In France most ISP routers also serve as hotspots for other people. So if you're travelling and you're close to someone who uses the same ISP as you, you'll have access to a (granted, limited-speed) hotspot.
You can turn this feature off if you want to, but in order to use it somewhere else, you need to have this feature turned on in your own router ;)
The two major Belgian providers offer the same: Telenet only offer their own network, while Belgacom is a member of the international Fon network. I think both providers only offer the service to people with more expensive subscriptions, but I could be wrong about that.
The ISP angle is more treacherous than it was back when Schneier wrote this. Now if somebody uses your open network for piracy, many ISPs will provide you with a couple of warnings and then either throttle or shut off your Internet. (Incidentally, there does not appear to be a limit on how much time must pass between these warnings, so it is conceivable to receive more than one in a 24-hour period, I think. Risky business.)
It seems like the telecommunications industry is trying to scare people away from being charitable to strangers with their wifi, because it forces people to purchase expensive internet plans on their cell phones if they want to use the internet outside.
I also run an unprotected wireless network and I highly doubt it will ever cause me problems. Computer science people always seem to think it's essential to take every possible precaution. In my opinion they are protecting against very rare events and they are mostly too young to realize that something terrible will happen in their lives first and make their choice of a DSA vs RSA ssh key really not important.
That should also provide deniability "sorry it must have been the mean neighbors connecting to my free wifi".
Also that was in 2008, now I would guess it is possible to get reasonable security with WPA2, AES and a very long key? Anyone know the consensus on that?
I know to check router model (some have backdoors). Disable WPS (sometimes it is even impossible todo), as that was a for a few years the weakest spot.
One thing that's changed since 2008: most routers used to be factory-preset to be wide open, or have silly default passwords (netgear etc), so networks were open by default. Now it's more the exception than the rule to default to lengthy random hex strings, and it takes work and skill to make them open.
And yes, if someone did commit a crime using my network the police might visit, but what better defense is there than the fact that I have an open wireless network?
From a famous name in security who is well aware of the issues, that could easily be read as obfuscation intended to mask nefarious activity.
Surely that shouldn't matter? As long as the subscriber can prove their network is open or multi-user (which is easily done). That would make it necessary to prove the specific individual committed whatever crime is alleged. To my mind, given the prevalence of malware, compromises to security - that should be the case anyway, after all if malware does something illegal on your PC, why should you be liable? Expecting John "But it said I was infected and should click the EXE to clean it!" Doe to be responsible for their computer's security in this day and age is .. laughable and unreasonable.
>Certainly this does concern ISPs. Running an open wireless network will often violate your terms of service. But despite the occasional cease-and-desist letter [...]
Can someone explain this to me? How does your ISP know that you're running an open wifi network? I doubt they drive around to every customers checking for them.
That said, I've been thinking about running an open hotspot. If it's on a different vlan, with only port 22/53/80/443 open and speed/number of connections throttled it shouldn't cause any problems for anyone, and it's just a nice thing to do.
If you own a coffee shop, they would want you to buy a business plan that costs more than a home plan. They would detect it by calling your business to ask if you want a business plan and when you said you were using the internet from your apartment they may send you a letter.
When I recently moved, the house was not yet completely finished, and not in a state where we could call our ISP to install broadband (we had to run coaxial inside first).
Luckily, my neighbor ran an open wifi hotspot, so we just used that for a few weeks. Sure, it was a spotty connection, but it did let us keep up on email.
I'm paying it forward by running an unencrypted 'guest' SSID, isolated (VLAN) from my encrypted SSID. Many consumer-grade wifi routers support this setup, and I can't see any reasonable excuse not to do this as a courtesy to visitors and neighbors.
While I may feel a responsibility to be a good neighbor/host/ friend, I also have a responsibility to protect the data of those neighbors/guests/friends who are using my network.
While I may think I am capable of securing my host in all network scenarios, not all of my guests may be so equipped. For me, the most friendly thing I can do is then to encrypt my network with WPA2-PSK key and share that with those who may wish to use my network.
I've toyed with the idea of running completely open WiFi network that is firewalled off my LAN and doing WiFi<->LAN networking via VPN (eg IPsec). My own devices would get prioritized, high-security internet access via the VPN too. Biggest stumbling block probably would be that many devices might not support the VPN tech of choice.
Unfortunately, "just find another ISP" is no longer an option for plenty of people. I can appreciate the sentiment, but the risk of being kicked off of your local internet mono/duopoly is a lot higher for a lot of people than it was in 2008.
[+] [-] adrianN|12 years ago|reply
> https://de.wikipedia.org/wiki/Mitst%F6rerhaftung
[+] [-] fulafel|12 years ago|reply
[+] [-] rtpg|12 years ago|reply
You can turn this feature off if you want to, but in order to use it somewhere else, you need to have this feature turned on in your own router ;)
[+] [-] RachelF|12 years ago|reply
http://www.lifehacker.com.au/2014/05/telstras-new-wi-fi-netw...
[+] [-] sspiff|12 years ago|reply
[+] [-] zokier|12 years ago|reply
http://arstechnica.com/information-technology/2013/06/comcas...
[+] [-] soci|12 years ago|reply
https://corp.fon.com/en
[+] [-] najra|12 years ago|reply
[+] [-] dalore|12 years ago|reply
[+] [-] Myrmornis|12 years ago|reply
[+] [-] chc|12 years ago|reply
[+] [-] pjmlp|12 years ago|reply
As such, I am not giving access to strangers, as good as it might be.
[+] [-] oakwhiz|12 years ago|reply
[+] [-] Myrmornis|12 years ago|reply
[+] [-] rdtsc|12 years ago|reply
Also that was in 2008, now I would guess it is possible to get reasonable security with WPA2, AES and a very long key? Anyone know the consensus on that?
I know to check router model (some have backdoors). Disable WPS (sometimes it is even impossible todo), as that was a for a few years the weakest spot.
[+] [-] jpatokal|12 years ago|reply
[+] [-] vacri|12 years ago|reply
From a famous name in security who is well aware of the issues, that could easily be read as obfuscation intended to mask nefarious activity.
[+] [-] Nanzikambe|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] Spittie|12 years ago|reply
Can someone explain this to me? How does your ISP know that you're running an open wifi network? I doubt they drive around to every customers checking for them.
That said, I've been thinking about running an open hotspot. If it's on a different vlan, with only port 22/53/80/443 open and speed/number of connections throttled it shouldn't cause any problems for anyone, and it's just a nice thing to do.
[+] [-] rondon2|12 years ago|reply
[+] [-] sparkman55|12 years ago|reply
Luckily, my neighbor ran an open wifi hotspot, so we just used that for a few weeks. Sure, it was a spotty connection, but it did let us keep up on email.
I'm paying it forward by running an unencrypted 'guest' SSID, isolated (VLAN) from my encrypted SSID. Many consumer-grade wifi routers support this setup, and I can't see any reasonable excuse not to do this as a courtesy to visitors and neighbors.
[+] [-] furyg3|12 years ago|reply
While I may think I am capable of securing my host in all network scenarios, not all of my guests may be so equipped. For me, the most friendly thing I can do is then to encrypt my network with WPA2-PSK key and share that with those who may wish to use my network.
[+] [-] zokier|12 years ago|reply
[+] [-] dalore|12 years ago|reply
Of course don't do your banking on that device.
Alternatively only your wifi router needs to vpn into your lan and that offer a secure wireless solution.
[+] [-] pseudonym|12 years ago|reply
[+] [-] ZenPro|12 years ago|reply
In the UK we have 6 prominent providers with over 100+ niche providers who must (by law) be given rental agreements on the existing infrastructure.
[+] [-] paulrov|12 years ago|reply
[deleted]