
My Open Wireless Network (2008) - jpatokal
https://www.schneier.com/blog/archives/2008/01/my_open_wireles.html
======
adrianN
In Germany you are (partly) responsible for illegal acts committed over your
Wifi if you don't encrypt it. Hence nobody provides open networks.

>
> [https://de.wikipedia.org/wiki/Mitst%F6rerhaftung](https://de.wikipedia.org/wiki/Mitst%F6rerhaftung)

~~~
fulafel
Was this explicitly legislated or did it just end up that way due to existing
laws/tradition/precedent cases?

~~~
ZenPro
Some insight into the German psyche of legislation would be useful for
context.

For instance -

> In the event of snowfall you are legally bound to clear the snow from the
> vicinity of your residence prior to 0700. If you don't and a pedestrian
> slips on the sidewalk you are liable for the damages. You could always tell
> the Brits because they refused to do it or begrudgingly complied.

> If you choose to go above the _recommended_ speed limit on the Autobahn, you
> are free to do so as long as you are not in a limited zone for sound
> pollution. However, the insurance company reserve the right to invalidate
> your claim for taking an unnecessary risk. It's big boys rules with big boys
> pants.

It was refreshing to live in a society that advocates personal freedom in
return for personal responsibility whilst balancing a really tight sense of
community.

The ISP legislation is a reflection of that - if you choose to have internet
access it comes with certain responsibilities and if you allow your connection
to be used for illegal file sharing you take the punishment that goes with it
(normally a not unsubstantial fine).

~~~
Sambdala
> In the event of snowfall you are legally bound to clear the snow from the
> vicinity of your residence prior to 0700. If you don't and a pedestrian
> slips on the sidewalk you are liable for the damages. You could always tell
> the Brits because they refused to do it or begrudgingly complied.

From your _residence_ (i.e., not store/business/etc)?

by _0700_?

What if you're away on vacation, too frail to safely clear the snow, or you
just never in your life want to be awake before 7am if humanly possible?

~~~
ZenPro
Allowances are made in certain situations (vacations etc). Normally more able-
bodied neighbours help elderly and disabled residents.

Not wanting to be awake before 7am is not tolerated. I am serious. The
legislation is so ingrained that German people pay for separate insurance to
cover them in case an individual has an accident on their sidewalk during
winter conditions.

What is really interesting the strong sense of community-inclusion. The idea
of someone _not_ wanting to pitch in and help the street function normally is
just not understood.

As an aside (anecdotally I grant you and wildly tangential) the community has
benefits. I could go to the pub and my drinks would be recorded on my beer mat
which I left behind the bar clearing the bill when I had the means to do so.
Local vets could go weeks or months before a resident would pay their bill
because it was an inclusive community of trust.

I saw similar attitudes in the smaller rural communities of mid-west and
southern USA. In Germany it is just more widespread.

So, if you are the guy who doesn't clear his sidewalk you are the guy that
gets no favours or trust. And potentially a lawsuit.

------
rtpg
In France most ISP routers also serve as hotspots for other people. So if
you're travelling and you're close to someone who uses the same ISP as you,
you'll have access to a (granted, limited-speed) hotspot.

You can turn this feature off if you want to, but in order to use it somewhere
else, you need to have this feature turned on in your own router ;)

~~~
najra
Same thing is starting to happen with most ISP's in the Netherlands :)

~~~
boboohaze
yup, UPC .nl user here, and I shared my router as a wifi spot, that said, I
don't see to many oter public UPC wifi spots at least in the area where I am
the most zaandam / de pijp amsterdam.

------
chc
The ISP angle is more treacherous than it was back when Schneier wrote this.
Now if somebody uses your open network for piracy, many ISPs will provide you
with a couple of warnings and then either throttle or shut off your Internet.
(Incidentally, there does not appear to be a limit on how much time must pass
between these warnings, so it is conceivable to receive more than one in a
24-hour period, I think. Risky business.)

~~~
oakwhiz
It seems like the telecommunications industry is trying to scare people away
from being charitable to strangers with their wifi, because it forces people
to purchase expensive internet plans on their cell phones if they want to use
the internet outside.

~~~
ZenPro
Not really.

The ISP's have fought tooth and nail against every Government regulation to
try and curb piracy or force the ISP's into compliance.

They have argued that the same laws which state the post office cannot be held
responsible for malicious packages also applies to the telecommunications
traffic they enable.

SkyBSB and Virgin Media lined up behind Talk Talk as prominent opposition to
the Digital Economy Bill in the UK. They were simply beat down into regulatory
compliance.

------
Myrmornis
I also run an unprotected wireless network and I highly doubt it will ever
cause me problems. Computer science people always seem to think it's essential
to take every possible precaution. In my opinion they are protecting against
very rare events and they are mostly too young to realize that something
terrible will happen in their lives first and make their choice of a DSA vs
RSA ssh key really not important.

------
rdtsc
That should also provide deniability "sorry it must have been the mean
neighbors connecting to my free wifi".

Also that was in 2008, now I would guess it is possible to get reasonable
security with WPA2, AES and a very long key? Anyone know the consensus on
that?

I know to check router model (some have backdoors). Disable WPS (sometimes it
is even impossible todo), as that was a for a few years the weakest spot.

------
jpatokal
One thing that's changed since 2008: most routers used to be factory-preset to
be wide open, or have silly default passwords (netgear etc), so networks were
open by default. Now it's more the exception than the rule to default to
lengthy random hex strings, and it takes work and skill to make them open.

------
vacri
_And yes, if someone did commit a crime using my network the police might
visit, but what better defense is there than the fact that I have an open
wireless network?_

From a famous name in security who is well aware of the issues, that could
easily be read as obfuscation intended to mask nefarious activity.

~~~
Nanzikambe
Surely that shouldn't matter? As long as the subscriber can prove their
network is open or multi-user (which is easily done). That would make it
necessary to prove the specific individual committed whatever crime is
alleged. To my mind, given the prevalence of malware, compromises to security
- that should be the case anyway, after all if malware does something illegal
on your PC, why should you be liable? Expecting John "But it said I was
infected and should click the EXE to clean it!" Doe to be responsible for
their computer's security in this day and age is .. laughable and
unreasonable.

------
Spittie
>Certainly this does concern ISPs. Running an open wireless network will often
violate your terms of service. But despite the occasional cease-and-desist
letter [...]

Can someone explain this to me? How does your ISP know that you're running an
open wifi network? I doubt they drive around to every customers checking for
them.

That said, I've been thinking about running an open hotspot. If it's on a
different vlan, with only port 22/53/80/443 open and speed/number of
connections throttled it shouldn't cause any problems for anyone, and it's
just a nice thing to do.

~~~
rondon2
If you own a coffee shop, they would want you to buy a business plan that
costs more than a home plan. They would detect it by calling your business to
ask if you want a business plan and when you said you were using the internet
from your apartment they may send you a letter.

------
sparkman55
When I recently moved, the house was not yet completely finished, and not in a
state where we could call our ISP to install broadband (we had to run coaxial
inside first).

Luckily, my neighbor ran an open wifi hotspot, so we just used that for a few
weeks. Sure, it was a spotty connection, but it did let us keep up on email.

I'm paying it forward by running an unencrypted 'guest' SSID, isolated (VLAN)
from my encrypted SSID. Many consumer-grade wifi routers support this setup,
and I can't see any reasonable excuse not to do this as a courtesy to visitors
and neighbors.

------
furyg3
While I may feel a responsibility to be a good neighbor/host/ friend, I also
have a responsibility to protect the data of those neighbors/guests/friends
who are using my network.

While I may think I am capable of securing my host in all network scenarios,
not all of my guests may be so equipped. For me, the most friendly thing I can
do is then to encrypt my network with WPA2-PSK key and share that with those
who may wish to use my network.

------
zokier
I've toyed with the idea of running completely open WiFi network that is
firewalled off my LAN and doing WiFi<->LAN networking via VPN (eg IPsec). My
own devices would get prioritized, high-security internet access via the VPN
too. Biggest stumbling block probably would be that many devices might not
support the VPN tech of choice.

~~~
dalore
Couldn't the devices that not support the VPN just use the open one and
pretend like you're at the coffee shop?

Of course don't do your banking on that device.

Alternatively only your wifi router needs to vpn into your lan and that offer
a secure wireless solution.

~~~
alandarev
> Of course don't do your banking on that device.

Using correctly configured HTTPS (banks do use https) over open network is
easily attackable?

~~~
dalore
In theory it should be safe. But sometimes something could force the
encryption down to a lower standard and also capture the initial key exchange.
Then it might be cracked.

Also normal websites without https will open you up to session hijacking.

------
pseudonym
Unfortunately, "just find another ISP" is no longer an option for plenty of
people. I can appreciate the sentiment, but the risk of being kicked off of
your local internet mono/duopoly is a lot higher for a lot of people than it
was in 2008.

~~~
ZenPro
Can you explain?

In the UK we have 6 prominent providers with over 100+ niche providers who
must (by law) be given rental agreements on the existing infrastructure.

~~~
jdsnape
That's because the Ofcom regulation of BT has lead to one of the world's most
competitive broadband/telecoms industry

In other countries, e.g. the US, there tends to be one Telco per region which
both owns the infrastructure and provides service.

~~~
ZenPro
I had no idea the infrastructure in the US was so prohibitive. Thanks for the
insight.

I have upvoted because the comment deserved it not because the US is getting
telecommunicationsly-screwed.

~~~
maxerickson
In areas where cable companies had much build out, there is usually at least 2
choices (the incumbent cable player + the incumbent telco). In lots of areas,
there will be more than 2 big players (you can pretty much predict this based
on how wealthy the area is).

More remote areas are probably gaining high speed wireless faster than they
are gaining other infrastructure. It's expensive, slower and has more
limitations, but it compares pretty favorably to dial up, which may be the
existing option.

