24 May 2008

WiFi Commensalism

My home wifi is, and always will be, unlocked and open for anyone to use.

Why? Because sometimes when I travel - or sometimes if my home network is down, I need to borrow from others. Also, sometimes I enjoy hearing from friends when they travel, or their home networks are down.

And sometimes others might need to borrow from me.

Some would call it theft. The borrower is using something they didn't pay for, and if they want to use it they should pay for it themselves. But wifi isn't a zero-sum commodity. That someone else borrows mine takes nothing away from me. I still have the same service and pay the same monthly fee. I prefer to call it sharing.


Jeri said...

As a professonal geek (whose projects have to pass a security review), I have to say that while I admire your ideals, I'd be pretty uncomfortable running that config myself. :P

MWT said...

You're no fun. :p

TroyBoy said...

I'm gonna have to side with Jeri.

How do you like that? I stay away for months and when I finally visit your blog again, I only offer disagreement.

Eric said...

Sorry to join the naysayers, but this is where defense lawyer paranoia sets in.

First, let me admit I'm a hypocrite--I've been known to hop onto an unsecured network while out and about or while the home network was down for some reason.

Second, let me say I unconditionally admire the ideal: I would love to run an unsecured wifi network, myself.

Here's why I don't: if anyone accessing that network gets involved in traceable criminal activity--downloading kiddie porn, say, most local law enforcement officers have trouble grasping the idea that an open network can be accessed by anyone. They're just not that bright or informed. And if the network is used in traceable activity that creates civil liability--downloading a ton of bootleg MP3s, say--organizations like the RIAA don't care who they're suing when they're filing boilerplate suits.

So you're exposing yourself to the risk that you could be accused of things that could seriously hassle your life (or worse) by people incapable of understanding or merely indifferent to your innocence.

I'm sure others will focus on the risk to your own data, but there are ways to minimize that. What you really can't minimize is the possibility a bad apple could abuse your largesse--even if you think you know and trust everyone in your neighborhood. And I hate, I really hate, that that's how things are--I don't really approve of the culture of suspicion that's evolved, where (real example) a guy eating lunch with his young daughter are approached by a police officer because someone thought an older man alone with a little girl was "suspicious." It's insulting and ridiculous. But you see one or two things where someone gets screwed over by the system, and you start developing a certain amount of "reasonable" paranoia.

So my advice is to secure the network. Sorry to write it.

MWT said...

Troyboy - you suck too! :p

Eric - how do the organizations that do run free, open wifi networks defend themselves? For example, a number of airports seem to offer them. Also, I discovered that Starbucks is planning to convert all of their wifi offerings to free (and therefore sometimes my T-Mobile subscription won't work in their stores).

Michelle K said...

I'll borrow bandwidth if I'm away from home, but our wireless network is secured.

There's no way I'm letting jerks like truck boy anywhere near our network.

And glad to see you back after what seems like months!

MWT said...

Yeah, I couldn't find any open wifi networks. :p

Also, I'm not technically back until tomorrow night. Anyone want to give me the Cliffs Notes of the last two weeks?

Nathan said...

Cliffs Notes?

What, you're not going to study each of our blogs rigorously and add your two cents to whatever conversations we were having?

My short notes? My kittens are cute. I bought a sandwich and a hat.

Tom said...

"I bought a hat..." Nathan, you are so cool! That had me laughing as soon as I read that.

MWT, there's no way to really explain that, but the casual way he just tossed that out is cool to the max!

I'm now a dragon murderer, and the chief of a Texan polygimous group who abandons their young! You know, normal stuff.

Welcome back, even if it isn't until sometime later.

As to the open wifi, I also admire your ideals, but I, too, secure my network. In addition to the "traceable activity" argument (which, in a perfect world shouldn't be a problem), there's the "inside my firewall" fact. Keeping my computers secure is much easier if potential problems are kept on the other side of the router. That's the best reason I have for securing my network.

Nathan said...

I had my network unsecured for the first couple of years thinking of it as something generous that didn't cost me anything. Then I saw something on the news (don't remember exactly what), and my wifi had a password about 30 seconds later.

Eric said...

To try to answer your question, MWT, the fact that they're organizations and not individuals is the thin shell that protects them.

In the case of criminal activity, it goes something like this: law enforcement gets a hold of an IP address associated with criminal activity and they trace it back to your wireless access point; in most instances, they're going to stop right there. You'll tell them it's an open point, and they'll either shrug or look confused. They have their suspect. After they've seized your hard drives and rifled through your house, they may conclude that your "wireless open thing" led them on a wild-goose chase, but then they're liable to resent you or suspect you for that: why would you do something like that if you're not facilitating criminal activity, or conspiring?

On the other hand, if the IP address goes back to Starbucks' wireless, that's a dead end for law enforcement, because they're not going to conclude that the local Starbucks is downloading child porn or engaging in ID theft or whatever--they have that much sense. They'll conclude it's a patron and proceed (or give up) from there.

In the civil context, it's the same thing--with a twist on the slippery slope. Right now, for instance, the RIAA uses network IPs to file boilerplate suits against alleged filesharers--your wireless IP comes up, they'll sue you without asking any questions and let a judge sort it out. They're not even doing enough research to make sure the people they're suing are still alive, remember?

If the IP goes back to Starbucks, the RIAA isn't going to pick on a company that (a) will fight back, (b) obviously isn't running a Pirate Bay out of the backroom and (c) may be a desperately needed partner (you know those CDs that Starbucks started selling a year or two ago...?). But here's the twist: if the industry's fortunes continue to decline, I can certainly see the RIAA attempting to take free wireless access point providers to court on some crazy theory that they're abetting piracy or whatever. At that point, your local Starbucks or library will have a choice: fight or knuckle under. If the former is too expensive, the dream of public free wifi may drop dead almost overnight.

Eric said...

Oh, sorry for the second comment so soon, but for those who are interested: here's an Ars Technica article from last year about a man who tried (unsuccessfully) to use his open WAP as a defense against a child porn conviction:


Granted, the man may be guilty as hell (a jury thought so, for whatever that's worth, and the evidence against the defendant is undeniably incriminating).

But lest you think "Well, I don't have CDs full of kiddie porn in my bedroom, so this doesn't apply to me," please keep in mind how all this actually works: the cops get their search warrant, and they come to your house and they take all your computers and ransack your home. And then when they don't find anything--because you're innocent, remember?--when they don't find anything, they don't apologize and offer to clean up, no, they sit you down and ask you where you're hiding it. And after they decide you're stonewalling them and have suggested all the ways they could help you if only you would cooperate, they decide if they can still arrest you based on what they have (the activity associated with your home network). Whether they can or not may depend on your local jurisdiction, and things like whether your state requires them to get a Grand Jury indictment or whether they can just go tell a magistrate you're guilty and get an arrest warrant to hold you in jail until you're indicted. (Naturally, you'll be entitled to a bond hearing at some point--good luck with that.)

Michelle K said...

What's happened while you were gone?

At my place, lots of flower pr0n and chocolate.

MWT said...

...and next thing I know, I'm being waterboarded? You're right, that does sound pretty paranoid.

It sounds like everyone is all for Other People to run open networks for them to borrow, but nobody wants to run one themselves.

Nathan said...

You're actually 100% right...but I'm still keeping the protection. And my reasoning is decided more by the fact that I have waaaayyyy less understanding of how all this works than the rest of you do.

Mitigating circumstances: There's a coffee shop 200 yds. away that has an open signal. The park also has an open network two blocks away. I'm picking up three other unprotected signals of varying strength at the moment.

I know it's hypocritical, but I'm erring on the side of not getting screwed.

BTW, we're glad to have you back. We've missed you.

Eric said...

Pretty much. Like I said in my first comment: me = hypocrite. And like I also said, I admire your ideals. And, like I also also said, "defense lawyer paranoia." You see one or two people screwed, and you realize it doesn't take much for anyone to be screwed.

Waterboarded? No, of course not. But I'd hate to see you have your life ruined because of a bunch of idiot law enforcement officers and a tech-ignorant ADA. You're too nice a person to deserve that, not that anyone really deserves that.

There's a great anecdote that may even be true--I think I saw it on Slashdot, but I can't seem to find it--about an American expat who's living in, IIRC, the Netherlands maybe a year ago (certainly not very long ago. For some reason, the Dutch police show up at his place with a warrant to seize his roommate's computer. The roommate isn't at home, so the guy shows the cops where his roomie's old-style original iMac is. The police nod, and begin looking under the desk. After a few minutes they look up and ask where the computer is. The guy points at the iMac on top of the desk. The cops smile and repeat themselves slowly, as if they're unsure of their English or the guy's Dutch or maybe just think the guy is stupid. Yes, they see that, now where's the computer? That is the computer. No, that's the mon-i-tor, they're looking for the com-pu-ter. That is the computer; no, it isn't, now stop wasting our time.

Point being, based on my own experiences, I don't trust too many American cops to be much savvier, and I know that DAs, by and large, listen to their cops and little else.

Anyway, I really do admire your ideals. And you're probably right, it's probably just paranoia on my part.

MWT said...

It's good to be missed. :) (I haven't decided yet whether it's good to be back, as I was inundated with Real Life as soon as I got home.) I'll be making lots of blog posts about everything we did, probably for weeks - just as soon as I figure out what kind of format I want to do.

Actually, paranoia is good too. It makes idealism less blind, at any rate, so that at least I'm not carrying on completely oblivious to everything that could possibly happen. Still, it seems to me that succumbing to passwords is letting the terrorists win.

Speaking of bad things happening to other people though. Today I found out that the former apartment complex manager (who quit here just before I left for the trip), on her first day at the new job, got accused of stealing $4500 from their safe. Then they fired her too, and if she doesn't pay them the $4500 by a certain time she's going to end up in jail. We* think that it was one of the other employees at the place that dunnit.

* "we" being one of the other residents, who is the mother of the 5 year old that keeps accosting me.