn't have to. i will call tech support and have them tell me step by step how to lock it down. although it is a 4 port wireless, i will only ever use 1 wired port.
(reply to this comment) (link to this comment)
part of the problem is also ISP's
i want to change the program i am on....but by doing so, i am required to surrender my cable modem and take a 4 port wireless job.
i had a wireless a few years ago, a netgear wgt624 802.11g
but it was given to me and i decided it was too much aggravation. i put it out with the garbage.
my system sits within 4 feet of the entry point in the wall, and i never move it.
i'm not gonna RTFM. i shouldn't have to. i will call tech support and have them tell me step by step how to lock it down. although it is a 4 port wireless, i will only ever use 1 wired port.
(reply to this comment) (link to this comment)
I can't believed that there is any debate over this issue. When you connect to a wireless AP you request permission to acess it; an unsecured AP will always grant you that permission. How is that considered theft? It is so easy to deny that permission that I (along with the majority of people apparently) do not consider there is anything wrong with using an unsecured AP. After all, I was given express permission to do so. That's how the technology works. I think that perhaps those of us that understand this need to repeat it loudly and often. As has been said before, if you are going to use a technology that is new to you, take the time to learn what you are doing. It's not rocket science.
(reply to this comment) (link to this comment)
Re: part of the problem is also ISP's
If you *do* RTFM you'll find there's an option to turn off the wireless. It uses a lot less power then, too.
(reply to this comment) (link to this comment)
Re: #14, "Without Permission"
Also, people with open WIFI don't necessarily advertise their contact info, so it's pretty hard to ask permission. If I leave my WIFI open, I don't want people calling to ask - I want them to use (but not abuse) it. If a lot of bandwidth is being drained I'll shut it off.
Difficulty "Learning" to make it secure is not an effective argument. If asks you if you want it secure when you set it up. If you are smart enough to get the thing running you are smart enough to make it secure.
The door unlocked analogy misses also. It's a door open analogy. An unlocked door is not an invitation - a wide open door is. When your neighbor show up in your kitchen for a visit are you going to claim trespass if your door was wide open?
(reply to this comment) (link to this comment)
The 'take the car' and 'walk in the house' analogies don't really work - when you 'take the car' you are physically taking something. When you 'walk into the house' you are trespassing.
It's more like your neighbor is leaving his garden hose running... water is spilling into the street.. If you take that water, it's not theft, it's run off onto a public area.
Can't see why wireless is any different. If the neighbor has a problem with you getting the water, he should shut off the hose.
(reply to this comment) (link to this comment)
wifi
I use free wifi all over the place when on the road. Wireless data is expensive. I simply pull over to a exit on the freeway and somewhere as soon as you get off the road there are several free networks or open networks.
I leave my home network open. I say we share the internet as long as its not some person eating the account up 24x7 with porn or illegal things let them check their email and whatever.
You would be surprised just how many networks are open in town. I had a 6-7mb charter cable signal while on vacation from the deck so I sat out there with my laptop and its built in antenna and had loads of fun. Way faster than my dial up was...now I have a 384kbps+ account so its not so bad.
(reply to this comment) (link to this comment)
Invitation accepted
That pretty much says it. Your router invites me to use it's access. My acceptance of your invitation is like my acceptance of your dinner invitation.
Some of you would like to claim I stole dinner? That's pretty idiotic. But then again some of these arguments are clearly written by idiots.
(reply to this comment) (link to this comment)
Re: Stealing WiFi?
Troy, you make a huge mistake in your statement, which is you naturally assume that someone choosing a different option is the equivalent of a "loss." That is not the case.
First you have the pay connections who are the real losers when the public does not secure their connections.
No. The connectivity provider did not "lose" anything. They simply failed to capture someone's dollars. In other words, it's a marketing problem, not a criminal one. No one "lost" anything because there was no guarantee that someone would pay.
If I go to my local $5 cup of coffee house and want to check my email I am given the opportunity to use a pay connection. However, if the business next door or the guy in the flat above is making WiFi available for free I know which hookup I am going to use. The coffee house loses a couple of bucks on this.
Same mistake. Let's take a similar, but slightly different example. Let's say two coffee shops are next door to each other. One offers fee-WiFi and the other offers free-WiFi. I go into the one that offers free WiFi. By your very definition, I've now "stolen" from the other one, because they're not getting my money.
The second loser is the individual who is paying for the connection I am using.
Again you are assuming that the loss on the connection is noticeable and that the person who offered up the connection minds.
We have always said that it's not a good idea to swamp someone's connection if you're piggybacking, but if you're merely checking email and surfing the web, no one is going to notice. It's marginal at best, and the cost is not noticed by anyone.
(reply to this comment) (link to this comment)
Re: Finally! A Techdirt Mistake!
This is not even similar. Your grandma not reading the perhaps hundred(s) of warnings that pop-up when AV software expires and then falling prey to the intentional exploitation of her machine by those writing and spreading the worm/trojan/virus is nothing similar to this. I can't even imagine the relationship outside of both situations using computers and the internet. Pay closer attention Traveler.
(reply to this comment) (link to this comment)
Re: any HAMs on here that actually understand this
You fail to miss the part where this all starts out with a OPTIONAL broadcast to the world. Then it continues with two way broadcasts but they are all still broadcasts. Then you go and imply that to "passively eavesdrop" might be ok. Honestly I be more worried about the guy just listening then the one slurping some open unprotected wifi for a bit while he checks his e-mail. If anything, the person borrowing the wifi is as subject to the ap owners not doing anything shady then the average wifi visitor. If you want it secure then use the protection built in to even the crappiest devices or us a wire.
Plain and simple. If you don't protect it and label something as important and privte then don't get your feelings all hurt when people that happen by treat your wireless with the same amount of respect of privacy that you did when set it up and shared it with everyone in reach of the signal. Because that is exactly what you did, you shared your wireless.
(reply to this comment) (link to this comment)
Re: Re: Stealing?
(reply to this comment) (link to this comment)
Re: Re: Stealing?
This is a stupid argument. First read the manual. Everything you buy comes with one and it seems you are the guy that needs them.
Now that you've read you manuals let's put your pathetic logic to work. For this we'll all have to imagine you finding a girl and you then have kids. Now send you daughter out clubbing with her home phon