One solution to the privacy problem is running OpenWRT with cjdns [1] on the routers and clients, and using its IPTunnel feature [2]. The list of supported platforms is steadily growing [3], and it'd be something that runs alongside the existing IPv4/DHCP setups just fine.
> cjdns will never be a workable solution for the general public, and I wish people would stop recommending it.
I disagree...I believe in its current state it is not catering to the general public, but it's basically alpha software with a small bootstrapped network. Long-term, the idea is to make things more user friendly and appeal to a wider audience, but it's inaccurate to say it will "never be workable". Recommending it to a highly-technical targeted audience like HN seems entirely appropriate.
What if it was a coffeeshop, hotel, or other business?
I agree with you that the authorities aren't likely to treat individuals as well as they do businesses (at least in most countries). But the fact that they're already not gonna put a Starbucks manager in jail because someone did something illegal from Starbucks wifi -- suggests to me that there is an opening to agitate for individuals being treated with similar respect. The Open Wireless project clearly aims to make open wireless a normal and expected thing, so that legal norms will have to follow, and there will be political pressure for them to do so.
But yeah, I think it's as much of a social project as a technological one, which they seem to acknowledge in their self-description.
I'll go ahead and say it won't happen that way. Whether they can or not, they will say something to the effect of "It happened on your network; you're responsible unless you can prove it wasn't you."
Some other things to worry about, if you sell anything on ebay or amazon as a hobby. They have pretty complex systems to detect linked accounts. If someone was to log into a "banned seller" account on your network. It can be a nightmare to convince ebay or amazon that it wasn't you. and you can most likely be banned on their systems forever (to sell). Just seems like a lot more to worry about.
And yes, if someone did commit a crime using my network the police might visit, but what better defense is there than the fact that I have an open wireless network? If I enabled wireless security on my network and someone hacked it, I would have a far harder time proving my innocence.
In Germany this defense wouldn't really help you much. You're (partially) responsible for the crimes that are committed over your unsecured network. It's called "Mitstörerhaftung".
Where does he live? It makes a huge difference if he lives in a farm house in the middle of a field or if he lives in an apartment building in the middle of a a large city. If you live in such a way that the only way for me to see your network is to sit in my car in your driveway, then perhaps. However, from the comfort of my sofa in my living room i can 'see' at about a dozen different wifi networks (and by extension at least a dozen people can see my wifi network from their sofa).
That kind of changes the math a bit. I don't want a dozen people torrenting off my network, not because I'm afraid of getting in trouble, but because it degrades my ability to use my network.
I've had enough experience with being cut off first and asked questions second. Running a server at home, this wasn't pleasant. I don't fancy trying out how often random people manage to cause abuse reports with my ISP - let alone the police. Besides, wireless isn't magically limited to the confounds of my home and garden. It's not basic politeness like a cup of tea as the page claims.
How often does this actually happen? I am just not worried about it. I have been running open wireless access points at every home I've lived in for the past fourteen years.
I love the idea, though the paranoid security conscious developer in me is really worried about the security for average users. I'm not worried about the individuals opening up their routers, there is always a risk, but that can be mitigated. I'm more worried about average people thinking that whenever they see an openwireless.org hotspot, they'll think it's safe. And it's obviously not, or I wouldn't know about my neighbours banana fetish. (joke, please don't arrest me) I know people sign in to any open network regardless, but this has a brand that can be exploited and then blamed.
Especially since most devices auto-associate with known networks.
Under the status quo, if I'm desperate for Internet I make a gut decision on how trustworthy I think the nearest random open network is based on the context of my present situation. If openwireless becomes the default, I might decide that in this random small town coffee shop, openwireless is probably trustworthy and associate with it. I do my business and leave. Then, I could be walking through an airport and pass someone who's set up a malicious base station using the openwireless SSID. My device could associate with it and put me at risk without me even knowing.
You should never be using a site without SSL if you're passing authentication information.
Now, while I understand this is out of an end user's control, that shouldn't cause us to throw the idea of a shared wireless network out the door. That should cause us to look at non-secure sites accepting credentials, and how to prevent that behavior in the first place.
You use a VPN to tunnel to a trusted server and have it initiate the cleartext connection to the site, keeping the traffic between you and that server encrypted.
Installing a browser add-on doesn't make websites lacking an SSL certificate magically acquire one. The fact is that there are still a lot of sites out there that don't have them.
Does anyone here from the USA use FON? I've only used as an "alien" but I was able to purchase internet on demand from my apartment while living in Spain for a few months. Getting access from a teleco required a bank account or spanish ID number that we were unable to provide and FON ended up being cheaper anyways.
How about we make a wifi tax so that everyone pays for it and then have open networks ?
How about WiMax?
How about asking the ISPs to implement the free WiFi and flat subscription rates with no tiers?
How about asking the mobile companies that already cover urban areas to make HSDPA/UMTS/LTE free?
Plenty of more efficient ways to do this than this open network movement. And yet you're asking the individual who has like the smallest bandwidth fraction of all these players and the one one who pays the most per MB of bandwidth to make it free? Not. gonna. happen.
Is there a reason for recommending an insecure network? Would suggesting a global default password for an encrypted network be better. It can be as simple as 'openwireless'.
The only use that I see for a standard-password approach is that it would circumvent some ISPs' terms of service that say you can't run an open network. But even then, a court may find that a closed network with a password like `openwireless` (i.e. as part of OpenWireless.org) is an "open network" anyway.
That's possible without a password too, except that anybody in the area can MITM you instead of just people who bothered to set up honeypots. AFAIK WiFi only provides encryption on networks with a password.
Right, this would avoid Google's argument that they can sniff unencrypted data from your wifi since it's being broadcast in the clear out into the street. At least having a per-session key would count as a legal defense against drive-by sniffers.
Using current standard consumer technology, it would have some security issues.
That's why they say:
> We're working with a coalition of volunteer engineers to build technologies that will let users open their wireless networks without compromising their security or sacrificing bandwidth.
There are a variety of technological solutions possible, many of which could be implemented in firmware (see OpenWRT). I'd guess if we dig deeper on their website, we might get to their tech plans; I am not familiar with them specifically.
Although, honestly, if you're counting on nobody being able to sniff your traffic in transit for security, you don't have enough security anyway. But still, yeah, I wouldn't want to make it that easy.
Actually IEEE 802.11u implements something like EAP-UNAUTH-TLS where the client auths the server but the server does not auths the client.
After that, the best would be to push the whole traffic throug tor (Or even to run a tor exit node, if nobody can say from which side of the network the requezst comes from ...).
I've always thought it would be a good idea to just route all traffic through tor with an insecure ssid (and a separate one for yourself. It would take care of security concerns, or getting blamed for torrenting.
[1] https://github.com/seattlemeshnet/meshbox
[2] https://github.com/cjdelisle/cjdns/tree/master/tunnel
[3] Desktop/Server Linuxes, Android, OpenWRT, OSX, FreeBSD. Even Windows support is being worked on.