

Google Ordered To Teach America How To Put Passwords On Wi-Fi Networks - shawnee_
http://www.forbes.com/sites/kashmirhill/2013/03/13/google-ordered-to-teach-america-how-to-put-passwords-on-wi-fi-networks

======
drzaiusapelord
What a bullshit case, judgement, and punishment. Unencrypted wifi should be
collectable. Don't broadcast in the plain on a public channel if you want some
special level of privacy. This is an incredible case and probably not
politically worth the fight for google. All of our rights have been limited by
this judgement.

~~~
g8oz
But most unencrypted wifi exists because of tech illiteracy/laziness on the
part of users. Its not a conscious choice they made. Commercial collection is
exploiting this. Finally your last sentence is unnecessarily hyperbolic.

~~~
drzaiusapelord
Generally, it isnt the job of the state to protect the ignorant and the lazy.
Sorry, but this kind of precedent is going to lead to even more draconian
judgements over "computer trespassing" and "hacking." Computer crime laws
aren't reasonable as-is and now with this new case law, they're arguably
worse.

The ISM band exists within strict FCC control. There is no "don't sniff"
provision and if there was, it would make promiscuous mode or applications
like inssider illegal.

~~~
shardling
It is _exactly_ the job of the state, because the ignorant do not know how to
protect themselves, or even that they are ignorant.

I dare say that _every day_ you are protected by the state from those who
would take advantage of your ignorance in many, many aspects of the world. The
system works well enough that you don't even notice what you're ignorant of!

~~~
nulagrithom
This is how we end up with bans on soft drinks larger than 16 ounces.

~~~
harshreality
Sorry, but I think Bloomberg is on the correct side of that issue, even if he
won't win in court. It's becoming increasingly clear that large quantities of
sugar are a long-term poison. Since there's no practical use for soft drinks
other than "They taste good" (which is a personal-happiness argument, but a
particularly juvenile and narrow-minded one), large softdrinks _should_ be
banned. If arsenic salts tasted really good, and they were not already banned,
would you oppose efforts to get restaurants to stop serving that?

Just because a paternalistic state is usually bad doesn't mean that government
shouldn't intervene in anything.

~~~
natrius
Mandated warning labels would be a better idea. Banning things is rarely
necessary to achieve policy goals.

------
marssaxman
> to instruct Americans not to let neighbors free-ride on their Wi-Fi networks

This is such a weirdly negative framing. What's wrong with sharing? I've
always left my wifi routers open and unsecured so my neighbors can use the
bandwidth if they want.

~~~
burntsushi
> What's wrong with sharing?

A few things. Some of these things can be mitigated, but I think then we've
moved beyond simple sharing.

1\. Your neighbor could use too much bandwidth, thereby impacting your usage
negatively.

2\. Your neighbor could do naughty things on your Internet connection, and
you'll be held liable. Practically, this might mean getting a bunch of DMCA
notices. For some ISPs, this has a real impact on your account.

3\. Many applications by default share their data with whoever is on your
network. Maybe this is OK, but maybe it has stuff that you'd rather your
neighbors did not see.

To clarify, I think sharing is great if you decide to do it. But I also think
that the uninformed should be advised to not share by default because of the
issues I mentioned above.

~~~
crististm
1\. This is not necessarily wrong. Maybe I set it up so he can use all the
bandwidth that he can get

2\. Why is only the penultimate hop responsible for the last hop? Why should
he be responsible in the first place? And why shouldn't all the network hops
in-between be responsible as well???

3.Yes, it is OK

"Link sharing" is OK regardless of your decision whether to share or not.
Don't blame the technology man.

~~~
burntsushi
I think you've blithely missed the point. I will quote my concluding remark
for further emphasis:

> To clarify, I think sharing is great if you decide to do it. But I also
> think that the uninformed should be advised to not share by default because
> of the issues I mentioned above.

...

> This is not necessarily wrong. Maybe I set it up so he can use all the
> bandwidth that he can get

Maybe you did. So?

> Why is only the penultimate hop responsible for the last hop? Why should he
> be responsible in the first place. And why shouldn't all the network hops
> in-between be responsible as well???

Red herring. We're not talking about the appropriate legal perspective of
network responsibility, but rather, what _is_ the legal perspective of network
responsibility.

> Yes, it is OK

For you? Great! Not for everyone. Which was my point.

~~~
crististm
I get your point. I just don't agree with it. If you don't want to share your
data that doesn't make sharing bad. Which is _my_ point.

And what _is_ the legal perspective for this issue, anyway? Do you equate it
with illegal activities in a house? So the owner is responsible for what's
going on there? It's not the same thing.

If you could be 100% sure that the originator is the true owner maybe you
could have a stand in your argument. But you can't be 100% sure that the
network is uncrackable.

~~~
burntsushi
> If you don't want to share your data that doesn't make sharing bad.

This has two interpretations. Either you're claiming that:

1) Just because person A doesn't want to share their data doesn't mean that
it's bad for person B to share their data.

or

2) Person A doesn't want to share their data, but person A having their data
shared unwittingly isn't bad.

I agree with (1). I don't see how (2) can be true. If I don't want my data
shared, then having it shared is bad.

Moreover, this isn't even _just_ about sharing data. It's also about sharing
bandwidth and legal/ISP ramifications.

> And what _is_ the legal perspective for this issue, anyway? Do you equate it
> with illegal activities in a house? So the owner is responsible for what's
> going on there? It's not the same thing.

I don't equate it with anything. My initial post was _very_ clear about
potential ramifications. Perhaps you should re-read it.

> If you could be 100% sure that the originator is the true owner maybe you
> could have a stand in your argument. But you can't be 100% sure that the
> network is uncrackable.

You're still very clearly missing the point. I don't care who the "true" owner
is. I don't care about the workings of the network. In this instance, I care
about what my ISP will do to me and what the government will do to me. I was
very clear about this in my initial post.

Please revisit the context of this discussion. The top post in this thread
asked, "What is wrong with sharing?" I answered with what I could see as the
potential pitfalls of sharing. What argument are you trying to make exactly?
That sharing has no pitfalls?

------
baltimore
Aren't two issues being conflated here? (1) Securing access to your wi-fi with
a password so that your neighbor can't free-ride on your ISP and (2)
Encrypting your wi-fi traffic so that your neighbor (or Google) can't spy on
you.

~~~
pdonis
Conceptually, yes, these are two different issues. But since wifi security
pretty much requires encryption of the traffic (otherwise anyone could just
sniff your credentials during the access negotiation), and encryption requires
some sort of access control anyway, they always go together in practice.

------
zem
schneier on open wifi networks (he's for them):
[http://www.schneier.com/blog/archives/2011/04/security_risks...](http://www.schneier.com/blog/archives/2011/04/security_risks_7.html)

~~~
pdonis
I normally agree with Schneier, but I think he's wrong on this one. Basically
his argument is that, rather than try to secure your wifi, you should just
leave it open and make sure your personal computers are secure enough to be
used on an open network. He points out that, if you use your laptop on public
networks, you have to secure it anyway, so there's no additional risk to
having your home wifi basically be a public network.

All that may be true (though I would argue that, since you use your home
connection a lot more than any other, your risk exposure is much greater and
therefore it makes sense to have a layered defense there), but it completely
misses the point that you are responsible to your ISP for how your internet
connection gets used. Starbuck's may be able to say "look, we're a public
place, we can't possibly control everything that everybody does on our wifi",
and get away with just making people check an "I agree to your terms of use"
box when they connect to their wifi. You, as a home user, are not likely to
get away with that.

Schneier also says this: "if someone did commit a crime using my network the
police might visit, but what better defense is there than the fact that I have
an open wireless network? If I enabled wireless security on my network and
someone hacked it, I would have a far harder time proving my innocence." This
seems backwards to me: if you have enabled wireless security, you know exactly
who you have authorized access to--it's whoever you gave your passphrase to.
So it's easy to distinguish authorized from unauthorized use. If you leave
your wifi open and someone uses it for something nefarious, how can you defend
yourself? You're still liable for the use of your internet connection, and you
can't say the use was unauthorized because, well, you left your wifi open for
anyone to use.

~~~
crististm
"You, as a home user, are not likely to get away with that."

His point is that you _should_ be able to get away with that. Precisely
because there is no difference between an open network and a cracked one!!!

~~~
pdonis
_there is no difference between an open network and a cracked one!!!_

Yes, there is. An open network means whoever is providing the wifi disclaims
all responsibility for how the network is used. Starbuck's may be able to get
away with that, as I said, but I don't think the average home user can, unless
they have a really unusual ISP. Have you read the fine print in your ISP's
terms and conditions?

If the point is that home users should not have to tolerate those kinds of
terms and conditions, I don't disagree; but I don't expect it to happen any
time soon. :-)

~~~
jessaustin
As Schneier describes it, there is a trade-off. Would you rather be kicked by
your ISP for T&C violations, or imprisoned and branded a sex offender for your
neighborhood wireless hacker's kiddie porn habits? If the chances of each
scenario were roughly equal, I'd certainly agree with Schneier to prefer the
former scenario. Since the former scenario seems much more likely than the
latter I'm not so sure.

~~~
pdonis
_your neighborhood wireless hacker's kiddie porn habits_

If your wifi is secured and there are open networks nearby, the hacker isn't
going to bother trying to hack yours (I assume you're using WPA, not WEP, the
latter is so easy to hack now that it doesn't really make a difference). He's
going to use one of the open ones. To have a serious chance of having your WPA
hacked you would need to have attracted the notice of someone much more
determined than your neighborhood porn junkie, someone like the NSA. So I
would say the former scenario is _much_ more likely than the latter.

~~~
crististm
Let's see: You are a high profile figure who happened to step on someone's
tail. What should we do to make you behave? I know, we'll show the whole world
how you download child porn. Did I say "child porn"?

You mean the burden of proof is on you that you secured your network? How can
you prove this, because, you know, you can't!

~~~
pdonis
So you're saying that if you are a high profile figure who happened to step on
someone's tail, you should run an open wifi network to make it exponentially
easier for your enemies to convince the world that you download child porn?

You say you run an open wifi network, so anybody could have downloaded that
porn using your wifi? You're a high profile figure and you expect us to
believe that? Yeah, right.

We can spin scenarios all day. At the end of the day, I still think that an
ordinary person with an ordinary ISP is better off securing their wifi; the
likelihood of WPA security being broken is _much_ smaller than the likelihood
of someone using your open wifi to do something that your ISP won't like (or
worse). Even a high profile figure is, IMO, better off securing their wifi
than running an open network for every nutjob who has a fixation on them to
use.

~~~
jessaustin
_You're a high profile figure and you expect us to believe that?_

For someone in this situation, it's very unfortunate that Google doesn't have
this info anymore!

Although historical records would be more dispositive, it isn't difficult to
verify that someone is running open wifi now.

------
faet
> Google is going to teach naive people how to put passwords on their Wi-Fi
> networks.

Good luck with that. Setting up passwords varies between different routers. So
what may work in their ad may not work for grandpa down the road. Telling
manufacturers to set a wifi password by default would probably do more to
secure people.

~~~
dmiladinov
Setting wifi passwords would be a good start, but then you'd still have to
address the security flaws in wps[1] and upnp[2][pdf].

[1]: <http://code.google.com/p/reaver-wps/> [2]:
[https://community.rapid7.com/servlet/JiveServlet/download/21...](https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf)

~~~
cbhl
Well, it doesn't need to be secure _per se_, just secure enough that it
mitigates Google's liability. Like the password/PIN rules at the bank.

------
snowwrestler
I would like to propose that we, as technologically literate people, start to
separate the concepts of encrypting your WiFi signal, and sharing your WiFi
signal.

Encryption has true security benefits, primarily the prevention of HTTP
session hijacks via tools like Firesheep.

You can still share your network by simply putting the password in the SSID.
Name your network "Password is 12345" or something. Encryption protects
against Firesheep even if everyone knows the password.

~~~
MichaelGG
Are you sure about that? How does that possibly work? If the shared secret is
known, how can you possibly prevent people from hijacking the connection?

~~~
jessaustin
Both the AP and the client station produce nonces, which together with the
passphrase and other values are used to calculate "pairwise" keys and
eventually session keys. This makes hijacking more difficult. As you intuit,
however, it can certainly be done by one who knows the passphrase and is able
to sniff the nonces.

