Bruce Schneier Has An Open Wi-Fi Network
from the share-and-share-alike dept
Bruce Schneier, one of the sharpest people in the computer security world, has a great piece about why he leaves his home wireless network open for anyone to use. When I wrote something similar a couple of years ago, I caught a lot of flack from people who said that I was opening myself up to security risks, either from people downloading child pornography with my connection or from people hacking into my home computers and stealing my data. But as Schneier points out, neither of these risks is unique to your home wireless network. Like Schneier, I've got several restaurants and coffee shops within walking distance of my apartment that offer free wi-fi access. While it's not impossible that somebody would park their car out in front of my street and use my Internet connection to do something illegal, it seems more likely that they'd do so over a cup of coffee in one of the nearby coffee shops, where they wouldn't evoke suspicion. Moreover, I have a laptop and I visit coffee shops and other locations with open wi-fi connections all the time. If my laptop has security vulnerabilities, I should be a lot more worried about getting cracked on those networks (which make it easy to target a bunch of people at once) than that I'll have the bad luck of living next to a cracker. I need to keep my laptop properly locked down in any event. Once I've done that, an open wi-fi network is a fairly minor risk. Finally, Schneier closes by pointing out that security is a trade-off. If perfect security is your standard, you shouldn't connect to the Internet at all, because there's always a risk of a security breach. Given that we're willing to accept some level of risk if we have a good reason, the question we should be asking is about the relative risks of different activities. The risk of leaving your wireless network open isn't zero, but it's probably small.Now, I should point out that all of this assumes that you're a reasonably technically savvy individual with an understanding of basic security concepts: that you know how to update your operating system on a regular basis and that you've set the administrative password on your access point to a non-default value. If you're a complete networking neophyte (not that many of those probably read Techdirt), you should probably get some advice from someone more technically savvy about good Internet security practices. Actually, you should do that whether or not you choose to open your wireless network. But on the list of potential network security threats, an open wi-fi network is probably pretty low on the list.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bruce schneier, freeloaders, open wifi, risk, security, wifi
Reader Comments
Subscribe: RSS
View by: Time | Thread
What about neighbors?
[ link to this | view in thread ]
Re: What about neighbors?
[ link to this | view in thread ]
Not According to Boeing
Not according to Boeing's Trolls.
[ link to this | view in thread ]
Who cares about security...
[ link to this | view in thread ]
Get your packets here.
Its just good moral behavior to share.
I leave any wap open that I can get my hands on.
I've even installed open waps without anyone knowing that this was done.
Information should be free!
Lets not place a speed limit on our highways.
[ link to this | view in thread ]
Re: Who cares about security...
[ link to this | view in thread ]
Re: Get your packets here.
What, are you nuts? People have to be controlled! And to do that their thoughts must be controlled which means controlling their communications. Otherwise there is just no telling what kind of dangerous, destabilizing ideas might get started.
Its just good moral behavior to share.
Open-wifi is a danger to an orderly society!
I leave any wap open that I can get my hands on.
I've even installed open waps without anyone knowing that this was done.
The government should start patrolling for open-wifi, arresting the owners and putting them in prison where they belong! Same thing for anyone caught using one!
Information should be free!
Information should never be free. Freedom is bad for an orderly society!
Lets not place a speed limit on our highways.
We should bring back the 55 m.p.h. national speed limit!
You are wrong about everything. Turn in your party membership!
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: What about neighbors?
[ link to this | view in thread ]
Re: Get your packets here.
[ link to this | view in thread ]
Missed the point
My feeling is that he largely did this as a "publicity stunt" and to start the conversation that we're having, which is good.
I'd only say that for most people, WEP or other wireless security is an easy thing to enable to make the casual bandwidth hog continue down the road to the coffee shop rather than to use your WAP.
I'd agree that you need more security internally regardless of your wireless security, and that wireless security is not the whole answer, but if it is enough to make someone who isn't looking for YOUR data to go find an easier network to connect to then it's worth having.
[ link to this | view in thread ]
[ link to this | view in thread ]
"If perfect security is your standard, you shouldn't connect to the Internet at all, because there's always a risk of a security breach." -- That coming from a so-called security expert? Remind me never to listen to him? heh. He;s like the church isn't he? Saying abstinence is better than a condom? Most ridiculous thing I've read all week.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re #10 & My Open WAP
He is a security expert. And quite respected by anyone who watches the field or knows a lot about it. He has my respect and I don't even frequent his stuff by any means.
My WAP:
It is open, no encryption at all. But I also live in the woods, and it is also in my basement, which happens to be underground.
I have tested and its signal doesn't go overly far from the house.
Anyone accessing it I could see sitting in my yard or next to my house. =)
[ link to this | view in thread ]
Re: Re: What about neighbors?
[ link to this | view in thread ]
Don't Assume That Short Range Is Security
I do this as well, sometimes, by turning down, or even disconnecting and antenna or two. But don't kid yourself that this is providing MUCH security (sure, it provides some obscurity).
A determined "visitor" will come with a better client side antenna than anything you're using. For example, I have a Cantenna that gains me about 12dbi. If I aim that at your house, I might be able to get a signal further than your laptop. Someone with a dish could do better. Actually, you probably know exactly what you're doing, but I'm writing this to clarify the point.
Unlikely, for sure, but "security through obscurity" should be taken for what it is.
[ link to this | view in thread ]
A slice
[ link to this | view in thread ]
Security
Cafe's usually don't have this problem because you register with your web browser before any other online activity. It doesn't mean they will verify your identity, but at least they can shut the account down.
[ link to this | view in thread ]
Re: A slice
I don't know of any off the shelf home routers that support that but a DIY Linux (and most likely *BSD, etc.) router can do it if your willing to take the time.
[ link to this | view in thread ]
Mine's been open since I installed it...
[ link to this | view in thread ]
open access with less danger
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
Being the world renowned expert that you are, ehrichweiss, I'm sure that as soon as Mr. Schneier hears of your disapproval he'll immediately recant. If only he'd had the good sense to ask you first!
[ link to this | view in thread ]
[ link to this | view in thread ]
One of my concerns...
I know this is the exception. But exceptions happen!!
However, it would be cool if everyone did this.
[ link to this | view in thread ]
Conscious decision versus carelessness
1. You don't have any download quotas on your Internet connection
2. You either don't play online games or have a router that is smart enough to prioritise your own machines above external connections
3. You have a second firewall between the Wi-fi router and any network accessible internal resources (printers, network drives, media PC)
4. Your wi-fi equipped devices are set up to use a VPN or other mechanism (e.g. SSH tunnels) to get access to the resources on the internal network
5. The network accessible resources themselves are also locked down reasonably well
So, if the rest of the home network is properly secured, then sure, leave the wi fi open because it doesn't matter - you can "pay it forward" as Bruce puts it without any real inconvenience to yourself. On the other hand, if you don't have those extra layers of defence in place, then having WPA (*not* WEP) switched on in your wi-fi and having all incoming connections from the Internet blocked in your router are both *very* good ideas. Sure, neither of those defences is likely to stand up to a concerted attack, but we're talking about a home network here - the idea is to keep out script kiddies, not serious professionals.
[ link to this | view in thread ]
Yay, Bruce!
(hint: if you don't know who Bruce Schneier is, you're definitely not qualified to comment on the wisdom of what he says.)
[ link to this | view in thread ]
Re: Security
Because we all know that spammers do their evil by driving around looking for open networks to use.
[ link to this | view in thread ]
Re: Re: Security
Al Queda, too. Leaving your wireless open is supporting terrorism!
[ link to this | view in thread ]
Bruce's Warriors
“As I often do, I mused about what it means for the IT industry that there are thousands of dedicated security products on the market: some good, more lousy, many difficult even to describe. Why aren’t IT products and services naturally secure, and what would it mean for the industry if they were?”, Bruce Schneier
http://www.schneier.com/blog/archives/2007/05/do_we_really_ne.html
I think his opinion about making Wifi open consists with what he wrote. He is pushing people to train the warriors instead of relying on untrained warriors with a lot of shields around their bodies.
But the problem is that I have the feeling that he is somehow confused and cannot tell when the warrior’s body ends and when his shields start.
[ link to this | view in thread ]
My neighbors don't use bittorrents or peer to peer programs, so I charge them per connection- the difference in bandwidth is very minimal, so it isn't a big deal.
This is probably illegal, but technically so is leaching off other people's networks without their consent (according to some articles I've read about people getting arrested for it).
As far as security goes, yes security is important and always will be- I have the wireless network on a different subnet and a couple other measures in place, so I feel fine in that regard.
I've got the speed, They've got the need, everyone's happy :)
[ link to this | view in thread ]
"You could be charged just for "encouraging" others to do harm by willingly leaving your wireless connection open to those who seek exactly that. At least use a lame 64bit WEP key that any kiddie can crack, that way you're at least a little safer from prosecution."
So now charity is illegal? I don't think that argument would ever fly in a criminal prosecution. Unfortunately the bar for a civil suit is much lower, they might actually convince a jury that "logic" makes sense.
[ link to this | view in thread ]
Giving away what's not yours
If a coffee shop makes a business decision that they are more competitive by offering no-charge Internet access, then they create an agreement with their ISP that allows them to do so. The theory is that ey will sell enough $10 cups of coffee to cover the ISP charges. This will proably cost a few hundred dollars a month -- several time the usual cost of a residential ISP connection.
So, if a residential customer decides to give away access via a wireless AP, they are in effect stealing the difference between a residential and a commercial connection fee. That is why your ISP TOS prohibits you from reselling or giving away indescriminate access.
Yes, there is some small risk of liability from illegal activity -- warez, spam, porn, hacking, DDOS -- lots of criminals out there, not so many near my house.
The law has not caught up with technology and never will, and there are a lot of people that don't want to respect the rights of ISP companies. (Yes, they have rights even if they behave unethically in other areas.)
I secure my home network because my ISP agreement obligates me to do so.
PS: There are some signs the all-you-can-surf model may eventually go away, or be a premium level of service. If we go back to the pre-AOL metered model, you unsecured people may find out the cost of wht you thought was free.
[ link to this | view in thread ]