
Open Wireless Movement - zoowar
https://openwireless.org/
======
lgierth
One solution to the privacy problem is running OpenWRT with cjdns [1] on the
routers and clients, and using its IPTunnel feature [2]. The list of supported
platforms is steadily growing [3], and it'd be something that runs alongside
the existing IPv4/DHCP setups just fine.

[1]
[https://github.com/seattlemeshnet/meshbox](https://github.com/seattlemeshnet/meshbox)

[2]
[https://github.com/cjdelisle/cjdns/tree/master/tunnel](https://github.com/cjdelisle/cjdns/tree/master/tunnel)

[3] Desktop/Server Linuxes, Android, OpenWRT, OSX, FreeBSD. Even Windows
support is being worked on.

~~~
na85
The author of cjdns himself admits that it is aimed at power
users/enthusiasts.

cjdns will never be a workable solution for the general public, and I wish
people would stop recommending it.

~~~
elasticdog
> cjdns will never be a workable solution for the general public, and I wish
> people would stop recommending it.

I disagree...I believe in its current state it is not catering to the general
public, but it's basically alpha software with a small bootstrapped network.
Long-term, the idea is to make things more user friendly and appeal to a wider
audience, but it's inaccurate to say it will "never be workable". Recommending
it to a highly-technical targeted audience like HN seems entirely appropriate.

* I run 4 cjdns nodes

------
billpg

      "Someone's been committing crimes from your network."
      "It must be someone using my open wireless point."
      "Sorry to bother you sir, have a nice day."
    

I can't see it happening that way somehow.

~~~
jrochkind1
What if it was a coffeeshop, hotel, or other business?

I agree with you that the authorities aren't likely to treat individuals as
well as they do businesses (at least in most countries). But the fact that
they're already not gonna put a Starbucks manager in jail because someone did
something illegal from Starbucks wifi -- suggests to me that there is an
opening to agitate for individuals being treated with similar respect. The
Open Wireless project clearly aims to make open wireless a normal and expected
thing, so that legal norms will have to follow, and there will be political
pressure for them to do so.

But yeah, I think it's as much of a social project as a technological one,
which they seem to acknowledge in their self-description.

~~~
warfangle
One would think that it would be Starbucks corporate legal and not the manager
that would answer that kind of query.

Do you or I have the legal representation of Starbucks corporate?

------
mavick
Some other things to worry about, if you sell anything on ebay or amazon as a
hobby. They have pretty complex systems to detect linked accounts. If someone
was to log into a "banned seller" account on your network. It can be a
nightmare to convince ebay or amazon that it wasn't you. and you can most
likely be banned on their systems forever (to sell). Just seems like a lot
more to worry about.

------
yahu
Open does not necessarily mean insecure. See e.g.
[http://www.riosec.com/articles/open-secure-
wireless-20](http://www.riosec.com/articles/open-secure-wireless-20)

------
lumpypua
Until somebody uses your open wireless for child porn and the cops come asking
you questions.

~~~
Matt_Cutts
An interesting counterpoint from Bruce Schneier:
[https://www.schneier.com/blog/archives/2008/01/my_open_wirel...](https://www.schneier.com/blog/archives/2008/01/my_open_wireles.html)

~~~
adrianN
_And yes, if someone did commit a crime using my network the police might
visit, but what better defense is there than the fact that I have an open
wireless network? If I enabled wireless security on my network and someone
hacked it, I would have a far harder time proving my innocence._

In Germany this defense wouldn't really help you much. You're (partially)
responsible for the crimes that are committed over your unsecured network.
It's called "Mitstörerhaftung".

~~~
pyvpx
I can attest as an American in Berlin -- Germans are VERY serious about their
privacy. this is especially true when related to the network/internets.

------
tendom
I love the idea, though the paranoid security conscious developer in me is
really worried about the security for average users. I'm not worried about the
individuals opening up their routers, there is always a risk, but that can be
mitigated. I'm more worried about average people thinking that whenever they
see an openwireless.org hotspot, they'll think it's safe. And it's obviously
not, or I wouldn't know about my neighbours banana fetish. (joke, please don't
arrest me) I know people sign in to any open network regardless, but this has
a brand that can be exploited and then blamed.

~~~
bsimpson
Especially since most devices auto-associate with known networks.

Under the status quo, if I'm desperate for Internet I make a gut decision on
how trustworthy I think the nearest random open network is based on the
context of my present situation. If openwireless becomes the default, I might
decide that in this random small town coffee shop, openwireless is probably
trustworthy and associate with it. I do my business and leave. Then, I could
be walking through an airport and pass someone who's set up a malicious base
station using the openwireless SSID. My device could associate with it and put
me at risk without me even knowing.

~~~
toomuchtodo
I've configured my Nexus 5 to auto-connect to any open "linksys" SSID. How
would this be any different?

Don't rely on SSID for security. Rely on SSL/TLS and certificate pinning.

~~~
psychometry
And what if you need to login to a site that isn't SSL-secured? There's
nothing the end user (you) can do about that.

~~~
INIT_6
[https://www.eff.org/https-everywhere](https://www.eff.org/https-everywhere)

this site helps with this issue forcing sslany.

~~~
psychometry
Installing a browser add-on doesn't make websites lacking an SSL certificate
magically acquire one. The fact is that there are still a lot of sites out
there that don't have them.

------
gioele
Difference from FON? [1]

[1] [http://en.wikipedia.org/wiki/FON](http://en.wikipedia.org/wiki/FON)

~~~
molsongolden
Does anyone here from the USA use FON? I've only used as an "alien" but I was
able to purchase internet on demand from my apartment while living in Spain
for a few months. Getting access from a teleco required a bank account or
spanish ID number that we were unable to provide and FON ended up being
cheaper anyways.

------
drvortex
How about we make a wifi tax so that everyone pays for it and then have open
networks ?

How about WiMax?

How about asking the ISPs to implement the free WiFi and flat subscription
rates with no tiers?

How about asking the mobile companies that already cover urban areas to make
HSDPA/UMTS/LTE free?

Plenty of more efficient ways to do this than this open network movement. And
yet you're asking the individual who has like the smallest bandwidth fraction
of all these players and the one one who pays the most per MB of bandwidth to
make it free? Not. gonna. happen.

------
jtokoph
Is there a reason for recommending an insecure network? Would suggesting a
global default password for an encrypted network be better. It can be as
simple as 'openwireless'.

~~~
swinglock
How isn't such a setup insecure?

~~~
jrochkind1
Using current standard consumer technology, it would have some security
issues.

That's why they say:

> We're working with a coalition of volunteer engineers to build technologies
> that will let users open their wireless networks without compromising their
> security or sacrificing bandwidth.

There are a variety of technological solutions possible, many of which could
be implemented in firmware (see OpenWRT). I'd guess if we dig deeper on their
website, we might get to their tech plans; I am not familiar with them
specifically.

Although, honestly, if you're counting on nobody being able to sniff your
traffic in transit for security, you don't have enough security anyway. But
still, yeah, I wouldn't want to make it that easy.

------
gallypette
Actually IEEE 802.11u implements something like EAP-UNAUTH-TLS where the
client auths the server but the server does not auths the client.

After that, the best would be to push the whole traffic throug tor (Or even to
run a tor exit node, if nobody can say from which side of the network the
requezst comes from ...).

~~~
xur17
I've always thought it would be a good idea to just route all traffic through
tor with an insecure ssid (and a separate one for yourself. It would take care
of security concerns, or getting blamed for torrenting.

