Whatever You Think Of The Google WiFi Settlement, It's Bad That It Requires Google To Attack Open WiFi

from the that's-just-silly dept

We're still a bit confused about why so many people freaked out a few years back when Google's Street View cars gobbled up some open WiFi data -- since anyone can do that on an open WiFi network. Various investigations did show that Google was a bit disorganized and had some poor controls in place, which perhaps meant that it should have caught the data collection sooner. So, if you think Google should be punished for that kind of thing, then the recent settlement with a group of state attorneys general perhaps made you happy.

That said, EFF is pointing out why the settlement is stupid -- not for Google, but for open WiFi and security. First, these technologically clueless attorneys general are requiring Google to create videos and ads promoting WiFi encryption... with a focus on old and bad standards like WEP, which is like saying you should be locking your front door with a cheap chain lock. It's a "lock," but one that could be broken by pretty much anyone in seconds.

Even worse, though, is that the settlement requires Google to push the message that the only way to protect yourself is to lock up your WiFi. But that's ridiculous. Open WiFi, by itself, is not a bad thing. Yes, unencrypted data could be exposed, but the better answer is to encrypt your data, such as by using a VPN. As EFF notes, end-to-end encryption is always going to make more sense than just encrypting your access point and hoping that keeps people out. And, yet, much of the settlement focuses on having Google push people to lock up their WiFi.
The solution to public surveillance problems should not involve discouraging people from providing public resources like open wireless, since this cuts against the general interest and takes away a common good. As we've explained elsewhere, wireless encryption provides few benefits compared to the much stronger end-to-end encryption, a technology that can thrive alongside environments with open wireless access. The settlement could have gone so much farther by educating people how to run open wireless networks safely and securely—for example, through open guest networks.

It is apparent that too little thought and analysis went into this settlement document, and, as a result, the requirements do the public a huge disservice by hurting the Open Wireless Movement.

Of course, this is the kind of thing you get when you let grandstanding politicians tell companies how they need to act concerning technology they don't understand.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, open wifi, privacy, wifi
Companies: google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 27 Mar 2013 @ 10:31am

    this is just another situation where those that are in the position to get someone else to do something, are doing so. these 'attorney generals may well know how to manipulate the law and the courts so as to achieve the verdict they want, but when it comes to anything/everything else, they more or less are clueless. much like Congress really. they know what to do to be able to get their pockets lined and get campaign contributions, but have no idea at all how to use the technology they are doing their best to stifle or shut down or the effects their stupidity has on innovation and progress. the latest CFAA bill proposed amendments is a good example. even more so when half the law enforcement agencies that will be affected have no clue why the changes are proposed, other than to get additions that the DoJ wanted 2 years ago back on the table.

    link to this | view in chronology ]

  • icon
    Ima Fish (profile), 27 Mar 2013 @ 10:34am

    The government, wireless carriers, ISPs, and the copyright industry all hate open WIFI. It's gonna be killed, it's only a matter of time.

    My prediction, within five years open WIFI will be illegal. We'll see stories about child porn, hacking, identify theft, copyright theft... etc. And we'll gladly give it up for the sake of children and profits.

    link to this | view in chronology ]

  • icon
    Oblate (profile), 27 Mar 2013 @ 10:35am

    Maybe they're taking a note from the TSA- providing an illusion of security, while ignoring the advice of experts on how to provide real security.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Mar 2013 @ 10:38am

    Fun fact I was not aware of (slightly off-topic):

    You can still sniff WPA2 "encrypted" traffic if you are on the same network as other 'suckers' without any special tricks (well, other than enabling promiscuous mode).

    This has implications when you share a encrypted-but-still-public access point with others (like at my University): any dolt with access credentials can sniff your passwords as they travel through the air.

    My point? WPA2 is not a silver bullet: you are still vulnerable to all sorts of 'fun' attacks by people that are inside your network (eavesdropping, man in the middle, arp poisoning, etc, etc).

    link to this | view in chronology ]

    • icon
      Ima Fish (profile), 27 Mar 2013 @ 10:47am

      Re:

      To me the push to eliminate open WIFI actually has nothing to do with securing WIFI connections. It's all about creating a person or entity liable for the connection.

      If it's open and child porn is being shared on it, there's plausible deniability. "It wasn't me, it was someone else."

      But once a connection point is required to be locked down, it's the person or entity's responsibility to ensure that it's locked down. Even if someone "hacks" in, it's still the owner's fault for allowing it to happen.

      It's sort of like the DRM requirement of the DMCA. It's not to stop people from copying, it's to make people liable for allowing or facilitating copying.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Mar 2013 @ 10:54am

        Re: Re:

        It follows the same idiotic logic behind "dressing promiscuously" and rape. It implies that someone asked to be raped.

        link to this | view in chronology ]

      • icon
        pixelpusher220 (profile), 27 Mar 2013 @ 10:59am

        Re: Re:

        To use the obligatory car analogy:

        If your car was seen being the get away car from a bank robbery, their going to come talk to you because, well, you're responsible for your car.

        As the person who opened the ISP account, you're responsible for it's use. Perhaps not 'liable', but responsible.

        Obviously physical vs digital is a poor comparison, but if you left your wifi open and then someone started using 'all' your bandwidth...you'd pretty quickly decide that there was 'harm' being done to you...just like if someone stole your car and you were deprived the use of it.

        The 'connection' is still a physical thing.

        I'm in favor of open wifi, but it comes with responsibility.

        link to this | view in chronology ]

        • identicon
          PRMan, 27 Mar 2013 @ 11:21am

          Re: Re: Re:

          And if you left that car on the street (let's say it's an old car) with a sign that says: "Drive it whenever you want, just bring it back today," and somebody uses it as a getaway car in a bank robbery and parks it back at your house, you better believe you're going to have a tough time convincing the cops that it wasn't you.

          I disagree with Mike. The liability is too high for an individual to offer free wifi.

          link to this | view in chronology ]

        • icon
          btrussell (profile), 28 Mar 2013 @ 7:14am

          Re: Re: Re:

          Seeing your car isn't enough. They still have to put you in the car at the time or prove you had knowledge of its' intended use when you lent it out.

          Internet is different. You must prove your innocence. Bass ackwards to the real world where we don't have imaginary property.

          link to this | view in chronology ]

      • icon
        pixelpusher220 (profile), 27 Mar 2013 @ 11:02am

        Re: Re:

        And to back up your point...the RFID chips being put in Credit Cards are *exactly* to limit the liability of the card issuer - not the user.

        They can then say, well your card was clearly there because we read the RFID chip. Completely ignoring that those things can be cloned.

        It ain't for you, it's for them, just like what you say about locked wifi. Though I'd disagree about the 'if they hacked in its your fault' argument. You'd need to prove it, but if you locked your doors it's good faith you tried to stop it.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Mar 2013 @ 11:21am

        Re: Re:

        "It's all about creating a person or entity liable for the connection."

        They are looking for responsibility in the wrong node of the network.

        It used to be true that you could reasonably place the blame on the account owner, because there was really only one device attached to the network, but that ship has sailed a long time ago.

        Slap a half-decent router on that connection, and now you can have *hundreds* of computers sharing the same access point.

        It is no longer reasonable to hold the owner of that connection (or the router operator) for what goes on on that connection. He/she should merely be treated as an ISP would: do some local discovery, request the logs and work on that.

        (There are probably a few caveats that I am missing, but I think this is reasonable)

        link to this | view in chronology ]

  • identicon
    out_of_the_blue, 27 Mar 2013 @ 10:48am

    @ "Open WiFi, by itself, is not a bad thing."

    Well, neither is potassium cyanide. It's when you get bad actors into the mix that problems arise.

    I keep mentioning that Mike NEVER sees even a possibility of bad actors existing. That's the ODD point.

    I don't think locking up your WiFi is an incomprehensible or unreasonable precaution to take against bad actors who might use your generosity to get YOU into trouble. Why would you take even a slight risk for the benefit of strangers?

    Now, on the "VPN" (Dare I venture even writint those letters with all the fanboys ready to yet again say I just don't understand it? Sure. What have I got to lose?) -- How can you use a VPN and still have it be Open WiFi? -- Yes, I know you can split it or give out keys, but WITHOUT risk as above? You're right I don't see that. 'Splain, then.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Mar 2013 @ 10:58am

      Re: @ "Open WiFi, by itself, is not a bad thing."

      "Why would you take even a slight risk for the benefit of strangers?"

      That's actually an interesting philosophical question.

      Why do you have an army? Or police? Why would those people stick their necks out for you?

      I believe that there are some among us that are willing to suffer when "shit gets tough" so that others may gain access to things they would not have otherwise: Freedom and security in case of police and army (debatable, but let's leave that for another time).

      Or, as in the case of open-wifi, something much simpler and mundane: internet access for when you are in the middle of a city without mobile internet. It has certainly been useful to me once, and I am still thankful to that anonymous person.

      link to this | view in chronology ]

    • icon
      DannyB (profile), 27 Mar 2013 @ 11:05am

      Re: @ "Open WiFi, by itself, is not a bad thing."

      Well, maybe the DMCA isn't so bad, except that bad actors get into the mix and problems arise.

      Maybe cutting people's heads off upon six accusations of thoughtcrime isn't so bad, except that bad actors get into the mix and problems arise.

      Are we seeing a pattern yet?

      link to this | view in chronology ]

    • identicon
      Digitari, 27 Mar 2013 @ 11:14am

      Re: @ "Open WiFi, by itself, is not a bad thing."

      this is just like when I log into the "work" network, my wife can still surf the net even though I am using a VPN.

      I have a neighbor that has 6 children and a disabled wife, he works 38 to 40 hours a week @ 7.25 an hour. I have open wifi so his CHILDREN can use the laptop i gave them to do school work....


      think of the children OOTB...


      (yes my wifi is open but I have MAC filtering on)

      link to this | view in chronology ]

      • icon
        pixelpusher220 (profile), 27 Mar 2013 @ 12:06pm

        Re: Re: @ "Open WiFi, by itself, is not a bad thing."

        Isn't MAC sniffing/cloning pretty easy?

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 27 Mar 2013 @ 1:39pm

          Re: Re: Re: @ "Open WiFi, by itself, is not a bad thing."

          Three off the top of my head:
          Apple:
          ifconfig, built into the OS

          Windows:
          Netstumbler
          SMAC

          link to this | view in chronology ]

        • identicon
          Digitari, 27 Mar 2013 @ 7:04pm

          Re: Re: Re: @ "Open WiFi, by itself, is not a bad thing."

          sure it maybe easy but with MAC filtering on you cannot have two of the SAME MAC numbers on

          link to this | view in chronology ]

    • icon
      pixelpusher220 (profile), 27 Mar 2013 @ 11:17am

      Re: @ "Open WiFi, by itself, is not a bad thing."

      "Why would you take even a slight risk for the benefit of strangers? "

      Indeed. You don't, of course, leave the house do you? It's a dangerous risky world out there.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Mar 2013 @ 11:49am

        Re: Re: @ "Open WiFi, by itself, is not a bad thing."

        You have swallowed the government line that you can't trust your neighbour, let alone strangers. This makes it much more difficult to deal with the problems, because you cannot organise any political opposition to the existing government.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Mar 2013 @ 10:50am

    Goverment agencies much prefer encrypted wifi to end to end encryption. The latter gives them problems in monitoring people. Further open wifi is harder to shut-down that cell towers.

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    bob, 27 Mar 2013 @ 10:50am

    The EFF is just bummed they're not getting the money

    It must be nice to lose a case and settle by giving money to the group that lobbies on your behalf. In the Buzz settlement, Google gave the EFF more than EFF netted in membership fees.

    http://www.theregister.co.uk/2011/06/03/google_settlement_rewards_privacy_groups_wtf/

    link to this | view in chronology ]

  • icon
    pixelpusher220 (profile), 27 Mar 2013 @ 10:54am

    Not quite.

    "Yes, unencrypted data could be exposed, but the better answer is to encrypt your data, such as by using a VPN."

    So have locked safe that anyone can copy and attack locally at their location?

    Encryption is important, but not leaving your front door open is the first step to security; and yes not with WEP but other more secure protocols.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Mar 2013 @ 12:03pm

      Re: Not quite.

      Actually, I would say locking your front door is good, but an even better idea is to have an open shed. A guest network that is separate from the private LAN is basically giving people what they want so they don't bother hacking into your personal network. Even WPA2 can be hacked, it's takes a bit longer and needs traffic to be active but it's already been compromised.

      link to this | view in chronology ]

      • icon
        Cain Abel (profile), 29 Jul 2014 @ 11:38pm

        Re: Re: Not quite.

        "Even WPA2 can be hacked"

        WRONG

        "needs traffic to be active but it's already been compromised."

        No.

        link to this | view in chronology ]

  • identicon
    Naomi Most, 27 Mar 2013 @ 11:17am

    Why recommend good security...

    ...when you can opt to lull people into a false sense of security, foster Us-versus-Them thinking, and set up a joke of a fence that any government official can penetrate?

    link to this | view in chronology ]

  • icon
    tomxp411 (profile), 27 Mar 2013 @ 12:06pm

    How about teaching people how radio actually works?

    Put out a series of PSA's that teaches people how radio works.

    Explain that their WiFi hotspot is like a little radio station.

    Explain that anybody can listen to that radio station, and that it's even legal to do so.

    Personally, I think leaving your home WiFi open is a bad idea; you're leaving some doors pretty wide open for abuse. But businesses like Starbucks and McDonald's use WiFi hotspots as an inducement to get people to shop there. People need to know that their packets CAN be sniffed while they're browsing Facebook at McDonald's or email at Starbucks.

    Then show them how to fix it: use a VPN. Use https when it's available.

    People are upset because they lack knowledge. They didn't know that this kind of sniffing was not only possible but legal.

    Give them the knowledge they need, and they won't need to be angry, because they'll be able to take care of themselves.

    link to this | view in chronology ]

    • icon
      RyanNerd (profile), 5 Apr 2013 @ 5:16am

      Re: How about teaching people how radio actually works?

      Huh? Who would have thought: Teach people correct principles and they govern themselves.

      Wow what a concept.

      link to this | view in chronology ]

  • identicon
    Mr. Applegate, 27 Mar 2013 @ 12:11pm

    "Open WiFi, by itself, is not a bad thing. Yes, un-encrypted data could be exposed, but the better answer is to encrypt your data, such as by using a VPN."
    The government would never encourage encryption, then they can't see what you are doing. Similarly, they need to encourage you to secure your WIFI so they can more easily identify likely users of the system.

    IPV 6 is the wet dream of the DOJ and MAFIAA, but people aren't implementing it fast enough to suit them, so...

    I honestly, don't think the politicians are as stupid as you think. They are pandering to the likes of the DOJ and the MAFIAA. Before long it will be a crime not to secure your WIFI and not to keep logs for it as well. As has been pointed out here on TechDirt 6 Strikes will close many open WIFI connections. That is meant to have the same effect, make it easier to nail someone to the wall.

    Because... Piracy... Terrorism... Hackers! Oh and it is for the children.

    link to this | view in chronology ]

  • icon
    jupiterkansas (profile), 27 Mar 2013 @ 12:20pm

    I hope Google makes a video explaining how to use WEP, then shows why it's not a great idea and explains all the better ways to protect your data and leave your wifi open.

    They shouldn't just pander to the government, they should take the ball and run with it. After all, it's clear that a lot of people need to be educated.

    link to this | view in chronology ]

  • identicon
    JarHead, 27 Mar 2013 @ 1:36pm

    Open WiFi, by itself, is not a bad thing. Yes, unencrypted data could be exposed, but the better answer is to encrypt your data, such as by using a VPN.

    ...but..but when everyone is encrypting their data streams, that'll be contra-productive to our surveillance efforts, you know, with all those terrorist, pirates, cyber-something all abound. And let's not forget child porn/molesters/rapist. If you don't care about all that, surely you'll care about children.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 27 Mar 2013 @ 2:08pm

    I've been to the US in 2009. And in 2012. It was much harder to find open wi-fi in 2012 (I did go to completely different places though). Overall this is bad for the public. And as a tourist I can tell how open wi-fi are important and help with all sorts of things such as checking the surroundings map online, getting directions, searching for points of interest or simply uploading pics so your friends can share the moment with you.

    It's very easy to point the dangers of open wi-fi being exploited and ignore the good sides that simply push these bad uses to a second and unimportant place. Shall we start pushing for the elimination of planes because they can crash and kill hundreds at a time? What about banning genetic engineering because it can be used to produce biological weapons? Hell, ban chemistry since it's used to produce chemical weapons and explosives!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Mar 2013 @ 2:15pm

    WEP is so broken that it is the equivalent of open wifi.

    link to this | view in chronology ]

    • icon
      Cain Abel (profile), 29 Jul 2014 @ 11:41pm

      Re:

      No.

      Open wifi means anyone has the right to listen (including Google), and anyone can try to connect.

      But (weak) encryption means that it is forbidden.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Mar 2013 @ 2:52pm

    Anonyone who runs an open Wifi router has to use filtering, no questions asked. I have the "Deluxe" subsription on OpenDNS, on level below Enterprise, which allows me to filter both my WiFi routers, and the VPN I run as part of the SoftEther project.

    If you run Open WiFi, filtering is a must.

    link to this | view in chronology ]

  • icon
    Gene Cavanaugh (profile), 28 Mar 2013 @ 9:23pm

    Encryption

    Totally agree about open WIFI, but on encrypting email - okay, I am going to email my sister to say "Hi" - encrypt! Wait, why? Well, I am going to send an email about how someone is doing - ENCRYPT! Wait, why?
    Maybe we can agree that open WiFi is okay, AND unencrypted email is okay (depending on how sensitive the data is, of course).

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.