Whatever You Think Of The Google WiFi Settlement, It's Bad That It Requires Google To Attack Open WiFi
from the that's-just-silly dept
We're still a bit confused about why so many people freaked out a few years back when Google's Street View cars gobbled up some open WiFi data -- since anyone can do that on an open WiFi network. Various investigations did show that Google was a bit disorganized and had some poor controls in place, which perhaps meant that it should have caught the data collection sooner. So, if you think Google should be punished for that kind of thing, then the recent settlement with a group of state attorneys general perhaps made you happy.That said, EFF is pointing out why the settlement is stupid -- not for Google, but for open WiFi and security. First, these technologically clueless attorneys general are requiring Google to create videos and ads promoting WiFi encryption... with a focus on old and bad standards like WEP, which is like saying you should be locking your front door with a cheap chain lock. It's a "lock," but one that could be broken by pretty much anyone in seconds.
Even worse, though, is that the settlement requires Google to push the message that the only way to protect yourself is to lock up your WiFi. But that's ridiculous. Open WiFi, by itself, is not a bad thing. Yes, unencrypted data could be exposed, but the better answer is to encrypt your data, such as by using a VPN. As EFF notes, end-to-end encryption is always going to make more sense than just encrypting your access point and hoping that keeps people out. And, yet, much of the settlement focuses on having Google push people to lock up their WiFi.
The solution to public surveillance problems should not involve discouraging people from providing public resources like open wireless, since this cuts against the general interest and takes away a common good. As we've explained elsewhere, wireless encryption provides few benefits compared to the much stronger end-to-end encryption, a technology that can thrive alongside environments with open wireless access. The settlement could have gone so much farther by educating people how to run open wireless networks safely and securely—for example, through open guest networks.Of course, this is the kind of thing you get when you let grandstanding politicians tell companies how they need to act concerning technology they don't understand.It is apparent that too little thought and analysis went into this settlement document, and, as a result, the requirements do the public a huge disservice by hurting the Open Wireless Movement.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, open wifi, privacy, wifi
Companies: google
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
My prediction, within five years open WIFI will be illegal. We'll see stories about child porn, hacking, identify theft, copyright theft... etc. And we'll gladly give it up for the sake of children and profits.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
You can still sniff WPA2 "encrypted" traffic if you are on the same network as other 'suckers' without any special tricks (well, other than enabling promiscuous mode).
This has implications when you share a encrypted-but-still-public access point with others (like at my University): any dolt with access credentials can sniff your passwords as they travel through the air.
My point? WPA2 is not a silver bullet: you are still vulnerable to all sorts of 'fun' attacks by people that are inside your network (eavesdropping, man in the middle, arp poisoning, etc, etc).
[ link to this | view in chronology ]
Re:
If it's open and child porn is being shared on it, there's plausible deniability. "It wasn't me, it was someone else."
But once a connection point is required to be locked down, it's the person or entity's responsibility to ensure that it's locked down. Even if someone "hacks" in, it's still the owner's fault for allowing it to happen.
It's sort of like the DRM requirement of the DMCA. It's not to stop people from copying, it's to make people liable for allowing or facilitating copying.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
If your car was seen being the get away car from a bank robbery, their going to come talk to you because, well, you're responsible for your car.
As the person who opened the ISP account, you're responsible for it's use. Perhaps not 'liable', but responsible.
Obviously physical vs digital is a poor comparison, but if you left your wifi open and then someone started using 'all' your bandwidth...you'd pretty quickly decide that there was 'harm' being done to you...just like if someone stole your car and you were deprived the use of it.
The 'connection' is still a physical thing.
I'm in favor of open wifi, but it comes with responsibility.
[ link to this | view in chronology ]
Re: Re: Re:
I disagree with Mike. The liability is too high for an individual to offer free wifi.
[ link to this | view in chronology ]
Re: Re: Re:
Internet is different. You must prove your innocence. Bass ackwards to the real world where we don't have imaginary property.
[ link to this | view in chronology ]
Re: Re:
They can then say, well your card was clearly there because we read the RFID chip. Completely ignoring that those things can be cloned.
It ain't for you, it's for them, just like what you say about locked wifi. Though I'd disagree about the 'if they hacked in its your fault' argument. You'd need to prove it, but if you locked your doors it's good faith you tried to stop it.
[ link to this | view in chronology ]
Re: Re:
They are looking for responsibility in the wrong node of the network.
It used to be true that you could reasonably place the blame on the account owner, because there was really only one device attached to the network, but that ship has sailed a long time ago.
Slap a half-decent router on that connection, and now you can have *hundreds* of computers sharing the same access point.
It is no longer reasonable to hold the owner of that connection (or the router operator) for what goes on on that connection. He/she should merely be treated as an ISP would: do some local discovery, request the logs and work on that.
(There are probably a few caveats that I am missing, but I think this is reasonable)
[ link to this | view in chronology ]
@ "Open WiFi, by itself, is not a bad thing."
I keep mentioning that Mike NEVER sees even a possibility of bad actors existing. That's the ODD point.
I don't think locking up your WiFi is an incomprehensible or unreasonable precaution to take against bad actors who might use your generosity to get YOU into trouble. Why would you take even a slight risk for the benefit of strangers?
Now, on the "VPN" (Dare I venture even writint those letters with all the fanboys ready to yet again say I just don't understand it? Sure. What have I got to lose?) -- How can you use a VPN and still have it be Open WiFi? -- Yes, I know you can split it or give out keys, but WITHOUT risk as above? You're right I don't see that. 'Splain, then.
[ link to this | view in chronology ]
Re: @ "Open WiFi, by itself, is not a bad thing."
That's actually an interesting philosophical question.
Why do you have an army? Or police? Why would those people stick their necks out for you?
I believe that there are some among us that are willing to suffer when "shit gets tough" so that others may gain access to things they would not have otherwise: Freedom and security in case of police and army (debatable, but let's leave that for another time).
Or, as in the case of open-wifi, something much simpler and mundane: internet access for when you are in the middle of a city without mobile internet. It has certainly been useful to me once, and I am still thankful to that anonymous person.
[ link to this | view in chronology ]
Re: @ "Open WiFi, by itself, is not a bad thing."
Maybe cutting people's heads off upon six accusations of thoughtcrime isn't so bad, except that bad actors get into the mix and problems arise.
Are we seeing a pattern yet?
[ link to this | view in chronology ]
Re: @ "Open WiFi, by itself, is not a bad thing."
I have a neighbor that has 6 children and a disabled wife, he works 38 to 40 hours a week @ 7.25 an hour. I have open wifi so his CHILDREN can use the laptop i gave them to do school work....
think of the children OOTB...
(yes my wifi is open but I have MAC filtering on)
[ link to this | view in chronology ]
Re: Re: @ "Open WiFi, by itself, is not a bad thing."
[ link to this | view in chronology ]
Re: Re: Re: @ "Open WiFi, by itself, is not a bad thing."
Apple:
ifconfig, built into the OS
Windows:
Netstumbler
SMAC
[ link to this | view in chronology ]
Re: Re: Re: @ "Open WiFi, by itself, is not a bad thing."
[ link to this | view in chronology ]
Re: @ "Open WiFi, by itself, is not a bad thing."
Indeed. You don't, of course, leave the house do you? It's a dangerous risky world out there.
[ link to this | view in chronology ]
Re: Re: @ "Open WiFi, by itself, is not a bad thing."
[ link to this | view in chronology ]
Re: Re: Re: @ "Open WiFi, by itself, is not a bad thing."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The EFF is just bummed they're not getting the money
http://www.theregister.co.uk/2011/06/03/google_settlement_rewards_privacy_groups_wtf/
[ link to this | view in chronology ]
Re: The EFF is just bummed they're not getting the money
[ link to this | view in chronology ]
Not quite.
So have locked safe that anyone can copy and attack locally at their location?
Encryption is important, but not leaving your front door open is the first step to security; and yes not with WEP but other more secure protocols.
[ link to this | view in chronology ]
Re: Not quite.
[ link to this | view in chronology ]
Re: Re: Not quite.
WRONG
"needs traffic to be active but it's already been compromised."
No.
[ link to this | view in chronology ]
Why recommend good security...
[ link to this | view in chronology ]
How about teaching people how radio actually works?
Explain that their WiFi hotspot is like a little radio station.
Explain that anybody can listen to that radio station, and that it's even legal to do so.
Personally, I think leaving your home WiFi open is a bad idea; you're leaving some doors pretty wide open for abuse. But businesses like Starbucks and McDonald's use WiFi hotspots as an inducement to get people to shop there. People need to know that their packets CAN be sniffed while they're browsing Facebook at McDonald's or email at Starbucks.
Then show them how to fix it: use a VPN. Use https when it's available.
People are upset because they lack knowledge. They didn't know that this kind of sniffing was not only possible but legal.
Give them the knowledge they need, and they won't need to be angry, because they'll be able to take care of themselves.
[ link to this | view in chronology ]
Re: How about teaching people how radio actually works?
Wow what a concept.
[ link to this | view in chronology ]
IPV 6 is the wet dream of the DOJ and MAFIAA, but people aren't implementing it fast enough to suit them, so...
I honestly, don't think the politicians are as stupid as you think. They are pandering to the likes of the DOJ and the MAFIAA. Before long it will be a crime not to secure your WIFI and not to keep logs for it as well. As has been pointed out here on TechDirt 6 Strikes will close many open WIFI connections. That is meant to have the same effect, make it easier to nail someone to the wall.
Because... Piracy... Terrorism... Hackers! Oh and it is for the children.
[ link to this | view in chronology ]
Re:
Bull.
[ link to this | view in chronology ]
They shouldn't just pander to the government, they should take the ball and run with it. After all, it's clear that a lot of people need to be educated.
[ link to this | view in chronology ]
...but..but when everyone is encrypting their data streams, that'll be contra-productive to our surveillance efforts, you know, with all those terrorist, pirates, cyber-something all abound. And let's not forget child porn/molesters/rapist. If you don't care about all that, surely you'll care about children.
[ link to this | view in chronology ]
It's very easy to point the dangers of open wi-fi being exploited and ignore the good sides that simply push these bad uses to a second and unimportant place. Shall we start pushing for the elimination of planes because they can crash and kill hundreds at a time? What about banning genetic engineering because it can be used to produce biological weapons? Hell, ban chemistry since it's used to produce chemical weapons and explosives!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Open wifi means anyone has the right to listen (including Google), and anyone can try to connect.
But (weak) encryption means that it is forbidden.
[ link to this | view in chronology ]
If you run Open WiFi, filtering is a must.
[ link to this | view in chronology ]
Encryption
Maybe we can agree that open WiFi is okay, AND unencrypted email is okay (depending on how sensitive the data is, of course).
[ link to this | view in chronology ]