
Why We Need An Open Wireless Movement - zoowar
https://www.eff.org/deeplinks/2011/04/open-wireless-movement
======
Groxx
> _We need WiFi that is open and encrypted at the same time!

There is currently no WiFi protocol that allows anybody to join the network,
while using link-layer encryption to prevent each network member from
eavesdropping on the others. But such a protocol should exist._

It boggled my mind, repeatedly, when I discovered that non-password-protected
wireless networks don't generate a unique encryption key for each connection.
_Boggle_ , I say. Sure, public key cryptography used to be too computationally
expensive, but not any more. And even if it were, Diffie-Hellman has been
around for quite a while, go ahead and use symmetric keys.

 _What the hell is wrong with our standards groups?_ And hardware
manufacturers? There are trivial solutions to this, why haven't they pushed
them?

~~~
pnathan
Sounds like a great opportunity for some hackers (hardware and software) to
get together and put together a Secure Open Wifi protocol and reference
designs.

I honestly believe this is solvable. Maybe there's no financial market, but it
seems like a tremendous good.

~~~
Geee
I think Google would be very good candidate for developing this kind of
project. They'd get more advertising dollars too. :)

~~~
danssig
Seriously? We want a new network that big brother can't shut down or spy on so
easy so your solution is to let the company that said "If you're worried about
others seeing what you're doing maybe you shouldn't be doing it" running the
show? I would trust Facebook with this before I'd trust Google with it.

~~~
joebadmo
I think your quote is a misinterpretation of Eric Schmidt:
[http://blogs.gartner.com/jeffrey_mann/2009/12/18/googles-
eri...](http://blogs.gartner.com/jeffrey_mann/2009/12/18/googles-eric-schmidt-
needs-media-training-not-a-privacy-spanking/)

It's arguable, but I agree with the author of the linked post.

~~~
danssig
It's irrelevant what exactly he meant. The bottom line is that Google can't be
trusted and he said this explicitly in the interview. Whether that be because
Google doesn't care about your privacy or because they are afraid of fighting
with the Government is immaterial. The end result is the same: don't trust
Google.

~~~
youngian
If you don't want to use Gmail for sensitive email, by all means don't. But
this is just a silly knee-jerk reaction. Even if Google is the evilest company
in the world, how could their development and championing of an open WiFi
standard possibly compromise your privacy?

------
gojomo
Eckersley overlooks one other useful permutation: an open wifi node that
_only_ lets people tunnel to a remote VPN.

This neatly solves both the problem with local eavesdroppers, _and_ much of
the problem where an ISP or law-enforcement fingers you, the billing contact,
for the activity of third parties. Their traffic emerges at the other end of
the VPN tunnel – somebody else's problem.

And, it doesn't require any new local crypto protocols – just mundane
destination/port filtering.

~~~
sigil
Unless you do deep packet inspection, people may get clued in to your "mundane
destination / port filtering" setup and start using other protocols like
bittorrent on that port.

I actually saw this back when I ran an open network, in trying to prioritize
bittorrent below ssh and interactive traffic. Some remote seeders will operate
on port 22 or 443 because that's the only way they can reach the outside
world. If an "Open Wireless Movement" using a standard VPN setup took hold, a
similar thing might happen with that port.

Of course, without DNS only the savviest users would initially be able to
exploit mundane destination port filtering, but it's only a matter of time
before one of these users puts together a tool for the masses. So I still
wonder about the plausible deniability of such a setup.

~~~
Groxx
Couldn't you just limit each mac address to a single destination IP address?
Put up a welcome page that explains what and why, maybe whitelist a few
websites that help / provide software, and then lock them down to a single
path beyond those.

------
bryanlarsen
I ran an open network for years, only giving up on it a couple of months ago.
I tried to set up DD-WRT like they suggest in the article (high bandwidth
encrypted network + and open encrypted network), but I didn't get it working
properly and gave up. I'll switch my network over to this setup if somebody
gives me pointers on an easy way to do it.

~~~
sigil
The "sharing a certain amount of bandwidth" idea from the article is way more
difficult than it sounds.

Fundamentally, anyone with access to a network segment can saturate it. Like
you, I ran an open network for years (this was pre DD/Open-WRT, using pebble
linux), and saw some pretty crazy stuff. Eventually I got tired of fighting to
maintain a fair and usable network and just went encrypted.

However -- this piece and your request for pointers has inspired me to publish
my bandwidth sharing and traffic shaping scripts from those days [1], in the
hopes that some of the problems can be solved. I really _would_ like to run an
open network again, I just need to get things done using my internet
connection from time to time. :)

[1] <https://github.com/acg/wifishape>

EDIT: I need to have a fresh look at the high bandwidth encrypted / low
bandwidth unencrypted setup you mention, because sharing bandwidth across
separate network segments seems like it might work.

------
Vivtek
Pfft. My ISP got two nastygrams from the MPAA for people riding on my open
WiFi, and said on the third one they'd shut me down, so secure it immediately.

What's my recourse? Not sure I have any.

~~~
cookiecaper
Set up firewall rules that prevent torrents from coming through on the open
network, and do a bunch of other stuff. You can make open access points pretty
robust if you're willing to put in the effort.

~~~
sigil
I had big problems with bittorrent and QoS back when I ran an open network.
It's not uncommon for remote seeds to run on an alternate port like 22 or 443
to get past their own firewalls. At that point, you have to do deep packet
inspection, and I'm not sure how feasible this is on consumer grade routers.

~~~
cookiecaper
Perhaps it's better just to whitelist a few services, like HTTP, Jabber, AIM,
and VPN, and leave the rest to die. Layer7 should help with this.

------
Joakal
Done: <http://wiki.daviddarts.com/PirateBox_DIY>

~~~
networkjester
It's, it's, it's beautiful. :)

Hahaha, but more seriously this has been an idea I've thrown around for a
while. Really glad people are currently working on stuff like this. Hope it
gets big enough (or something like it) to have a mesh network come out of it.
Then things will get REALLY interesting.

------
vilya
In the UK something like this exists already, in a limited form: British
Telecom has a service called FON which anyone with one of their wifi routers
can opt in to for free. When you opt in, you agree to share a limited amount
of the bandwidth on your router; in return, you get the ability to connect
through the router of anyone else who's opted in.

It doesn't always work quite as well as you might hope - connecting can be a
bit of a pain sometimes - but it's a great idea. They've provided a real
incentive for people to share their bandwidth.

~~~
archivator
It's not BT's. FON is a Spanish company, IIRC.

It's been growing semi-quietly and the beauty of it is that it's more or less
global these days..

------
chime
Is it sufficiently secure if the WiFi is setup with WPA2 TKIP and the SSID and
passphrase are set to the same value? By sufficiently secure, I mean one node
on the WiFi cannot snoop in on other nodes even for HTTP traffic. What if we
all open WiFi SSIDs are set to "Open*" and the passphrase is easily guessable
(could be same as the SSID, could be the zipcode, could be just OpenOpenOpen)?

The goal is not to prevent someone some getting on the network but rather to
keep all clients separated. Is that possible using existing devices/protocols?

~~~
yuhong
The problem is that with WPA-PSK it is easy to derive the PTK from the PMK by
capturing and using the 4-way handshake.

~~~
weavejester
Forgive my ignorance, but are you saying that if I know the key to a WPA-PSK
secured network, I can listen in to other connections accessing that same
network?

Does this apply to WPA2 as well?

~~~
sigil
Yes. WPA and WPA2 secure the network segment as a whole, not conversations
between each pair of devices on the network.

~~~
Groxx
Forgive _my_ ignorance, but that seems like insanity. Security 0.1 stuff,
below even 101. Why is it still like this?

~~~
sigil
This is the way a normal ethernet network works. Consumers expect it. For
instance, I have a printer that connects to my WPA2 network, how else would I
print stuff?

~~~
Groxx
Wired != wireless. One is passively observable, the other isn't.

How else would you print stuff? How does the printer having its own encrypted
channel _prevent_ it from printing stuff?

~~~
sigil
> Wired != wireless. One is passively observable, the other isn't.

Not true. Ever heard of promiscuous mode?

> How does the printer having its own encrypted channel prevent it from
> printing stuff?

It doesn't. You can set up an encrypted channel between your computer and the
printer by using a secure printing protocol. The point is that "the network"
doesn't provide secure channels between all pairs of clients; it's up to the
clients.

~~~
Groxx
Promiscuous mode in a wired network still requires you to physically connect
to the network. At best you can use a passive EM detector to see all the
traffic on a set of wires, so you don't have to cut them temporarily, but that
still requires physical contact, and can only see things which are routed down
that cable. For any business that guards its doors and ethernet ports, and has
routers/switches instead of hubs, this is pretty much complete security.

For wireless, you... sit up to a few hundred feet away (miles if you have a
good parabolic antenna), and run Wireshark. It's entirely passive and
undetectable.

------
WA
The article misses one critical security aspect, which is probably the most
important aspect. Security in WiFi is only partially about encrypting the
traffic such that no other users in the same WiFi can eavesdrop on your data.
Most mail providers offer some sort of encryption (HTTPS, POPS, ...) that can
be used to transfer data from the own computer to a server securely.

However, the main security concern with open WiFi networks is that everybody
can use them to do anything on the web. The person who runs the hotspot is
responsible for the traffic that comes from this hotspot. If someone is using
your internet connection to do anything illegal such as downloading child porn
or something like that, there's no way to trace that back to the person who
uses your WiFi.

The real issue is not about encryption, it is about identifying the users of a
WiFi such that it holds strong in court if there are claims and one wants to
prove his innocence. And I personally can't think of a secure out-of-the-box
and easy-to-use solution that offers exactly that: protection from
actions/attacks performed by others in your name over your WiFi without making
them register and somehow prove their identity.

~~~
flipbrad
In legal regimes where you don't have vicarious liability for any activity
short of activity that is authorised or abetted, having an open wifi could
actually be a useful legal defence, compared to a situation where even though
there is security on your wifi, you either get hacked or someone does
something naughty but you're not sure who it was. You'd have a hard time
proving this happened, and if you failed, the suspicion falls right back onto
you; with open wifi, "ignorance is bliss"; the prosecution would probably have
to downright prove it was your doing, because it would be hard for the court
not to (rebuttably) presume it was an unknown user. At least in the UK, this
is largely the case, though rightsholders have tried to force case law (Brown
& ors v Polydor & ors) and legislation (Digital Economy Act 2010) in the
direction of harsher vicarious liability.

~~~
WA
Good point. So the discussed aspect depends on the country you're in. In
Germany, the WiFi operator is held responsible for everything coming from his
IP address. This resulted in some very ridiculous court cases in which 70 year
old people are accused of downloading music and movies via BitTorrent.

------
rfugger
My WPA2-protected router's SSID is 'Try "password"'. Guess what the password
is?

~~~
guelo
why not leave it open?

~~~
rfugger
When it's open, traffic is open to sniffing.

------
BlazingFrog
Something I didn't see mentioned in the piece that I see as _THE_ major hurdle
to that noble, if utopian, idea is that more and more ISPs in the US are
capping bandwidth (Comcast, AT&T U-Verse to name the biggest ones). I guess
you could have a setting at the router level that could be used to limit the
amount of data going through the open part of the WiFi but I still don't think
most people would agree to that kind of selfless generosity. In any case, no
such idea can be implemented while the capping issue is left out of the
equation.

~~~
timknauf
Yeah, here in New Zealand tight caps are the norm (I'm on 60Gb, and I pay
through the nose for it). Open WiFi is rare; no-one's quite that altruistic.

~~~
jeza
Same problem here in Aus, except I think things might be a wee bit more
competitive here than NZ (judging from when my mate lived there a few years
ago). Still it's not enough to make people want to share their tight quotas.

------
RyanMcGreal
Is it ironic that the EFF website appears to be serving an invalid security
certificate?

<http://min.us/lkTYMq>

~~~
sp332
The certificate is signed by Comodo; maybe you removed Comodo from your
trusted CA list?

