I think the local culture needs to be taken into account. Suppose I walk onto your porch, see something I want, and take it with me. That's pretty plainly theft, right? Now suppose I am eight years old, taking candy from a bowl left out on Halloween. That's pretty plainly not theft. To somebody unfamiliar with the cultural practice of trick-or-treating, they might assume that it is theft.
The internet has different cultural norms than physical space. One-to-one analogies are useful for exploring those differences, but not for arguing what they should be. If I have a WiFi connection, leaving it without a password is implicit permission to use it. If I have a server that provides HTTP without authentication, that is implicit permission to access the contents.
That is not to say that people should take advantage of these social norms. If I find a bowl of car keys left on a front porch, even if it is Halloween, I should inform the owner of the house that they probably don't want to do that. If I find incremental IDs that lead to other customers' personal information, I should inform the company, and the other customers if necessary.
There's not a matter of perception or culture as the candy was intentionally left out for a trick or treater to take. And since it's a well known holiday, the intent has been communicated.
And that's exactly my point: the cultural norms dictate whether something is an offer or not. For Halloween, the placing of candy outside one's door indicates that it is intended to be shared. For WiFi networks, in the absence of any other indication, not placing a password indicates that it is intended to be used.
>If I have a WiFi connection, leaving it without a password is implicit permission to use it. If I have a server that provides HTTP without authentication, that is implicit permission to access the contents.
If your door is open can I take a shower and cook a meal for myself in your house?
>If I have a WiFi connection, leaving it without a password is implicit permission to use it. If I have a server that provides HTTP without authentication, that is implicit permission to access the contents.
Lol. I don't know where you got this impression, but no, it absolutely is not.
Not only is it not, but you can absolutely be prosecuted and imprisoned for accessing those networks/servers without permission.
Furthermore, that doesn't really apply in this case because not only was he not given "implicit permission to use it", the in-flight WiFi system explicitly bars you from using the internet without paying for it.
Open WiFi is like a water fountain, or a bench, in a pubic place to me. There's no explicit sign telling you to use it but who'd put it there of it were not to be used? I'm in the UK.
So, for example if I'm out and about and there's an open WiFi I'll connect to it without seeking permission .. in fact I think it would be weird to go and ask (if you could work out who to ask).
In the UK, what you're doing is illegal under the Computer Misuse Act. I don't think the police are out scouring the streets for people stealing wifi, so you probably won't be prosecuted for it. But still, it is technically illegal. Example: https://uk.reuters.com/article/uk-britain-wireless/two-cauti...
(It's also very, very, very terrible practice for your own security. Don't do it.)
It would be illegal if it were unauthorised, I'm not checking it's authorised because you'd have to be a moron to have published your open router if you didn't intend to have an open router being published. Whilst there's a chance that when I go to McDo that I'm not actually authorised and to use the published open wifi, it's so slim that it's not worth me tracking down the router owner to ask them -- if that were even possible to do.
If you place a bench in public and you don't want anyone to sit on it then you need to notify people explicitly ... it's the same, I don't find the owner of benches and ask them.
Are there any attacks that work just by connecting to someone's wifi, obviously I'm only using it for non-sensitive traffic unless it's a recognised provider, it's certainly part of my security considerations. Are there specific attacks you're thinking of? Such attacks would work equally if I had explicit authorisation, of course.
Re your link, last time I looked it was allowed to have open shared wifi, and the way you indicate it's open for sharing is having it open and shared. That's probably why the police gave cautions, it placates the complainant and they didn't have to lose in court.
Connecting to open WiFi for internet access is just as secure as connecting to WiFi with WPA enabled. There are so many insecure hops between you and your destination that the last mile access mode is irrelevant.
>Furthermore, that doesn't really apply in this case because not only was he not given "implicit permission to use it", the in-flight WiFi system explicitly bars you from using the internet without paying for it.
Then it should do so. If I connect and I can use the network without paying, that's not my fault.
If you knowingly and with intent use that network without paying, even when knowing that the owner of the network wants all users to pay, it absolutely is your fault. The airline could literally put zero restrictions on their network access, but as long as they put up a sign that says "internet is only for those who pay for it", it would be both illegal and wrong for you to access that internet without paying.
I honestly can't believe we're even having this conversation. It is theft, period. Not only is it illegal, it's blatantly immoral.
>I honestly can't believe we're even having this conversation. It is theft, period. Not only is it illegal, it's blatantly immoral.
It's not theft. It's not immoral either. Open wlan means exactly that, so where is the sign? You are on HN, so using something like a VPN is not uncommon, regardless of what network you are using.
The internet has different cultural norms than physical space. One-to-one analogies are useful for exploring those differences, but not for arguing what they should be. If I have a WiFi connection, leaving it without a password is implicit permission to use it. If I have a server that provides HTTP without authentication, that is implicit permission to access the contents.
That is not to say that people should take advantage of these social norms. If I find a bowl of car keys left on a front porch, even if it is Halloween, I should inform the owner of the house that they probably don't want to do that. If I find incremental IDs that lead to other customers' personal information, I should inform the company, and the other customers if necessary.